sandboxing in 1.2

Andrew Wason (aw@softcom.com)
Thu, 19 Nov 1998 12:54:24 -0500

I have a JDK 1.2 standalone application which I want to download and run
classes from the network (similar to how a web browser downloads and
runs applet classes).

So I want to install a SecurityManager to sandbox the code I download,
but I don't want my application itself to be sandboxed (it needs to make
network connections, access the file system, load native method DLLs
etc.)

If my application does System.setSecurityManager(new SecurityManager()),
then my application itself is sandboxed.

Do I have to write my own SecurityManager which allows my application to
do anything while sandboxing the downloaded code? The docs say
"customization of a security manager (via subclassing) should be the
last resort"
http://www.javasoft.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc6.html#28195

Should I write a java.policy file that grants my application
AllPermissions and invoke the VM with -Djava.security.policy=<path to my
policy file> ? The problem is I would have to dynamically generate the
policy file because my applications codebase will be different depending
on where the user installed me. I guess I could invoke the VM with
-Dsoftcom.codebase=<my codebase> and then use $(softcom.codebase)
property expansion in my policy file.

What is the best way to handle this? What does the HotJava browser do
to sandbox applets in 1.2?

Andrew

--
Andrew Wason
SoftCom, Inc.
aw@softcom.com