| Fields Summary |
|---|
| public static final String | MANUFACTURER_DOMAIN_BINDINGBinding name of the Manufacturer domain. (all permissions allowed) |
| public static final String | OPERATOR_DOMAIN_BINDINGBinding name of the Operator domain. |
| public static final String | IDENTIFIED_DOMAIN_BINDINGBinding name of the Third party Identified domain. |
| public static final String | UNIDENTIFIED_DOMAIN_BINDINGBinding name of the Third party Unidentified domain. |
| public static final String | MINIMUM_DOMAIN_BINDINGBinding name of the Minimum domain for testing.
(all permissions denied) |
| public static final String | MAXIMUM_DOMAIN_BINDINGBinding name of the Maximum domain for testing.
(all public permissions allowed) |
| public static final int | MAX_LEVELSThe maximum levels are held in the first element of the permissions
array. |
| public static final int | CUR_LEVELSThe current levels are held in the first element of the permissions
array. |
| public static final int | MIDPcom.sun.midp permission ID. |
| public static final int | AMScom.sun.midp.midletsuite.ams permission ID. |
| public static final int | HTTPjavax.microedition.io.Connector.http permission ID. |
| public static final int | TCPjavax.microedition.io.Connector.socket permission ID. |
| public static final int | HTTPSjavax.microedition.io.Connector.https permission ID. |
| public static final int | SSLjavax.microedition.io.Connector.ssl permission ID. |
| public static final int | TCP_SERVERjavax.microedition.io.Connector.serversocket permission ID. |
| public static final int | UDPjavax.microedition.io.Connector.datagram permission ID. |
| public static final int | UDP_SERVERjavax.microedition.io.Connector.datagramreceiver permission ID. |
| public static final int | COMMjavax.microedition.io.Connector.comm permission ID. |
| public static final int | PUSHjavax.microedition.io.PushRegistry permission ID. |
| public static final int | SMS_SERVERjavax.microedition.io.Connector.sms permission ID. |
| public static final int | CBS_SERVERjavax.microedition.io.Connector.cbs permission ID. |
| public static final int | SMS_SENDjavax.wireless.messaging.sms.send permission ID. |
| public static final int | SMS_RECEIVEjavax.wireless.messaging.sms.receive permission ID. |
| public static final int | CBS_RECEIVEjavax.wireless.messaging.scbs.receive permission ID. |
| public static final int | MM_RECORDjavax.microedition.media.RecordControl permission ID. |
| public static final int | MM_IMAGE_CAPTURINGjavax.microedition.media.VideoControl.getSnapshot permission ID. |
| public static final int | MMS_SERVERjavax.microedition.io.Connector.mms permission ID. |
| public static final int | MMS_SENDjavax.wireless.messaging.mms.send permission ID. |
| public static final int | MMS_RECEIVEjavax.wireless.messaging.mms.receive permission ID. |
| public static final int | APDU_CONNECTIONjavax.microedition.apdu.aid permission ID. |
| public static final int | JCRMI_CONNECTIONjavax.microedition.jcrmi permission ID. |
| public static final int | SIGN_SERVICEjavax.microedition.securityservice.CMSSignatureService
permission ID. |
| public static final int | APDU_CHANNEL0javax.microedition.apdu.sat permission ID. |
| public static final int | CHAPI_REGISTERjavax.microedition.content.ContentHandler permission ID. |
| public static final int | PIM_CONTACT_READjavax.microedition.pim.ContactList.read ID. |
| public static final int | PIM_CONTACT_WRITEjavax.microedition.pim.ContactList.write ID. |
| public static final int | PIM_EVENT_READjavax.microedition.pim.EventList.read ID. |
| public static final int | PIM_EVENT_WRITEjavax.microedition.pim.EventList.write ID. |
| public static final int | PIM_TODO_READjavax.microedition.pim.ToDoList.read ID. |
| public static final int | PIM_TODO_WRITEjavax.microedition.pim.ToDoList.write ID. |
| public static final int | FILE_CONNECTION_READjavax.microedition.io.Connector.file.read ID. |
| public static final int | FILE_CONNECTION_WRITEjavax.microedition.io.Connector.file.write ID. |
| public static final int | OBEX_CLIENTjavax.microedition.io.Connector.obex.client ID. |
| public static final int | OBEX_SERVERjavax.microedition.io.Connector.obex.server ID. |
