You are on page 1of 9

Python for S60: Creating applications for S60 3rd Edition devices rapidly

Deng Haiqin, Liu XiaoGuo Version 1.0

Oct. 5th, 2007

The new platform security features in S60 3rd Edition require several changes to the whole Python for S60 framework.SIS: This package contains the interpreter DLL.Introduction to the Python for S60 on S60 3rd Edition 2 Introduction This document includes the information required by developers to create applications that use Python for S60. sign the Python interpreter DLL for special purposes with bigger capabilities set. Overview of Python for S60 on S60 3rd Edition Since S60 3rd Edition. and other needed files. The script shell should not enable users to run scripts with big capability set. The purpose of the capability model is to ensure that only trusted applications are able to use certain APIs and system resources. and thus. it means it has the right to access the corresponding set of sensitive APIs to do something when process sends requests across process boundaries. which can be applied from www. it is not signed by Nokia with the same capabilities as the interpreter DLL. The installed Python application icon is visible in the device main menu. A developer can. Note: This document introduces Python for S60 on S60 3rd Edition. needs to be signed. In addition. may also enable a user to run individual Python scripts.symbiansigned. A capability. of course. which can be found in the installed “Python” application. there are two separate packages ('X' indicates version number): • PythonForS60-X_X_X_3rdEd. 2007 .com. and some advice on extending the platform. gives permission to access system sensitive resources. which is also a Python application. express signed or certified signed via test houses (described below). A fundamental concept in platform security is 'capability' which is the term used for what the running process can do in the device. if the signed interpreter DLL does not have a capability like “AllFiles”. Version 0. all the native Python extensions provided by Nokia. stand-alone installation will be walked through. The advices described here are not applicable to Python for S60 running on S60 1st or 2nd Edition. Because the Python application is seen from the device’s main menu. S60 3rd Edition can‘t be supported by Python for S60. A capability is like a token. What a Python standalone application can do is limited by the capabilities assigned to the interpreter DLL (the capabilities are listed in Section "Python application Signing and distribution”). but that discussion is outside the scope of this article. a script shell. Since a standalone Python for S60 application is not different from a native application-and runs in a separate process. This should not cause problems-.1 | January 10th. this makes Python applications no difference from any native Symbian applications ─ a user cannot tell whether this is a Python or Symbian C++ application. the DLL’s capability set is the maximum set for any Python application on S60 3rd Edition devices. For example. In essence.sis) need to be signed in order to be successfully installed onto a S60 3rd Edition device. If a process holds certain capability. when hold by a running process. the script shell. In this article. and the developers on these platforms are not affected in any way. platform security is enforced in S60 3 rd Edition devices. In other words. This means that all the Symbian installation files (. The signing could be self-signed. a Python application cannot have it either. Since there are two separate signing needs for the Python interpreter DLL and the script shell application. which means it needs to be signed if it uses some sensitive APIs. Without these can sign the script shell application with a developer certificate.

1 | January 10th. and is the entity a developer needs to sign with as many capabilities as the developer can get (for some capabilities. The maximum capability set of a Python application should not be beyond the capability set assigned to the interpreter DLL due to platform security reason. Click here (https://www. Keep in mind that the script shell is just a normal application.symbiansigned.Introduction to the Python for S60 on S60 3rd Edition 3 • S_v9. The interpreter DLL is used by all the standalone Python applications. 2007 .pdf) for an overview of the Symbian signed process and platform security. the developer can ensure that individual Python applications can access the controlled resources as freely as possible. In this case.SIS: This package contains only the script shell application and does not work without the above package. similar to the one you wrap with “py2sis” (a tool to package Python scripts to SIS package) and subject to the all the same security preconditions described earlier. developers needs to justify their business reasons to get approval from Nokia as shown in the signing section). Version 0.

