Python for S60: Creating

applications for S60 3rd

Edition devices rapidly

Deng Haiqin, Liu XiaoGuo

Version 1.0
Oct. 5th, 2007
 Introduction to the Python for S60 on S60 3rd Edition 2

Introduction
This document includes the information required by developers to create applications
that use Python for S60, and some advice on extending the platform.

The new platform security features in S60 3rd Edition require several changes to the
whole Python for S60 framework. Without these modifications, S60 3rd Edition can‘t be
supported by Python for S60.

In this article, stand-alone installation will be walked through. In essence, this makes
Python applications no difference from any native Symbian applications ─ a user cannot
tell whether this is a Python or Symbian C++ application. The installed Python
application icon is visible in the device main menu. In addition, a script shell, which can
be found in the installed “Python” application, may also enable a user to run individual
Python scripts.

Note: This document introduces Python for S60 on S60 3rd Edition. The advices
described here are not applicable to Python for S60 running on S60 1st or 2nd Edition,
and the developers on these platforms are not affected in any way.

Overview of Python for S60 on S60 3rd Edition

Since S60 3rd Edition, platform security is enforced in S60 3 rd Edition devices. This
means that all the Symbian installation files (.sis) need to be signed in order to be
successfully installed onto a S60 3rd Edition device. The signing could be self-signed,
express signed or certified signed via test houses (described below). A fundamental
concept in platform security is 'capability' which is the term used for what the running
process can do in the device. A capability, when hold by a running process, gives
permission to access system sensitive resources. A capability is like a token. If a
process holds certain capability, it means it has the right to access the corresponding set
of sensitive APIs to do something when process sends requests across process
boundaries. The purpose of the capability model is to ensure that only trusted
applications are able to use certain APIs and system resources.

Since a standalone Python for S60 application is not different from a native application--
and runs in a separate process, which means it needs to be signed if it uses some
sensitive APIs.

What a Python standalone application can do is limited by the capabilities assigned to

the interpreter DLL (the capabilities are listed in Section "Python application Signing
and distribution”). In other words, the DLL’s capability set is the maximum set for any
Python application on S60 3rd Edition devices. For example, if the signed interpreter DLL
does not have a capability like “AllFiles”, a Python application cannot have it either. A
developer can, of course, sign the Python interpreter DLL for special purposes with
bigger capabilities set, but that discussion is outside the scope of this article.

Because the Python application is seen from the device’s main menu, the script shell,
which is also a Python application, needs to be signed. The script shell should not
enable users to run scripts with big capability set, and thus, it is not signed by Nokia with
the same capabilities as the interpreter DLL. This should not cause problems-- you can
sign the script shell application with a developer certificate, which can be applied from
www.symbiansigned.com. Since there are two separate signing needs for the Python
interpreter DLL and the script shell application, there are two separate packages ('X'
indicates version number):

• PythonForS60-X_X_X_3rdEd.SIS: This package contains the interpreter DLL,

all the native Python extensions provided by Nokia, and other needed files.

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 3

• PythonScriptShell-X_X_X_3rdEd.SIS: This package contains only the script

shell application and does not work without the above package.

Keep in mind that the script shell is just a normal application, similar to the one you wrap
with “py2sis” (a tool to package Python scripts to SIS package) and subject to the all
the same security preconditions described earlier. The interpreter DLL is used by all the
standalone Python applications, and is the entity a developer needs to sign with as many
capabilities as the developer can get (for some capabilities, developers needs to justify
their business reasons to get approval from Nokia as shown in the signing section). In
this case, the developer can ensure that individual Python applications can access the
controlled resources as freely as possible. The maximum capability set of a Python
application should not be beyond the capability set assigned to the interpreter DLL due
to platform security reason.

Click here
(https://www.symbiansigned.com/How_has_Symbian_Signed_evolved_with_Symbian_O
S_v9.pdf) for an overview of the Symbian signed process and platform security.

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 4

4 Creating a Standalone App on S60 3rd Edition

• Step 1: Install a working version of the S60 3rd Edition C++ SDK at
www.forum.nokia.com for free.

• Step 2: Install a working version of Python, tested with Python 2.4.4 (see
http://www.python.org/download/releases/2.4.4/).

