The java.security.AllPermission class grants all possible permissions to the caller. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should never be applied to untrusted code.

Noncompliant Code Example

This noncompliant example grants AllPermission to a library (klib). The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the Permission class (or any subclass like BasicPermission) in the java.security package. 

/* grant the klib library AllPermission */ 
grant codebase "file:${klib.home}/j2ee/home/klib.jar" { 
  permission java.security.AllPermission; 
};

Compliant Solution

The policy file can be signed and made to provide more restrictive permissions.

grant codeBase "file:${klib.home}/j2ee/home/klib.jar", signedBy "Admin" {
    permission java.io.FilePermission "/tmp/*", "read";
    permission java.io.SocketPermission "*", "connect";
};

Always assign appropriate permissions to code. This can be achieved by extending any of the permission classes. The next solution shows how to implement restrictive permissions within the code.

//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
//other code

Exceptions

SEC31-EX1: It may be necessary to grant AllPermission to trusted library code so that callbacks will work.

For example, it is common practice to grant AllPermission to the Java system code:

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
	permission java.security.AllPermission;
};

Risk Assessment

Granting AllPermission to untrusted code means that there is no security at all.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC31-J

high

probable

low

P18

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html]
\[[Gong 03|AA. Java References#Gong 03]\]
\[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html]

SEC30-J. Always use a Security Manager      00. Security (SEC)      SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks