policy
a fork of the scala compiler
Seriously. On a 22" monitor, it only covers maybe a quarter of the screen. I need some ammo to axe down this rule.
Edit: I'm not saying that there shouldn't be a limit; I'm just saying, 80 characters is very small.
Source: (StackOverflow)
The upcoming Google policy changes, compel us to implement a dialog to notify EU users about cookie/device identifier usage for advertising and analytics. I'd like to show this dialog only to EU users. I don't want to use additional permissions (e.g. android.permission.ACCESS_COARSE_LOCATION). Therefore I have created a function to test for EU users:
Android
boolean showCookieHint()
{
final SharedPreferences settings = getSharedPreferences("localPreferences", Context.MODE_PRIVATE);
if (settings.getBoolean("termsAccepted", true) == false) return false;
List<String> list = new ArrayList<String>();
list.add("AT"); //Austria
list.add("BE"); //Belgium
list.add("BG"); //Bulgaria
list.add("HR"); //Croatia
list.add("CY"); //Cyprus
list.add("CZ"); //Czech Republic
list.add("DK"); //Denmark
list.add("EE"); //Estonia
list.add("FI"); //Finland
list.add("FR"); //France
list.add("GF"); //French Guiana
list.add("PF"); //French Polynesia
list.add("TF"); //French Southern Territories
list.add("DE"); //Germany
list.add("GR"); //Greece
list.add("HU"); //Hungary
list.add("IE"); //Ireland
list.add("IT"); //Italy
list.add("LV"); //Latvia
list.add("LT"); //Lithuania
list.add("LU"); //Luxembourg
list.add("MT"); //Malta
list.add("NL"); //Netherlands
list.add("PL"); //Poland
list.add("PT"); //Portugal
list.add("RO"); //Romania
list.add("SK"); //Slovakia
list.add("SI"); //Slovenia
list.add("ES"); //Spain
list.add("SE"); //Sweden
list.add("ES"); //Spain
list.add("GB"); //United Kingdom of Great Britain and Northern Ireland
boolean error = false;
/* is eu sim ? */
try {
final TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
String simCountry = tm.getSimCountryIso();
if (simCountry != null && simCountry.length() == 2) {
simCountry = simCountry.toUpperCase();
for (int i = 0; i < list.size(); ++i) {
if (list.get(i).equalsIgnoreCase(simCountry) == true) {
ASCore.log(TAG, "is EU User (sim)");
return true;
}
}
}
}
catch (Exception e) { error = true; }
/* is eu network */
try {
final TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
if (tm.getPhoneType() != TelephonyManager.PHONE_TYPE_CDMA) {
String networkCountry = tm.getNetworkCountryIso();
if (networkCountry != null && networkCountry.length() == 2) {
networkCountry = networkCountry.toUpperCase();
for (int i = 0; i < list.size(); ++i) {
if (list.get(i).equalsIgnoreCase(networkCountry) == true) {
ASCore.log(TAG, "is EU User (net)");
return true;
}
}
}
}
}
catch (Exception e) { error = true; }
/* is eu time zone id */
try {
String tz = TimeZone.getDefault().getID().toLowerCase();
if (tz.length() < 10) {
error = true;
} else if (tz.contains("euro") == true) {
ASCore.log(TAG, "is EU User (time)");
return true;
}
} catch (Exception e) {
error = true;
}
/* is eu time zone id */
try {
String tz = TimeZone.getDefault().getID().toLowerCase();
if (tz.length() < 10) {
error = true;
} else if (tz.contains("europe") == true) {
ASCore.log(TAG, "is EU User (time) ");
return true;
}
} catch (Exception e) {
error = true;
}
if (error == true) {
ASCore.log(TAG, "is EU User (err)");
return true;
}
return false;
}
iOS
-(bool) showCookieHint {
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
if ([defaults boolForKey:@"termsAccepted"]) return false;
CTTelephonyNetworkInfo *network_Info = [CTTelephonyNetworkInfo new];
CTCarrier *carrier = network_Info.subscriberCellularProvider;
std::vector<NSString*> list;
list.push_back(@"AT"); //Austria
list.push_back(@"BE"); //Belgium
list.push_back(@"BG"); //Bulgaria
list.push_back(@"HR"); //Croatia
list.push_back(@"CY"); //Cyprus
list.push_back(@"CZ"); //Czech Republic
list.push_back(@"DK"); //Denmark