| public static final int | TCP_OBEX_CLIENTjavax.microedition.io.Connector.obex.client.tcp ID. |
| public static final int | TCP_OBEX_SERVERjavax.microedition.io.Connector.obex.server.tcp ID. |
| public static final int | BLUETOOTH_CLIENTjavax.microedition.io.Connector.bluetooth.client ID. |
| public static final int | BLUETOOTH_SERVERjavax.microedition.io.Connector.bluetooth.server ID. |
| public static final int | LOCATIONjavax.microedition.location.Location ID. |
| public static final int | ORIENTATIONjavax.microedition.location.Orientation ID. |
| public static final int | LOCATION_PROXIMITYjavax.microedition.location.ProximityListener ID. |
| public static final int | LANDMARK_READjavax.microedition.location.LandmarkStore.read ID. |
| public static final int | LANDMARK_WRITEjavax.microedition.location.LandmarkStore.write ID. |
| public static final int | LANDMARK_CATEGORYjavax.microedition.location.LandmarkStore.category ID. |
| public static final int | LANDMARK_MANAGEjavax.microedition.location.LandmarkStore.management ID. |
| public static final int | SIPjavax.microedition.io.Connector.sip permission ID. |
| public static final int | SIPSjavax.microedition.io.Connector.sips permission ID. |
| public static final int | PAYMENTjavax.microedition.payment.process permission ID. |
| public static final int | AMMS_CAMERA_SHUTTERFEEDBACKjavax.microedition.amms.control.camera.enableShutterFeedback perm. ID |
| public static final int | AMMS_TUNER_SETPRESETjavax.microedition.amms.control.tuner.setPreset permission ID. |
| public static final int | NUMBER_OF_PERMISSIONSNumber of permissions. |
| public static final byte | NEVERNever allow the permission. |
| public static final byte | ALLOWAllow an permission with out asking the user. |
| public static final byte | BLANKET_GRANTEDPermission granted by the user until the the user changes it in the
settings form. |
| public static final byte | BLANKETAllow a permission to be granted or denied by the user
until changed in the settings form. |
| public static final byte | SESSIONAllow a permission to be granted only for the current session. |
| public static final byte | ONESHOTAllow a permission to be granted only for one use. |
| public static final byte | BLANKET_DENIEDPermission denied by the user until the user changes it in the
settings form. |
| static final PermissionGroup | NEVER_GROUPThird Party Never permission group. |
| static final PermissionGroup | ALLOWED_GROUPThird Party Allowed permission group. |
| static final PermissionGroup | ID_ALLOWED_GROUPIdenitified Third Party Allowed permission group. |
| static final PermissionGroup | NET_ACCESS_GROUPNet Access permission group. |
| static final PermissionGroup | READ_MESSAGE_GROUPRead Message permission group. |
| static final PermissionGroup | SEND_MESSAGE_GROUPSend Message permission group. Send was broken out because send
is treated as one shot even though it is in the messaging group. |
| static final PermissionGroup | AUTO_INVOCATION_GROUPApplication Auto Invocation permission group. |
| static final PermissionGroup | LOCAL_CONN_GROUPLocal Connectivity permission group. |
| static final PermissionGroup | MULTIMEDIA_GROUPMultimedia Recording permission group. |
| static final PermissionGroup | READ_USER_DATA_GROUPRead User Data permission group. |
| static final PermissionGroup | WRITE_USER_DATA_GROUPWrite User Data permission group. |
| static final PermissionGroup | LOCATION_GROUPLocation permission group. |
| static final PermissionGroup | LANDMARK_GROUPLandmark store permission group. |
| static final PermissionGroup | SMART_CARD_GROUPSmart card permission group. |
| static final PermissionGroup | AUTHENTICATION_GROUPAuthentication (identification) permission group. |
| static final PermissionGroup | CALL_CONTROL_GROUPCall Control (restricted network connection) permission group. |
| static final PermissionSpec[] | permissionSpecsPermission specifications. |
| Methods Summary |
|---|
| private static void | checkForMutuallyExclusiveCombination(byte[] current, byte pushInterruptLevel, PermissionGroup group, byte newLevel)Check to see if a given level for a group would produce a mutually
exclusive combination for the current security policy. If so, throw
an exception.
