3

I would like to write a java security policy which allows all permissions, except of a specific type.

An example might be:

  • app can only read system properties called MY_ACCESSIBLE_SYSTEM_PROP_1 and MY_ACCESSIBLE_SYSTEM_PROP_2
  • app cannot read any other system properties
  • app cannot write any system properties
  • there are no other security restrictions on the app

A security policy for this might look like:

grant {
    permission java.util.PropertyPermission "MY_ACCESSIBLE_SYSTEM_PROP_1", "read";
    permission java.util.PropertyPermission "MY_ACCESSIBLE_SYSTEM_PROP_2", "read";
}

...but what can I add to allow all other permissions except for java.util.PropertyPermission?

I've read a lot of documentation and starting to think this is not possible with the default Java Security Manager. Should I just write my own security manager which allows any Permissions outside my area of interest?

Armand
  • 23,463
  • 20
  • 90
  • 119

1 Answers1

1

The default SecurityManager simply consults the currently installed Policy (returned by Policy.getPolicy()) to see if a given permission should be granted.

The default Policy implementation (which grants permissions on the basis of a policy file) does not allow you to define exceptions to permissions that have been granted, so there's no way to grant code permission to do anything except for some set of backlisted permissions.

If you need this kind of behavior, you should implement a custom Policy (see http://docs.oracle.com/javame/8.0/sdk-dev-guide/custom_providers.htm)

alphaloop
  • 1,127
  • 12
  • 22