Just An Application

July 25, 2009

What’s New In MIDP 3.0 ? Part 44: The Security Policy And Fine-Grained Permissions

Filed under: Java, JME, MIDP, MIDP Security, MIDP3, MIDP3Issues — Tags: , , , , , — Simon Lewis @ 2:32 pm

1. Mapped And Unmapped Permissions

The default MIDP 3.0 security policy divides the defined fine-grained permissions into those that it maps to function groups, and those that it does not.

The latter it further divides into

  • Allowed

  • Not Allowed

  • Not Permitted

where Not Permitted means a permission

MUST NOT be mapped to any function group, and MUST NOT be available in either the Identified or Unidentified Third Party Protection Domain.

2. The Unmapped Permissions

Omitting the CDC specific permissions the unmapped permissions are

  • java.lang.RuntimePermission

  • java.util.PropertyPermission

  • javax.microedition.event.EventPermission

  • javax.microedition.midlet.ActionsDeniedPermission

  • javax.microedition.midlet.AutoStartPemission

2.1 Manufacturer And Operator Protection Domains

By implication, they are granted all the permissions in function groups, MIDlet Suites bound to the Manaufacturer or Operator protection domains are granted all the unmapped permissions.

Note

    It is not clear whether this would include a RuntimePermission with a target of exitVM. Possibly not ?

2.2 Identified Third Party Protection Domain

2.2.1 ActionsDeniedPermission

The ActionsDeniedPermission is ‘Not Permitted’.

MIDlet Suites bound to the Identified Third Party protection domain cannot use the

    MIDlet-UserDenied

or

    MIDlet-<n>-UserDenied

attributes.

2.2.2 AutoStartPermission

The AutoStartPermission is ‘Not Permitted’.

MIDlet Suites bound to the Identified Third Party protection domain cannot use the

    MIDlet-<n>-Type

attribute with a type of

    autostart

2.2.3 EventPermission

The apparent intention of the security policy is that MIDlet Suites bound to the Identified Third Party protection domain are granted an EventPermission with an action of

  • read for any Event

  • register for any Event

  • post for any non-system Event

but see Issues.

MIDlets in these MIDlet Suites can successfully call

  • the EventManager.getCurrent(String) method for any event.

  • any of the EventManager.addListener() methods for any event

  • any of the EventManager.registerApplication() methods for any event

  • the EventManager.post(EventData) method for any non-system event

and use the

    MIDlet-Event-Launch-<n>

attribute for any event.

2.2.4 PropertyPermission

MIDlet Suites bound to the Identified Third Party protection domain are granted a PropertyPermission with an action of read for any system property, but see Issues.

MIDlets in these MIDlet Suites can use the System.getProperty(String) method to get any system property.

2.2.5 RuntimePermission

The RuntimePermission is 'Not Permitted'.

2.3 Unidentified Third Party Protection Domain

2.3.1 ActionsDeniedPermission

The ActionsDeniedPermission is 'Not Permitted'.

MIDlet Suites bound to the Unidentified Third Party protection domain cannot use the

    MIDlet-UserDenied

or

    MIDlet-<n>-UserDenied

attributes.

2.3.2 AutoStartPermission

The AutoStartPermission is 'Not Permitted'.

MIDlet Suites bound to the Identified Third Party protection domain cannot use the

    MIDlet-<n>-Type

attribute with a type of

    autostart

2.3.3 EventPermission

MIDlet Suites bound to the Unidentified Third Party protection domain are granted an EventPermission with an action of

  • read for any Event

  • register for any Event

MIDlets in these MIDlet Suites can successfully call

  • the EventManager.getCurrent(String) method for any Event.

  • any of the EventManager.addListener() methods for any Event

  • any of the EventManager.registerApplication() methods for any Event

and use the

    MIDlet-Event-Launch-<n>

attribute for any event, but they cannot post any kind of Event.

2.3.4 PropertyPermission

The apparent intention of the security policy is that MIDlet Suites bound to the Unidentified Third Party protection domain are granted an PropertyPermission with an action of read for any system property except those with a prefix of

    microedition.deviceid.

or

    microedition.subscriberid.

but see Issues.

2.3.5 RuntimePermission

The RuntimePermission is 'Not Permitted'.

3. Issues

3.1 EventPermission

The security policy lists the following EventPermissions

  1. EventPermission("*", "read")

  2. EventPermission("*", "register")

  3. EventPermission("*.*", "post")

Numbers 1 and 2 are 'Allowed' for both the Identified and Unidentified Third Party protection domains.

Number 3 is 'Allowed' for the Identified Third Party protection domain and 'Not Allowed' for the Unidentified Third Party protection domain.

The form of the target name for Number 3

    *.*

is presumably intended not to match the names of system Events, thereby preventing MIDlets in MIDlet Suites bound to the Identified
Third Party protection domain from posting them.

Unfortunately the class documentation for EventPermission currently defines the target name as follows

The target name is the name of the event ("BATTERY_LEVEL", "com.MyCompany.MyEvent", etc). The naming convention follows the hierarchical property naming convention and are explained in the package description. An asterisk MAY appear at the end of the event name, following a ".", or by itself, to signify a wildcard match. For example: "com.MyCompany.*" or "*" is valid, but "*MyCompany" or "a*b" is not valid.

so

    *.*

is not actually legal.

3.2 PropertyPermision

The security policy lists the following PropertyPermissions

  1. PropertyPermission("microedition.deviceid.*", "read")

  2. PropertyPermission("microedition.subscriberid.*", "read")

  3. PropertyPermission("microedition.locale", "read")

  4. PropertyPermission("microedition.profile", "read")

  5. PropertyPermission("microedition.platform", "read")

  6. PropertyPermission("microedition.*", "read")

Numbers 1 and 2 are described as not granted to MIDlet Suites bound to the Unidentified Third Party protection domain.

This however is somewhat moot given the presence of number 6.

Try running the following using a JSE distribution and you will see why.


    package scratch.propertypermission;

    import java.util.PropertyPermission;

    public final class PropertyPermissionTest
    {
        public static void main(String[] theArgs)
        {
            PropertyPermission pp = new PropertyPermission("microedition.*", "read");
		
            for (int i = 0; i < PROPERTY_NAMES.length; i++)
            {
                String property = PROPERTY_NAMES[i];
			
                if (pp.implies(new PropertyPermission(property, "read")))
                {
                    System.out.print("Can read ");
                }
                else
                {
                    System.out.print("Cannot read ");
                }
                System.out.println(property);
            }
        }

        private static final String[] PROPERTY_NAMES = 
        {
            "microedition.deviceid.uuid",
            "microedition.deviceid.imei",
            "microedition.deviceid.esn",
            "microedition.deviceid.meid",
            "microedition.deviceid.pesn",
            "microedition.subscriberid.uuid",
            "microedition.subscriberid.imsi",
            "microedition.subscriberid.msisdn",
            "microedition.subscriberid.iccid",
            "microedition.subscriberid.euimid",
            "microedition.locale",
            "microedition.profiles",
            "microedition.platform",
            "microedition.commports",
            "microedition.hostname"
        };
    }


Possibly this usage is intended as a notational shorthand, but if so it is a very misleading one.


Copyright (c) 2009 By Simon Lewis. All Rights Reserved

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The WordPress Classic Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: