I asked a colleague about what should I write in my first blog. He replied “Something positive”. But then again he was getting something positive to his cup – fresh coffee on Monday morning, I guess that’s where the analogue came from.

Last week we solved a case in a way that I felt positive. The developer was asking for AllFiles capability for their application in order to search the Messaging Inbox for a specific message. Fortunately it is not needed, there is a class called CMsvEntry in the messaging framework. That makes it possible to access the inbox. For searching stuff there is the CMsvFindOperation-class.

I was very happy about this as when creating applications to S60 3^rd edition you should be very cautious about which capabilities the application has. Out of the 20 capabilities out there seven has been determined to be sensitive. That in a sense that those are needed mostly to specific applications only (DiskAdmin), they provide access to device drivers (CommDD, MultimediaDD), access to sensitive areas of the system (AllFiles, TCB, DRM) or provide more comprehensive access to certain features (NetworkControl). The need for being cautious comes from looking at the Platform Security from security perspective, if you have not considered the application architecture properly the application may provide access for malware to access the system. What a nightmare – my application is known to provide access to the system features for hackers.

Sure some applications require the seven capabilities, but not quite many. Antivirus and device encryption applications need TCB and few others. I think an IP Security solution would need CommDD. Then we have these cases where the application needs loads of capabilities just because of its nature. MTM’s (Message Type Module), FEP’s (Front End Process) and Browser Plug-ins are good example of such. Each requires All-TCB (All capabilities except TCB). MultimediaDD and NetworkControl are such capabilities, where I think the most innovative surprises will come in. And I now mean “Cool!” kind of stuff. Getting five of the seven capabilities is getting more straightforward from today onwards (not TCB/DRM). My colleagues in Symbian are planning to update the Capability Request form tomorrow. The idea is to receive more details of the application and the use of the capabilities. Naturally our concern is to see that the use of the sensitive capabilities is justified and there would not be any security holes. 

One way of limiting the risks is to limit the “spread” of the sensitive capabilities to minimum. Take the function requiring anything sensitive and package it to a separate part of the application which goes to an embedded SIS. That should help. I hope to see some more security related material for developers later this yer. However the more difficult part is to figuring out which capabilities the application requires. Currently we have the epocwind.out log file in the emulator (see the www.forum.nokia.com/platformsecurity FAQ for more) to see which capabilities does the application really need. But I feel we need more. At least the log is full of other stuff as well, so a simple view should do the job. In my mind we also need the source code checker as well, check the code as see which capabilities are needed type of solution. Both of these solutions would support each other. But those of you who are reading the S60 blogs (blogs.s60.com) know that we are planning such. Hopefully next time when I’m blogging I can write more about that and how we are proceeding there.