Java sandbox. Using SecurityManager to redirect I/O access -


currently i'm trying write sandbox running untrusted java code. idea isolate java application accessing file system or network sockets. solution have @ moment rewritten securitymanager, forbids access io or network.

now want not forbid, redirect calls file system, i.e. if application wants write "/home/user/application.txt" path file should replaced "/temp/trusted_folder/application.txt". want allow applications access file system in particular folder , redirect other calls folder.

so here method class fileoutputstream, sm asked, whether there permission write given path.

 public fileoutputstream(file file, boolean append)     throws filenotfoundexception {     string name = (file != null ? file.getpath() : null);     securitymanager security = system.getsecuritymanager();     if (security != null) {         security.checkwrite(name);     }     if (name == null) {         throw new nullpointerexception();     }     fd = new filedescriptor();     fd.incrementandgetusecount();     this.append = append;     if (append) {         openappend(name);     } else {         open(name);     } }

obviously, sm not have access fileoutputstream , can not change inner variables in method (like name or file) or somehow affect execution order, except throwing securityexception. understand, accessing inner fields violation of object oriented principles, understand, local variable visible , exist inside method, declared.

so question is: there ways allow security manager replace calls file system? if not, there other approaches can use in order this?

i hope clear enough.

the securitymanager cannot that, can yes or no.

i can think of 2 options:

  1. do on os level file system. there things chroot jails. transparent application, requires work outside of java.

  2. provide api application opens fileoutputstream them. api layer gets decide files from, , privileged (in security manager terms) open files anywhere. of course, requires sandboxed application uses api instead of java.io.file directly. more flexible, , @ point necessary application aware of sandbox , use sandbox api, on java webstart for example.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more