I have seem to have run into a bit of a problem. I have thoroughly researched this topic, and have not found any solutions.
I have a main java program, the "Server" for example, that imports java .jar "plugin" using this method: How to load Classes at runtime from a folder or JAR?
Now, hypothetically a plugin could run and affect other plugin's config files/system files.
I have looked into SecurityManager
, but I can't grab what Object is trying to access said permission.
I noticed that I can use Java policy files
to limit classes/codeBases to certain permissions. The end goal is to allow each plugin to their own dir (which we can safely assume is created already), and limit other certain permissions.
I have used the following policy file to see if I could possibly use codeBase for a path inside a jar file,however it does not seem to work.
For a example: In policy.pol:
grant codeBase "jar:file:C:\Users\100048201\git\BotServ\run\plugins\myPlugin.jar!/"{
permission java.io.FilePermission "C:\Users\100048201\git\BotServ\run\-", "read,write";
permission java.io.FilePermission "run\plugins\lol.txt", "read,write";
};
..I can use the following code to set the Policy in runtime.
System.setProperty("java.security.policy", "policy.pol");
java.security.Policy.getPolicy().refresh();
System.setSecurityManager(new SecurityManager());
The following code is in a class called "Main" in myPlugin.jar
File f = new File("run/plugins/lol.txt");
try {
f.createNewFile();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
When I use reflection to run the code above, the following exceptions occur:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at MainClass.finish(MainClass.java:102)
at MainClass.loadClasses(MainClass.java:87)
at MainClass.main(MainClass.java:26)
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "run\plugins\lol.txt" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
at java.io.File.createNewFile(File.java:1008)
at com.myththewolf.e621bot.Main.onEnable(Main.java:21)
... 7 more
Is there something I am doing wrong? Is there a better way of achieving the desired goal? Any information is greatly appreciated!