3 Security

This chapter discusses security with the Oracle Java ME Embedded environment. Note that with version 8 of the OJMEE, the security system was changed considerably, and now uses Java SE-style fine-grain permissions. In addition, a security policy must be chosen and JAR files, if applicable, must be digitally signed in order for peripherals to be accessed.

3.1 Overview of Oracle Java ME Embedded Permissions

Applications that require access to peripherals or resources must request appropriate permissions in the JAD file. For more information on using the Device I/O APIs, please see the Device I/O API Proposal for Java ME 8 specification and the associated Javadocs at the following site:

http://docs.oracle.com/javame

Table 3-1 gives a list of all permissions that can be requested in the Oracle Java ME Embedded environment, as well as a description of when they are applicable.

Table 3-1 Oracle Java ME Embedded Permissions

Permission	Description
`com.oracle.crypto.keystore.KeyStorePermission`	Allows access to the keystore
`java.io.FilePermission`	Accessing files
`java.lang.RuntimePermission`	Accessing runtime properties
`java.util.logging.LoggingPermission`	Use of log files
`java.util.PropertyPermission`	Accessing system properties
`javax.microedition.apdu.APDUPermission`	Access to smartcards using the APDU protocol
`javax.microedition.cellular.CellularPermission`	Use of cellular telephone functionality on a board.
`javax.microedition.event.EventPermission`	Reading and posting system-level events
`javax.microedition.io.AccessPointPermission`	Use of access points for network connections.
`javax.microedition.io.CommProtocolPermission`	Use of the COMM serial port protocol
`javax.microedition.io.Connector.cbs`	Use of a Cell Broadcast Service (CBS) Connector
`javax.microedition.io.Connector.file.read`	Use of a file read Connector
`javax.microedition.io.Connector.file.write`	Use of a file write Connector
`javax.microedition.io.Connector.rtsp`	Use of a real-time streaming protocol (RTSP) Connector
`javax.microedition.io.Connector.sms`	Use of an SMS Connector
`javax.microedition.io.DatagramProtocolPermission`	Use of the datagram protocol
`javax.microedition.io.DTLSProtocolPermission`	Use of the Datagram Transport Layer Security (DLTS) protocol
`javax.microedition.io.FileProtocolPermission`	Use of a file protocol
`javax.microedition.io.HttpProtocolPermission`	Use of the HTTP protocol
`javax.microedition.io.HttpsProtocolPermission`	Use of the HTTPS protocol
`javax.microedition.io.IMCProtocolPermission`	Use of the Inter-MIDlet communication protocol
`javax.microedition.io.MulticastProtocolPermission`	Use of a multicast protocol
`javax.microedition.io.PushRegistryPermission`	Use of a push registry
`javax.microedition.io.SocketProtocolPermission`	Use of a socket protocol
`javax.microedition.io.SSLProtocolPermission`	Use of the Secure Sockets Layer (SSL) protocol
`javax.microedition.location.LocationPermission`	Obtain the current location
`javax.microedition.media.control.RecordControl`	Use of a recording feature on the device
`javax.microedition.media.control.VideoControl.getSnapshot`	Use of a video snapshot feature on the device
`javax.microedition.midlet.AutoStartPermission`	A permission to autostart an IMlet suite on a device
`javax.microedition.power.PowerStatePermission`	Access the current power state of the device
`javax.microedition.swm.SWMPermission`	Access the software management features of the Java ME Embedded runtime
`javax.wireless.messaging.cbs.receive`	Receive a Cell Broadcast Service (CBS) message
`javax.wireless.messaging.sms.receive`	Receive an SMS message
`javax.wireless.messaging.sms.send`	Send an SMS message
`jdk.dio.adc.ADCPermission`	Use of analog-to-digital converter (ADC)
`jdk.dio.atcmd.ATPermission`	Use of AT communication line
`jdk.dio.counter.CounterPermission`	Use of the hardware counter
`jdk.dio.dac.DACPermission`	Use of digital-to-analog converter (DAC)
`jdk.dio.DeviceMgmtPermission`	Opening of any Device I/O peripheral.
`jdk.dio.generic.GenericPermission`	Use of generic Device I/O connections
`jdk.dio.gpio.GPIOPinPermission`	Use of a General Purpose I/O (GPIO) pin
`jdk.dio.gpio.GPIOPortPermission`	Use of a General Purpose I/O (GPIO) port
`jdk.dio.i2cbus.I2CPermission`	Use of the I2C bus on the board
`jdk.dio.mmio.MMIOPermission`	Use of the Memory-Mapped I/O (MMIO) capabilities on the board
`jdk.dio.pwm.PWMPermission`	Use of the Pulse Width Modulation (PWM) capabilities on the board
`jdk.dio.spibus.SPIPermission`	Use of the SPI bus on the board
`jdk.dio.uart.UARTPermission`	Use of the UART bus on the board
`jdk.dio.watchdog.WatchdogTimerPermission`	Use of the watchdog timer on the board

3.2 Accessing Peripherals

Applications that require access to Device I/O APIs must request appropriate permissions in JAD files. For more information on using the Device I/O APIs, please see the Device I/O API 1.0 specification and the associated Javadocs at the following site:

http://docs.oracle.com/javame/">>http://docs.oracle.com/javame/

3.2.1 Signing the Application with API Permissions

First, the JAD file must have the proper API permissions. Here is how to sign the application both in NetBeans and without an IDE.