Step 3: Download standard Python for S60 source distribution. Here’s an example invocation: V:\pys60-1_3_15_src\src\py2sis>signsis ball. Step 2: Install a working version of Python. and it has been signed with your own certificate.: C:\>subst V: C:\Symbian\9.python. tested with Python 2.Introduction to the Python for S60 on S60 3rd Edition 4 4 Creating a Standalone App on S60 3rd Edition • • • Step 1: Install a working version of the S60 3rd Edition C++ SDK at www. where S60 3rd Edition SDK is” at the current directory. the signed “.exe application file if Python application is released as a standalone application.4 (see http://www. It comes with “py2sis” (tested with pys60-1_4_1_src) tool that can be used to create standalone applications from your Python --uid=0x01234567 --sdk30 --caps="NetworkServices LocalServices ReadUserData WriteUserData" –leavetemp This creates a SIS output file “ball. • • Step 6: Invoke the following code ("" is the script you are packaging): V:\pys60-1_3_15_src\src\py2sis>C:\Python24\python py2sis.php?group_id=154155. The package is needed to generate an .sisx yourcert.key password where “” meanwhile at the above link. This means that e.4/). A developer may use Bluetooth/Infra-red/Memory card to deploy it onto a real device.sis” file has the extension name “. Version 0. Unzip this package to “C:\Symbian\9.sis for free. the package can be unzipped to the folder “C:\Symbian\ ball.cer yourkey. Unpack the downloaded package to a folder in PC hard disk.1\S60_3rd_MR” to drive letter “V”. see: http://sourceforge.1.g.cer” and “yourkey. The packaged Python applications are not different from native applications to a devices end” is actually an installable file for the target devices.1\S60_3rd_MR\”. After issuing the above command.1\S60_3rd_MR\pys601_3_15_src” Download “PythonForS60_1_4_1_SDK_3rdEd_ARMV5. For other versions of S60 SDK.sisx” although it does not really matter) file will be generated at the current directory. 2007 .key” are the certificate and key used for signing the application. “ball. For example.1\S60_3rd_MR The above command basically maps the directory “C:\Symbian\9. the directory may vary.1 | January an output file “ball.4.4. Step 5: py2sis also currently requires that the SDK configuration is subst'ed.src.4.sisx” (normally.1\S60_3rd_MR”. • Step 7: Sign the created packages using "SignSIS”. where S60 3rd Edition SDK is installed. For obtaining pys601. • Step 4: Unpack the Python for S60 source distribution into “C:\Symbian\9.

Version 0.1 | January 10th. 2007 .Introduction to the Python for S60 on S60 3rd Edition 5 The following section will further detail how to sign and deploy a Python application onto a S60 3rd Edition device. and the changes greatly affect the Symbian signed process and application deployment. UserEnvironment. developers need to sign their applications before installing them into a real device since the platform security restrictions are implemented in the target devices. TCB. 2) System capability set 1: SwEvent. 2007 .1 | January 10th. NetworkControl 4) Manufacturer capabilities: AllFiles. the Symbian capability has been categorized into four groups: 1) User capabilities: LocalServices. NetworkServices. needs approval from manufacturer of mobile phones Depending on capabilities used. TrustedUI. WriteDeviceData 3) System capability set 2: CommDD. Hereafter is the figure for the new Symbian signed policy: Access Capability LocalServices User ReadUserData WriteUserData NetworkServices UserEnvironment Location SwEvent System ProtServ TrustedUI PowerMgmt SurroundingsDD ReadDeviceData WriteDeviceData User Grantable Open Signed without Publisher ID Open Signed with Publisher ID Express Signed Certified Signed Symbian Signed for Nokia For testing & sales version Sales version For testing Sales version 1 Sales version CommDD System DiskAdmin MultimediaDD NetworkControl AllFiles DRM TCB 2 Manufacturer Immediate Developer Tested Device Manufactur er Immediate Upload SIS Immediate Certify on PC Immediate Developer tested Lead-time Note 1 week Test houseTested 1 week Test houseTested Figure 1: S60 Capabilities and Symbian signed From the figure. Symbian signed recently made some big changes to the Symbian signed policy. DRM. ProtServ.Introduction to the Python for S60 on S60 3rd Edition 6 Python application Signing and Distribution To execute the scripts on an S60 3rd Edition target device. there are a few ways for signing a Python application: Version 0. WriteUserdata. ReadDeviceData. SurroundingDD.symbian. The detailed information can be found at: http://developer. DiskAdmin. ReadUserData. PowerMgmt.

