2.5.7. Guidance on Configuring Java Security Permissions
The system administrator for the operation of the certified system is expected to configure the security permissions for all enterprise applications that are deployed on the certified system, when the certified system runs in the security manager enabled mode.
Warning
In addition to the General Restrictions listed in Chapter 5, Development Guide for the Common Criteria Certified System the following permissions must not be granted to any application in order to maintain a certified configuration:
- file permissions, except to files that are dedicated to the application
- network permissions
- permissions to load native code.
Important
You must not assign a
java.security.AllPermission (or equivalent for your JDBC driver) to any of the user applications interacting with the certified system.
User Applications must not be granted any other runtime, or socket permissions
Refer to the Java documentation for information on configuring permissions in the JVM:
A single entry in the Java Security Manager policy shipped with the certified system follows the standard Java Standard Edition model. More information is provided in the Java documentation:
An example would be the following:
grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
permission java.security.AllPermission;
};
This is defined by the certified system by default to provide all permissions to the jmx-console web application that ships with JBoss Enterprise Application Platform in the
/deploy directory.
So if the administrator needs to provide permissions to an enterprise application called as
TestDeployment.ear in the deploy directory of the certified system, then an example entry would be the following:
grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
permission java.util.PropertyPermission "*", "read";
permission javax.security.auth.AuthPermission "createLoginContext.a_login";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
};
This entry provides the enterprise application called as
TestDeployment.ear to read Java properties as well as the ability to create JAAS login context and obtain JAAS login configuration.
The certified system in the security manager enabled mode is a locked down system that forces the system administrator to configure the necessary security permissions for the operation of the user applications on the certified system.
Any interaction with the JBoss JMX Kernel (which is the standard Java MbeanServer) will require the appropriate
javax.management.MBeanPermission as specified in the Java MbeanServer interface:
