...
Code Block |
---|
Name: trusted/ // Package name Sealed: true // Sealed attribute |
Exception
ENV01-J-EX0: Independent groups of privileged code and associated security-sensitive code (a "group" hereafter) may be placed in separate sealed packages and even in separate JAR files, subject to the following enabling conditions:
...
Failure to place all privileged code together in one package and seal the package can lead to mix-and-match attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ENV01-J | High | Probable | Medium | P12 | L1 |
Automated Detection
Detecting code that should be considered privileged or sensitive requires programmer assistance. Given identified privileged code as a starting point, automated tools could compute the closure of all code that can be invoked from that point. Such a tool could plausibly determine whether all code in that closure exists within a single package. A further check of whether the package is sealed is feasible.
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| JAVA.INSEC.LDAP.POISON | Potential LDAP Poisoning (Java) |
Android Implementation Details
java.security.AccessController
exists on Android for compatibility purposes only, and it should not be used.
Related Guidelines
Bibliography
[EMA 2014] | Extension Mechanism Architecture, "Optional Package Sealing" |
Rule 7, If you must sign your code, put it all in one archive file | |
...
...