Page History

This compliant solution removes the call to {{System.loadLibrary()}}. Any operations on the file descriptor {{f\[0\]}} must also occur outside the privileged block to make it easier to audit privileged code. However, {{f\[0\]}} should not leak out to untrusted code (see [SEC02-J. Guard doPrivileged() blocks against untrusted invocation and leakage of sensitive data]). Minimize the amount of code that requires elevated privileges; this eases the necessary task of auditing privileged code.