Skip to main content

Enable "PropertyPermission * read,write" for System.getProperties()

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
2 replies [Last post]
mfinn
Offline
Joined: 2011-06-16

I am trying to provide my Xlet with "java.util.PropertyPermission * read,write" permissions. I need to call System.getProperties() and this requires permissions that I am unable to configure.

I begin by creating a "New OCAP Project" in Eclipse. It is an Unbound Xlet with org_id=1 and app_id=5000. The code that gets generated runs exception free (albeit doing nothing). When I add System.getProperties() to startXLet() I receive a "java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)" exception.

How do I grant this permission or -- barring that -- enable all permissions?

_Other Relevant Details_

I know I have a functioning ocap.blah.perm file because I have enabled "java.net.SocketPermission blah.com resolve,connect". The PRF file, however, does not provide a means of obtaining PropertyPermissions.

I've tried editing the mpeenv.ini file with "OCAP.mgrmgr.OcapSecurity=com.cablelabs.impl.manager.security.NoAccessControl" and "OCAP.mgrmgr.Auth=com.cablelabs.impl.manager.auth.NoAuthentication" and "OCAP.security.policy.0=java.security.AllPermission" in various combinations with no effect. I'm not entirely clear on what these settings are intended for or even if they are being registered.

I have tried specifying a security policy in the JVM command line -- as though it were an applet -- via "grant { java.security.AllPermissions };", but with no affect.

Nothing is signed; nor do I have any certificates set.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
greg80303
Offline
Joined: 2008-07-03

I have gotten into debates with a particular MSO about this exact topic. Here is my stance (and therefore the stance of the RI)...

The OCAP spec details all of the Java system properties that are available to applications. The spec also indicates which applications (signed/unsigned, etc) are granted permissions to access these permissions. These are the only system properties that are "standardized" and provided by the System. Any other system properties that you are trying to define are non-standard and thus are just some sort of private means of communicating between multiple xlets. There are several other facilities provided by the stack to enable communication between xlets (IXC, files in dvb.persistent.root that you can grant cross-app permissions, etc).

For testing purposes, if you wish to disable all permission checks, add the following line to your $OCAPROOT/bin/$OCAPTC/env/final.properties file:

OCAP.mgrmgr.manager.OcapSecurity=org.cablelabs.impl.manager.security.NoAccessControl

G

mfinn
Offline
Joined: 2011-06-16

That worked -- thank you. For present development purposes this will suffice. I had noticed final.properties but had not realized the configuration effect it had on the OCAP RI.