This document describes how to handle signing of native Symbian™ OS v9 applications for Sony Ericsson phones. The document is intended for developers of UIQ™ 3 C++ applications who want insight in the implications of Symbian Platform Security (PlatSec) on the deployment and installation of applications in these phones.
Sony Ericsson also offers technical support services to professional developers. For more information about these professional services, visit the Sony Ericsson Developer World website. Document conventions Products Sony Ericsson mobile phones are referred to in this document using generic names as follows: Generic names Sony Ericsson mobile phones Series...
Typographical conventions Code is written in Courier font, for example: TInt CCamera::CamerasAvailable() Trademarks and acknowledgements Symbian, Symbian OS, UIQ Technologies, UIQ and other Symbian marks are all trademarks of Symbian Ltd. Other product and company names mentioned herein may be the trademarks of their respective owners. Document history Change history 2006-05-10...
Developers guidelines Signing applications Symbian OS v9 security architecture This chapter gives a general overview of the Symbian OS v9 security features as implemented in Sony Ericsson mobile phones. October 2006...
Developers guidelines Signing applications Introduction Symbian OS version 9.x is specifically intended for mid-range phones to be produced in large numbers of units. The open development platform, featuring many new key technologies, offers large opportunities for ISVs (Independent Software Vendors) to find markets for their products. Introduction of new functionality, such as DRM (Digital Rights Management), Device Management and enhanced networking functionality, has required changing of the Symbian OS core to support vital secu- rity concepts such as data protection or “caging”...
Identifiers Symbian OS v9 Platform Security also requires that applications can be uniquely identified and strictly classified to reflect their PlatSec level of trust. For example, signed and unsigned application are clearly separated by having UID values in separated value ranges. Unique Identifiers, UIDs In Symbian OS, objects are identified by three 32 bit globally unique identifiers, referred to as UID1, UID2 and UID3.
IF a VID value other than 0 is to be used, it is specified in the .MMP file of the application. VID values must not be specified for unsigned applications. Data caging Data caging has been introduced in Symbian OS v9 to prevent one application to overwrite data belong- ing to another application.
Note: Sony Ericsson strongly recommends users only to install signed applications in their phones and only allows signed applications to be distributed through its official sales channels, thus encouraging developers who want to market their applications for wide use with Sony Ericsson phones, always to favour signed applications before unsigned.
Page 12
The highest level of trust is required for applications that may have an impact on the functionality of the device. The only way for an application to have access to these capabilities is through a “channeled” signing procedure which involves approval by Sony Ericsson. Basic Capabilties •...
Developers guidelines Signing applications Developer certificates As a consequence of the Symbian OS v9 enhanced platform security, applications that require access to restricted APIs can not be installed on targeted devices before they have been signed, which in turn makes it impossible to test applications on real mobile phones during the development process. To take care of this, special developer certificates can be achieved via the Symbian Signed programme.
Developers guidelines Signing applications Symbian OS v9 application signing This chapter describes the practical implications of Symbian OS v9 platform security and the steps devel- opers need to take during development of Symbian Signed applications. October 2006...
• Sony Ericsson, Nokia and several major operators and service providers, only allow applications that have passed the Symbian Signed programme to be exposed via their application shops.
Page 16
Note that an application can only be granted rights to exactly the capabilities in a set that it actually requires. When sending an application for signing, all requested capabilities must be declared for the application to be approved.The following tables list all capabilities and describe in general terms what functionalities each capability may grant to applications Basic capabilities LocalServices...
Page 17
WriteDeviceData Grants write access to sensitive system data. SWEvent Grants read access to confidential system data. System data that is not confidential does not need to be protected by this capability. ProtServ Grants the right to a server to register with a pro- tected name.
UIQ 3 SDK documentation. For examples on how to avoid using restricted APIs, specifically in the phone manufacturer capability set, please refer to the following article on the Tips and tricks section on Sony Ericsson Developer World: http://developer.sonyericsson.com/site/global/techsupport/tipstrickscode/symbian/ p_avoid_restricted_apis.jsp...
Developers guidelines Signing applications *”<path>\<My_Private_Key>.key”, “<path>\<My_Cert>.cer” [,KEY=”<My_PrivateKey_Pwd>] for example, *”files\devcert2.key”,”files\devcert2.cer”,KEY=”password” MakeSis is run with the modified .pkg file create the .SIS file prepared for signing, and finally SignSis does the signing. An alternate signing method is to omit the extra line in the .pkg file, create the .SIS file with MakeSis and finally use SignSis with parameters for the signing keys, for example: signsis ?s app.sis app_signed.sis acs_id.cer private.key Symbian Signed portal account registration...
Page 20
In Symbian OS v9, UID ranges have been changed compared to earlier OS versions. The following table lists UID ranges to be allocated Symbian APP, EXE or DLL files of different categories. UID classes 0-9 (range 0x00000000 – 0x9FFFFFFF) are referred to as the protected range, and classes A-F (range 0xA0000000 –...
When logged in on the Symbian Signed portal, UIDs allocated to the account can be viewed by clicking “View UIDs” in the left navigation bar. ACS publisher ID Having an application Symbian Signed requires an ACS publisher ID, either owned by the developer or by a publisher certifier.
Page 22
Requesting a developer certificate Developer certificates can only be retrieved via the Symbian Signed portal by registered users. The proc- ess for retrieving a Sony Ericsson approved developer certificate is slightly different than otherwise, and is described below. Developers guidelines 1-20 •...
Page 23
Personal information • Phone capabilities request. (check 'Enable Phone Manufacturer Capabilities' box to pick from the restricted APIs list. • Select 'Sony Ericsson' as phone manufacturer • Information about the Phone Manufacturer DevCert • Developer contact details • Request details (IMEIs, business reasons for requiring access to restricted APIs.
Page 24
3. From the “Request Devcert” page in the Symbian Signed portal, click the link “Request Phone Manu- facturer Approved DevCert”. This will start a workflow that is slightly different from the one where approval from Sony Ericsson is not required. After selecting Sony Ericsson as phone manufacturer, the following information has to be entered: •...
4. Upload the .csr file. When uploaded, the request is forwarded to Sony Ericsson, where a steering group reviews the request. Their decision is communicated to the developer via Symbian Signed. 5. When approved, the developer certificate can be viewed and checked and that its capabilities and IMEIs are the requested via login to the Symbian Signed account.
Page 26
6. The developer can login to the Symbian Signed account and download the signed application. The Sony Ericsson channel certification path As mentioned above, an application needing approval from Sony Ericsson to be signed, has to go through an extended signing process to be Symbian Signed. Here is an overview of the process: 1.
Page 27
3. Sony Ericsson grants the developer access to a login protected Sony Ericsson channel certifier web page on the Symbian Signed website. Via this page the developer can submit the application for test- ing against the Symbian Signed criteria as well as the Sony Ericsson specific criteria.
Developers guidelines Signing applications Functions listed by capability In the list, text within curly brackets { } indicates other capabilities that the function is associated with. The text “Dependent” in curly brackets indicates that the association with the capability is conditional. Capability: AllFiles CFileMan::Copy(const TDesC &,const TDesC &,TUint);{Dependent} CFileMan::Copy(const TDesC &,const TDesC &,TUint,TRequestStatus &);{Dependent}...