In NetBeans, right-click the project name and choose Properties. Select Application Descriptor, then in the resulting pane, select API Permissions. Click the Add... button, and add the appropriate permissions, as shown in Figure 3-1. Click OK to close the project properties dialog.

Figure 3-1 Adding Permissions Using the NetBeans IDE

Description of "Figure 3-1 Adding Permissions Using the NetBeans IDE"
If you are not using an IDE, you can manually modify the application descriptor file to contain the following permissions.
```
MIDlet-Permission-1: com.oracle.dio.DeviceMgmtPermission "*:*" "open"
```

3.2.1.1 Method #1: Signing Application Using the NetBeans IDE

The NetBeans IDE enables developers both to sign the applications with a local certificate and upload the certificate on the device. See the appropriate Getting Started Guide for your embedded platform to learn how to use the NetBeans IDE to sign your application.

3.2.1.2 Method #2: Signing Application Using a Command Line

This method is more complex, but is the preferred route for applications that are widely distributed. Here are the instructions on how to setup a keystore with a local certificate that can be used to sign the applications.:

Generate a new self-signed certificate with the following command on the desktop, using the keytool that is shipped with the Oracle Java SE JDK.

keytool -genkey -v -alias mycert -keystore mykeystore.ks -storepass spass -keypass kpass -validity 360 -keyalg rsa -keysize 2048 -dname "CN=thehost"

This command generates a 2048-bit RSA key pair and a self-signed certificate, placing them in a new keystore with a keystore password of spass and a key password of kpass that is valid for 360 days. You can change both passwords as desired.
Copy the certs directory from the board over to the desktop using an sftp client or scp command, change into the certs directory, and perform the following command using the mekeytool.exe command (or alternatively java -jar MEKeyTool.jar... if your distribution contains only that) that ships with the Oracle Java ME SDK 8 distribution.

{mekeytool} -import -MEkeystore _main.ks -keystore mykeystore.ks -storepass spass -alias mycert -domain trusted

This command imports the information in mykeystore.ks that you just created to the _main.ks keystore. After this is completed, copy the certs directory back to the board by using an sftp client or scp command.

Use the following commands to sign your application before deploying it to the board:

jadtool -addcert -chainnum 1 -alias myalias -keystore mykeystore.ks -storepass spass -inputkad myjad.jad -outputjad myjad.jad

jadtool -addjarsig -chainnum 1 -jarfile myjar.jar -alias myalias -keystore mykeystore.ks -storepass spass -keypass kpass -inputjad myjad.jad -outputjad myjad.jad

3.2.1.3 Method #3: Using NullAuthenticationProvider

This method allows to bypass a certificate check and execute unsigned applications as if they were signed and given all requested permissions. This method should be used only for development and debugging. Final testing must be done using a real certificate as described in method #1.

To use NullAuthenticationProvider, set the following property in the jwc_properties.ini file on the board:

[internal]
authentication.provider = com.oracle.meep.security.NullAuthenticationProvider

Note that the Java runtime must not be running when editing the jwc_properties.ini file.

3.3 CLDC Permissions

The following permissions are available that affect the use of portions of the CLDC libraries.

3.3.1 FilePermission

The java.io.FilePermission controls access to a file or directory. A FilePermission consists of a pathname and a set of actions that are valid for the resource specified by that pathname.

3.3.1.1 Resource Name

The resource name is simply the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar) indicates all the files and directories contained in that directory. A pathname that ends with "/-" indicates all files and all recursive subdirectories contained in that directory. A pathname consisting of the special token "<<ALL FILES>>" matches any file.

Note:

A pathname need not have a leading "/". A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and recursively all files and subdirectories contained in the current directory.

3.3.1.2 Actions

Table 3-5 shows the actions can be requested with this permission, as a list of comma-separated keywords:

Table 3-2 FilePermission Actions

Value	Meaning
`read`	Read permission
`write`	Write permission
`execute`	Execute permission
`delete`	Permission to delete the resource
`readlink`	Read a link permission. This is retained for SE compatibility but is not currently used.

3.3.2 RuntimePermission

The java.lang.RuntimePermission represents runtime permissions. A RuntimePermission contains a resource name, but no actions list.

3.3.2.1 Resource Name

The resource name is the name of the runtime permission. The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "loadLibrary.*" and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.

Table 3-3 shows the possible runtime permissions that are allowed, as well as their effects and possible risks of using them.

Table 3-3 RuntimePermission Actions

Value	Effect	Risks
`exitVM.{exit status}`	Halting of the Java Virtual Machine (JVM) with the specified exit status	This allows an attacker to mount a denial-of-service attack by automatically forcing the virtual machine to halt. Note that the "`exitVM.`" permission is automatically granted to all code loaded from the application class path, thus enabling applications to terminate themselves. Also, the "`exitVM`" permission is equivalent to "`exitVM.`".
`setSecurityManager`	Setting of the security manager (possibly replacing an existing security manager)	The security manager is a class that allows applications to implement a security policy. Granting the `setSecurityManager` permission would allow code to change which security manager is used by installing a different, possibly less restrictive security manager, thereby bypassing checks that would have been enforced by the original security manager.
`createSecurityManager`	Creation of a new security manager	This gives code access to protected, sensitive methods that may disclose information about other classes or the execution stack.
`setIO`	Setting of `System.out` and `System.err`	This allows changing the value of the standard system streams. An attacker may set `System.err` to a null `OutputStream`, which would hide any error messages sent to `System.err`.
`modifyThread`	Modification of threads, possibly via calls to perform thread interrupts, or `setPriority()` and `setName()` methods	This allows an attacker to modify the behavior of any thread in the system.