This is a policy dependent function for permission grouping.
The following combinations of permissions are mutually exclusive:
- Any of Net Access, Messaging or Local Connectivity set to Blanket
in combination with any of Multimedia recording or Read User Data
Access set to Blanket
- Application Auto Invocation set to Blanket and Net Access set to
Blanket
byte level;
if (newLevel != BLANKET_GRANTED) {
return;
}
if (group == NET_ACCESS_GROUP) {
if (pushInterruptLevel == BLANKET_GRANTED ||
pushInterruptLevel == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(
NET_ACCESS_GROUP.getName(),
ResourceConstants.AMS_MGR_INTRUPT));
}
level = getPermissionGroupLevel(current, AUTO_INVOCATION_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(NET_ACCESS_GROUP,
AUTO_INVOCATION_GROUP));
}
level = getPermissionGroupLevel(current, READ_USER_DATA_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(NET_ACCESS_GROUP,
READ_USER_DATA_GROUP));
}
level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(NET_ACCESS_GROUP,
MULTIMEDIA_GROUP));
}
return;
}
if (group == LOCAL_CONN_GROUP) {
level = getPermissionGroupLevel(current, READ_USER_DATA_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(LOCAL_CONN_GROUP,
READ_USER_DATA_GROUP));
}
level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(LOCAL_CONN_GROUP,
MULTIMEDIA_GROUP));
}
return;
}
if (group == AUTO_INVOCATION_GROUP) {
level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(AUTO_INVOCATION_GROUP,
NET_ACCESS_GROUP));
}
}
if (group == READ_USER_DATA_GROUP) {
level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(READ_USER_DATA_GROUP,
NET_ACCESS_GROUP));
}
level = getPermissionGroupLevel(current, LOCAL_CONN_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(READ_USER_DATA_GROUP,
LOCAL_CONN_GROUP));
}
}
if (group == MULTIMEDIA_GROUP) {
level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(MULTIMEDIA_GROUP,
NET_ACCESS_GROUP));
}
level = getPermissionGroupLevel(current, LOCAL_CONN_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(
createMutuallyExclusiveErrorMessage(MULTIMEDIA_GROUP,
LOCAL_CONN_GROUP));
}
}
|
| public static void | checkPushInterruptLevel(byte[] current, byte pushInterruptLevel)Check to see if a given push interrupt level would produce a mutually
exclusive combination for the current security policy. If so, throw
an exception.
This is a policy dependent function for permission grouping.
The mutually combination is the push interrupt level set to Blanket and
Net Access set to Blanket.
byte level;
if (pushInterruptLevel != BLANKET_GRANTED) {
return;
}
level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
if (level == BLANKET_GRANTED || level == BLANKET) {
throw new SecurityException(createMutuallyExclusiveErrorMessage(
ResourceConstants.AMS_MGR_INTRUPT,
NET_ACCESS_GROUP.getName()));
}
|
| private static java.lang.String | createMutuallyExclusiveErrorMessage(PermissionGroup groupToSet, PermissionGroup blanketGroup)Create a mutally exclusive permission setting error message.
return createMutuallyExclusiveErrorMessage(groupToSet.getName(),
blanketGroup.getName());
|
| private static java.lang.String | createMutuallyExclusiveErrorMessage(int nameId, int otherNameId)Create a mutally exclusive permission setting error message.
