This method of the PolicyEngine Class denies the right to a certain type of permission. Any stack-based security checks (for the specific type of permission that has been denied) that encounter the stack frame of the caller to denyPermission will fail. This forces the methods that you call to assert their permissions (using the assertPermission method) to pass security checks.
public static native void denyPermission(PermissionID pid);
pid | The type of permission to deny. |
Normally, when checking a given permission, the security system examines every frame on the call stack to ensure all the callers possess the ability to perform the operation in question. If the security system sees a stack frame where that permission has been denied (with this method), the stack crawl stops early and the security check fails.
The denied permission state will disappear when the stack frame of the caller to denyPermission exits (by executing a return statement or throwing an exception). The revertPermission method can be used to un-deny a permission type.
The following example shows you how to deny the right to perform file I/O operations:
... // Deny your right to perform file I/O. PolicyEngine.denyPermission(PermissionID.FILEIO); // Now, call into some other code in the MySample // class. If that code wants to perform some file I/O operations, // it must assert its rights to do so, or the file I/O // security checks will fail because you have denied your rights to // them. MySample.doSomething(); ...
Note To deny all permissions, pass PermissionID.SYSTEM to the denyPermission method. This forces any code you call to assert its rights to any permissions it needs to utilize. Only fully trusted code can deny the SYSTEM permission.
assertPermission, revertPermission