RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


New Platform Security Tweaks Nokia's Python for S60 Application Development

Find out how the new platform security features affect Python for S60, what your development options will be, and how to perform native extending.

he new platform security features in S60 3rd Edition required several changes to the whole Python for S60 framework. Without these modifications, S60 3rd Edition can't be supported by Python for S60. Find out how the new platform security features affect Python for S60, what your development options will be, and how to perform native extending.

This article will walk you through a stand-alone installation. In essence, this type of installation makes Python applications no different from any native Symbian applications—a user cannot tell whether the app is Python or C++, though it is visible in the device main menu. You'll also use a script shell, visible in the device menu, that enables a user to run individual Python scripts.

Author's Note: This article introduces Python for S60 on S60 3rd Edition. The process described is not applicable to Python for S60 running on either S60 1st or 2nd Editions and the developers using these platforms are not affected in any way.

About Python for S60 3rd Edition
The biggest change in S60 3rd Edition is that platform security is enforced in S60 3rd Edition devices. This means you must sign all your installed Symbian installation files (SISX files) in order to guarantee successful installation.

A fundamental concept in S60 3rd Edition platform security is 'capability,' which defines a running process's functionality within the device. A capability is like a token—when a process sends requests across process boundaries to access a corresponding set of sensitive APIs to perform a function, the capability grants the permission. The purpose of the capability model is to ensure that only trusted applications are able to use certain APIs and system resources.

Since a standalone Python for S60 application is no different from a native application—and runs in a separate process—it needs to be signed if it uses controlled APIs or isdistributed via a SISX package.

What a Python standalone application is able to do will be limited by the capabilities assigned to the interpreter DLL (these capabilities are listed later in the section "Signing and Distribution").

The DLL's capability set is the maximum set for any Python application on S60 3rd Edition devices. For example, if the signed interpreter DLL does not possess a capability, say AllFiles, the Python application cannot have it either. You can, of course, sign the Python interpreter DLL for special purposes with larger capabilities sets, but that discussion is outside the scope of this article.

Because the Python application is seen from the device's main menu, the script shell (which is also a Python application) needs to be signed. The script shell should not enable users to run scripts with large capabilities and thus, it is not signed by Nokia with the same capabilities as the interpreter DLL. This shouldn't cause problems—lyou can sign the script shell application with a developer certificate. Click here to find out how to obtain a developer certificate. Due to separate signing needs for the interpreter DLL and the script shell application, there are two separate packages ('X' indicates version number):

  • PythonForS60-X_X_X_3rded.SIS: This package contains the interpreter DLL, all the Nokia-provided native Python extensions, and other needed files.
  • PythonScriptShell-X_X_X_3rded.SIS: This package contains only the script shell application and does not work without the above package.
Keep in mind that the script shell is just a normal application, similar to the one you wrap with py2sis (a tool for packaging Python scripts to SIS packages) and is subject to the all the same security preconditions listed earlier. The interpreter DLL is used by all the standalone Python applications and is the entity you need to sign with as many capabilities as you can get (for some capabilities, you'll need to justify your business reasons to get approval from Nokia, as shown in the signing section). This assures you that your individual Python applications will be able to access the controlled resources as freely as possible. Remember: the maximum capability set of a Python application should not be beyond the capability set assigned to the interpreter DLL (this is due to platform security reasons).

Author's Note: The script shell Python application visible in the device main menu has nothing to do with other standalone Python applications (i.e. there are no logical or conceptual dependencies).

Click here for an overview of the Symbian signed process and platform security.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date