172 * SecurityAttributes.getPermissionAttributes() |
169 * SecurityAttributes.getPermissionAttributes() |
173 * called after calling |
170 * called after calling |
174 * SecurityAttributes.addManifestAttributes()) |
171 * SecurityAttributes.addManifestAttributes()) |
175 */ |
172 */ |
176 public void grantJarPermissions( |
173 public void grantJarPermissions( |
|
174 StorageSession storageSession, |
177 Uid msUID, |
175 Uid msUID, |
178 Uid oldMSUID, |
176 Uid oldMSUID, |
179 PermissionAttribute[] requestedPermissions, |
177 PermissionAttribute[] requestedPermissions) |
180 AuthenticationCredentials[] authCredentials) |
178 { |
181 { |
179 if (storageSession == null |
182 if (msUID == null) |
180 || msUID == null) |
183 { |
181 { |
184 return; |
182 return; |
185 } |
183 } |
186 |
184 |
|
185 // take the domain from storage |
|
186 SecurityStorage storage = new SecurityStorage(storageSession); |
|
187 String protectionDomainName = storage.readProtectionDomain(msUID); |
187 // filter the already granted permissions |
188 // filter the already granted permissions |
188 String protectionDomainName = authCredentials[0].getProtectionDomainName(); |
|
189 Object o = iGrantedPermissions.remove( |
189 Object o = iGrantedPermissions.remove( |
190 msUID.getStringValue() |
190 msUID.getStringValue() + protectionDomainName); |
191 + protectionDomainName); |
|
192 |
|
193 Vector preGrantedPermissions = null; |
191 Vector preGrantedPermissions = null; |
194 if (o != null) |
192 if (o != null) |
195 { |
193 { |
196 if (o instanceof InvalidAttributeException) |
194 if (o instanceof InvalidAttributeException) |
197 { |
195 { |
215 resolvedPermissions.addElement( |
213 resolvedPermissions.addElement( |
216 preGrantedPermissions.elementAt(i)); |
214 preGrantedPermissions.elementAt(i)); |
217 } |
215 } |
218 } |
216 } |
219 } |
217 } |
220 // in case of update preserve the settings of the "old" suite |
218 storage.writeGrantedPermissions( |
221 if (oldMSUID != null) |
219 msUID, |
222 { |
220 oldMSUID, |
223 updateGrantedPermissions( |
221 resolvedPermissions); |
224 msUID, |
|
225 oldMSUID, |
|
226 resolvedPermissions); |
|
227 } |
|
228 |
|
229 // update the cache with the full set of permissions |
222 // update the cache with the full set of permissions |
230 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName, |
223 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName, |
231 resolvedPermissions); |
224 resolvedPermissions); |
232 Logger.logGrantedPermissions(resolvedPermissions); |
225 Logger.logGrantedPermissions(resolvedPermissions); |
233 } |
226 } |
269 Vector resolvedPermissions = resolvePermissions( |
263 Vector resolvedPermissions = resolvePermissions( |
270 uid, |
264 uid, |
271 protectionDomain.getName(), |
265 protectionDomain.getName(), |
272 securityAttributes.getPermissionAttributes(), |
266 securityAttributes.getPermissionAttributes(), |
273 true /* add the assigned permissions */); |
267 true /* add the assigned permissions */); |
274 // in case of update preserve the settings |
268 |
275 if (oldUid != null) |
269 // store the permissions |
276 { |
270 SecurityStorage storage = new SecurityStorage(storageSession); |
277 updateGrantedPermissions( |
271 storage.writeGrantedPermissions( |
278 uid, |
272 uid, |
279 oldUid, |
273 oldUid, |
280 resolvedPermissions); |
274 resolvedPermissions); |
281 } |
|
282 |
|
283 // update the cache with the full set of permissions |
275 // update the cache with the full set of permissions |
284 iGrantedPermissions.put(uid.getStringValue() + protectionDomain.getName(), |
276 iGrantedPermissions.put(uid.getStringValue() + protectionDomain, |
285 resolvedPermissions); |
277 resolvedPermissions); |
286 Logger.logGrantedPermissions(resolvedPermissions); |
278 Logger.logGrantedPermissions(resolvedPermissions); |
287 } |
279 } |
288 |
280 |
289 /** |
281 /** |
321 e.hasMoreElements() ;) |
313 e.hasMoreElements() ;) |
322 { |
314 { |
323 String key = (String)e.nextElement(); |
315 String key = (String)e.nextElement(); |
