Java Reference
In-Depth Information
deny access. In the case of User permissions, there are three interaction
modes:
•
Blanket
- as long as the MIDlet suite is installed, it has this permis-
sion unless the user explicitly revokes it.
•
Session
- user authorization is requested the first time the API is
invoked and it is in force while the MIDlet is running.
•
Oneshot
- user authorization is requested each time the API
is
invoked.
The protection domains for a given device are defined in a security
policy file. A sample security policy file is shown below:
alias: net_access
javax.microedition.io.Connector.http,
javax.microedition.io.Connector.https,
javax.microedition.io.Connector.datagram,
javax.microedition.io.Connector.datagramreceiver,
javax.microedition.io.Connector.socket,
javax.microedition.io.Connector.serversocket,
javax.microedition.io.Connector.ssl
domain: Untrusted
session (oneshot): net_access
oneshot (oneshot): javax.microedition.io.Connector.sms.send
oneshot (oneshot): javax.microedition.io.Connector.sms.receive
session (oneshot): javax.microedition.io.PushRegistry
domain: Symbian
allow: net_access
allow: javax.microedition.io.Connector.sms.send
allow: javax.microedition.io.Connector.sms.receive
allow: javax.microedition.io.PushRegistry
User permissions may offer several interaction modes, the user being
able to select the level of access. For instance, the following line indicates
that the API or functions defined under the
net_access
alias have User
permission with either
session
or
oneshot
interaction modes, the
latter being the default:
session (oneshot): net_access
2.5.7 The Security Model in Practice
In this section, we go through the steps involved in producing a signed
MIDlet suite. We shall illustrate this process using the tools provided by
the WTK. The basic steps in producing a signed MIDlet suite are listed
below:
1. Obtain (or generate) a public-private key pair.
