169 * SecurityAttributes.getPermissionAttributes() |
172 * SecurityAttributes.getPermissionAttributes() |
170 * called after calling |
173 * called after calling |
171 * SecurityAttributes.addManifestAttributes()) |
174 * SecurityAttributes.addManifestAttributes()) |
172 */ |
175 */ |
173 public void grantJarPermissions( |
176 public void grantJarPermissions( |
174 StorageSession storageSession, |
|
175 Uid msUID, |
177 Uid msUID, |
176 Uid oldMSUID, |
178 Uid oldMSUID, |
177 PermissionAttribute[] requestedPermissions) |
179 PermissionAttribute[] requestedPermissions, |
178 { |
180 AuthenticationCredentials[] authCredentials) |
179 if (storageSession == null |
181 { |
180 || msUID == null) |
182 if (msUID == null) |
181 { |
183 { |
182 return; |
184 return; |
183 } |
185 } |
184 |
186 |
185 // take the domain from storage |
|
186 SecurityStorage storage = new SecurityStorage(storageSession); |
|
187 String protectionDomainName = storage.readProtectionDomain(msUID); |
|
188 // filter the already granted permissions |
187 // filter the already granted permissions |
|
188 String protectionDomainName = authCredentials[0].getProtectionDomainName(); |
189 Object o = iGrantedPermissions.remove( |
189 Object o = iGrantedPermissions.remove( |
190 msUID.getStringValue() + protectionDomainName); |
190 msUID.getStringValue() |
|
191 + protectionDomainName); |
|
192 |
191 Vector preGrantedPermissions = null; |
193 Vector preGrantedPermissions = null; |
192 if (o != null) |
194 if (o != null) |
193 { |
195 { |
194 if (o instanceof InvalidAttributeException) |
196 if (o instanceof InvalidAttributeException) |
195 { |
197 { |
213 resolvedPermissions.addElement( |
215 resolvedPermissions.addElement( |
214 preGrantedPermissions.elementAt(i)); |
216 preGrantedPermissions.elementAt(i)); |
215 } |
217 } |
216 } |
218 } |
217 } |
219 } |
218 storage.writeGrantedPermissions( |
220 // in case of update preserve the settings of the "old" suite |
219 msUID, |
221 if (oldMSUID != null) |
220 oldMSUID, |
222 { |
221 resolvedPermissions); |
223 updateGrantedPermissions( |
|
224 msUID, |
|
225 oldMSUID, |
|
226 resolvedPermissions); |
|
227 } |
|
228 |
222 // update the cache with the full set of permissions |
229 // update the cache with the full set of permissions |
223 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName, |
230 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName, |
224 resolvedPermissions); |
231 resolvedPermissions); |
225 Logger.logGrantedPermissions(resolvedPermissions); |
232 Logger.logGrantedPermissions(resolvedPermissions); |
226 } |
233 } |
263 Vector resolvedPermissions = resolvePermissions( |
269 Vector resolvedPermissions = resolvePermissions( |
264 uid, |
270 uid, |
265 protectionDomain.getName(), |
271 protectionDomain.getName(), |
266 securityAttributes.getPermissionAttributes(), |
272 securityAttributes.getPermissionAttributes(), |
267 true /* add the assigned permissions */); |
273 true /* add the assigned permissions */); |
268 |
274 // in case of update preserve the settings |
269 // store the permissions |
275 if (oldUid != null) |
270 SecurityStorage storage = new SecurityStorage(storageSession); |
276 { |
271 storage.writeGrantedPermissions( |
277 updateGrantedPermissions( |
272 uid, |
278 uid, |
273 oldUid, |
279 oldUid, |
274 resolvedPermissions); |
280 resolvedPermissions); |
|
281 } |
|
282 |
275 // update the cache with the full set of permissions |
283 // update the cache with the full set of permissions |
276 iGrantedPermissions.put(uid.getStringValue() + protectionDomain, |
284 iGrantedPermissions.put(uid.getStringValue() + protectionDomain.getName(), |
277 resolvedPermissions); |
285 resolvedPermissions); |
278 Logger.logGrantedPermissions(resolvedPermissions); |
286 Logger.logGrantedPermissions(resolvedPermissions); |
279 } |
287 } |
280 |
288 |
281 /** |
289 /** |
313 e.hasMoreElements() ;) |
321 e.hasMoreElements() ;) |
314 { |
322 { |
315 String key = (String)e.nextElement(); |
323 String key = (String)e.nextElement(); |