324 if (key.startsWith(msUidKey)) |
316 if (key.startsWith(msUidKey)) |
325 { |
317 { |
326 grantedPermissions = (Vector)iGrantedPermissions.get(key); |
318 grantedPermissions = (Vector)iGrantedPermissions.remove(key); |
327 if (key.endsWith("UnidentifiedThirdParty")) |
319 if (key.endsWith("UnidentifiedThirdParty")) |
328 { |
320 { |
329 // if the suite is not signed, there is no blanket |
321 // if the suite is not signed, there is no blanket |
330 // permissions concept either |
322 // permissions concept either |
331 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned"); |
323 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned"); |
366 { |
358 { |
367 PolicyBasedPermission permission = |
359 PolicyBasedPermission permission = |
368 ((PolicyBasedPermission)grantedPermissions.elementAt(i)); |
360 ((PolicyBasedPermission)grantedPermissions.elementAt(i)); |
369 UserSecuritySettings settings = |
361 UserSecuritySettings settings = |
370 permission.getUserSecuritySettings(); |
362 permission.getUserSecuritySettings(); |
371 if (permission.getType() != PolicyBasedPermission.USER_TYPE |
363 if (permission.getType() != PolicyBasedPermission.USER_TYPE |
372 || settings == null) |
364 || settings == null) |
373 { |
365 { |
374 // not a user permission -> move on to the next permission |
366 // not a user permission -> move on to the next permission |
375 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions"); |
367 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions"); |
376 continue; |
368 continue; |
464 } |
456 } |
465 // check for sensitive combinations |
457 // check for sensitive combinations |
466 if (permissions_from_sensitive_combination_list_1 |
458 if (permissions_from_sensitive_combination_list_1 |
467 && permissions_from_sensitive_combination_list_2) |
459 && permissions_from_sensitive_combination_list_2) |
468 { |
460 { |
469 /*String blanketPermissionsDetails = ( |
461 /*String blanketPermissionsDetails = ( |
470 ((call_control == true && multimedia == true) |
462 ((call_control == true && multimedia == true) |
471 || (call_control == true && read_user_data == true) |
463 || (call_control == true && read_user_data == true) |
472 || (net_access == true && multimedia == true) |
464 || (net_access == true && multimedia == true) |
473 || (net_access == true && read_user_data == true) |
465 || (net_access == true && read_user_data == true) |
474 || (messaging == true && multimedia == true) |
466 || (messaging == true && multimedia == true) |
475 || (messaging == true && read_user_data == true)) ? |
467 || (messaging == true && read_user_data == true)) ? |
476 "settings_inst_query_perm_net" : |
468 "settings_inst_query_perm_net" : |
477 "settings_inst_query_perm_sec");*/ |
469 "settings_inst_query_perm_sec");*/ |
478 |
470 |
479 Id blanketPermissionsDetails = ( |
471 Id blanketPermissionsDetails = ( |
480 ((call_control == true && multimedia == true) |
472 ((call_control == true && multimedia == true) |
481 || (call_control == true && read_user_data == true) |
473 || (call_control == true && read_user_data == true) |
482 || (net_access == true && multimedia == true) |
474 || (net_access == true && multimedia == true) |
483 || (net_access == true && read_user_data == true) |
475 || (net_access == true && read_user_data == true) |
484 || (messaging == true && multimedia == true) |
476 || (messaging == true && multimedia == true) |
485 || (messaging == true && read_user_data == true)) ? |
477 || (messaging == true && read_user_data == true)) ? |
486 new Id("settings_inst_query_perm_net", "N/A") : |
478 new Id("settings_inst_query_perm_net", "N/A") : |
487 new Id("settings_inst_query_perm_sec", "N/A")); |
479 new Id("settings_inst_query_perm_sec", "N/A")); |
488 |
480 |
489 iBlanketPermissionsDetails.put(msUidKey, |
481 iBlanketPermissionsDetails.put(msUidKey, |
490 UserSecuritySettingsImpl.getLocalizedString( |
482 UserSecuritySettingsImpl.getLocalizedString( |
491 blanketPermissionsDetails)); |
483 blanketPermissionsDetails)); |