list.push_back(@"EE"); //Estonia
list.push_back(@"FI"); //Finland
list.push_back(@"FR"); //France
list.push_back(@"GF"); //French Guiana
list.push_back(@"PF"); //French Polynesia
list.push_back(@"TF"); //French Southern Territories
list.push_back(@"DE"); //Germany
list.push_back(@"GR"); //Greece
list.push_back(@"HU"); //Hungary
list.push_back(@"IE"); //Ireland
list.push_back(@"IT"); //Italy
list.push_back(@"LV"); //Latvia
list.push_back(@"LT"); //Lithuania
list.push_back(@"LU"); //Luxembourg
list.push_back(@"MT"); //Malta
list.push_back(@"NL"); //Netherlands
list.push_back(@"PL"); //Poland
list.push_back(@"PT"); //Portugal
list.push_back(@"RO"); //Romania
list.push_back(@"SK"); //Slovakia
list.push_back(@"SI"); //Slovenia
list.push_back(@"ES"); //Spain
list.push_back(@"SE"); //Sweden
list.push_back(@"ES"); //Spain
list.push_back(@"GB"); //United Kingdom of Great Britain and Northern Ireland
/* is eu sim ? */
NSString* sim = carrier.isoCountryCode;
if (sim != nil) {
if ([sim length] == 2) {
NSString* simU = [sim uppercaseString];
for (int i = 0; i < list.size(); ++i) {
if ([list[i] compare:simU] == 0) {
ASCore::log("Core", "is EU User (sim)");
return true;
}
}
}
}
/* is eu network */
NSString* net = carrier.mobileCountryCode;
if (net != nil) {
if ([net length] == 2) {
NSString* netU = [net uppercaseString];
for (int i = 0; i < list.size(); ++i) {
if ([list[i] compare:netU] == 0) {
ASCore::log("Core", "is EU User (net)");
return true;
}
}
}
}
bool error = false;
/* is local eu time zone id */
NSTimeZone* timeZoneLocal = [NSTimeZone localTimeZone];
NSString* time1 = [[timeZoneLocal name] lowercaseString];
if ([time1 length] > 10) {
if ([time1 containsString:@"europe"]) {
ASCore::log("Core", "is EU User (local time)");
return true;
}
} else error = true;
/* is default eu time zone id */
NSTimeZone *timeZoneDefault = [NSTimeZone defaultTimeZone];
NSString *time2 = [[timeZoneDefault name] lowercaseString];
if ([time2 length] > 10) {
if ([time2 containsString:@"europe"]) {
ASCore::log("Core", "is EU User (default time)");
return true;
}
} else error = true;
if (error == true) {
ASCore::log("Core", "is EU User (err)");
return true;
}
return false;
}
Is my function enough to detect EU-Users?
Thanks
Ronald
Source: (StackOverflow)
We have a browser based game which uses Facebook Connect through an AppID that we used to run the same game in a canvas until Fb Credits were introduced and we were forced to shut it down. Now, we only use the App the same way as a product page with the FbConnect integration on our own site.
Today's mail states for our case:
If your Connect app is accessing user connections or asking for additional permissions beyond age, email, and our Publishing Permissions, please remove these requests.
(This refers to this policy change: https://developers.facebook.com/blog/post/2012/09/05/platform-updates--operation-developer-love/)
We are using oauth FbConnect with scope=email,user_birthday. This is exactly what was specified in an earlier mail so it should be ok.
Once the user is authenticated, we simply call
https://graph.facebook.com/me?access_token=...
and read what comes there.
Is it possible, that we are not allowed to call the GraphAPI's me anymore? It contains info like gender, location and locale...
The Oauth data contains the fbuid, first/lastname and the email, but it does not contain the age, what we are supposed to be allowed to ask?
Do I have to call https://graph.facebook.com/me?fields=birthday explicitly?
Did anyone actually succeed in getting an "desktop web game hosted primarily off Facebook" to comply with their new policy without creating a new AppID?
Note: There have been a couple of questions about the "Sep 5th policy change" like Facebook: Notice of Violation this one and many previous closed as duplicates, but none I found so far contains questions or answers on a technical level.