String[] values = {Resource.getString(nameId),
Resource.getString(otherNameId)};
return Resource.getString(
ResourceConstants.PERMISSION_MUTUALLY_EXCLUSIVE_ERROR_MESSAGE,
values);
|
| public static byte[][] | forDomain(java.lang.String name)Create a list of permission groups a domain is permitted to perform.
byte[] maximums = new byte[NUMBER_OF_PERMISSIONS];
byte[] defaults = new byte[NUMBER_OF_PERMISSIONS];
byte[][] permissions = {maximums, defaults};
if (MANUFACTURER_DOMAIN_BINDING.equals(name)) {
// All permissions allowed
for (int i = 0; i < maximums.length; i++) {
maximums[i] = ALLOW;
defaults[i] = ALLOW;
}
return permissions;
}
if (OPERATOR_DOMAIN_BINDING.equals(name) ||
MAXIMUM_DOMAIN_BINDING.equals(name)) {
for (int i = 0; i < maximums.length; i++) {
maximums[i] = ALLOW;
defaults[i] = ALLOW;
}
// Only public permissions allowed, never internal
maximums[MIDP] = NEVER;
defaults[MIDP] = NEVER;
maximums[AMS] = NEVER;
defaults[AMS] = NEVER;
return permissions;
}
if (IDENTIFIED_DOMAIN_BINDING.equals(name)) {
for (int i = 2; i < maximums.length; i++) {
maximums[i] =
permissionSpecs[i].group.getIdentifiedMaxiumLevel();
defaults[i] =
permissionSpecs[i].group.getIdentifiedDefaultLevel();
}
return permissions;
}
if (UNIDENTIFIED_DOMAIN_BINDING.equals(name)) {
for (int i = 2; i < maximums.length; i++) {
maximums[i] =
permissionSpecs[i].group.getUnidentifiedMaxiumLevel();
defaults[i] =
permissionSpecs[i].group.getUnidentifiedDefaultLevel();
}
return permissions;
}
// the default domain is minimum, all permissions denied
return permissions;
|
| public static byte[] | getEmptySet()Create an empty list of permission groups.
byte[] permissions = new byte[NUMBER_OF_PERMISSIONS];
// Assume perms array is non-null
for (int i = 0; i < permissions.length; i++) {
// This is default permission
permissions[i] = Permissions.NEVER;
}
return permissions;
|
| public static java.lang.String | getName(int permission)Get the name of a permission.
if (permission < 0 || permission >= permissionSpecs.length) {
throw new SecurityException(SecurityToken.STD_EX_MSG);
}
return permissionSpecs[permission].name;
|
| public static int | getOneshotQuestion(int permission)Get the oneshot question for a permission.
if (permission < 0 || permission >= permissionSpecs.length) {
throw new SecurityException(SecurityToken.STD_EX_MSG);
}
return permissionSpecs[permission].group.getRuntimeOneshotQuestion();
|
| public static byte | getPermissionGroupLevel(byte[] levels, PermissionGroup group)Find the max level of all the permissions in the same group.
This is a policy dependent function for permission grouping.
byte maxLevel = NEVER;
for (int i = 0; i < permissionSpecs.length; i++) {
if (permissionSpecs[i].group == group && levels[i] != NEVER) {
/*
* Except for NEVER the lower the int value the higher
* the permission level.
*/
if (levels[i] < maxLevel || maxLevel == NEVER) {
maxLevel = levels[i];
}
}
}
return maxLevel;
|
| public static int | getQuestion(int permission)Get the question for a permission.
if (permission < 0 || permission >= permissionSpecs.length) {
throw new SecurityException(SecurityToken.STD_EX_MSG);
}
return permissionSpecs[permission].group.getRuntimeQuestion();
|
| public static PermissionGroup[] | getSettingGroups()Get a list of all permission groups for the settings dialog.
