Top || Section Contents || Permuted Index
SavaJe OS 1.1.0

policy(shell)

NAME

policy — display/set system-wide security policy

SYNOPSIS

policy [dump] [set classname name action] [file URL] [refresh]

DESCRIPTION

Set system permissions. The policy command permits the following (mutually exclusive) actions:

dump lists the current system permissions.
set allows you to set the permission defined by classname (e.g., java.io.FilePermission) for the entity name (e.g., a file) with actions defined by action (e.g., read). If name and action are not needed, they should be passed explicitly as null. See examples below for illustration.
file add to the policy using the policy defined in URL (or a local filename).
refresh restore the original system permissions.

The cautious way to run applications is to use the default security manager first (using the run command — see run(shell) ). If the application needs more permissions than provided, messages will be printed to standard output of lsh (or to the console), and you can adjust the policy if appropriate.

EXAMPLES

Grant all permissions to application code from any source:

% policy set java.security.AllPermission null null

This is equivalent to having no security manager. The run(shell) command also has an option to run without a security manager.

Allow listening sockets to be created on port 15 of the local machine:

% policy set java.net.SocketPermission localhost:15 listen,resolve

A policy file

Policy files are probably the most convenient way to customize permissions for Java applications. For example, the following policy file allows code served by the machine blue (see files(doc) for information about etc/hosts ) to connect to blue and to read certain local files.

// note: blue is set in etc/hosts
grant codeBase "http://blue/*" {
    permission java.net.SocketPermission "blue:", "connect,resolve";
    permission java.io.FilePermission "/ramfs/users/ben/*", "read";
};

If the policy file resides on the web server in the file blue.policy , you can read it in with the follwing command:

% policy file http://blue/blue.policy

Local files can be specified explicitly as URLs or as plain files. The following two commands are equivalent:

% policy file file:///cf0/blue.policy
% policy file /cf0/blue.policy

SEE ALSO

run(shell)
files(doc)

For more complete information on policy permissions, see Sun's J2SE documentation: J2SE permissions .

Mar. 4, 2002
Copyright © 2002 , SavaJe Technologies, Inc. All rights reserved.
Corrections, suggestions to: docs@savaje.com