Sunday, August 05, 2007

Symbian V9 Security Description.

A capability is an access token that corresponds to an access permission of sensitive system resources.

Basic capabilities

Grants access to "short-link" connections such as Bluetooth and infrared. These connections are not billable transactions. An example of this kind of action is device-to-device file transfer.

Grants access to the location of the device, such as network cell ID.

Grants access to remote service and might involve cost for the user. Typical use cases are dialing a normal GSM voice call or sending a text message.

Grants read-only access to confidential user data. Typical use cases are reading contacts, messages, and calendar events.

Grants write access to user data. Typical use cases are adding or deleting contacts, messages, or calendar events.

Grants access to live confidential information about the user and his/her immediate environment. An example of a typical protected resource in a mobile device is a camera.

Extended capabilities

Grants access to kill any process running in the system or completely turn off the device.

Grants the right to a server to register with the protected name. Protected names start with a “!”. The kernel will prevent servers without ProtServ capability from using such a name and therefore will prevent protected servers from being impersonated.

Grants read-only access to sensitive system data such as device settings.

Grants write access to sensitive system data such as device lock settings, system time, and time zone.

Grants access to logical device drivers that provide input information about the surroundings of the mobile phone, for example global positioning system (GPS) device drivers.

Grants access to simulate key presses and capture such events from any application. Typical example is a screen-shot application.

Grants access to create a trusted UI session and display dialogs in a secure UI environment. Typical example is password dialog.

Platform-approved capabilities

Grants read-only access to all data caged directories and write access to /private –directory. NOTE! AllFiles will not be granted for a filemanager type of application.

Grants access to communication device drivers such as WiFi, USB, and serial device drivers.

Grants access to disk administration functions such as formatting a drive or mounting/unmounting drive partitions.

Grants access to critical multimedia device drivers such as camera and sound.

Grants access to modify or access network protocol controls such as dropping all connections from the mobile phone.

Manufacturer-approved capabilities

DRM (digital rights management)
Grants access to DRM-protected content in plain form.

Grants write access to /sys and /resource directories in the mobile phone.

No comments:

stats counter