Java Security Policy
I have a system that I'm setting up where I have both trusted and untrusted code that I need to execute. To ensure everything is done as safely as possible I'm trying to use the inbuilt policy features however I am having trouble getting things to work correctly.
Earlier today I had a simple test program (reading a file) in a restricted location and I was running tests on a simple policy. I had it at the stage where it was correctly denying me access to the file. Since then I have installed eclipse and done a lot more coding. Now, having returned to use the security policy on the newly written code I have found that it is no longer working correctly, in fact the policy file is not even being read for the program accessing the file. I confirmed this by putting jargon into the policy file, which threw up an error earlier on, then testing it on the same simple program from earlier no longer provides an error.
After a little bit of poking I have found that the policy file is not read for a program accessing the file, but is for another program that calls a command line program, when it should be doing it for both (preferably all programs it encounters).
The only major change I can think of is my installing eclipse from the repository. I'm using ubuntu 10.10.
Finally, I'm executing my java file using the following command:
I have definitely confirmed that the java.policy file is the correct file it should be scanning for, and I just can't work out what on earth is wrong.
java -Djava.security.manager -Djava.security.policy=java.policy MyProg
Thanks in advance, Dan
Problem solved. It seems I had modified the test slightly and forgotten.
Java does not appear to care about the security policy enough to check it unless there are a very few specific actions that occur. It seems that creating a file object with a specific file is not one of those actions, instead something along the lines of an actual read of said object is...
Added a read, test passes with flying colours,