Runtime Environment Specification, Java Card Platform, v3.0.1, Connected Edition Table Of ContentsPrevious ChapterNext ChapterBook Index

A P P E N D I X  A
Default Platform Security Policy

This chapter describes the default platform security policy. The platform security policy defines for each of the three application models supported on the Java Card Platform a platform protection domain that guarantees the consistency and integrity of the applications implementing each of these application models. Additionally, the platform security policy defines a platform protection domain for the card management applications. Each of these platform protection domains defines the minimum[1] set of permissions granted to an application of the corresponding type and is defined as a set of included permissions as well as a set of excluded permissions so that no additional permissions can be granted that may violate the platform security policy. See Chapter 6, Section 6.2.2, Protection Domains for more information on the use of protection domains.

The default platform protection domains defined in this chapter MAY be tuned for specific environments, provided the consistency and integrity of each application model, and of the platform itself, is guaranteed.

Refer to Chapter 6, TABLE 6-1 and TABLE 6-2 for a description of the different permission classes used to define the default platform protection domains.

A.1 Permissions in Default Protection Domain for Web Applications

The default protection domain for web applications MUST include the set of included permissions listed in TABLE A-1.


TABLE A-1 Default Included Permission Set of the Default Web Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Calling methods of Java Card RE-owned instances of Extended set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.EXTENDED

Calling methods of Java Card RE-owned instances of classic set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.CLASSIC

Firing events and registering, unregistering and listing event listeners in one’s own namespace

javacardx.facilities.EventRegistryPermission

  • event:///~/*
  • notify,register,unregister

Registering and unregistering platform event listeners

javacardx.facilities.EventRegistryPermission

  • event:///platform/*
  • register,unregister

Registering and unregistering standard application event listeners

javacardx.facilities.EventRegistryPermission

  • event:///standard/*
  • register,unregister

Looking up, registering and unregistering services in one’s own namespace

javacardx.facilities.ServiceRegistryPermission

  • sio:///~/*
  • lookup,register,unregister

Looking up and listing authenticator services

javacardx.facilities.ServiceRegistryPermission

  • sio:///standard/auth/*
  • lookup

Registering and unregistering of restartable tasks

javacardx.facilities.TaskRegistryPermission

  • task.*

Context switching and transferring ownership of objects to authenticator applications

javacardx.framework.ContextPermission

  • sio:///standard/auth/*
  • switch,transfer

Setting and getting one’s own credential manager(s)

javacardx.framework.JCRuntimePermission

  • credentialManager.*

Creating new threads and modifying threads’ states

javacardx.framework.JCRuntimePermission

  • thread.*

Reading files from one’s own namespace

javacardx.io.ConnectorPermission

  • file:///~/*
  • read

The default protection domain for web applications MUST include the set of excluded permissions listed in TABLE A-2.


TABLE A-2 Excluded Permission Set of the Default Web Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Calling methods of Java Card RE-owned instances of any temporary Java Card RE EPO or Global Arrays[2]

javacardx.spi.framework.JCREPermission

  • callTempJCREEPO.*

A.2 Permissions in Default Protection Domain for Extended Applets

The default protection domain for extended applets MUST include the set of included permissions listed in TABLE A-3.


TABLE A-3 Default Included Permission Set of the Default Extended Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Calling methods of Java Card RE-owned instances of Extended set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.EXTENDED

Calling methods of Java Card RE-owned instances of classic set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.CLASSIC

Calling methods of Java Card RE-owned instances of classic set of Temporary Java Card RE EPO and Global Arrays

javacardx.spi.framework.JCREPermission

  • callTempJCREEPO.CLASSIC

Firing events and registering, unregistering and listing event listeners in one’s own namespace

javacardx.facilities.EventRegistryPermission

  • event://aid/~/*
  • notify,register,unregister

Registering and unregistering platform event listeners

javacardx.facilities.EventRegistryPermission

  • event:///platform/*
  • register,unregister

Registering and unregistering standard application event listeners

javacardx.facilities.EventRegistryPermission

  • event:///standard/*
  • register,unregister

Looking up, registering and unregistering services in one’s own namespace

javacardx.facilities.ServiceRegistryPermission

  • sio://aid/~/*
  • lookup,register,unregister

Looking up and listing authenticator services

javacardx.facilities.ServiceRegistryPermission

  • sio:///standard/auth/*
  • lookup

Registering and unregistering of restartable tasks

javacardx.facilities.TaskRegistryPermission

  • task.*

Context switching and transferring ownership of objects to authenticator applications

javacardx.framework.ContextPermission

  • sio:///standard/auth/*
  • switch,transfer

Setting and getting one’s own credential manager(s)

javacardx.framework.JCRuntimePermission

  • credentialManager.*

Creating new threads and modifying threads’ states

javacardx.framework.JCRuntimePermission

  • thread.*

Reading files from one’s own namespace

javacardx.io.ConnectorPermission

  • file://aid/~/*
  • read

The default protection domain for extended applets MUST include the set of excluded permissions listed in TABLE A-4.