3.3.3 LoggingPermission

The java.util.logging.LoggingPermission is a permission which the security manager will check when code that is running with a security manager calls one of the logging control methods, such as Logger.setLevel().

Currently there is only one over-arching LoggingPermission, without resources or actions. This permission simply grants the ability to control the logging configuration, for example by adding or removing handlers, by adding or removing filters, or by changing logging levels.

3.3.4 PropertyPermission

The java.util.PropertyPermission is for general Java property permissions.

3.3.4.1 Resource Name

The resource name is the name of the property (for example, "java.home" or "os.name"). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "java.*" and "*" signify a wildcard match, while "*java" and "a*b" do not.

3.3.4.2 Actions

Table 3-4 shows the actions can be requested with this permission, as a list of comma-separated keywords:

Table 3-4 PropertyPermission Actions

Value	Meaning
`read`	Read permission
`write`	Write permission

Care should be taken before granting code permission to access certain system properties. For example, granting permission to access the "java.home" system property gives potentially malevolent code sensitive information about the system environment, such as the Java installation directory. Also, granting permission to access the "user.name" and "user.home" system properties gives potentially malevolent code sensitive information about the user environment, including the user's account name and home directory.

3.4 Keystore Permissions

The following permissions are available that allow access to the Java ME keystore.

3.4.1 KeyStorePermission

The com.oracle.crypto.keystore.KeyStorePermission controls the type of access allowed to the key store.

3.4.1.1 Resource Name

Table 3-5 shows the resource names that can be requested with this permission:

Table 3-5 KeyStorePermission Resource Names

Value	Meaning
`client_only`	Access to client certificates only
`*`	Access to the entire certificate storage.

3.5 Device I/O Permissions

The following are among the more common permissions that can be requested from most Oracle Java ME Embedded devices, depending on whether the functionality is supported by the underlying board. See the Getting Started Guide for your embedded board to determine which Device I/O permissions and resources are available for use.

3.5.1 ADCPermission

The jdk.dio.adc.ADCPermission class defines permissions for Analog-to-Digital channel access on an embedded board.

3.5.1.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for ADC control.

3.5.1.2 Actions

Table 3-6 shows the actions can be requested with this permission:

Table 3-6 ADCPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of a device.

3.5.2 ATPermission

The jdk.dio.atcmd.ATPermission class defines permissions AT device access.

3.5.2.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channels are available for AT control.

3.5.2.2 Actions

Table 3-7 shows the actions can be requested with an ATPermission:

Table 3-7 ATPermission Actions

Value	Meaning
`open`	Open AT functions
`data`	Open data connections
`powermanage`	Manage the power saving mode of a device.

3.5.3 CounterPermission

The jdk.dio.counter.CounterPermission class defines permissions for pulse counter access.

3.5.3.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channels are available for pulse counter control.

3.5.3.2 Actions

Table 3-8 shows the actions can be requested with an ATPermission:

Table 3-8 CounterPermission Actions

Value	Meaning
`open`	Open and access pulse counter functions
`powermanage`	Manage the power saving mode of a device.

3.5.4 DACPermission

The jdk.dio.dac.DACPermission class defines permissions for Digital-to-Analog channel access on an embedded board.

3.5.4.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for DAC control.

3.5.4.2 Actions

Table 3-9 shows the actions can be requested with this permission:

Table 3-9 DACPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of a device.

3.5.5 DeviceMgmtPermission

The jdk.dio.DeviceMgmtPermission class defines permissions for registering and un-registering devices as well as opening devices using their registered configurations.

3.5.5.1 Resource Name

The resource name is a combination of a device name and of a device ID or range of device IDs. It takes the following form:

{device-name-spec} [ ":"{device-id-spec} ]

{device-name-spec}

The {device-name-spec} string takes the following form:

{device-name} | "*" | ""

The {device-name} string is a device name that is returned by a call to DeviceDescriptor.getName().

A {device-name-spec} specification consisting of the asterisk ("*") matches all device names. A {device-name-spec} specification consisting of the empty string ("") designates an undefined device name that may only be matched by an empty string or an asterisk.

{device-id-spec}

The {device-id-spec} string takes the following form:

{device-id} | "-"{device-id} | {device-id}"-"[{device-id}] | "*"

The {device-id} string is a device ID that is returned by a call to DeviceDescriptor.getID(). Note that the characters in the string must all be decimal digits.

A {device-id-spec} specification of the form "n-" (where n is a device ID) signifies all device IDs numbered n and above, while a specification of the form "-n" indicates all device IDs numbered n and below. A single asterisk in the place of the {device-id-spec} field matches all device IDs.

The name "*:*" matches all device names and all device IDs, as is the name "*".

3.5.5.2 Actions

Table 3-10 shows the actions can be requested with this permission:

Table 3-10 DeviceMgmtPermission Actions

Value	Meaning
`open`	Open a device using its device name or ID
`register`	Register a new device.
`unregister`	Un-register a new device

3.5.6 GenericPermission

The jdk.dio.generic.GenericPermission class defines permissions for generic device access on an embedded board.

3.5.6.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for generic devices.

3.5.6.2 Actions

Table 3-11 shows the actions can be requested with this permission:

Table 3-11 GenericPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of a generic device.

3.5.7 GPIOPinPermission

The jdk.dio.gpio.GPIOPinPermission class defines permissions for General Purpose I/O (GPIO) pin access on an embedded board.

3.5.7.1 Resource Name

The resource name is a numerical pin number. Refer to the Getting Started Guide of your embedded board to determine which pin numbers are available for GPIO control.

3.5.7.2 Actions

Table 3-12 shows the actions can be requested with this permission:

Table 3-12 GPIOPinPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`setdirection`	Request permission to change the GPIO pin direction
`powermanage`	Manage the power saving mode of a GPIO pin.

3.5.8 GPIOPortPermission

The jdk.dio.gpio.GPIOPortPermission class defines permissions for General Purpose I/O (GPIO) port access on an embedded board. A GPIO port is made up of several (typically eight) GPIO pins.

3.5.8.1 Resource Name

The resource name is a numerical port number. Refer to the Getting Started Guide of your embedded board to determine which port numbers are available for GPIO control.

3.5.8.2 Actions

Table 3-13 shows the actions can be requested with this permission:

Table 3-13 GPIOPortPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`setdirection`	Request permission to change the GPIO port direction
`powermanage`	Manage the power saving mode of a GPIO port.

3.5.9 I2CPermission

The jdk.dio.i2cbus.I2CPermission class defines permissions for I2C bus access on an embedded board.

3.5.9.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for I2C control.

3.5.9.2 Actions

Table 3-14 shows the actions can be requested with this permission:

Table 3-14 I2CPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of an I2C bus.

3.5.10 MMIOPermission

The jdk.dio.mmio.MMIOPermission class defines permissions for MMIO bus access on an embedded board.

3.5.10.1 Resource Name

The resource name is a memory-address (in hexadecimal format) returned by a call to MMIODeviceConfig.getAddress(). The characters in the string must all be hexadecimal digits. Refer to the Getting Started Guide of your embedded board to determine which addresses are available for MMIO use.

3.5.10.2 Actions

Table 3-15 shows the actions can be requested with this permission:

Table 3-15 MMIOPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of an MMIO bus.

3.5.11 PWMPermission

The jdk.dio.pwm.PWMPermission class defines permissions for Pulse Width Modulation (PWM) channel access on an embedded board.

3.5.11.1 Resource Name

The resource name is a numerical channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for PWM control.

3.5.11.2 Actions

Table 3-16 shows the actions can be requested with this permission:

Table 3-16 PWMPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of a device.

3.5.12 SPIPermission

The jdk.dio.spibus.SPIPermission class defines permissions for SPI bus access on an embedded board.

3.5.12.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for SPI control.

3.5.12.2 Actions

Table 3-17 shows the actions can be requested with this permission:

Table 3-17 SPIPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of an SPI bus.

3.5.13 UARTPermission

The jdk.dio.uart.UARTPermission class defines permissions for UART bus access on an embedded board.

3.5.13.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel numbers are available for UART control.

3.5.13.2 Actions

Table 3-18 shows the actions can be requested with this permission:

Table 3-18 UARTPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of an UART bus.

3.5.14 WatchdogTimerPermission

The jdk.dio.watchdog.WatchdogTimerPermission class defines permissions for the watchdog timer on an embedded board.

3.5.14.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available for the watchdog timer.

3.5.14.2 Actions

Table 3-19 shows the actions can be requested with this permission:

Table 3-19 WatchdogTimerPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the watchdog timer..

3.6 Smart Cards

The following permission allows access to smart cards on Java ME embedded devices.

3.6.1 APDUPermission

The javax.microedition.apdu.APDUPermission class represents access to a smart card using the APDU protocol. An APDUPermission contains a resource name (also called a target name) but no actions list. The target name is the symbolic name of the APDUPermission.

3.6.1.1 Resource Name

The resource name can be one of two items, as shown in Table 3-20.

Table 3-20 APDUPermission Target Names

Target Name	Permission Allows
`aid`	The ability to communicate with a smart card application identified by an AID target.
`sat`	The ability to communicate with a (U)SAT application on channel 0.

3.7 Cellular

The following permissions deal with embedded devices that can connect to a cellular network.

3.7.1 CellularPermission

The javax.microedition.cellular.CellularPermission class defines permissions for cellular network resources on an embedded board. It consists only of a resource name.

3.7.1.1 Resource Name

The resource name can be one of three items, as shown in Table 3-21.

Table 3-21 CellularPermission Resource Names

Resource	Meaning
`subscriber`	Resources that access or modify the cellular subscriber identity, which is often recorded on a SIM, R-UIM, or CSIM.
`network`	Resources that access the cellular network.
`*`	All available cellular resources.

3.8 Generic Events

The following permissions deal with generic events that can be sent from the underlying runtime operating system to the Oracle Java ME Embedded runtime.

3.8.1 EventPermission

The javax.microedition.event.EventPermission class defines permissions that allow applications to receive events from the underlying runtime operating system.

3.8.1.1 Resource Name

The resource name is the name of the event, such as "BATTERY_LEVEL" or "com.MyCompany.MyEvent". The naming convention follows a hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example, "com.MyCompany.*" or "*" is valid, while "*MyCompany" or "a*b" is not valid.

3.8.1.2 Actions

The actions to be granted are a list of comma-separated keywords. The possible keywords are "post", "postsystem", "read" and "register". Table 3-22 gives more details on these keywords.

Table 3-22 EventPermission Actions

Value	Meaning
`post`	Permission to post an event.
`postsystem`	Permission to post a system event. To see which system events are supported, call `EventManager.getSystemEventNames()`.
`read`	Permission to read an event.
`readregister`	Permission to register and un-register applications to launch in response to events.

