On 26/06/2021 1:48 pm, Peter Firmstone wrote:
The innocuous AccessControlContext, is intended to have no permission,
hence it is constructed using the two argument ProtectionDomain
constructor, which causes ProtectionDomain to not consult the Policy.
However, if a user obtains this ProtectionDomain and asks the Policy
for the ProtectionDomain's permission's by calling
Policy::getPermissions(ProtectionDomain), the Policy will return
AllPermission.
Apologies, the Policy won't return AllPermission, my mistake.
It is generally understood that a ProtectionDomain with a null
CodeSource is a system ProtectionDomain loaded by the bootstrap
ClassLoader.
I propose that innocuous AccessControlContext instead be given a
ProtectionDomain, with a non-null CodeSource, which has a null URL.
This is also considered by the Policy to be unprivileged.
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.