operators can customize the policy according to their Java security
specification, for example, to define different protection domains.
Another important issue in the Java ME subsystem is the IPC servers'
security. As we discussed, the Debug Agent and the Symbian OS Installer
and Recognizer access the SystemAMS through client APIs of the internal
IPC servers. Similarly, the MIDP run-time environment communicates
with the SystemAMS over IPC. Exposing an IPC client API is always a
potential security risk which must be mitigated. Therefore, the use of the
SystemAMS IPC servers is not open to third-party applications or to system
processes other than those defined. Access to the SystemAMS Installer is
allowed only from the Software Installer process; access to the SystemAMS
Launcher is allowed only from the system process that runs Recognizers
and from the Debug Agent. The main EXEs of the SystemAMS and the
run-time environment are protected as well, to ensure only authorized
parent processes can launch them.
In this chapter, we looked at the Java ME run-time environment from
the perspective of Symbian OS. We broke the monolithic term 'Java
ME platform' into the different processes and binaries which interact in
different ways. We then looked at core areas in the SystemAMS, the
VM and the MIDP layer. Finally, we discussed support for asynchronous
operations, Java debugging, performance and security.
One chapter cannot cover the whole of the Java ME subsystem archi-
tecture or VM technology but it should give you a clearer understanding
of the main entities and how things work under the hood.
So what are the four mistakes in the sentence ”The KVM aborted the
1. The VM is a headless engine which can only run Java bytecode.
2. A VM can certainly not install anything. Only the AMS can do that.
In Symbian OS, installation is performed by the system Installer in
cooperation with the SystemAMS.
4. There is no KVM on current Symbian OS devices!
The next chapter covers JSRs mapped to native Symbian OS services.