316 if (key.startsWith(msUidKey)) |
324 if (key.startsWith(msUidKey)) |
317 { |
325 { |
318 grantedPermissions = (Vector)iGrantedPermissions.remove(key); |
326 grantedPermissions = (Vector)iGrantedPermissions.get(key); |
319 if (key.endsWith("UnidentifiedThirdParty")) |
327 if (key.endsWith("UnidentifiedThirdParty")) |
320 { |
328 { |
321 // if the suite is not signed, there is no blanket |
329 // if the suite is not signed, there is no blanket |
322 // permissions concept either |
330 // permissions concept either |
323 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned"); |
331 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned"); |
358 { |
366 { |
359 PolicyBasedPermission permission = |
367 PolicyBasedPermission permission = |
360 ((PolicyBasedPermission)grantedPermissions.elementAt(i)); |
368 ((PolicyBasedPermission)grantedPermissions.elementAt(i)); |
361 UserSecuritySettings settings = |
369 UserSecuritySettings settings = |
362 permission.getUserSecuritySettings(); |
370 permission.getUserSecuritySettings(); |
363 if (permission.getType() != PolicyBasedPermission.USER_TYPE |
371 if (permission.getType() != PolicyBasedPermission.USER_TYPE |
364 || settings == null) |
372 || settings == null) |
365 { |
373 { |
366 // not a user permission -> move on to the next permission |
374 // not a user permission -> move on to the next permission |
367 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions"); |
375 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions"); |
368 continue; |
376 continue; |
456 } |
464 } |
457 // check for sensitive combinations |
465 // check for sensitive combinations |
458 if (permissions_from_sensitive_combination_list_1 |
466 if (permissions_from_sensitive_combination_list_1 |
459 && permissions_from_sensitive_combination_list_2) |
467 && permissions_from_sensitive_combination_list_2) |
460 { |
468 { |
461 /*String blanketPermissionsDetails = ( |
469 /*String blanketPermissionsDetails = ( |
462 ((call_control == true && multimedia == true) |
470 ((call_control == true && multimedia == true) |
463 || (call_control == true && read_user_data == true) |
471 || (call_control == true && read_user_data == true) |
464 || (net_access == true && multimedia == true) |
472 || (net_access == true && multimedia == true) |
465 || (net_access == true && read_user_data == true) |
473 || (net_access == true && read_user_data == true) |
466 || (messaging == true && multimedia == true) |
474 || (messaging == true && multimedia == true) |
467 || (messaging == true && read_user_data == true)) ? |
475 || (messaging == true && read_user_data == true)) ? |
468 "settings_inst_query_perm_net" : |
476 "settings_inst_query_perm_net" : |
469 "settings_inst_query_perm_sec");*/ |
477 "settings_inst_query_perm_sec");*/ |
470 |
478 |
471 Id blanketPermissionsDetails = ( |
479 Id blanketPermissionsDetails = ( |
472 ((call_control == true && multimedia == true) |
480 ((call_control == true && multimedia == true) |
473 || (call_control == true && read_user_data == true) |
481 || (call_control == true && read_user_data == true) |
474 || (net_access == true && multimedia == true) |
482 || (net_access == true && multimedia == true) |
475 || (net_access == true && read_user_data == true) |
483 || (net_access == true && read_user_data == true) |
476 || (messaging == true && multimedia == true) |
484 || (messaging == true && multimedia == true) |
477 || (messaging == true && read_user_data == true)) ? |
485 || (messaging == true && read_user_data == true)) ? |
478 new Id("settings_inst_query_perm_net", "N/A") : |
486 new Id("settings_inst_query_perm_net", "N/A") : |
479 new Id("settings_inst_query_perm_sec", "N/A")); |
487 new Id("settings_inst_query_perm_sec", "N/A")); |
480 |
488 |
481 iBlanketPermissionsDetails.put(msUidKey, |
489 iBlanketPermissionsDetails.put(msUidKey, |
482 UserSecuritySettingsImpl.getLocalizedString( |
490 UserSecuritySettingsImpl.getLocalizedString( |
483 blanketPermissionsDetails)); |
491 blanketPermissionsDetails)); |