Source: (StackOverflow)
I'm developing an Android app, which I therefore endlessly build and install on my test device. Since a couple days I get with every build/install a question asking
Google may regularly check installed apps for potentially harmfull
behaviour. Learn more in Google Settings > Verify apps.
I get the option to Accept or Decline. I've declined about a hundred times now, but it seems to be Googles policy to keep on asking until I get sick of the message and finally click Accept. But I don't want that!
So my question: how do I let Google know once and for all that I do not want them regularly checking installed apps on my phone?
Source: (StackOverflow)
Apologies in advance for a policy, rather than a programming question, but given the paucity of information available online I hope I can be forgiven for asking it here.
I would like to use the new recurring subscriptions from Apple in an iOS app. I have coded payments before and have no problems there, however nowhere can I find guidance on what is allowed under the new subscription type. The implication 'seems' to be that there is no special guidance, however all the discussions I can find are talking about 'content' providers rather than service providers.
I would like to use the recurring subscription for a service that people subscribe to. I am not offering any content per se.
Using the old non-renewing subscription type (that is really so broken it isn't worth using) I'm 99% sure the app would be accepted, but all the talk of content providers has me worried that Apple really don't want SAAS providers to use the recurring subscription model and want to restrict it to publishers of content.
Does anyone have experience with using the new payment model for software as a service?
I'd love to get some better idea as to whether it's viable or not before we build a whole payment solution around the concept!
Source: (StackOverflow)
In VS2013, when I try to open the NuGet Package Manager Console, I suddenly get the error:
Windows PowerShell updated your execution policy successfully,
but the setting is overridden by a policy defined at a more specific scope.
Due to the override, your shell will retain its current effective execution
policy of Unrestricted. Type "Get-ExecutionPolicy -List" to view your
execution policy settings. For more information please see "Get-Help Set-
ExecutionPolicy".
If I run 'Get-ExecutionPolicy -List' in a PowerShell prompt, I get the following:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Unrestricted
UserPolicy Unrestricted
Process Unrestricted
CurrentUser RemoteSigned
LocalMachine Undefined
Not sure it this is correct or not, but on my co-workers PC, the policies are set to:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Unrestricted
UserPolicy Undefined
Process Unrestricted
CurrentUser RemoteSigned
LocalMachine Undefined
Guess the problem is the 'UserPolicy' so I've tried to execute the following command:
Set-ExecutionPolicy Undefined -Scope UserPolicy
which gives me the error-message:
Set-ExecutionPolicy : Cannot set execution policy.
Execution policies at the MachinePolicy or UserPolicy scopes must be
set through Group Policy.
Not quite sure what to do now. Any help to fix this problem would be greatly appreciated.
Source: (StackOverflow)
I am reading the brilliant book "Domain Driven Design" written by Eric Evans. In his book Eric describes two different concepts: the specification pattern and policies.
Here is an example for a specification:
public interface ProjectSpecification {
public boolean isSatisfiedBy(Project p);
}
public class ProjectIsOverdueSpecification implements ProjectSpecification {
public boolean isSatisfiedBy(Project p) { … }
}
//client:
if {
(projectIsOverdueSpecification.isSatisfiedBy(theCurrentProject) { … }
}
Here is an example for a policy:
public class CargoBooking {
private OverBookingPolicy overBookingPolicy = new OverBookingPolicy();
public int makeBooking(Cargo cargo, Voyage voyage) {
if (!overbookingPolicy.isAllowed(cargo, voyage)) return –1;
int confirmation = orderConfirmationSequence.next();
voyage.addCargo(cargo, confirmation);
return confirmation;
}
}
public OverBookingPolicy {
public boolean isAllowed(Cargo cargo, Voyage voyage) {
return (cargo.size() + voyage.bookedCargoSize()) <=
(voyage.capacity() * 1.1);
}
}
I know that a policy is actually a strategy but in the two examples above there is absolutely no difference. So my question at this point is: What is the difference between those two patterns? Both patterns make business rules explicit so why do we distinguish between those two patterns? For me both are kind of predicates.
Source: (StackOverflow)
Problem:
In my Java application (not an applet) I wish to limit certain file operations to all classes except a list/group/package of classes that should not be restricted.
