Example Domain Policies

The Security Policy Chapter defines a security policy for APIs in this specification. The examples below use the External Domain Policy Format to represent each of the Operator, Manufacturer, Identified, and Unidentified domains. These are examples only and are not a complete security policy.

Operator Domain Policy Example

The Operator policy does not restrict any behavior and therefore includes all permissions.

    domain Operator;
    grant allowed "network" {
        permission javax.microedition.io.HttpProtocolPermission "http://*:*";
        permission javax.microedition.io.HttpsProtocolPermission "https://*:*";
        permission javax.microedition.io.DatagramProtocolPermission "datagram://*:*";
        permission javax.microedition.io.DatagramProtocolPermission "datagram://:*";
        permission javax.microedition.io.SocketProtocolPermission "socket://*:*";
        permission javax.microedition.io.SocketProtocolPermission "socket://:*";
        permission javax.microedition.io.SSLProtocolPermission "ssl://**.*";
    }
    grant allowed "misc" {
        permission javax.microedition.io.PushRegistryPermission "*" "static,dynamic,alarm";
        permission javax.microedition.io.CommProtocolPermission "comm:*";
        permission javax.microedition.media.PlayerPermission "*" "record,snapshot";
        permission java.util.PropertyPermission "*" "read";
        permission javax.microedition.event.EventPermission "*" "read,register,post,postsystem";
        permission javax.microedition.midlet.AutoStartPermission;
    }
    

Manufacturer Domain Policy Example

The Manufacturer policy does not restrict any behavior and therefore includes all permissions.


    domain Manufacturer;
    grant allowed {
        permission javax.microedition.io.HttpProtocolPermission "http://*";
        permission javax.microedition.io.HttpsProtocolPermission "https://*";
        permission javax.microedition.io.DatagramProtocolPermission "datagram://*";
        permission javax.microedition.io.DatagramProtocolPermission "datagram://";
        permission javax.microedition.io.SocketProtocolPermission "socket://*";
        permission javax.microedition.io.SocketProtocolPermission "socket://";
        permission javax.microedition.io.SSLProtocolPermission "ssl://*";
    }
    grant allowed "misc" {
        permission javax.microedition.io.PushRegistryPermission "*" "static,dynamic,alarm";
        permission javax.microedition.io.CommProtocolPermission "comm:*";
        permission javax.microedition.media.PlayerPermission "*" "record,snapshot";
        permission java.util.PropertyPermission "*" "read";
        permission javax.microedition.event.EventPermission "*" "read,register,post,postsystem";
        permission javax.microedition.midlet.AutoStartPermission;
    }
    

Identified Third Party Domain Policy Example

This is an example of the Identified Third Party Domain function groups and permissions; it does not contain permissions for APIs outside of this specification.


    domain IdentifiedThirdParty;
    grant allowed "NetAccess" {
        permission javax.microedition.io.HttpProtocolPermission "http://*";
        permission javax.microedition.io.HttpsProtocolPermission "https://*";
    }
    grant allowed "LowLevelNetAccess" {
        permission javax.microedition.io.DatagramProtocolPermission "datagram://*";
        permission javax.microedition.io.DatagramProtocolPermission "datagram://";
        permission javax.microedition.io.SocketProtocolPermission "socket://*";
        permission javax.microedition.io.SocketProtocolPermission "socket://";
        permission javax.microedition.io.SSLProtocolPermission "ssl://*";
    }
    grant allowed "ApplicationAutoInvocation" {
        permission javax.microedition.io.PushRegistryPermission "*" "static,dynamic,alarm";
    }
    grant allowed "LocalConnectivity" {
        permission javax.microedition.io.CommProtocolPermission "comm:*";
    }
    grant allowed "MultimediaRecording" {
        permission javax.microedition.media.PlayerPermission "*" "record";
        permission javax.microedition.media.PlayerPermission "*" "snapshot";
    }
    grant allowed {
        permission java.util.PropertyPermission "microedition.*" "read";
        permission javax.microedition.event.EventPermission "*" "read,register,post";
    }

    

Unidentified Third Party Domain Policy Example

This is an example of the Unidentified Third Party Domain function groups and permissions. This example does not contain permissions for APIs outside of this specification.


    domain UnidentifiedThirdParty;
    grant allowed "NetAccess" {
        permission javax.microedition.io.HttpProtocolPermission "http://*";
        permission javax.microedition.io.HttpsProtocolPermission "https://*";
    }
    grant allowed "LowLevelNetAccess" {
        permission javax.microedition.io.SocketProtocolPermission "socket://*";
        permission javax.microedition.io.SocketProtocolPermission "socket://";
        permission javax.microedition.io.SSLProtocolPermission "ssl://*";
    }
    grant allowed "LocalConnectivity" {
        permission javax.microedition.io.CommProtocolPermission "comm:*";
    }
    grant allowed "MultimediaRecording"{
        permission javax.microedition.media.PlayerPermission "*" "record";
        permission javax.microedition.media.PlayerPermission "*" "snapshot";
    }
    grant allowed {
        permission java.util.PropertyPermission "microedition.*" "read";
        permission javax.microedition.event.EventPermission "*" "read,register,post";
    }