Java Reference
In-Depth Information
The policy file needs to grant two permissions:
ExceptionReporterPermission
exc.reporter
and
RuntimePermission loadlibrary.myLib
.Thefollowingpolicyfile
assumes that the preceding sources reside in the
c:\package
directory on a Windows-
based system.
grant codeBase "file:/c:/package" {
// For *nix, file:${user.home}/package/
permission ExceptionReporterPermission "exc.reporter";
permission java.lang.RuntimePermission "loadLibrary.myLib";
};
By default, permissions cannot be defined to support actions using
Basic-Permis-
sion
, but the actions can be freely implemented in the subclass
Exception-Reporter-
Permission
if required.
BasicPermission
is abstract even though it contains no ab-
stract methods; it defines all the methods that it extends from the
Permission
class. The
custom-defined subclass of the
BasicPermission
class must define two constructors to
call the most appropriate (one- or two-argument) superclass constructor (because the su-
perclasslacksadefaultconstructor).Thetwo-argumentconstructoralsoacceptsanaction,
even though a basic permission does not use it. This behavior is required for construct-
ing permission objects from the policy file. Note that the custom-defined subclass of the
BasicPermission
class is declared to be
final
.
Applicability
Running Java code without defining custom permissions where default permissions are
inapplicable can leave an application open to privilege escalation vulnerabilities.
Bibliography
[API 2013]
Class
FilePermission
Class
SecurityManager
[Oaks 2001]
“Permissions” subsection of Chapter 5, “The Access Controller,”
[Oracle 2011d]
Permissions in the Java
™
SE 6 Development Kit (JDK)