3.9 COMM Protocol

The following permissions deal with embedded devices that can use a COMM protocol through a serial port.

3.9.1 CommProtocolPermission

The javax.microedition.io.CommProtocolPermission class defines permissions for COMM resources on an embedded board. It consists only of a resource name.

3.9.1.1 Resource Name

The resource name is a base connection string and is typically formatted as:

comm:<port identifier>[<optional parameters>]

An exact BNF grammar for the COMM protocol URI is given in Table 3-23.

Table 3-23 CellularPermission Resource Names

Resource	Meaning
base connection string	"`comm:`"<port_id>[<options_list>] \| "`comm:`"<wildcarded_port_id>
<port_id>	A non-empty case-sensitive string of alphanumeric characters
<wildcarded_port_id>	All available cellular resources.
<options_list>	*(<baud_rate_string>\| <bitsperchar>\| <stopbits>\| <parity>\| <blocking>\| <autocts>\| <autorts>)
<baud_rate_string>	"`;baudrate=`"<baud_rate>
<baud_rate>	non-empty string of digits
<bitsperchar>	"`;bitsperchar=`"<bit_value>
<bit_value>	"`7`" \| "`8"`
<stopbits>	"`;stopbits=`"<stop_value>
<stop_value>	"`1`" \| "`2`"
<parity>	"`;parity=`"<parity_value>
<parity_value>	"`even`" \| "`odd`" \| "`none`"
<blocking>	"`;blocking=`"<on_off>
<autocts>	"`;autocts=`"<on_off>
<autorts>	"`;autorts=`"<on_off>
<on_off>	"`on`" \| "`off`"

3.10 Connector

The following permissions deal with those associated with the javax.microedition.io.Connector class, a factory class for creating new Connection objects.

3.10.1 CBS

The javax.microedition.io.Connector.cbs defines permissions for cellular broadcast service.

3.10.1.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available for the CBS.

3.10.1.2 Actions

Table 3-24 shows the actions can be requested with this permission:

Table 3-24 Connector CBS Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the CBS..

3.10.2 File Read

The javax.microedition.io.Connector.file.read defines permissions for connections that read files.

3.10.2.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available for reading files.

3.10.2.2 Actions

Table 3-25 shows the actions can be requested with this permission:

Table 3-25 Connector File Read Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the file read..

3.10.3 File Write

The javax.microedition.io.Connector.file.write defines permissions for connections that write files.

3.10.3.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available.

3.10.3.2 Actions

Table 3-26 shows the actions can be requested with this permission:

Table 3-26 WatchdogTimerPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the file write..

3.10.4 RTSP

The javax.microedition.io.Connector.rtsp defines permissions for connections that use the real-time streaming protocol (RTSP).

3.10.4.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available.

3.10.4.2 Actions

Table 3-27 shows the actions can be requested with this permission:

Table 3-27 WatchdogTimerPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the RTSP..

3.10.5 SMS

The javax.microedition.io.Connector.sms defines permissions for SMS messaging.

3.10.5.1 Resource Name

The resource name is a channel number. Refer to the Getting Started Guide of your embedded board to determine which channel number is available for SMS.

3.10.5.2 Actions

Table 3-28 shows the actions can be requested with this permission:

Table 3-28 WatchdogTimerPermission Actions

Value	Meaning
`open`	The requested channel is opened and available for use.
`powermanage`	Manage the power saving mode of the SMS..

3.11 Datagram Protocol

The following permissions deal with embedded devices that can use datagram protocols.

3.11.1 DatagramProtocolPermission

The javax.microedition.io.DatagramProtocolPermission class represents access rights to connections via the Datagram protocol. A DatagramProtocolPermission consists of a URI string, but no actions.

The URI string specifies a connection for sending and receiving datagrams. It takes the following general form:

datagram://{host}:{portspec} | datagram://[:{portspec}]

The value of the {host} field must be a symbolic hostname, a literal IPv4 address or an IP-literal as specified by RFC 3986. An IP-literal requires an IPv6Address to bew surrounded with square brackets ([]). Note that IPvFuture addresses from RFC 3986 are not currently supported.

The {host} field is omitted to indicate an inbound, server-mode connection. Server-mode URIs may also omit the {portspec} field to request a system-assigned port number. In such a case, the DatagramProtocolPermission is normalized to the equivalent URI: datagram://:1024-65535.

If the {host} string is a DNS name, an asterisk may appear in the left-most position to indicate a match of 1 or more entire domain labels. Partial domain label matches are not permitted. For example, "*.oracle.com" is valid, but "*oracle.com" is not. An asterisk by itself matches all hosts in outbound, client-mode connections.

The {portspec} string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | "*"

A {portspec} of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the {portspec} field matches all ports. Therefore, the URI "datagram://:*" matches server-mode datagram connections to all ports, and the URI "datagram://*:*" matches client-mode datagram connections to all hosts on all ports.

3.11.2 DTLSProtocolPermission

The javax.microedition.io.DTLSProtocolPermission class represents access rights to connections that use the Datagram Transport Layer Security (DTLS) protocol. A DTLSProtocolPermission consists of a URI string but no actions list.The URI string specifies a connection for sending and receiving datagrams. It takes the following general form:

dtls://{host}:{portspec} The value of the {host} field must be a symbolic hostname, a literal IPv4 address or an IP-literal as specified by RFC 3986. An IP-literal requires an IPv6Address to be surrounded with square brackets ([]). Note that IPvFuture addresses from RFC 3986 are not supported.

