Developers guidelines
|
Signing applications
9
October 2006
Identifiers
Symbian OS v9 Platform Security also requires that applications can be uniquely identified and strictly
classified to reflect their PlatSec level of trust. For example, signed and unsigned application are clearly
separated by having UID values in separated value ranges.
Unique Identifiers, UIDs
In Symbian OS, objects are identified by three 32 bit globally unique identifiers, referred to as UID1, UID2
and UID3.
• UID1 is a system level identifier, distinguishing for example executables, DLLs and file stores.
• UID2 distinguishes objects with the same UID1 based on different interfaces. For example GUI appli-
cations have a common UID2 value.
• UID3 can be seen as a project identifier, for example, all objects belonging to a given program may
share a UID3 value.
With Symbian OS v9, allocation of UID3 values has been changed to further enhance security, for exam-
ple to implement the data caging feature. Applications developed for public distribution must be assigned
a globally unique UID3 value, which is utilized through an automated UID allocation system implemented
within the Symbian Signed programme.
Allowed UID values have been split into one protected range for signed application and one unprotected
range for unsigned applications. Only signed applications can use UIDs in the protected range, and only
protected range UID values are allowed for signed applications. This is validated in the Symbian Signed
process. On the other hand unsigned applications are not allowed to use UIDs in the protected range, and
can only be installed with a UID from the unprotected range of values.
Secure Identifier, SID
Symbian OS v9 applications are assigned a SID value, which is automatically set to the UID3 value, unless
explicitly specified by the developer. The SID value determines the name of the folder where private appli-
cation data is stored.
The SID value can be specified in the .MMP file of the application, but this option should only be used in
special cases. Normally the automatically set value of UID3 should be accepted.
Vendor Identifier, VID
A Vendor ID can be used at runtime to identify the source of the binary. It is mainly of interest for phone
manufacturers and network operators, for example when needing to restrict access to a certain service to
applications from specific vendors. Most developers have no need for a VID, and the default VID value (0)
can then be used.
