os/security/securityanddataprivacytools/securitytools/certapp/store--/e32capability.h
2 * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
15 * e32\include\e32capability.h
16 * Platform security capability definitions
17 * Used by both source code and tools
18 * This file can be directly included into C++ tools such as ROMBUILD to allow
19 * capabilities to be specified by name. To do the same for MAKMAKE (in MMP
20 * files) some perl code will be needed to parse this file and extract the
21 * capability names and values.
26 #ifndef __E32CAPABILITY_H__
27 #define __E32CAPABILITY_H__
35 An enumeration that defines the set of all supported capabilities.
41 Grants write access to executables and shared read-only resources.
43 This is the most critical capability as it grants access to executables and
44 therefore to their capabilities. It also grants write access to
45 the /sys and /resource directories.
51 Grants direct access to all communication device drivers. This includes:
52 the EComm, Ethernet, USB device drivers etc.
54 ECapabilityCommDD = 1,
60 - to kill any process in the system
61 - to power off unused peripherals
62 - to switch the machine into standby state
63 - to wake the machine up
64 - to power the machine down completely.
66 Note that this does not control access to anything and everything
67 that might drain battery power.
69 ECapabilityPowerMgmt = 2,
73 Grants direct access to all multimedia device drivers.
75 This includes the sound, camera, video device drivers etc.
77 ECapabilityMultimediaDD = 3,
81 Grants read access to network operator, phone manufacturer and device
82 confidential settings or data.
84 For example, the pin lock code, the list of applications that are installed.
86 ECapabilityReadDeviceData = 4,
90 Grants write access to settings that control the behaviour of the device.
92 For example, device lock settings, system time, time zone, alarms, etc.
94 ECapabilityWriteDeviceData = 5,
98 Grants access to protected content.
100 DRM (Digital Rights Management) agents use this capability to decide whether
101 or not an application should have access to DRM content.
102 Applications granted DRM are trusted to respect the rights associated
109 Grants the right to create a trusted UI session, and therefore to display
110 dialogs in a secure UI environment.
112 Trusted UI dialogs are rare. They must be used only when confidentiality
113 and security are critical; for example, for password dialogs.
115 Normal access to the user interface and the screen does not require
118 ECapabilityTrustedUI = 7,
122 Grants the right to a server to register with a protected name.
124 Currently, protected names start with a "!" character. The kernel prevents
125 servers without this capability from using such a name, and therefore
126 prevents protected servers from being impersonated.
128 ECapabilityProtServ = 8,
132 Grants access to disk administration operations that affect more than one
133 file or one directory (or overall filesystem integrity/behaviour, etc).
135 For examples, reformatting a disk partition.
137 ECapabilityDiskAdmin = 9,
141 Grants the right to modify or access network protocol controls.
143 Typically when an action can change the behaviour of all existing and
144 future connections, it should be protected by this capability.
146 For example, forcing all existing connections on a specific protocol
147 to be dropped, or changing the priority of a call.
149 ECapabilityNetworkControl = 10,
153 Grants read access to the entire file system; grants write access to
154 the private directories of other processes.
156 This capability is very strictly controlled and should rarely be granted.
158 ECapabilityAllFiles = 11,
162 Grants the right to generate software key & pen events, and to capture any
163 of them regardless of the status of the application.
165 Note that after obtaining the focus, normal applications do not need this
166 capability to be dispatched key and pen events.
168 ECapabilitySwEvent = 12,
172 A user capability that grants access to remote services without any
173 restriction on its physical location.
175 Typically, such a location is unknown to the phone user, and such services
176 may incur cost for the phone user.
178 Voice calls, SMS, and internet services are good examples of
179 such network services. They are supported by GSM, CDMA and all IP transport
180 protocols including Bluetooth profiles over IP.
182 ECapabilityNetworkServices = 13,
186 A user capability that grants access to remote services in the close
187 vicinity of the phone.
189 The location of the remote service is well-known to the phone user, and in
190 most cases, such services will not incur cost for the phone user.
192 ECapabilityLocalServices = 14,
196 A user capability that grants read access to data that is confidential to
199 This capability supports the management of the user's privacy.
201 Typically, contacts, messages and appointments are always seen user
204 ECapabilityReadUserData = 15,
208 A user capability that grants write access to user data.
210 This capability supports the management of the integrity of user data.
212 Note that this capability is not symmetric with the ECapabilityReadUserData
213 capability. For example, you may want to prevent rogue applications from
214 deleting music tracks but you may not want to restrict read access to them.
216 ECapabilityWriteUserData = 16,
220 A user capability that grants access to the location of the device.
222 This capability supports the management of the user's privacy with regard
223 to the phone location.
225 ECapabilityLocation = 17,
229 Grants access to logical device drivers that provide input information about
230 the surroundings of the device.
232 Good examples of drivers that require this capability would be GPS and biometrics
233 device drivers. For complex multimedia logical device drivers that provide both
234 input and output functions, such as Sound device driver, the MultimediaDD
235 capability should be used if it is too difficult to separate the input from the
236 output calls at its API level.
238 ECapabilitySurroundingsDD = 18,
242 Grants access to live confidential information about the user and his/her
243 immediate environment. This capability protect the user's privacy.
245 Examples are audio, picture and video recording, biometrics (such as blood
248 Please note that the location of the device is excluded from this capability.
249 The protection of this is achieved by using the dedicated capability Location
251 ECapabilityUserEnvironment = 19,
254 ECapability_Limit, /**< @internalTechnology */
256 ECapability_HardLimit = 255, /**< @internalTechnology */
258 ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/
260 ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */
264 /** Define this macro to reference the names of the capabilities. This is here so
265 that ROMBUILD can accept capability names.
267 #ifdef __REFERENCE_CAPABILITY_NAMES__
269 extern const char* const CapabilityNames[ECapability_Limit];
271 #endif // __REFERENCE_CAPABILITY_NAMES__
273 /** Define this macro to include the names of the capabilities. This is here so
274 that ROMBUILD can accept capability names.
276 #ifdef __INCLUDE_CAPABILITY_NAMES__
278 /** List of names of all supported capabilities
279 Must be in the same order as the enumerators in TCapability
282 extern const char* const CapabilityNames[ECapability_Limit] =
306 #endif // __INCLUDE_CAPABILITY_NAMES__
308 #endif // __E32CAPABILITY_H__