Trusted midlet suites, Permission types concerning the handset, User permission interaction mode – Motorola HANDSET C381P User Manual

31
MIDP 2.0 Security Model

115

Trusted MIDlet Suites

Trusted MIDlet suites are MIDlet suites in which the integrity of the JAR file can be
authenticated and trusted by the device, and bound to a protection domain. The Motorola
C381p will use x.509PKI for signing and verifying trusted MIDlet suites.
Security for trusted MIDlet suites will utilize protection domains. Protection domains define
permissions that will be granted to the MIDlet suite in that particular domain. A MIDlet
suite will belong to one protection domain and its defined permissible actions. For
implementation on the Motorola C381p, the following protection domains are supported:

• Manufacturer
• Untrusted – all MIDlet suites that are unsigned will belong to this domain.

Permissions within the above domains will authorize access to the protected APIs or
functions. These domains will consist of a set of “Allowed” and “User” permissions that will
be granted to the MIDlet suite.

Permission Types concerning the Handset

A protection domain will consist of a set of permissions. Each permission will be “Allowed”
or “User”, not both. The following is the description of these sets of permissions as they
relate to the handset:

• “Allowed” (Full Access) permissions are any permissions that explicitly allow

access to a given protected API or function from a protected domain. Allowed
permissions will not require any user interaction.

• “User” permissions are any permissions that require a prompt to be given to the

user and explicit user confirmation in order to allow the MIDlet suite access to the
protected API or function.

User Permission Interaction Mode

User permission for the Motorola C381p handsets is designed to allow the user the ability
to either deny or grant access to the protected API or function using the following
interaction modes (bolded term(s) is prompt displayed to the user):

• blanket – grants access to the protected API or function every time it is required

by the MIDlet suite until the MIDlet suite is uninstalled or the permission is
changed by the user. (Never Ask)

• session – grants access to the protected API or function every time it is required

by the MIDlet suite until the MIDlet suite is terminated. This mode will prompt the
user on or before the final invocation of the protected API or function. (Ask
Once Per App Running)

• oneshot – will prompt the user each time the protected API or function is

requested by the MIDlet suite. (Always Ask)