530 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts"); |
538 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts"); |
531 SecurityStorage storage = new SecurityStorage(storageSession); |
539 SecurityStorage storage = new SecurityStorage(storageSession); |
532 storage.writeUserSecuritySettings(msUID, |
540 storage.writeUserSecuritySettings(msUID, |
533 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
541 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
534 true /* blanket prompt shown */); |
542 true /* blanket prompt shown */); |
|
543 // cleanup the cache as well |
|
544 cleanup(msUID); |
535 } |
545 } |
536 |
546 |
537 /** |
547 /** |
538 * Performs a cleanup (e.g. on cached data) |
548 * Performs a cleanup (e.g. on cached data) |
539 * |
549 * |
557 { |
567 { |
558 Logger.log("Remove granted permissions"); |
568 Logger.log("Remove granted permissions"); |
559 SecurityStorage storage = new SecurityStorage(storageSession); |
569 SecurityStorage storage = new SecurityStorage(storageSession); |
560 storage.removeGrantedPermissions(msUID); |
570 storage.removeGrantedPermissions(msUID); |
561 // clear the cache |
571 // clear the cache |
|
572 cleanup(msUID); |
|
573 } |
|
574 |
|
575 /** |
|
576 * Writes to storage all the security data related to a certain MIDlet suite |
|
577 * |
|
578 * @param sessionID the JavaStorage session to be used when |
|
579 * writing the security data into storage |
|
580 * @param msUID the UID if the MIDlet suite whose security data is |
|
581 * being written |
|
582 */ |
|
583 public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID) |
|
584 { |
|
585 Logger.log("Write granted permissions to storage"); |
|
586 if (storageSession == null || msUID == null) |
|
587 { |
|
588 return; |
|
589 } |
|
590 SecurityStorage storage = new SecurityStorage(storageSession); |
562 String msUidKey = msUID.getStringValue(); |
591 String msUidKey = msUID.getStringValue(); |
563 for (Enumeration e = iGrantedPermissions.keys() ; |
592 for (Enumeration e = iGrantedPermissions.keys() ; |
564 e.hasMoreElements() ;) |
593 e.hasMoreElements() ;) |
565 { |
594 { |
566 String key = (String)e.nextElement(); |
595 String key = (String)e.nextElement(); |
567 if (key.startsWith(msUidKey)) |
596 if (key.startsWith(msUidKey)) |
568 { |
597 { |
569 iGrantedPermissions.remove(key); |
598 storage.writeGrantedPermissions( |
570 break; |
599 msUID, |
571 } |
600 oldMsUID, |
572 } |
601 (Vector)iGrantedPermissions.remove(key)); |
573 iBlanketPermissionsDetails.remove(msUidKey); |
602 return; |
|
603 } |
|
604 } |
574 } |
605 } |
575 |
606 |
576 private Vector resolvePermissions(Uid msUID, |
607 private Vector resolvePermissions(Uid msUID, |
577 String protectionDomainName, |
608 String protectionDomainName, |
578 PermissionAttribute[] requestedPermissions, |
609 PermissionAttribute[] requestedPermissions, |
597 if (policyPermissions != null) |
628 if (policyPermissions != null) |
598 { |
629 { |
599 for (int i=0; i<policyPermissions.length; i++) |
630 for (int i=0; i<policyPermissions.length; i++) |
600 { |
631 { |
601 if (policyPermissions[i].getType() |
632 if (policyPermissions[i].getType() |
602 == PolicyBasedPermission.ASSIGNED_TYPE |
633 == PolicyBasedPermission.ASSIGNED_TYPE |
603 || policyPermissions[i].getType() |
634 || policyPermissions[i].getType() |
604 == PolicyBasedPermission.USER_ASSIGNED_TYPE) |
635 == PolicyBasedPermission.USER_ASSIGNED_TYPE) |
605 { |
636 { |
606 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
637 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
607 policyPermissions[i]); |
638 policyPermissions[i]); |
608 // add it only if not contained already |
639 // add it only if not contained already |
639 PermissionAttribute[] requestedPermissions) |
670 PermissionAttribute[] requestedPermissions) |
640 { |
671 { |
641 return resolvePermissions(msUID, protectionDomainName, |
672 return resolvePermissions(msUID, protectionDomainName, |
642 requestedPermissions, true /* add assigned permissions */); |
673 requestedPermissions, true /* add assigned permissions */); |