538 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts"); |
530 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts"); |
539 SecurityStorage storage = new SecurityStorage(storageSession); |
531 SecurityStorage storage = new SecurityStorage(storageSession); |
540 storage.writeUserSecuritySettings(msUID, |
532 storage.writeUserSecuritySettings(msUID, |
541 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
533 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
542 true /* blanket prompt shown */); |
534 true /* blanket prompt shown */); |
543 // cleanup the cache as well |
|
544 cleanup(msUID); |
|
545 } |
535 } |
546 |
536 |
547 /** |
537 /** |
548 * Performs a cleanup (e.g. on cached data) |
538 * Performs a cleanup (e.g. on cached data) |
549 * |
539 * |
567 { |
557 { |
568 Logger.log("Remove granted permissions"); |
558 Logger.log("Remove granted permissions"); |
569 SecurityStorage storage = new SecurityStorage(storageSession); |
559 SecurityStorage storage = new SecurityStorage(storageSession); |
570 storage.removeGrantedPermissions(msUID); |
560 storage.removeGrantedPermissions(msUID); |
571 // clear the cache |
561 // clear the cache |
572 cleanup(msUID); |
|
573 } |
|
574 |
|
575 /** |
|
576 * Writes to storage all the security data related to a certain MIDlet suite |
|
577 * |
|
578 * @param sessionID the JavaStorage session to be used when |
|
579 * writing the security data into storage |
|
580 * @param msUID the UID if the MIDlet suite whose security data is |
|
581 * being written |
|
582 */ |
|
583 public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID) |
|
584 { |
|
585 Logger.log("Write granted permissions to storage"); |
|
586 if (storageSession == null || msUID == null) |
|
587 { |
|
588 return; |
|
589 } |
|
590 SecurityStorage storage = new SecurityStorage(storageSession); |
|
591 String msUidKey = msUID.getStringValue(); |
562 String msUidKey = msUID.getStringValue(); |
592 for (Enumeration e = iGrantedPermissions.keys() ; |
563 for (Enumeration e = iGrantedPermissions.keys() ; |
593 e.hasMoreElements() ;) |
564 e.hasMoreElements() ;) |
594 { |
565 { |
595 String key = (String)e.nextElement(); |
566 String key = (String)e.nextElement(); |
596 if (key.startsWith(msUidKey)) |
567 if (key.startsWith(msUidKey)) |
597 { |
568 { |
598 storage.writeGrantedPermissions( |
569 iGrantedPermissions.remove(key); |
599 msUID, |
570 break; |
600 oldMsUID, |
571 } |
601 (Vector)iGrantedPermissions.remove(key)); |
572 } |
602 return; |
573 iBlanketPermissionsDetails.remove(msUidKey); |
603 } |
|
604 } |
|
605 } |
574 } |
606 |
575 |
607 private Vector resolvePermissions(Uid msUID, |
576 private Vector resolvePermissions(Uid msUID, |
608 String protectionDomainName, |
577 String protectionDomainName, |
609 PermissionAttribute[] requestedPermissions, |
578 PermissionAttribute[] requestedPermissions, |
628 if (policyPermissions != null) |
597 if (policyPermissions != null) |
629 { |
598 { |
630 for (int i=0; i<policyPermissions.length; i++) |
599 for (int i=0; i<policyPermissions.length; i++) |
631 { |
600 { |
632 if (policyPermissions[i].getType() |
601 if (policyPermissions[i].getType() |
633 == PolicyBasedPermission.ASSIGNED_TYPE |
602 == PolicyBasedPermission.ASSIGNED_TYPE |
634 || policyPermissions[i].getType() |
603 || policyPermissions[i].getType() |
635 == PolicyBasedPermission.USER_ASSIGNED_TYPE) |
604 == PolicyBasedPermission.USER_ASSIGNED_TYPE) |
636 { |
605 { |
637 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
606 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
638 policyPermissions[i]); |
607 policyPermissions[i]); |
639 // add it only if not contained already |
608 // add it only if not contained already |
670 PermissionAttribute[] requestedPermissions) |
639 PermissionAttribute[] requestedPermissions) |
671 { |
640 { |
672 return resolvePermissions(msUID, protectionDomainName, |
641 return resolvePermissions(msUID, protectionDomainName, |
673 requestedPermissions, true /* add assigned permissions */); |
642 requestedPermissions, true /* add assigned permissions */); |