TABLE A-4 Excluded Permission Set of the Default Extended Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

NONE

NONE


A.3 Permissions in Default Protection Domain for Classic Applets

The default protection domain for classic applets MUST include the set of included permissions listed in TABLE A-5.


TABLE A-5 Default Included Permission Set of the Default Classic Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Calling methods of Java Card RE-owned instances of classic set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.CLASSIC

Calling methods of Java Card RE-owned instances of classic set of Temporary Java Card RE EPO and Global Arrays

javacardx.spi.framework.JCREPermission

  • callTempJCREEPO.CLASSIC

The default protection domain for classic applets MUST include the set of excluded permissions listed in TABLE A-6.


TABLE A-6 Excluded Permission Set of the Default Classic Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Calling methods of Java Card RE-owned instances of Extended set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.EXTENDED

Transferring ownership of objects to any application

javacardx.framework.ContextPermission

  • //*/*
  • transfer

Setting and getting one’s own credential manager

javacardx.framework.JCRuntimePermission

  • credentialManager.*

Creating new threads and modifying threads’ states

javacardx.framework.JCRuntimePermission

  • thread.*

Using the Generic Connection Framework

javacardx.io.ConnectorPermission

  • *
  • accept,listen,connect,read,write

A.4 Permissions in Default Protection Domain for Card Management Applications

The default protection domain for card management applications MUST include the set of included permissions listed in TABLE A-7.


TABLE A-7 Default Included Permission Set of the Default CardManagement Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

Setting and getting of an application’s credential manager(s)

javacardx.spi.cardmgmt.CardManagementPermission

  • credentialManager.*

Calling methods of Java Card RE-owned instances of Extended set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.EXTENDED

Calling methods of Java Card RE-owned instances of classic set of Permanent Java Card RE EPO

javacardx.spi.framework.JCREPermission

  • callPermJCREEPO.CLASSIC

Calling methods of Java Card RE-owned instances of classic set of Temporary Java Card RE EPO and Global Arrays

javacardx.spi.framework.JCREPermission

  • callTempJCREEPO.CLASSIC

Firing events and registering, unregistering and listing event listeners in one’s own namespace

javacardx.facilities.EventRegistryPermission

  • event://*/~/*
  • notify,register,unregister

Registering and unregistering platform event listeners

javacardx.facilities.EventRegistryPermission

  • event://*/platform/*
  • register,unregister

Firing, registering for and unregistering for standard application event listeners

javacardx.facilities.EventRegistryPermission

  • event://*/standard/*
  • notify,register,unregister

Looking up, registering and unregistering services in one’s own namespace

javacardx.facilities.ServiceRegistryPermission

  • sio://*/~/*
  • lookup,register,unregister

Looking up, registering, unregistering and listing authenticator services

javacardx.facilities.ServiceRegistryPermission

  • sio://*/standard/auth/*
  • register,unregister,lookup

Registering and unregistering of restartable tasks

javacardx.facilities.TaskRegistryPermission

  • task.*

Context switching and transferring ownership of objects to authenticator applications

javacardx.framework.ContextPermission

  • sio://*/standard/auth/*
  • switch,transfer

Setting and getting one’s own credential manager(s)

javacardx.framework.JCRuntimePermission

  • credentialManager.*

Creating new threads and modifying threads’ states

javacardx.framework.JCRuntimePermission

  • thread.*

Reading files from one’s own namespace

javacardx.io.ConnectorPermission

  • file://*/~/*
  • read

The default protection domain for card management applications MUST include the set of excluded permissions listed in TABLE A-8.


TABLE A-8 Excluded Permission Set of the Default CardManagement Protection Domain

Permission Description

Permission Class

Permission Name

Permission Actions List

NONE

NONE


 

1 (Footnote) Additional permissions may be granted by the card management security policy.
2 (TableFootnote) This excluded permission is implicitly enforced by ensuring that only application-owned instances, such as of web container-managed objects, are created by the web container and the Java Card RE on behalf of web applications, see Section 3.2.9, Container-managed Object Lifetime and Persistence.


Runtime Environment Specification, Java Card Platform, v3.0.1, Connected Edition 5-30-09 Table Of ContentsPrevious ChapterNext ChapterBook Index

Copyright © 2009 Sun Microsystems, Inc. All rights reserved.