When a custom class loader needs to override the getPermissions() method, the implementation should must consult the default system policy by explicitly invoking the superclass's getPermissions() method before assigning arbitrary permissions to the code source.
...
This noncompliant code example shows a fragment of a custom class loader that extends the class URLClassLoader. It overrides the getPermissions() method and does not call the superclass's more restrictive getPermissions() method. Note that URLClassLoader's getPermissions() method calls the Policy class's getPermissions() method which, by default, uses the global system-wide policy file to enforce access control. Consequently, a class defined using this custom class loader has permissions that are completely independent of those specified in the system-wide policy file; in effect, the class's permissions override them.
| Code Block | ||
|---|---|---|
| ||
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new Permissions();
pc.add(new RuntimePermission("exitVM")); // allow exit from the VM anytime
return pc;
}
|
...
In this compliant solution, the overridden getPermissions() method calls super.getPermissions(). Consequently, the default system-wide security policy is applied, in addition to the custom policy.
| Code Block | ||
|---|---|---|
| ||
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = super.getPermissions(cs);
pc.add(new RuntimePermission("exitVM")); // allow exit from the VM anytime
return pc;
}
|
Risk Assessment
...