• Step 3: Download standard Python for S60 source distribution. It comes with
“py2sis” (tested with pys60-1_4_1_src) tool that can be used to create standalone
applications from your Python scripts. The packaged Python applications are not
different from native applications to a devices end user. For obtaining pys60-
1.4.1.src, see: http://sourceforge.net/project/showfiles.php?group_id=154155.

Unpack the downloaded package to a folder in PC hard disk. For example, the
package can be unzipped to the folder “C:\Symbian\9.1\S60_3rd_MR\pys60-
1_3_15_src”

Download “PythonForS60_1_4_1_SDK_3rdEd_ARMV5.zip” meanwhile at the

above link. The package is needed to generate an .exe application file if Python
application is released as a standalone application. Unzip this package to
“C:\Symbian\9.1\S60_3rd_MR”, where S60 3rd Edition SDK is installed.

• Step 4: Unpack the Python for S60 source distribution into

“C:\Symbian\9.1\S60_3rd_MR\”, where S60 3rd Edition SDK is installed. For other
versions of S60 SDK, the directory may vary.

• Step 5: py2sis also currently requires that the SDK configuration is subst'ed. This
means that e.g.:
C:\>subst V: C:\Symbian\9.1\S60_3rd_MR

The above command basically maps the directory “C:\Symbian\9.1\S60_3rd_MR”

to drive letter “V”.

• Step 6: Invoke the following code ("ball.py" is the script you are packaging):
V:\pys60-1_3_15_src\src\py2sis>C:\Python24\python py2sis.py
ball.py --uid=0x01234567 --sdk30 --caps="NetworkServices
LocalServices ReadUserData WriteUserData" –leavetemp

This creates a SIS output file “ball.sis” at the current directory.

• Step 7: Sign the created packages using "SignSIS”. Here’s an example invocation:
V:\pys60-1_3_15_src\src\py2sis>signsis ball.sis ball.sisx
yourcert.cer yourkey.key password

where “yourcert.cer” and “yourkey.key” are the certificate and key used for
signing the application. After issuing the above command, an output file “ball.sisx”
(normally, the signed “.sis” file has the extension name “.sisx” although it does not
really matter) file will be generated at the current directory, and it has been signed
with your own certificate. “ball.sisx” is actually an installable file for the target
devices. A developer may use Bluetooth/Infra-red/Memory card to deploy it onto a
real device.

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 5

The following section will further detail how to sign and deploy a Python application
onto a S60 3rd Edition device.

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 6

Python application Signing and Distribution

To execute the scripts on an S60 3rd Edition target device, developers need to sign their
applications before installing them into a real device since the platform security
restrictions are implemented in the target devices.

Symbian signed recently made some big changes to the Symbian signed policy, and the
changes greatly affect the Symbian signed process and application deployment. The
detailed information can be found at: http://developer.symbian.com/main/signed/.
Hereafter is the figure for the new Symbian signed policy:

Access User Open Signed Open Signed Express Certified Symbian

without with Publisher ID Signed for
Capability Grantable Signed Signed
Publisher ID Nokia

LocalServices
For testing

User
version
& sales

ReadUserData
WriteUserData

Sales version
NetworkServices
For testing

UserEnvironment

Sales version
Location
SwEvent System 1

Sales version
ProtServ
TrustedUI
PowerMgmt
SurroundingsDD
ReadDeviceData
WriteDeviceData

CommDD
System 2
DiskAdmin
MultimediaDD
NetworkControl

AllFiles Device
DRM Manufacturer Manufactur
TCB er

Lead-time Immediate Immediate Immediate Immediate 1 week 1 week

Note Certify on PC Developer tested Test houseTested Test houseTested

Developer Tested Upload SIS

Figure 1: S60 Capabilities and Symbian signed

From the figure, the Symbian capability has been categorized into four groups:

1) User capabilities: LocalServices, ReadUserData, WriteUserdata,

NetworkServices, UserEnvironment.

