Symbian
Symbian OS Library

SYMBIAN OS V9.3

[Index] [Spacer] [Previous] [Next]



Location: e32capability.h

Enum TCapability

TCapability

Description

An enumeration that defines the set of all supported capabilities.

ECapabilityTCB

Grants write access to executables and shared read-only resources.

This is the most critical capability as it grants access to executables and therefore to their capabilities. It also grants write access to the /sys and /resource directories.

ECapabilityCommDD

Grants direct access to all communication device drivers. This includes: the EComm, Ethernet, USB device drivers etc.

ECapabilityPowerMgmt

Grants the right:

  • to kill any process in the system
  • to power off unused peripherals
  • to switch the machine into standby state
  • to wake the machine up
  • to power the machine down completely.

Note that this does not control access to anything and everything that might drain battery power.

ECapabilityMultimediaDD

Grants direct access to all multimedia device drivers.

This includes the sound, camera, video device drivers etc.

ECapabilityReadDeviceData

Grants read access to network operator, phone manufacturer and device confidential settings or data.

For example, the pin lock code, the list of applications that are installed.

ECapabilityWriteDeviceData

Grants write access to settings that control the behaviour of the device.

For example, device lock settings, system time, time zone, alarms, etc.

ECapabilityDRM

Grants access to protected content.

DRM (Digital Rights Managment) agents use this capability to decide whether or not an application should have access to DRM content. Applications granted DRM are trusted to respect the rights associated with the content.

ECapabilityTrustedUI

Grants the right to create a trusted UI session, and therefore to display dialogs in a secure UI environment.

Trusted UI dialogs are rare. They must be used only when confidentiality and security are critical; for example, for password dialogs.

Normal access to the user interafce and the screen does not require this capability.

ECapabilityProtServ

Grants the right to a server to register with a protected name.

Currently, protected names start with a "!" character. The kernel prevents servers without this capability from using such a name, and therefore prevents protected servers from being impersonated.

ECapabilityDiskAdmin

Grants access to disk adminstration operations that affect more than one file or one directory (or overall filesystem integrity/behaviour, etc).

For examples, reformatting a disk partition.

ECapabilityNetworkControl

Grants the right to modify or access network protocol controls.

Typically when an action can change the behaviour of all existing and future connections, it should be protected by this capability.

For example, forcing all existing connections on a specific protocol to be dropped, or changing the priority of a call.

ECapabilityAllFiles

Grants read access to the entire file system; grants write access to the private directories of other processes.

This capability is very strictly controlled and should rarely be granted.

ECapabilitySwEvent

Grants the right to generate software key & pen events, and to capture any of them regardless of the status of the application.

Note that after obtaining the focus, normal applications do not need this capability to be dispatched key and pen events.

ECapabilityNetworkServices

A user capability that grants access to remote services without any restriction on its physical location.

Typically, such a location is unknown to the phone user, and such services may incur cost for the phone user.

Voice calls, SMS, and internet services are good examples of such network services. They are supported by GSM, CDMA and all IP transport protocols including Bluetooth profiles over IP.

ECapabilityLocalServices

A user capability that grants access to remote services in the close vicinity of the phone.

The location of the remote service is well-known to the phone user, and in most cases, such services will not incur cost for the phone user.

ECapabilityReadUserData

A user capability that grants read access to data that is confidential to the phone user.

This capability supports the management of the user's privacy.

Typically, contacts, messages and appointments are always seen user confidential data.

ECapabilityWriteUserData

A user capability that grants write access to user data.

This capability supports the management of the integrity of user data.

Note that this capability is not symmetric with the ECapabilityReadUserData capability. For example, you may want to prevent rogue applications from deleting music tracks but you may not want to restrict read access to them.

ECapabilityLocation

A user capability that grants access to the location of the device.

This capability supports the management of the user's privacy with regard to the phone location.

ECapabilitySurroundingsDD

Grants access to logical device drivers that provide input information about the surroundings of the device.

Good examples of drivers that require this capability would be GPS and bionetrics device drivers. For complex multimedia logical device drivers that provide both input and output functions, such as Sound device driver, the MultimediaDD capability should be used if it is too difficult to separate the input from the ouput calls at its API level.

ECapabilityUserEnvironment

Grants access to live confidential information about the user and his/her immediate environment. This capability protect the user's privacy.

Examples are audio, picture and video recording, biometrics (such as blood pressure) recording.

Please note that the location of the device is excluded from this capability. The protection of this is achieved by using the dedicated capability Location

ECapability_None

Special value used to specify 'do not care' or 'no capability'.

ECapability_Denied

Special value used to indicate a capability that is never granted.