The {portspec} string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | "*"

A {portspec} of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the {portspec} field matches all ports. Therefore, the URI "dtls://*:*" matches client-mode datagram connections to all hosts on all ports.

3.12 File Protocol

The following permissions deal with embedded devices that can use files.

3.12.1 FileProtocolPermission

The javax.microedition.io.FileProtocolPermission class represents access rights to connections via the "file" protocol. A FileProtocolPermission consists of a URI string indicating a fully-qualified, absolute pathname as well as a set of actions desired for that pathname.

3.12.1.1 Resource Name

The URI string takes the following general form:

file://[{host}]{absolute_path} | file:{absolute_path}

The exact syntax is given by RFCs 1738 and 2396. In addition, a pathname that ends in "/*" matches all the files and directories contained in that directory. A pathname that ends with "/-" recursively matches all files and subdirectories contained in that directory.

In addition to the syntax defined by RFC 1738, FileProtocolPermission must accept and normalize URIs of the form file:{abs_path}. If {host} is omitted, it is equivalent to using localhost. Also, note that {absolute_path} follows the syntax defined for {fpath} in RFC 1738.

3.12.1.2 Actions

Table 3-29 shows the actions can be requested with this permission. Note that multiple actions can be requested by separating keywords with commas.

Table 3-29 FileProtocolPermission Actions

Value	Meaning
`read`	The file can be read from using the protocol.
`write`	The file can be written to using the protocol.

3.13 Hypertext Transfer Protocols

The following permissions deal with embedded devices that can use HTTP or HTTPS protocols.

3.13.1 HTTPProtocolPermission

The javax.microedition.io.HTTPProtocolPermission class represents access rights to connections via the HTTP protocol. An HttpProtocolPermission consists of a URI string, but no actions list.

The URI string specifies a data resource accessible via HTTP. It takes the following general form:

http://{host}[:{portspec}][{pathname}][?{query}][#{fragment}]

The value of the {host} field must be a symbolic hostname, a literal IPv4 address or an IP-literal as specified by RFC 3986. An IP-literal requires IPv6Address to be surrounded with square brackets ([]). IPvFuture addresses from RFC 3986 are not supported.

If the {host} string is a DNS name, an asterisk may appear in the left-most position to indicate a match of one or more entire domain labels. Partial domain label matches are not permitted. For example, "*.oracle.com" is valid, but "*oracle.com" is not. An asterisk by itself matches all hosts.

The {portspec} string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | * | empty string

A {portspec} specification of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the {portspec} field matches all ports; therefore, the URI "http://*:*" matches HTTP connections to all hosts on all ports. If the {portspec} field is omitted, default port 80 is assumed.

3.13.2 HTTPSProtocolPermission

The javax.microedition.io.HTTPSProtocolPermission class represents access rights to connections via the HTTPS protocol. A HttpsProtocolPermission consists of a URI string, but no actions list.

The URI string specifies a data resource accessible via secure HTTPS. It takes the following general form:

http://{host}[:{portspec}][{pathname}][?{query}][#{fragment}]

The {portspec} string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | * | empty string

A {portspec} specification of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the {portspec} field matches all ports; therefore, the URI "https://*:*" matches HTTPS connections to all hosts on all ports. If the {portspec} field is omitted, default port 443 is assumed.

3.14 IMC

The following permissions deal with embedded devices that use the Inter-MIDlet Communication (IMC) protocol.

3.14.1 IMCProtocolPermission

The javax.microedition.io.IMCProtocolPermission class defines permissions for inter-MIDlet communication on an embedded board. IMC uses a low-level asynchronous bi-directional stream connection for communication between applications. The permission consists only of a resource name.

3.14.1.1 Resource Name

The resource name consists of a number of rules to create a base client connection string; these rules are shown in Table 3-30.

Table 3-30 IMCProtocolPermission Resource Name Rules

Rule	Meaning
Base client connection string	"`imc://`" (<Application UID> \| "`*`") "`:`" <server name> "`:`" <server version> "`;`"
<Application UID>	<Application suite vendor>"`:`" <Application suite name>"`:`" <Application suite version>
<Application suite vendor>	:The application suite vendor
<Application suite name>	The application suite name
<Application suite version>	Formatted application suite version or wildcard character "`*`"
<server name>	IMC server name following the class naming syntax
<server version>	The version of the IMC server. Version backward compatibility is assumed.Versioning follows the format defined for the `MIDlet-Version` attribute.

Note that in the first rule, the wildcard "*" may be used instead of a specific <Application UID> when opening an IMC client connection. When the wildcard character is used, it allows the client to connect to any applications (even those from different vendors) if they all provide the same IMC service and meet the authorization requirements. However, which application's IMC server the client will be connected to is implementation specific.

3.15 Multicast Protocols

The following permissions deal with embedded devices that use the multicast protocols.

3.15.1 MulticastProtocolPermission

The javax.microedition.io.MulticastProtocolPermission class represents access rights to connections via the "multicast" protocol. A MulticastProtocolPermission consists of a URI string but no actions list.

The exact syntax for the MulticastProtocolPermission URI is provided by rules shown in Table 3-31.