674 } |
643 } |
675 |
|
676 private void cleanup(Uid msUID) |
|
677 { |
|
678 // clear the cache |
|
679 String msUidKey = msUID.getStringValue(); |
|
680 for (Enumeration e = iGrantedPermissions.keys() ; |
|
681 e.hasMoreElements() ;) |
|
682 { |
|
683 String key = (String)e.nextElement(); |
|
684 if (key.startsWith(msUidKey)) |
|
685 { |
|
686 iGrantedPermissions.remove(key); |
|
687 break; |
|
688 } |
|
689 } |
|
690 iBlanketPermissionsDetails.remove(msUidKey); |
|
691 } |
|
692 |
|
693 private void updateGrantedPermissions(Uid newAppUID, Uid oldAppUID, Vector grantedPermissions) |
|
694 { |
|
695 // the vector containing the newGrantedPermissions |
|
696 Vector newGrantedPermissions = new Vector(); |
|
697 |
|
698 // get the old permissions & settings |
|
699 SecurityStorage storage = new SecurityStorage(); |
|
700 Vector oldPermissions = storage.readGrantedPermissions(oldAppUID); |
|
701 storage.close(); |
|
702 |
|
703 // filter out the the brand new permissions |
|
704 // (permissions which are not found among the old permissions) |
|
705 if (oldPermissions != null) |
|
706 { |
|
707 int index=0; |
|
708 while (index < grantedPermissions.size()) |
|
709 { |
|
710 // instead of calling Vector.removeElement(p) we will do the |
|
711 // remove manually, since the search is to be based on |
|
712 // the permission without the settings |
|
713 PolicyBasedPermission p = (PolicyBasedPermission) |
|
714 grantedPermissions.elementAt(index); |
|
715 int status = removeElement(oldPermissions, p); |
|
716 switch (status) |
|
717 { |
|
718 case REMOVED: |
|
719 case NOT_FOUND: |
|
720 index++; |
|
721 break; |
|
722 default: |
|
723 // different settings |
|
724 UserSecuritySettings oldSettings |
|
725 = ((PolicyBasedPermission)oldPermissions |
|
726 .elementAt(status)).getUserSecuritySettings(); |
|
727 UserSecuritySettings newSettings |
|
728 = p.getUserSecuritySettings(); |
|
729 if (oldSettings != null |
|
730 && newSettings != null) |
|
731 { |
|
732 boolean activeSettings = false; |
|
733 if (oldSettings.isActive() |
|
734 || newSettings.isActive()) |
|
735 { |
|
736 activeSettings = true; |
|
737 } |
|
738 newGrantedPermissions.addElement( |
|
739 new PolicyBasedPermissionImpl( |
|
740 p.getName(), |
|
741 p.getTarget(), |
|
742 p.getActionList(), |
|
743 p.getType(), |
|
744 new UserSecuritySettingsImpl( |
|
745 newSettings.getName(), |
|
746 oldSettings.getCurrentInteractionMode(), |
|
747 newSettings.getAllowedInteractionModes(), |
|
748 oldSettings.getBlanketPrompt(), |
|
749 activeSettings))); |
|
750 } |
|
751 else |
|
752 { |
|
753 newGrantedPermissions.addElement(p); |
|
754 } |
|
755 grantedPermissions.removeElementAt(index); |
|
756 break; |
|
757 } |
|
758 } |
|
759 } |
|
760 // write what's left from the granted permissions |
|
761 for (int i=0; i<newGrantedPermissions.size(); i++) |
|
762 { |
|
763 grantedPermissions.addElement(newGrantedPermissions.elementAt(i)); |
|
764 } |
|
765 } |
|
766 |
|
767 private int removeElement(Vector elements, PolicyBasedPermission element) |
|
768 { |
|
769 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
|
770 element.getName(), |
|
771 element.getTarget(), |
|
772 element.getActionList(), |
|
773 null); |
|
774 for (int i=0; i<elements.size(); i++) |
|
775 { |
|
776 PolicyBasedPermission tmp = (PolicyBasedPermission)elements |
|
777 .elementAt(i); |
|
778 PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl( |
|
779 tmp.getName(), |
|
780 tmp.getTarget(), |
|
781 tmp.getActionList(), |
|
782 null); |
|
783 if (p1.equals(p2)) |
|
784 { |
|
785 UserSecuritySettings s1 = element.getUserSecuritySettings(); |
|
786 UserSecuritySettings s2 = tmp.getUserSecuritySettings(); |
|
787 if ((s1 == null && s2 == null) |
|
788 || (s1 != null |
|
789 && s2 != null |
|
790 && s1.equals(s2))) |
|
791 { |
|
792 // identical permissions |
|
793 elements.removeElementAt(i); |
|
794 return REMOVED; |
|
795 } |
|
796 return i; |
|
797 } |
|
798 } |
|
799 return NOT_FOUND; |
|
800 } |
|
801 } |
644 } |