Specifically, I would like to limit...
- File reads
- File writes
- File creation
- File deletion
...such that they can only be done within the current working directory for all but the unrestricted classes.
SecurityManager attempt:
I have tried to implement a subclass of the SecurityManager class that implements this behaviour, however it seems that when checks are made the file information provided does not give more than just the filename (unless I am missing something?).
Also, I don't quite understand how in this case I could find out the class which the call is being made from, to allow me to determine whether to allow the operation or throw an exception. Is there any way I could get all the information I need for this approach to work?
Policy-based attempt:
I am also aware that Java policies are intended for restricting the actions of classes, including things such as file operations. However, I've really struggled to find a good resource to learn how I could go about solving my problems using a .policy file.
Summarisation of question:
1) Are there any alternative approaches that may be preferable to those I've mentioned?
2) Is this possible using a SecurityManager? Am I missing out on how I should actually be implementing such an approach?
3) Is this possible using a policy file? Are there any good resources I've missed on this front?
I'm really not adversed to any amount of hard work I need to invest in achieving this- I'm just unsure as to how I should approach it properly. I'm also sorely lacking in good resources to teach me enough about the two possible approaches I've mentioned, to allow me to implement it myself. Above all, I'm not afraid of significant reading where required!
Thanks for any help you can give, in advance.
Source: (StackOverflow)
Yesterday I tried to get started with Java RMI. I found this sun tutorial (http://java.sun.com/docs/books/tutorial/rmi/index.html) and started with the server implemantation. But everytime I start the pogram (the rmiregistry is running) I get an AccessControlException with the following StackTrace:
LoginImpl exception:
java.security.AccessControlException: access denied (java.io.FilePermission \\\C\ProjX\server\serverProj\bin\usermanager read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at sun.net.www.protocol.file.Handler.openConnection(Handler.java:80)
at sun.net.www.protocol.file.Handler.openConnection(Handler.java:55)
at java.net.URL.openConnection(URL.java:943)
at sun.rmi.server.LoaderHandler.addPermissionsForURLs(LoaderHandler.java:1020)
at sun.rmi.server.LoaderHandler.access$300(LoaderHandler.java:52)
at sun.rmi.server.LoaderHandler$Loader.<init>(LoaderHandler.java:1108)
at sun.rmi.server.LoaderHandler$Loader.<init>(LoaderHandler.java:1089)
at sun.rmi.server.LoaderHandler$1.run(LoaderHandler.java:861)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:858)
at sun.rmi.server.LoaderHandler.loadProxyClass(LoaderHandler.java:541)
at java.rmi.server.RMIClassLoader$2.loadProxyClass(RMIClassLoader.java:628)
at java.rmi.server.RMIClassLoader.loadProxyClass(RMIClassLoader.java:294)
at sun.rmi.server.MarshalInputStream.resolveProxyClass(MarshalInputStream.java:238)
at java.io.ObjectInputStream.readProxyDesc(ObjectInputStream.java:1494)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1457)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1693)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:375)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:240)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:595)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at startserver.StartServer.main(StartServer.java:22)
My server.policy file looks like this:
grant {
permission java.security.AllPermission;
};
But I´ve also tried this one ...
grant {
permission java.security.AllPermission;
permission java.io.FilePermission "file://C:/ProjX/server/serverProj/bin/usermanager", "read";
};
... and this one (and several others :-():
grant codeBase "file:///-" {
permission java.security.AllPermission;
};
But in every case the result is the same. And yes, the policy file is in path (I see a Parse Exception, when I write wrong statments into the policy-file). I tried out several other "/" and "\" constellations but it has no effect.
I use Eclipse and my VM-Parameters are like this:
-cp C:\ProjX\server\serverProj\bin\usermanager\
-Djava.rmi.server.codebase=file://C:/ProjX/server/serverProj/bin/usermanager/
-Djava.rmi.server.hostname=XYZ (anonymized)
-Djava.security.policy=server.policy
The compiled Remote-Interface and the interface-implementation class (LoginImpl) classes are in this path: "C:/ProjX/server/serverProj/bin/usermanager/". The main method, where I instanciate and rebind the stub to the registry is in another package and looks like this:
public static void main(String[] args) {
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
try {
String name = "Login";
Login login = new LoginImpl();
Login stub = (Login) UnicastRemoteObject.exportObject(login, 0);
Registry registry = LocateRegistry.getRegistry();
registry.rebind(name, stub);
System.out.println("LoginImpl bound");
} catch (Exception e) {
System.err.println("LoginImpl exception:");
e.printStackTrace();
}
}
Does anybody have an advice for me? Thank you for help.
