I have some questions about MHP permissions for signed applications.
From specification it seems the application must be signed and use "permission request file" to access advanced features of MHP middleware.
For example an unsigned application may not tune using the Tuning API or use application storage API or change selection API and so on.
However the set-top boxes thet I use for test (telesystem TS7900HD with MHP 1.1.3 and an old elsag box MHP 1.0.3) allow me to do all those operations with unsigned xlets and the SecurityManager method checkPermission always succeeds (no SecurityException is thrown).
My questions are: is this behavior correct? all STB has this behavior? Am I wrong with specification?
the model you're writing about is sold in Italy, and in the Italian DTT MHP Security is simply not really ... enabled. Afaik that's because there is simply no Certificate Authority/vendor established yet for DTT applications.
I understand this can be a confusing situation, because Security is part of the MHP specification, checked by the Conformance Tests (needed for MHP logo) and required by (H)D-Book.
You can find out that on some STB's your application can even have an AllPermission, or there is simply no SecurityManager installed! Hacker's heaven :)