Data caging means that the applications and the users have access only to certain areas of the file system. In practice the applications can access their own private folders and folders that are marked as open. It means, for example, that one application cannot access the private folder and data of another application. There are restricted file storage areas for system, private, and resource data.
The file system has the following structure:
The \sys folder is the restricted system
area. You need AllFiles capability to read the content, and
Trusted Computing Base (TCB) capability to modify the content.
The subfolder \sys\bin\ contains all binaries (exe, dll,
etc.). All binaries must have a different name. An application can only be
launched from this subfolder.
The \private\ folder includes folders
for all applications.
The \private\<SID>\ subfolder
contains private data only to be accessed by the application itself. SID is
determined by the Secure
Identifier of the process. Without any capabilities you can read and
write only in the application's own directory. You need AllFiles capability
to access all private directories. Backup software can read and write to this
directory.
The \private\<SID>\import\ subfolder
is for resource files, such as registration files, that are not directly related
to the application. You can write into this subfolder only after it is created
and named correctly.
Application registration resource files should
be installed in the \private\10003a3f\import\apps subfolder.
The \resource folder is for sharing
resource files. This data can be icons, bitmaps, and other material useful
for all the applications. You do not need any capabilities to read these files.
You need TCB capability to modify the content.
ECom
registration resource files should be installed in the \resource\plugins subfolder.
For more information, see File locations in the Symbian OS Library.