643 } |
674 } |
|
675 |
|
676 private void cleanup(Uid msUID) |
|
677 { |
|
678 // clear the cache |
|
679 String msUidKey = msUID.getStringValue(); |
|
680 for (Enumeration e = iGrantedPermissions.keys() ; |
|
681 e.hasMoreElements() ;) |
|
682 { |
|
683 String key = (String)e.nextElement(); |
|
684 if (key.startsWith(msUidKey)) |
|
685 { |
|
686 iGrantedPermissions.remove(key); |
|
687 break; |
|
688 } |
|
689 } |
|
690 iBlanketPermissionsDetails.remove(msUidKey); |
|
691 } |
|
692 |
|
693 private void updateGrantedPermissions(Uid newAppUID, Uid oldAppUID, Vector grantedPermissions) |
|
694 { |
|
695 // the vector containing the newGrantedPermissions |
|
696 Vector newGrantedPermissions = new Vector(); |
|
697 |
|
698 // get the old permissions & settings |
|
699 SecurityStorage storage = new SecurityStorage(); |
|
700 Vector oldPermissions = storage.readGrantedPermissions(oldAppUID); |
|
701 storage.close(); |
|
702 |
|
703 // filter out the the brand new permissions |
|
704 // (permissions which are not found among the old permissions) |
|
705 if (oldPermissions != null) |
|
706 { |
|
707 int index=0; |
|
708 while (index < grantedPermissions.size()) |
|
709 { |
|
710 // instead of calling Vector.removeElement(p) we will do the |
|
711 // remove manually, since the search is to be based on |
|
712 // the permission without the settings |
|
713 PolicyBasedPermission p = (PolicyBasedPermission) |
|
714 grantedPermissions.elementAt(index); |
|
715 int status = removeElement(oldPermissions, p); |
|
716 switch (status) |
|
717 { |
|
718 case REMOVED: |
|
719 case NOT_FOUND: |
|
720 index++; |
|
721 break; |
|
722 default: |
|
723 // different settings |
|
724 UserSecuritySettings oldSettings |
|
725 = ((PolicyBasedPermission)oldPermissions |
|
726 .elementAt(status)).getUserSecuritySettings(); |
|
727 UserSecuritySettings newSettings |
|
728 = p.getUserSecuritySettings(); |
|
729 if (oldSettings != null |
|
730 && newSettings != null) |
|
731 { |
|
732 boolean activeSettings = false; |
|
733 if (oldSettings.isActive() |
|
734 || newSettings.isActive()) |
|
735 { |
|
736 activeSettings = true; |
|
737 } |
|
738 newGrantedPermissions.addElement( |
|
739 new PolicyBasedPermissionImpl( |
|
740 p.getName(), |
|
741 p.getTarget(), |
|
742 p.getActionList(), |
|
743 p.getType(), |
|
744 new UserSecuritySettingsImpl( |
|
745 newSettings.getName(), |
|
746 oldSettings.getCurrentInteractionMode(), |
|
747 newSettings.getAllowedInteractionModes(), |
|
748 oldSettings.getBlanketPrompt(), |
|
749 activeSettings))); |
|
750 } |
|
751 else |
|
752 { |
|
753 newGrantedPermissions.addElement(p); |
|
754 } |
|
755 grantedPermissions.removeElementAt(index); |
|
756 break; |
|
757 } |
|
758 } |
|
759 } |
|
760 // write what's left from the granted permissions |
|
761 for (int i=0; i<newGrantedPermissions.size(); i++) |
|
762 { |
|
763 grantedPermissions.addElement(newGrantedPermissions.elementAt(i)); |
|
764 } |
|
765 } |
|
766 |
|
767 private int removeElement(Vector elements, PolicyBasedPermission element) |
|
768 { |
|
769 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
|
770 element.getName(), |
|
771 element.getTarget(), |
|
772 element.getActionList(), |
|
773 null); |
|
774 for (int i=0; i<elements.size(); i++) |
|
775 { |
|
776 PolicyBasedPermission tmp = (PolicyBasedPermission)elements |
|
777 .elementAt(i); |
|
778 PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl( |
|
779 tmp.getName(), |
|
780 tmp.getTarget(), |
|
781 tmp.getActionList(), |
|
782 null); |
|
783 if (p1.equals(p2)) |
|
784 { |
|
785 UserSecuritySettings s1 = element.getUserSecuritySettings(); |
|
786 UserSecuritySettings s2 = tmp.getUserSecuritySettings(); |
|
787 if ((s1 == null && s2 == null) |
|
788 || (s1 != null |
|
789 && s2 != null |
|
790 && s1.equals(s2))) |
|
791 { |
|
792 // identical permissions |
|
793 elements.removeElementAt(i); |
|
794 return REMOVED; |
|
795 } |
|
796 return i; |
|
797 } |
|
798 } |
|
799 return NOT_FOUND; |
|
800 } |
644 } |
801 } |