PermissionGroup[] groups = new PermissionGroup[12];
groups[0] = NET_ACCESS_GROUP;
groups[1] = SEND_MESSAGE_GROUP;
groups[2] = AUTO_INVOCATION_GROUP;
groups[3] = LOCAL_CONN_GROUP;
groups[4] = MULTIMEDIA_GROUP;
groups[5] = READ_USER_DATA_GROUP;
groups[6] = WRITE_USER_DATA_GROUP;
groups[7] = LOCATION_GROUP;
groups[8] = LANDMARK_GROUP;
groups[9] = SMART_CARD_GROUP;
groups[10] = AUTHENTICATION_GROUP;
groups[11] = CALL_CONTROL_GROUP;
return groups;
|
| public static int | getTitle(int permission)Get the dialog title for a permission.
if (permission < 0 || permission >= permissionSpecs.length) {
throw new SecurityException(SecurityToken.STD_EX_MSG);
}
return permissionSpecs[permission].group.getRuntimeDialogTitle();
|
| public static boolean | isTrusted(java.lang.String domain)Determine if a domain is a trusted domain.
if (MANUFACTURER_DOMAIN_BINDING.equals(domain)) {
return true;
}
if (OPERATOR_DOMAIN_BINDING.equals(domain)) {
return true;
}
if (MAXIMUM_DOMAIN_BINDING.equals(domain)) {
return true;
}
if (IDENTIFIED_DOMAIN_BINDING.equals(domain)) {
return true;
}
return false;
|
| private static void | setPermission(byte[] current, int permission, byte level)Set the level the permission if the permission is not set to NEVER
or ALLOW.
if (current[permission] != NEVER || current[permission] != ALLOW) {
current[permission] = level;
}
|
| public static void | setPermissionGroup(byte[] current, byte pushInterruptLevel, PermissionGroup group, byte level)Set the level of all the permissions in the same group as this
permission to the given level.
This is a policy dependent function for permission grouping.
The following combinations of permissions are mutually exclusive:
- Any of Net Access, Messaging or Local Connectivity set to Blanket
in combination with any of Multimedia recording or Read User Data
Access set to Blanket
- Application Auto Invocation (or push interrupt level) set to
Blanket and Net Access set to Blanket
checkForMutuallyExclusiveCombination(current, pushInterruptLevel,
group, level);
for (int i = 0; i < permissionSpecs.length; i++) {
if (permissionSpecs[i].group == group) {
setPermission(current, i, level);
}
}
/*
* For some reason specs do not want separate send and
* receive message groups, but want the questions and interrupt
* level to be different for send, so internally we have 2 groups
* that must be kept in synch. The setting dialog only presents
* the send message group, see the getSettingGroups method.
*/
if (group == SEND_MESSAGE_GROUP) {
/*
* Since the send group have a max level of oneshot, this method
* will only code get used by the settings dialog, when a user
* changes the send group from blanket denied to oneshot.
*/
if (level != BLANKET_DENIED) {
/*
* If send is set to to any thing but blanket denied
* then receive is set to blanket.
*/
level = BLANKET_GRANTED;
}
for (int i = 0; i < permissionSpecs.length; i++) {
if (permissionSpecs[i].group == READ_MESSAGE_GROUP) {
setPermission(current, i, level);
}
}
return;
}
if (group == READ_MESSAGE_GROUP && level == BLANKET_DENIED) {
/*
* This code will only be used when the user says no during
* a message read runtime permission prompt.
*/
for (int i = 0; i < permissionSpecs.length; i++) {
if (permissionSpecs[i].group == SEND_MESSAGE_GROUP) {
setPermission(current, i, BLANKET_DENIED);
}
}
}
|
| public static void | setPermissionGroup(byte[] current, int permission, byte level)Grant or deny of a permission and all of the other permissions in
it group.
This is a policy dependent function for permission grouping.
This method must only be used when not changing the interaction level
(blanket, session, one shot).
if (permission < 0 || permission >= permissionSpecs.length) {
return;
}
PermissionGroup group = permissionSpecs[permission].group;
setPermissionGroup(current, NEVER, group, level);
|
