Previous Next |
Working with a Security PolicyThe level of trust in a MIDlet suite is determined by the security policy on the device. A security policy associates MIDlet suites with protection domains. Each MIDlet suite belongs to one, and only one, protection domain. Protection domains list the protected APIs or functions that the device may allow the associated MIDlet suites to access. Protection domains also specify the maximum amount of access to the protected functions that its MIDlet suites can be given. For example, the protection domain could specify that its MIDlet suites will be granted access to some protected services only after getting approval from the user. A device will most likely have at least two protection domains: trusted and untrusted. However, there may be more domains. For example, an operator domain may be required to allow the operator to install trusted MIDlets associated with their service. Domains can be created for other classes of apps as well. MIDP Implementors
PermissionsA protection domain lists the protected APIs or functions to which it might grant access by listing the corresponding permissions. If a permission does not appear in a protection domain, then the MIDlet suites associated with the domain are denied access to those protected functions. The name of a permission indicates the API or function it is protecting. For example, the name of the permission associated with the HTTP protocol is javax.microversion.io.Connector.http. (See the MIDP 2.0 Specification [19] for a list of the permissions it defines.) Devices with advanced capabilities, such as multimedia recording or certain kinds of messaging, may have additional protected APIs, and therefore additional permissions. For example, the ability to record audio or video data may be protected. MIDP Implementors
Note that not all APIs are protected. The MIDP 2.0 Specification identifies APIs that MIDlets must be able to run freely, without requiring permission from the user. These include APIs such as the user-interface and game functionality. (See the MIDP 2.0 Specification [19] for the full list.) Permissions and Interaction ModesIn addition to permissions, a protection domain specifies the maximum amount of access to protected functions that a MIDlet in its domain can be granted. If the MIDlets can use the functionality without getting explicit user permission, they have an allowed permission-type. If the MIDlets must get explicit user permission before using the functionality, they have a user permission-type. The user permission type is further divided into interaction modes. The MIDP 2.0 Specification [19] defines these permissions and interaction modes:
In addition to these interaction modes, users must be given the opportunity to deny permission when they are prompted. MIDP Implementors
app Developers
|
Previous Next |