[SOLVED] Block some permissions and grant other permissions in java security policy

Block some permissions and grant other permissions in java security policy

I want to implement a security policy file in the following way :-

Restrict access to all files except for files in 3 directories, i.e. if code accesses files from these 3 directories, it should be allowed but file access for any other directory is restricted.
Grant all other permissions to the code base.

How can I proceed for creating policy file for this requirement.

Solution

You need to create next policy file (yourPolicy.policy):

grant codeBase "file:/location_of_your_code/-" {
    permission java.io.FilePermission "/tmp/f1/*", "read, write"; 
    permission java.io.FilePermission "/tmp/f2/*", "read, write";
   permission java.io.FilePermission "/tmp/f3/*", "read, write";
};

And launch your code with next arguments:

java -Djava.security.manager -Djava.security.policy=yourPolicy.policy YourClassName

It will restrict access of your java program to only these three folders.

About requirement “grant all other permissions” it seems that you can’t grant all permissions and override some specific permissions (grant access to only three folders) using java policy syntax. Thus you need explicitly specify all permissions that you want to grant to your application.