Sony Ericsson UIQ 3 user manual

Summary of the content on the page No. 1

Developers guidelines
October 2006
Signing applications
for Sony Ericsson UIQ 3 phones

Summary of the content on the page No. 2

Developers guidelines | Signing applications Preface Purpose of this document This document describes how to handle signing of native Symbian™ OS v9 applications for Sony Ericsson phones. The document is intended for developers of UIQ™ 3 C++ applications who want insight in the implications of Symbian Platform Security (PlatSec) on the deployment and installation of applications in these phones. Readers who will benefit from this document include support engineers and software developers. It

Summary of the content on the page No. 3

Developers guidelines | Signing applications Sony Ericsson Developer World On www.sonyericsson.com/developer, developers will find documentation and tools such as phone White Papers, Developers Guidelines for different technologies, SDKs and relevant APIs. The website also con- tains discussion forums monitored by the Sony Ericsson Developer Support team, an extensive Knowl- edge Base, Tips & Tricks, example code and news. Sony Ericsson also offers technical support services to professional de

Summary of the content on the page No. 4

Developers guidelines | Signing applications Typographical conventions Code is written in Courier font, for example: TInt CCamera::CamerasAvailable() Trademarks and acknowledgements Symbian, Symbian OS, UIQ Technologies, UIQ and other Symbian marks are all trademarks of Symbian Ltd. Other product and company names mentioned herein may be the trademarks of their respective owners. Document history Change history 2006-05-10 Version R1A First version published on Developer World 2006-10-03 Version

Summary of the content on the page No. 5

Developers guidelines | Signing applications Contents Symbian OS v9 security architecture ........................................................................7 Introduction ...............................................................................................................8 Capabilities ................................................................................................................8 Restricted and unrestricted APIs ..................................................

Summary of the content on the page No. 6

Developers guidelines | Signing applications Capability: WriteDeviceData ................................................................................66 Capability: WriteUserData ...................................................................................74 Capability: Illegal ..................................................................................................82 6 October 2006

Summary of the content on the page No. 7

Developers guidelines | Signing applications Symbian OS v9 security architecture This chapter gives a general overview of the Symbian OS v9 security features as implemented in Sony Ericsson mobile phones. 7 October 2006

Summary of the content on the page No. 8

Developers guidelines | Signing applications Introduction Symbian OS version 9.x is specifically intended for mid-range phones to be produced in large numbers of units. The open development platform, featuring many new key technologies, offers large opportunities for ISVs (Independent Software Vendors) to find markets for their products. Introduction of new functionality, such as DRM (Digital Rights Management), Device Management and enhanced networking functionality, has required changing of

Summary of the content on the page No. 9

Developers guidelines | Signing applications Identifiers Symbian OS v9 Platform Security also requires that applications can be uniquely identified and strictly classified to reflect their PlatSec level of trust. For example, signed and unsigned application are clearly separated by having UID values in separated value ranges. Unique Identifiers, UIDs In Symbian OS, objects are identified by three 32 bit globally unique identifiers, referred to as UID1, UID2 and UID3. • UID1 is a system level

Summary of the content on the page No. 10

Developers guidelines | Signing applications IF a VID value other than 0 is to be used, it is specified in the .MMP file of the application. VID values must not be specified for unsigned applications. Data caging Data caging has been introduced in Symbian OS v9 to prevent one application to overwrite data belong- ing to another application. The file system has the following structure: • \sys : This is the restricted system area which is only accessible for highly trusted system processes. • \s

Summary of the content on the page No. 11

Developers guidelines | Signing applications The following table lists allowed user granted permissions per capability for unsigned applications: Capability User granted permission NetworkServices One-shot LocalServices Blanket ReadUserData One-shot WriteUserData One-shot UserEnvironment Blanket Location One-shot Note: An application that could be deployed as an unsigned - sandboxed application may as well be sub- dued to the Symbian Signed process. When an application like this has been signed,

Summary of the content on the page No. 12

Developers guidelines | Signing applications blanket or one-shot permissions at install time. Only standard (generic) testing is required for an appli- cation to be Symbian Signed. • Extended capabilities Highly trusted applications may be granted access to this set. For an application utilizing one or more capabilities in this set to be Symbian Signed, it has to go comply to extended testing criteria. The developer of the application must also explicitly declare which APIs of the capability a

Summary of the content on the page No. 13

Developers guidelines | Signing applications Developer certificates As a consequence of the Symbian OS v9 enhanced platform security, applications that require access to restricted APIs can not be installed on targeted devices before they have been signed, which in turn makes it impossible to test applications on real mobile phones during the development process. To take care of this, special developer certificates can be achieved via the Symbian Signed programme. Devel- oper certificates are

Summary of the content on the page No. 14

Developers guidelines | Signing applications Symbian OS v9 application signing This chapter describes the practical implications of Symbian OS v9 platform security and the steps devel- opers need to take during development of Symbian Signed applications. 14 October 2006

Summary of the content on the page No. 15

Developers guidelines | Signing applications Planning for development There are a number of considerations to take in the beginning of the development process for a Symbian OS applications. Apart from the normal system analysis and design, also the design implications on sign- ing requirements and testing procedures specific for the Symbian OS v9 platform must be taken into account. Signing or not As mentioned above, many applications do not require any capabilities and thus can be installed a

Summary of the content on the page No. 16

Developers guidelines | Signing applications Note that an application can only be granted rights to exactly the capabilities in a set that it actually requires. When sending an application for signing, all requested capabilities must be declared for the application to be approved.The following tables list all capabilities and describe in general terms what functionalities each capability may grant to applications . Basic capabilities LocalServices Grants access to the local network. Applicati

Summary of the content on the page No. 17

Developers guidelines | Signing applications WriteDeviceData Grants write access to sensitive system data. SWEvent Grants read access to confidential system data. API examples: System data that is not confidential does not Test utilities, FEP need to be protected by this capability. ProtServ Grants the right to a server to register with a pro- Mainly granted to system servers. tected name. Protected names begins with a “!”. The kernel will prevent servers without this capa- bility from using s

Summary of the content on the page No. 18

Developers guidelines | Signing applications Trusted Computing Base. API examples: Grants write access to /sys and /resource. Kernel, F32, SWInstall server AllFiles Makes all files visible. Grants extra write access Mainly granted to test utilities and backup & to files under /private. restore API examples: F32, SWInstall CommDD Grants access to all communication device driv- API examples: ers, for example EComm and USB device drivers. COMMS DiskAdmin Grants access to some disk administration o

Summary of the content on the page No. 19

Developers guidelines | Signing applications *”\.key”, “\.cer” [,KEY=”] for example, *”files\devcert2.key”,”files\devcert2.cer”,KEY=”password” MakeSis is run with the modified .pkg file create the .SIS file prepared for signing, and finally SignSis does the signing. An alternate signing method is to omit the extra line in the .pkg file, create the .SIS file with MakeSis and finally use SignSis with parameters for the signing keys, for ex

Summary of the content on the page No. 20

Developers guidelines | Signing applications In Symbian OS v9, UID ranges have been changed compared to earlier OS versions. The following table lists UID ranges to be allocated Symbian APP, EXE or DLL files of different categories. UID classes 0-9 (range 0x00000000 – 0x9FFFFFFF) are referred to as the protected range, and classes A-F (range 0xA0000000 – 0xFFFFFFFF) as the unprotected range. UID ranges not in this table are reserved. UID UID range Purpose class 0 0x00000000 - 0x0FFFFFFF Deve