SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 40

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 41

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The permission java.security.AllPermission class implies all permissions and grants all possible permissions to the callercode. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should Code is typically granted AllPermission using the security policy file but it is also possible to associate AllPermission with a ProtectionDomain, programatically. This permission is dangerous in production environments and must never be granted to untrusted code.

...

This noncompliant example grants AllPermission to the klib library. The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the java.security.Permission class (or any subclass such as BasicPermission) in the java. security package. AllPermission can be granted to a ProtectionDomain using such an object. This is again a bad practice.

Code Block
bgColor#FFcccc
/*/ grant the klib library AllPermission */ 
grant codebase "file:${klib.home}/j2se/home/klib.jar" { 
  permission java.security.AllPermission; 
};

...

Code Block
bgColor#ccccff
grant codeBase "file:${klib.home}/j2se/home/klib.jar", signedBy "Admin" {
    permission java.io.FilePermission "/tmp/*", "read";
    permission java.io.SocketPermission "*", "connect";
};

To check whether the caller has the requisite permissions, use the following check within the codestandard Java APIs use code such as:

Code Block
//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
AccessController.checkPermission(perm);
//other code

Always assign appropriate permissions to code. When more control is required over the granularity of permissions is required, define custom permissions. (SEC08-J. Define custom security permissions for fine grained security)

...

Code Block
bgColor#ccccff
protected PermissionCollection getPermissions(CodeSource cs) {
  PermissionCollection pc = super.getPermissions(cs);
  // add fine-graingrained permissions
  return pc;
}

Exceptions

EX1: It may be necessary to grant AllPermission to trusted library code so that callbacks will work as expected. For example, it is a common practice to grant AllPermission to the optional Java system code packages:

Code Block
// Standard extensions extend the core platform and get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
	  permission java.security.AllPermission;
};

...