How to run untrusted Java Swing application inside a sandbox?
I found that Java has some security permissions to control the access to AWT's resources. Is there anything for controlling what a Swing application can or cannnot do, to avoid untrusted app to disrupt each other in a multi-app environment?
For example:
- Opening a JFrame.
- Opening a totally transparent JFrame.
- Closing other untrusted application's JFrame instance.
- etc ...
Update to the question:
The untrusted applications are launched from a unique JVM, in a separate thread, and loaded from a separate classloader. I would like to know how to make sure that none of the cited above disruption example can happen.
Also, how to prevent an untrusted app to pretend to 开发者_如何学Cbe one from a different application by mimicing its UI? Any advice is welcome.
I'm not sure what you want to do is possible. AWT has a set of permissions that can be configured when running an application in a sandbox (see AWTPermission, but they're very limited, and seem more targeted at preventing applets from doing bad things.
On top of that, preventing an app from mimicking another one seems kinds impossible to me; if both apps are allowed to create UI components, what prevents one from creating the same UI components as the other?
If you have an app you trust and one you don't, you need code that these apps can't control that will run them differently; for example, a crazy idea would be a window manager that puts a red border around the untrusted app, so that users can identify it as untrusted. But Java doesn't seem to have enough support for something like that when both apps are running in the same JVM, since there doesn't seem to be any way to isolate the two apps (a simple FocusListener could allow one app to have access to components of the other and change them).
精彩评论