So the question is the same (the java.rmi.UnmarshalException shows that changing the codebase is not the solution of my AccessControlException). And no: I don´t want to buy a plugin "G B" ;-).
Source: (StackOverflow)
I've often heard the mantra of "separating policy from mechanism", especially in the context of the Unix philosopy. What does this mean and what are some concrete examples of it? When/why is/isn't it a good thing?
Source: (StackOverflow)
In some Banks, Government Google Chrome is hammered with there local policy as a result often when we go on-site our stable applications does not work anymore.
Because of there is no well documentation available about this local regedit changes, people waste months fixing a tiny issues in Banks, Government zone.
Can anyone please list the whole mystery of regedit values which makes Google Chrome modifications such as i have seen someone puts webcam disabled, microphone disabled, touch screen disabled, etc etc (there is a huge settings but no-body documented them, can we have them all dumped here?).
Source: (StackOverflow)
In a software for a customer we have to read given URLs to parse their content. Also the customer needs to activate Tomcat-Security-Manager to let Java-Policies control what the program does.
Now, with reading URLs the exception "javax.net.ssl.SSLKeyException: RSA premaster secret error" happens, but only under certain conditions:
- if the URL is HTTPS but not for HTTP
- if the Security-Manager is activated, not when it is deactivated or
if in a global grant-Block the AllPermission is set
- only with Java 6, not with Java 7 (the customer needs Java 6 currently)
- only with Tomcat6, not with Tomcat 7 (the customer needs Tomcat 6 currently)
The Security-violation happens somewhere in Java-Code, an AllPermission restricted to our codebase doesn't prevent the error.
So, does someone has an idea, which permission to set for Java 6, so that it can process HTTPS?
Other information: It's running inside a tomcat, on a Debian-Linux with OpenJDK.
EDIT: I added the Java-Param "-Djava.security.debug=access,failure" to Tomcats /etc/default/tomcat6 in the variable JAVA_OPTS. But in the Logs I have no additional messages. Might it be possible the code asks the permissions before triggering them?
EDIT2: I found the correct place and got the full stacktrace (removed specific customer parts):
javax.net.ssl.SSLKeyException: RSA premaster secret error
at [...]
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at java.lang.Thread.run(Thread.java:701)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:141)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:191)
... 14 more
EDIT3: So far I was under the assumption that the Java-class URL was used to access the contents of the resource. But that is untrue. It is using from Grails-Code the Groovy-URL-object with the getText()-method:
new URL(params.url).text
The error is happening on this line. It's Grails-version 2.2.4.
Source: (StackOverflow)
I'm adding and removing AWS IAM user policies programmatically, and I'm getting inconsistent results from the application of those policies.
For example, this may or may not succeed (I'm using the Java 1.6.6 SDK):
- Start with a user that can read from a particular bucket
- Clear user policies (list policies then call "deleteUserPolicy" for each one)
- Wait until the user has no user policies (call "listUserPolicies" until it returns an empty set)
- Attempt to read from the bucket (this should fail)
If I put in a breakpoint between #3 and #4 and wait a few seconds, the user cannot read from the bucket, which is what I expect. If I remove breakpoints, the user can read from the bucket, which is wrong.
(This is also inconsistent when I add a policy then access a resource)
I'd like to know when a policy change has had an effect on the component (S3, SQS, etc), not just on the IAM system. Is there any way to get a receipt or acknowledgement from this? Or maybe there is a certain amount of time to wait?
Is there any documentation on the internals of policy application?
(FYI I've copied my question from https://forums.aws.amazon.com/thread.jspa?threadID=140383&tstart=0)
Source: (StackOverflow)
I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one.
In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control.
The question is that when i try to put my code to work in the browser it fails with the following error:
java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve)
Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didn't work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides.
Appreciate any tips, thanks.
Source: (StackOverflow)