why in java.policy not add user.dir property?

[junzhang1983]

below is an example of java.policy:

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";

// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";

// "standard" properies that can be read by anyone

permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";

permission java.util.PropertyPermission "java.specification.version",
"read";
permission java.util.PropertyPermission "java.specification.vendor",
"read";
permission java.util.PropertyPermission "java.specification.name",
"read";

permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name",
"read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};


l wondered why not add permission java.util.PropertyPermission
"user.dir", "read"; in java.policy,
but when in my code :
System.out.println("property user.dir
is:"+System.getProperty("user.dir"));

output is:
property user.dir is:\work log\eclipse\Test

why l have the read permission to "user.dir", l think it should throw
SecurityException
who can teach me why?

 

[Roedy Green]

permission java.util.PropertyPermission "java.version", "read";

This is the list of permissions granted to everyone, even unsigned
applets you stumble upon while browsing the web.

This list normally excludes anything to do with writing the hard disk.
You don't want to give pirates any slack.

 

[Roedy Green]

l wondered why not add permission java.util.PropertyPermission
"user.dir", "read"; in java.policy,
but when in my code :
System.out.println("property user.dir
is:"+System.getProperty("user.dir"));

Applications naturally get that permission even without signing. They
can read any System property.

WHERE Java grants that permission, I don't know. I do know that
applications have no problem reading System properties even if you do
nothing at all to the policy file..

See http://mindprod.com/applet/wassup.html

 

[Arne Vajhøj]

Applications naturally get that permission even without signing. They
can read any System property.

WHERE Java grants that permission, I don't know. I do know that
applications have no problem reading System properties even if you do
nothing at all to the policy file..

Not true.

Write an application, set a security manager and try and
call System.getProperty("user.dir") - then you will see:

Exception in thread "main" java.security.AccessControlException: access
denied (java.util.PropertyPermission user.dir read)

Arne