The innocuous AccessControlContext, is intended to have no permission,
hence it is constructed using the two argument ProtectionDomain
constructor, which causes ProtectionDomain to not consult the Policy.
However, if a user obtains this ProtectionDomain and asks the Policy for
the ProtectionDomain's permission's by calling
Policy::getPermissions(ProtectionDomain), the Policy will return
AllPermission.
It is generally understood that a ProtectionDomain with a null
CodeSource is a system ProtectionDomain loaded by the bootstrap ClassLoader.
I propose that innocuous AccessControlContext instead be given a
ProtectionDomain, with a non-null CodeSource, which has a null URL. This
is also considered by the Policy to be unprivileged.
--
Regards,
Peter Firmstone
- Logic bug in AccessController.AccHolder.innocuousAcc Peter Firmstone
-