Table 3-31 MulticastProtocolPermission Resource Name Rules

Rule	Meaning
base multicast connection string	<inbound_connection> \| <outbound_connection>
<inbound_connection>	"`multicast://:` [ <portnumber> ] [ <auto_join> ]
<outbound_connection>	"`multicast://`" <host> "`:`" <portnumber>
<multicast_permission>	"`multicast://`"[<hostspec>] "`:`" <portspec>
<host>	<host name> \| <ipaddr>
<ipaddr>	IPv4 address \| '`[`' IPv6 address '`]`'
<hostspec>	<host> \| "`*`" .
<auto_join>	"`?join=`"<host>
<portspec>	<portnumber> \| <portrange> \| "`*`"
<portnumber>	numeric port number
<portrange>	<portnumber> "`-`" \| "`-`" <portnumber> \| <portnumber> "`-`" <portnumber>

The value of the {host} field must be a symbolic hostname, a literal IPv4 multicast address or a literal IPv6 address surrounded by square brackets ([]), as specified by RFC 3986. The {hostspec} may be "*" to allow connection to any multicast host group. The {hostspec} field may also be omitted to indicate an inbound, server-mode connection.

Server-mode URIs may also omit the <portspec> field to request a system-assigned port number. In such a case, the MulticastProtocolPermission is normalized to the equivalent URI "multicast://:1024-65535".

The <portspec> string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | "*"

A <portspec> specification of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the <portspec> field matches all ports. Therefore, the URI "multicast://<ipaddr>:" matches multicast a host group to all ports, and the URI "multicast://*:*" matches multicast connections to all host groups on all ports.

3.16 Push Protocols

The following permissions deal with embedded devices that use push protocols.

3.16.1 PushRegistryPermission

The javax.microedition.io.PushRegistryPermission class is used to check the static and dynamic registration of push connections and for registration of an alarm. The permission covers static registration via application attributes, and dynamic registration via PushRegistry.registerConnection(...) and alarm registration with PushRegistry.registerAlarm().

For the purposes of Push Registration permission, the URI MUST consist only of the scheme and delimiter (":") as defined by RFC-3986. The scheme may contain the wildcard character "*", which allows registration of all schemes. For alarm registration, the URI is "*" and the action is alarm. Push registration and alarm registration can be combined in a single permission. For example, the resource is "file:" and the actions are "static,dynamic,alarm".

3.16.1.1 Actions

Table 3-32 shows the actions can be requested with this permission. Note that multiple actions can be requested by separating keywords with commas.

Table 3-32 PushRegistryPermission Actions

Value	Meaning
`static`	Allows registration of a Push Connection in the packaging of the application suite
`dynamic`	Allows registration of a Push Connection using PushRegistry.registerConnection
`alarm`	Allows registration of an alarm using PushRegistry.registerAlarm

3.17 Socket Protocols

The following permissions deal with embedded devices that can use HTTP or HTTPS protocols.

3.17.1 SocketProtocolPermission

The javax.microedition.io.SocketProtocolPermission class represents access rights to connections via the "socket" protocol. A SocketProtocolPermission consists of a URI string but no actions list.

The URI string specifies a socket stream connection. It takes the following general form:

socket://{host}:{portspec} | socket://[:{portspec}]

The exact syntax for the SocketProtocolPermission URI is given by the grammar in Table 3-33.

Table 3-33 SocketProtocolPermission Resource Name Rules

Rule	Meaning
base socket connection string	"`socket://`"<inbound_connection> \| "`socket://`"<outbound_connection>
<inbound_connection>	"`:` " \| "`:`" [ <porspec> ] \| empty string
<outbound_connection>	<host> "`:`" <portspec>
<host>	<host name> \| <ipaddr> \| <wildcarded DNS>
<ipaddr>	IPv4 address \| '`[`' IPv6 address '`]`'
<wildcarded_DNS>	"``" ("`.`"<domainlabel>) \| "`*`" followed by zero or more internet domain labels, separated by "`.`"
<domainlabel>	internet domain label
<portspec>	<portnumber> \| <portrange> \| "`*`"
<portnumber>	numeric port number
<portrange>	<portnumber> "`-`" \| "`-`" <portnumber> \| <portnumber> "`-`" <portnumber>

The value of the {host} field must be a symbolic hostname, a literal IPv4 address or an IP-literal with an IPv6Address as specified by RFC 3986. An IPv6Address must be surrounded with square brackets ([]). Note that IPvFuture addresses are not currently supported.

The {host} field may be omitted to indicate a server-mode connection. Server-mode URIs may also omit the {portspec} field to indicate a system-assigned port number. In such a case, the SocketProtocolPermission is normalized to the equivalent URI "socket://:1024-65535".

If the {host} string is a DNS name, an asterisk may appear in the left-most position to indicate a match of one or more entire domain labels. Partial domain label matches are not permitted, therefore "*.oracle.com" is valid, but "*oracle.com" is not. An asterisk by itself matches all hosts in client-mode connections;

The {portspec} string takes the following form:

portnumber | "-" portnumber | portnumber "-" [portnumber] | "*"

A {portspec} specification of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk may be used in place of the {portspec} field to indicate all ports. Therefore, the URI "socket://:*" matches server-mode socket connections to all ports, and the URI "socket://*:*" matches client-mode socket connections to all hosts on all ports.

Note:

The syntax of URLs accepted by Connector.open() for sockets differs from the syntax for SocketProtocolPermission. In the socket: protocol, the ":" delimiter must always be present even if there is no port number, whereas the delimiter must not be present unless there is a port number in SocketProtocolPermission.

3.17.2 SSLProtocolPermission

The javax.microedition.io.SSLProtocolPermission class represents access rights to connections that use the Secure Sockets Layer (SSL) protocol. A SSLProtocolPermission consists of a URI string but no actions list.

