Skip to main content

setting specific permissions

9 replies [Last post]
rdecker
Offline
Joined: 2009-02-25

I am trying to get the ServiceContentHandlers for a service I did not create. I get an access denied exception. I have the set the monitor application permission service but that only gives me getServiceContentHandlers own and I would need getServiceContentHandlers *. How can I set the this permission? Can I set it to specific locators or source ids?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
rdecker
Offline
Joined: 2009-02-25

I figured out how to add the permission via arguments to monapp. The permission gets added to the collection of permissions in monapp but it does not appear to get referred to for the application it is associated with.

MonApp:297 arg[6]=perm.add=javax.tv.service.selection.ServiceContextPermission|g
etServiceContentHandlers|*:2:6006

I had to modify the code to use | as a delimiter because spaces aren't allowed in the Add Argument dialog of the XAIT interface in TWB.

MonApp:919 -> java.security.Permissions@9b0913f (
(javax.tv.media.MediaSelectPermission *)
(javax.tv.service.selection.ServiceContextPermission getServiceContentHandlers *)

The permissions for the app don't include this permission and when the app tries to get the content handlers for the service an access denied exception is thrown:

20100901 09:26:57.618 INFO RI.Stack.StdOut- java.security.AccessControlExcep
tion: access denied (javax.tv.service.selection.ServiceContextPermission getServ
iceContentHandlers *)
20100901 09:26:57.620 INFO RI.Stack.StdOut- at java.security.AccessC
ontrolContext.checkPermission(AccessControlContext.java:296)
20100901 09:26:57.621 INFO RI.Stack.StdOut- at java.security.AccessC
ontroller.checkPermission(AccessController.java:484)
20100901 09:26:57.622 INFO RI.Stack.StdOut- at java.lang.SecurityMan
ager.checkPermission(SecurityManager.java:555)
20100901 09:26:57.623 INFO RI.Stack.StdOut- at org.cablelabs.impl.se
curity.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:108)
20100901 09:26:57.624 INFO RI.Stack.StdOut- at org.cablelabs.impl.ut
il.SecurityUtil.checkPermission(SecurityUtil.java:76)
20100901 09:26:57.625 INFO RI.Stack.StdOut- at org.cablelabs.impl.se
rvice.javatv.selection.ServiceContextImpl.checkServiceContextPermission(ServiceC
ontextImpl.java:1188)
20100901 09:26:57.627 INFO RI.Stack.StdOut- at org.cablelabs.impl.se
rvice.javatv.selection.ServiceContextImpl.getServiceContentHandlers(ServiceConte
xtImpl.java:779)

Monapp appears to be getting set as the security policy handler:

20100901 09:26:57.421 INFO RI.Stack- 21096 [pool-4] INFO security.Policy -
setSecurityPolicyHandler(org.cablelabs.xlet.monapp.MonApp@dc77d096)

Is there something else I have to do to get the RI to check it's permissions as well?

greg80303
Offline
Joined: 2008-07-03

I'm not aware of any way that an application can be granted additional permissions by Xlet arguments. The only way an app can get new permissions is for you to add them to that app's Permission Request File.

I've just looked through our PRF parsing code and I don't see any way that an application can be granted ServiceContextPermission("getServiceContentHandler","*"). Specifically, there are 2 monapp permissions -- "service" and "servicemanager" that will grant additional ServiceContextPermission. OCAP1.1.3 Section 10.2.2.2.3.3 describes all the permissions that are granted.

G

rdecker
Offline
Joined: 2009-02-25

Per the documentation for org.ocap.application.SecurityPolicyHandler:

[i]This interface provides a callback handler to modify the Permissions granted to an application to be launched. An application that has a MonitorAppPermission("security") can have a concrete class that implements this interface and set an instance of it to the AppManagerProxy.

The getAppPermissions(org.ocap.application.PermissionInformation) method shall be called before the OCAP implementation launches any type of application (e.g. before class loading of any OCAP-J application). The application shall then be loaded and started with the set of Permissions that are returned as the return value of this method.[/i]

The monapp example does just this. Per the logs the permissions for the app are set correctly and getAppPermissions is called before the application is launched but the permissions are not getting loaded and started with the set of Permissions returned by getAppPermissions.

greg80303
Offline
Joined: 2008-07-03

The SecurityPolicyHandler can only "restrict" the set of permissions granted in the PRF, it can not extend them. From the method Javadoc for SecurityPolicyHandler.getAppPermissions():

[i]The permissionInfo parameter of this method contains the AppID of the application to be launched and a requested set of Permissions that consists of Permissions requested in a permission request file and Permissions requested for the unsigned application.[/i]

So the parameter passed in to this method represent the current permissions of the app (default perms and perms granted via the PRF). The Javadoc continues:

[i]The modified set of Permissions shall be a subset of the requested set of Permissions specified by the permissionInfo parameter, and shall be a superset of the set of the Permissions granted to unsigned applications (as returned by PermissionInformation.getUnsignedAppPermissions()).[/i]

The returned permissions must be a subset of the original, but can not be restricted so much as to not provide all the permissions granted by default to unsigned applications.

G

rdecker
Offline
Joined: 2009-02-25

Thanks for pointing that out. I guess I'll have to tackle this from another direction.

scottdeboy
Offline
Joined: 2009-02-02

If you have ServiceContextPermission("getServiceContentHandlers", "*") as well as ServiceContextPermission("access", "*"), you can call ServiceContextFactory.getServiceContexts() and retrieve the ServiceContentHandlers from each ServiceContext.

See ServiceContextPermission JavaDoc, which says:

The string "own" means the permission applies to your own service contexts; the string "*" implies permission to these, plus permission for service contexts obtained from all other sources.

rdecker
Offline
Joined: 2009-02-25

I see the way to set the permission programmatically. Is there a way to set from a permissions file similar to the ocap.XXXX.perm format? Or is the only way to do it from code?

greg80303
Offline
Joined: 2008-07-03

I guess it is allowed -- thank you Scott for setting me straight on that one!

I would recommend taking a look at Section 10.2.2.2.3 of the OCAP1.1.3 specification for more details on the various Service* permissions that are granted by default to unsigned, signed, and dual-signed (monapp) apps. Then, you can take a look at MHP1.0.3 Section 12.6.2.1 and OCAP1.1.3 Section 12.6.2.1 for the complete Permission Request File DTD to see what extra permissions you can get.

G

greg80303
Offline
Joined: 2008-07-03

I'm pretty sure this is not allowed by OCAP. There has been some talk about extending the specification to support this functionality, but it is not on our near-term list of features to consider. I am not the JMF expert on the team, so hopefully Scott can jump in and confirm/deny that this behavior is indeed not allowed.

G