com. The packages generated by py2sis require you to install the 'PythonForS60X_X_X_3rdEd. 6) Symbian signed for Nokia: Any of the applications needed for pre-installation must pass Nokia test a developer needs to supply his/her email address together with the device IMEI (phone serial number) number. 2) Open signed without publisher ID: A user has to log into www. and the developer may download it from the website. The detailed information can be found at: www. This is for testing purpose and the certificate is limited by the number of IMEI contained in the certificate. 3) Open signed with publisher ID: A developer has to purchase a publisher ID first from “TC TrustCenter”. It has stricter criteria than “Certified signed”.com to upload an application .symbiansigned. the application can be signed for commercial use. the developer may send the application to one of the four named test houses in the world for detailed testing.1 | January 10th. For detailed information on Symbian signed.sis file with “SignSis” command. and the developer may download it from the website. The py2sis program allows you to package individual scripts to installable SISX packages. 4) Express signed: A developer must have a publisher ID website to login.sis file. 2007 . A developer may use “SignSis” command to sign a .symbiansigned. a developer may sign a .Introduction to the Python for S60 on S60 3rd Edition 7 1) User grantable: The compatibilities used in an application are granted at the installation time. This is for testing purpose and the signed application can only be installed onto one mobile device. a developer can get the application signed by the website. a developer may immediately get the application signed by the website. a developer is recommended to surf the website: www. When an application has been fully tested using either “Open signed” method or selfsigned method. and upload the needed files to the website. Immediately. a developer may apply for a developer certificate from www. The Python functions or modules affected by platform security are outlined below in Table 1: Function or module location. With the publisher ID.gsm_location()* Capabilities needed ReadUserData ReadDeviceData Location Self-signing Version 0. This is for commercial use.sis file. The signed application is for commercial sales.symbiansigned. The developer has to go to' in a real device. After successful uploading. When signing.symbiansigned. and the application UID has to in the unprotected range (0x80000000-0xFFFFFFFF). 5) Certified signed: A developer must have a publisher ID first. After the application has passed the test criteria from Symbian. Using the certificate.

S60 3rd Edition has introduced platform security feature in Now. a developer may use Python script language to fast develop mobile the script shell application has been separated to a new SISX file from the main Python interpreter distribution. “Programming with Python for S60 Platform ”. The change has some big impacts on the way how a developer develops an application and how an application gets tested and Version 0. no capabilities are needed. http://www. for S60 3rd Edition. More Resources 2.1 | January 10th.python. With Python for S60 in place on S60 3 rd Edition platform. “Python for S60 Platform API Reference ”.imei() Voice calls Messaging (SMS. + = Claimed by the S60 SDK. Self-signing is sufficient: • • • • • • camera e32db inbox audio socket graphics As described above. Forum Nokia. Python website. 3. but in practice self-signing is sufficient. http://www. MMS) Internet services (access to services via HTTP) ReadDeviceData+ NetworkServices OK OK * = This gives false data if the executable is not signed with the specific capabilities. If the following extensions are to the Python for S60 on S60 3rd Edition 8 contacts images sounds appointments ReadUserData WriteUserData ReadDeviceData WriteDeviceData Sysinfo. These two SISX files could be signed separately with different set of capabilities. 2007 . Forum Nokia.

googlepages.php?f=102 2007 . More 8.opensource.Introduction to the Python for S60 on S60 3rd Edition 9 4. Python link from developer. Python for S60 developer discussion board Python for S60 documentations.1 | January 10th. Version 5. Python For S60 Wiki http://wiki.