10.2. Dynamic Permissions

In the default implementation of JDK, the policy definition and granted permissions are mostly static. We explained in Chapter 9 that the Policy object in the Java virtual machine is initialized from a predefined policy file, which requires administrators to foresee all the permissions that a bundle may ever need before it is installed and resolved. Although the active Policy can be explicitly refreshed as follows:

Policy policy = Policy.getPolicy();  // get the only Policy in JVM
policy.refresh();               // reread the policy file

the new rules in the policy file only apply to classes loaded after the refresh. Existing protection domains are not affected by any changes to the Policy, because they take a snapshot of the permissions granted to them by the Policy at the time they are created and remain oblivious to updates to the Policy thereafter.

When bundles are deployed to a large number of residential gateways in the field, managing bundle permissions is a complex undertaking. Obviously, not allowing dynamic permission update is unreasonable, because in real life, circumstances change, and so should security policies. A solution to enable dynamic permission administration is being worked.