We running one spring-boot application, which will download some jars dynamically in /tmp folder and execute some functions in side those jars.
Now we have enabled java.security.manager and gave below policies in security.policy file.
below are the policies that are specified in security.policy file
// These permissions apply to javac
grant codeBase "file:${java.home}/lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions
grant codeBase "file:${java.home}/jre/lib/ext/-" {
permission java.security.AllPermission;
};
// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/../lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
// aml jar permission
grant codeBase "file:/app.jar"{
permission java.security.AllPermission;
};
grant codeBase "file:/tmp/-"{
permission java.io.FilePermission "/tmp/*", "read,write";
permission java.lang.RunTimePermission "createClassLoader";
permission java.lang.RunTimePermission "getClassLoader";
permission java.lang.RunTimePermission "setContextClassLoader";
permission java.lang.RunTimePermission "enableContextClassLoaderOverride";
permission java.lang.RunTimePermission "createSecurityManager";
permission java.lang.RunTimePermission "setSecurityManager";
permission java.lang.RunTimePermission "getProtectionDomain";
permission java.lang.RunTimePermission "readFileDescriptor";
permission java.lang.RunTimePermission "writeFileDescriptor";
permission java.lang.RunTimePermission "loadLibrary.libraryName";
permission java.lang.RunTimePermission "setFactory";
permission java.lang.RunTimePermission "setIO";
permission java.lang.RunTimePermission "loadLibrary.*";
};
// ========== WEB APPLICATION PERMISSIONS =====================================
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.naming.*", "read";
permission java.util.PropertyPermission "javax.sql.*", "read";
// OS Specific properties to allow read access
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
// JVM properties to allow read access
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
and some jars load internally another jars in /tmp folder. with those policies we are unable to load those jars.
could someone help us