The URI string specifies a secure socket stream connection. It takes the following general form:

ssl://{host}:{portspec} | ssl://[:{portspec}]

The exact syntax for the SSLProtocolPermission URI is given in Table 3-34.

Table 3-34 SSLProtocolPermission Resource Name Rules

Rule	Meaning
base SSL connection string	"`ssl://`"<inbound_connection> \| "`ssl://`"<outbound_connection>
<inbound_connection>	"`:` " \| "`:`" [ <portspec> ] \| empty string
<outbound_connection>	<host> "`:`" <portspec>
<host>	<host name> \| <ipaddr> \| <wildcarded DNS>
<ipaddr>	IPv4 address \| '`[`' IPv6 address '`]`'
<wildcarded_DNS>	"``" ("`.`"<domainlabel>) \| "`*`" followed by zero or more internet domain labels, separated by "`.`"
<domainlabel>	internet domain label
<portspec>	<portnumber> \| <portrange> \| "`*`"
<portnumber>	numeric port number
<portrange>	<portnumber> "`-`" \| "`-`" <portnumber> \| <portnumber> "`-`" <portnumber>

The value of the {host} field must be a symbolic hostname, a literal IPv4 address or an IP-literal as specified by RFC 3986. An IPv6Address must be surrounded with square brackets ([]). Note that IPvFuture addresses are not supported.

The {host} field is omitted to indicate a server-mode connection. Server-mode URIs may also omit the {portspec} field to indicate a system-assigned port number. In such a case, the SSLProtocolPermission is normalized to the equivalent URI "ssl://:1024-65535".

If the {host} string is a DNS name, an asterisk may appear in the left-most position to indicate a match of one or more entire domain labels. Partial domain label matches are not permitted, therefore "*.oracle.com" is valid, but "*oracle.com" is not. An asterisk by itself matches all hosts.

The {portspec} string takes the following form:

portnumber | -portnumber | portnumber-[portnumber] | "*"

A {portspec} specification of the form "n-" (where n is a port number) signifies all ports numbered n and above, while a specification of the form "-n" indicates all ports numbered n and below. A single asterisk in the place of the {portspec} field matches all ports. Therefore, the URI "ssl://:*" matches secure server connections to all ports, and the URI "ssl://*:*" matches secure connections to all hosts on all ports.

3.18 Location

The following permissions allow location functionality on an embedded device.

3.18.1 LocationPermission

The javax.microedition.LocationPermission class is used to allow access to the location functionality of an embedded device. This permission consists of only the class, but no targets or actions.

3.19 Media

The following permissions deal with embedded devices that have the ability to record or playback media.

3.19.1 RecordControl

The javax.microedition.media.RecordControl class allows Java ME embedded applications to control audio recording on an embedded device. This permission consists of only the class, but no targets or actions.

3.19.2 VideoControl

The javax.microedition.media.VideoControl.getSnapshot permissions grants Java ME embedded applications the ability to take snapshot pictures on an embedded device. This permission consists of only the class, but no targets or actions.

3.20 Auto-Start

The following permissions allow auto-start functionality on an embedded device.

3.20.1 AutoStartPermission

The javax.microedition.midlet.AutoStartPermission allows applications in an application suite to assume the Auto Start application behavior. AutoStartPermission has only two resources: allowed or not allowed. AutoStartPermission class does not support any actions.

3.20.2 AutoStartPermission

The javax.microedition.midlet.AutoStartPermission allows applications in an application suite to assume the auto-start application behavior.

3.20.2.1 Resource Names

Table 3-35 shows the names that are allowed with this permission.

Table 3-35 AutoStartPermission Actions

Value	Meaning
`allowed`	Auto-start of the application is allowed
`not allowed`	Auto-start of the application is not allowed

3.21 Power

The following permission allows applications to access the power state functionality of an embedded device.

3.21.1 PowerStatePermission

The javax.microedition.power.PowerStatePermission allows calls to PowerManager.setPowerState() method.

3.21.1.1 Resource Names

Table 3-36 shows the names that are allowed with this permission.

Table 3-36 PowerStatePermission Actions

Value	Meaning
`set`	Calls to `setPowerState(..., false)` are allowed
`setUrgent`	Calls to `setPowerState(..., true)` are allowed

3.22 Software Management

The following permissions allow applications to use of the software management (SWM) APIs on an embedded device.

3.22.1 SWMPermission

The javax.microedition.power.SWMPermission provides permission handling for SWM API permissions. An SWMPermission object contains a resource and actions.

3.22.1.1 Resource Names

Table 3-37 shows the resource names that are allowed with this permission.

Table 3-37 SWMPermission Resource Names

Value	Meaning
`client`	Permission to perform the listed actions only for applications assigned to the same client
`crossClient`	Permission to perform the listed actions also for applications assigned to other clients. Usually this is a permission reserved for the root client. Granting this permissions to other clients should carefully considered to avoid security breaches.

3.22.1.2 Actions

The actions to be granted are a list of comma-separated keywords, as shown in Table 3-38, as well as whether they are permitted on a trusted and non-trusted client.

Table 3-38 SWMPermission Actions

Name and Action	Assigned to Trusted Client	Assigned to Non-Trusted Client
`client, manageSuite`	Permitted	Not Permitted.
`client, installation`	Permitted.	Not Permitted.
`client, manageTask`	Permitted.	Not Permitted.
`crossClient, manageSuite`	Permitted, but not recommended	Not Permitted.
`crossClient, installation`	Permitted, but not recommended	Not Permitted.
`crossClient, manageTask`	Permitted, but not recommended	Not Permitted.