Developers guidelines
|
Signing applications
10
October 2006
IF a VID value other than 0 is to be used, it is specified in the .MMP file of the application. VID values must
not be specified for unsigned applications.
Data caging
Data caging has been introduced in Symbian OS v9 to prevent one application to overwrite data belong-
ing to another application.
The file system has the following structure:
•
\sys
: This is the restricted system area which is only accessible for highly trusted system processes.
•
\sys\bin
: Holds all executables such as EXEs, DLLs and plug-ins.
•
\private
: Each application has its own private view of the file system consisting of
\pri-
vate\<SID>\
. This folder is only accessible by the application itself, the software installation pro-
gram and applications trusted with capabilities on the highest level (granted by the phone
manufacturer).
•
\resource
: A public, read-only directory allowing files to be publicly shared without compromising
integrity. An application should, for example, put its UI resource files and icon files in
\resource\apps
.
Other directories are public and can be read from or written to by any program.
Unsigned - sandboxed applications
Unsigned applications are applications that have not been authorized through any signing process.
Unsigned applications are allowed access to all unrestricted APIs and a small number of restricted APIs.
Such applications are often referred to as “Unsigned - Sandboxed”, which implies that they have access
to a limited number of APIs (the sandbox).
Unsigned - sandboxed applications using any of the restricted APIs, still need to be authorized by the user
at install time. When the application is installed on the phone, the user is prompted to accept that the
application is granted “blanket” permissions to any functions that it requires. If the user accepts, the appli-
cation is granted permission to the functions as long as it is installed in the phone. If the user rejects, the
installation is aborted.
Some capabilities can only be granted “one-shot” permissions when assigned to an unsigned application.
Every time the application needs access to one of these capabilities, the user is prompted to accept the
action that the application is about to perform. If the user rejects, an error condition is raised, which have
to be managed by the code.