I need to create environment to run potentially untrusted code. Program allowed to connect to preconfigured address:port and nothing else (even read the system time). I have compiled the class whitelist. I'd searched similar questions, but found only template that based on SecurityManager which AFAIK is deprecated. Can anybody give me a simple sample how to run code in sandbox based on security policies and AccessController?
IMPORTANT — since Java 17 policy files and security manager have been deprecated and marked for removal. Here is a blog post explaining how to handle sanboxing post security manager.
As far as I know it's still SecurityManager that runs the security checks. But it seems to delegate to the AccessController nowadays.
First you'll need to switch on the security manager:
-Djava.security.manager
If you omit this argument there'll be no sandbox whatsoever.
Second you'll need to tell where to find the policy file:
-Djava.security.policy=
This will add your permissions to the ones already defined in your java home. The original sandbox rules in .../jre/lib/security/java.policy. However, if you want your policy to be the only one you'll need to use a double "=". This way you control completely what's allowed.
For example:
-Djava.security.policy==
I would advise you to use the "policytool" shipped with the Java. It's fairly basic but it helps you to write quickly a policy file with the correct syntax.
I hope this helps...