2) System capability set 1: SwEvent, ProtServ, TrustedUI, PowerMgmt,

SurroundingDD, ReadDeviceData, WriteDeviceData

3) System capability set 2: CommDD, DiskAdmin, MultimediaDD,

NetworkControl

4) Manufacturer capabilities: AllFiles, DRM, TCB, needs approval from

manufacturer of mobile phones

Depending on capabilities used, there are a few ways for signing a Python application:

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 7

1) User grantable: The compatibilities used in an application are granted at the

installation time, and the application UID has to in the unprotected range
(0x80000000-0xFFFFFFFF). A developer may use “SignSis” command to sign a
.sis file.

2) Open signed without publisher ID: A user has to log into

www.symbiansigned.com to upload an application .sis file. After successful
uploading, a developer may immediately get the application signed by the
website, and the developer may download it from the website. This is for testing
purpose and the signed application can only be installed onto one mobile device.
When signing, a developer needs to supply his/her email address together with
the device IMEI (phone serial number) number.

3) Open signed with publisher ID: A developer has to purchase a publisher ID

first from “TC TrustCenter”. With the publisher ID, a developer may apply for a
developer certificate from www.symbiansigned.com. Using the certificate, a
developer may sign a .sis file with “SignSis” command. This is for testing
purpose and the certificate is limited by the number of IMEI contained in the
certificate.

4) Express signed: A developer must have a publisher ID first. The developer has
to go to www.symbiansigned.com website to login, and upload the needed files
to the website. Immediately, a developer can get the application signed by the
website, and the developer may download it from the website. The signed
application is for commercial sales.

5) Certified signed: A developer must have a publisher ID first. When an

application has been fully tested using either “Open signed” method or self-
signed method, the developer may send the application to one of the four named
test houses in the world for detailed testing. After the application has passed the
test criteria from Symbian, the application can be signed for commercial use.

6) Symbian signed for Nokia: Any of the applications needed for pre-installation
must pass Nokia test criteria. It has stricter criteria than “Certified signed”. The
detailed information can be found at: www.symbiansigned.com. This is for
commercial use.

For detailed information on Symbian signed, a developer is recommended to surf the

website: www.symbiansigned.com.

The py2sis program allows you to package individual scripts to installable SISX
packages. The packages generated by py2sis require you to install the 'PythonForS60-
X_X_X_3rdEd.SIS' in a real device.

The Python functions or modules affected by platform security are outlined below in
Table 1:

Function or module Capabilities needed Self-signing

location.gsm_location()* ReadUserData

ReadDeviceData

Location

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 8

contacts appointments ReadUserData

images WriteUserData

sounds ReadDeviceData

WriteDeviceData

Sysinfo.imei() ReadDeviceData+ OK

Voice calls NetworkServices OK

Messaging (SMS, MMS)

Internet services (access to
services via HTTP)

* = This gives false data if the executable is not signed with the specific capabilities.

+ = Claimed by the S60 SDK, but in practice self-signing is sufficient.

If the following extensions are used, no capabilities are needed. Self-signing is sufficient:

• camera

• e32db

• inbox

• audio

• socket

• graphics

As described above, S60 3rd Edition has introduced platform security feature in platform.
The change has some big impacts on the way how a developer develops an application
and how an application gets tested and deployed. Now, for S60 3rd Edition, the script
shell application has been separated to a new SISX file from the main Python interpreter
distribution. These two SISX files could be signed separately with different set of
capabilities. With Python for S60 in place on S60 3 rd Edition platform, a developer may
use Python script language to fast develop mobile applications.

More Resources
1. Python website, http://www.python.org

2. Forum Nokia, http://www.forum.nokia.com, “Python for S60 Platform API

Reference ”;

3. Forum Nokia, http://www.forum.nokia.com, “Programming with Python for S60

Platform ”;

Version 0.1 | January 10th, 2007

 Introduction to the Python for S60 on S60 3rd Edition 9

4. Python For S60 Wiki

http://wiki.opensource.nokia.com/projects/Python_for_S60

5. Python for S60 developer discussion board

http://discussion.forum.nokia.com/forum/forumdisplay.php?f=102

6. More information, http://ww.forum.nokia.com

7. Python for S60 documentations,

http://wiki.opensource.nokia.com/projects/PyS60_documentation

8. Python link from developer, http://croozeus.googlepages.com/py60

Version 0.1 | January 10th, 2007