从Symbian 9开始平台安全性的问题被引入，这意味着，硬件设备只能有限的访问安全的数据和软件。

因此在S60第三版和UIQ3的设备上，开发者开发的程序需要一些授权才能够访问平台。这种授权被称之为能力。这些能力被定义为授权应用，因为某个API被限制使用，除非能力（capability ）授予该程序使用这些属性。

这里有3种主要的能力：
1. TCB（底层处理信任）
2. USER（用户层）
3. 系统能力


TCB : "底层处理信任（Trusted computing Base ）"

它由一些底层的系统属性组成，像文件系统中的目录。这些能力（Capabilities）是不授予第三方应用程序的，他们只被授权给平台的制造商。

TCB包括操作系统的核心，文件服务和存储器管理单元等等。

USER（用户层）

网络服务：打电话、发短信、访问远程服务。

本地服务：这个能力包括：通过USB、红外、蓝牙设备发送和接受信息

读取用户数据：授权读取用户信息。系统服务和应用程序引擎就是这个级别。

写用户数据：授权写用户数据，同读取的服务一致。

区域：授权访问手机的某个区域。

用户环境：授权访问关于用户和环境的保密信息

系统能力（System Cabability）

These API’s under these capbilities has access to sensitive parts of the machine which due programatical errors may corrupt the phone’s Software and hardware. So these capabilities are granted only after symbian signed which after testing is done.

ALLFiles,SwEvent,WriteDeviceData,PowerMgmt,Drm, etc.

如何赋予能力

可以在MMP文件中，使用CAPABILITY 关键字来赋予能力


或者


在项目中，我们可以通过相应的API可以使用相关的能力，例如：DataFileSave() 可以调用WriteDeviceData WriteUserData能力

The Platform Security was introduced from Symbian V9.0, this means proividing security to the user data and software, hardware of the machine by restricted / controlled access to them.

So the Symbian Developers requires some privileges to access the platform for their applications developed for the S60 3rd Edition (or UIQ3) devices. These privileges are name Capabilities. These capabilities are defined for signed applications, because certain APIs are restricted to use unless the capability is granted before the application uses the feature.

The Three broad Capabilities are 1) TCB 2) USER 3) System Capability

TCB : "Trusted computing Base "
The components with these capability have access to sensible system features, like private directories on the file systems. These capabilities are generally not granted to third party applications and requires an agreement with the phone or platform manufacturer to have them.

The TCB includes Operating System kernel,file server ,MMU etc.

User
NetworkServices: dialing a number or sending a text message and accessing the remote services.

LocalServices: This capability is for sending or receiving information through USB, IR, and point-to-point Bluetooth profiles.

ReadUserData : Grants read access to user data. System servers and application engines are free to grant this restriction level to their data.

WriteUserData : Grants write access to user data. Again, system servers and application engines are free to grant this restriction level to their data.

Location : Grants access to the location of the phone.

UserEnvironment: Grants access to live confidential information about the user and his/her immediate environment.

System Cabability:
These API’s under these capbilities has access to sensitive parts of the machine which due programatical errors may corrupt the phone’s Software and hardware. So these capabilities are granted only after symbian signed which after testing is done.

ALLFiles,SwEvent,WriteDeviceData,PowerMgmt,Drm, etc.

How to assign capabilities:
The capabilites are assigned in MMP file using CAPABILITY keyword.


or


it means all capabilites are included except AllFiles and Drm

Depending on our application and depending on what are the API’s we are using in our application demands the capabilities required in our Project .

for E.g: DataFileSave() requires capability WriteDeviceData and WriteUserData

【原文地址】

[ Last edited by  Lee at 26-3-2007 20:15 ]