.POLICY File Extension
Can’t open .POLICY file? Are you wondering what it contains? On our site we will explain to you what this file is, what it is used for and what software opens the .POLICY file.
What is a .POLICY file extension?
.POLICY file extension is created by Oracle. .POLICY has been classified as Settings Files. The format of .POLICY file is Text.
.POLICY is Java Policy Implementation File
A POLICY file is a configuration file used by Java Runtime Environment (JRE) and Java SE Development Kit (JDK) to determine the granted permissions for each Java program. It contains a list of permission information that specifies the types of system resource accesses that can be used by a Java program.
Java Virtual Machine (JVM) enables a computer to run a Java program. JRE is a software package that includes a JVM implementation and a Java Class Library implementation. JDK is a superset of JRE and also comes with Java programming tools. POLICY files are used by JRE and JDK to determine the permissions of Java programs installed on the computer. The file grants access to actions such as read/write permissions to files in a certain directory.
You can create and edit POLICY files with a text editor or the policytool utility, which can be opened by typing policytool at the command line in the JDK. If a POLICY file is updated the Java programs must be restarted in order for the updates to be applied. If there any syntax errors in the POLICY file the Java programs will fail. Using the policytool utility will help prevent syntax errors.
There are 2 POLICY files by default, one is a system-wide POLICY file and the other is a user POLICY file. The location of default system-wide POLICY files:
The location of default user POLICY files ( user.home is the user’s home directory):
java.policy — The name of the default, system-wide and user POLICY files.
See How to Restrict Applications
As you saw in the previous step, the Java runtime does not automatically install a Security Manager when it runs an application. To apply the same security policy to an application found on the local file system as to downloaded sandbox applets, you can invoke the interpreter with the new -Djava.security.manager command line argument.
To execute the GetProps application with the default security manager, type the following:
java -Djava.security.manager GetProps
Here’s the output from the program:
C:\TEST>java -Djava.security.manager GetProps About to get os.name property value The name of your operating system is: SunOS About to get java.version property value The version of the JVM you are running is: 1.7.0 About to get user.home property value Caught exception java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read") The process is shown in the following figure.
Security-Sensitive Properties
The Java runtime loads a default policy file by default and grants all code permission to access some commonly useful properties such as «os.name» and «java.version» . These properties are not security-sensitive, so granting these permissions does not normally pose a security risk.
The other properties GetProps tries to access, «user.home» and «java.home» , are not among the properties for which the system policy file grants read permission. Thus as soon as GetProps attempts to access the first of these properties ( «user.home» ), the security manager prevents the access and reports an AccessControlException . This exception indicates that the policy currently in effect, which consists of entries in one or more policy files, doesn’t allow permission to read the «user.home» property.
Note: Code can always read a file from the same directory it is in (or a subdirectory of that directory); it does not need explicit permission to do so. Code can also obtain the pathname of the directory it is executed from, and this pathname may contain sensitive information. For example, if code is executed from a home directory (or a subdirectory of the home directory), the pathname may reveal the name of the current user.
The Default Policy File
The default policy file, java.policy is (by default) located at:
- Windows: java.home\lib\security\java.policy
- UNIX: java.home/lib/security/java.policy
Note that java.home represents the value of the «java.home» property, which is a system property specifying the directory into which the JRE was installed. Thus if the JRE was installed in the directory named C:\jdk\jre on Windows and /jdk/jre on UNIX, the system policy file is located at:
Previous page: Observe Application Freedom
Next page: Set up the Policy File to Grant the Required Permissions
See the Policy File Effects
Now that you have added the required policy entry to the examplepolicy policy file, you should be able to read the specified properties when you execute the GetProps application with a security manager, as shown in the following figure.
Whenever you run an applet, or an application with a security manager, the policy files that are loaded and used by default are the ones specified in the «security properties file», which is located in one of the following directories:
- Windows: java.home\lib\security\java.security
- UNIX: java.home/lib/security/java.security
Note: The java.home environment variable names the directory into which the JRE was installed.
The policy file locations are specified as the values of properties whose names take the form:
Where the variable n indicates a number. Specify each property value in a line that takes the following form:
Where URL is a URL specification. For example, the default policy files, sometimes referred to as the system and user policy files, respectively, are defined in the security properties file as
policy.url.1=file:$/lib/security/java.policy policy.url.2=file:$/.java.policy
Note: Use of the notation $ in the security properties file is a way of specifying the value of a property. Thus $ will be replaced at runtime by the actual value of the «java.home» property, which indicates the directory into which the JRE was installed, and $ will be replaced by the value of the «user.home» property, for example, C:\Windows .
There are two possible ways you can have the examplepolicy file be considered as part of the overall policy, in addition to the policy files specified in the security properties file. You can either specify the additional policy file in a property passed to the runtime system, as described in Approach 1, or add a line in the security properties file specifying the additional policy file, as discussed in Approach 2.
Approach 1
You can use a -Djava.security.policy interpreter command line argument to specify a policy file that should be used in addition to the ones specified in the security properties file.
Make sure that you are in the directory containing GetProps.class and examplepolicy . Then you can run the GetProps application and pass the examplepolicy policy file to the interpreter by typing the following command on one line:
java -Djava.security.manager -Djava.security.policy=examplepolicy GetProps
Note: Remember that -Djava.security.manager is required in order to run an application with a security manager, as shown in the See How to Restrict Applications step.
The program reports the values of the «user.home» and «java.home» properties.
If the application still reports an error, something is wrong in the policy file. Use the Policy Tool to check the policy entry you just created in the Set up the Policy File to Grant the Required Permissions step.
Approach 2
You can specify a number of URLs in policy.url.n properties in the security properties file, and all the designated policy files will get loaded. So one way to have your examplepolicy file’s policy entries considered by the java interpreter is to add an entry specifying that policy file in the security properties file.
Important: If you are running your own copy of the JDK, you can easily edit your security properties file. If you are running a version shared with other users, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it’s probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test. We suggest that you just read the following to see how it is done or that you install your own private version of the JDK to use for the tutorial lessons.
To modify the security properties file, open it in an editor suitable for editing an ASCII text file. Then add the following line after the line containing policy.url.2 : If you’re on a Windows system, add
policy.url.3=file:/C:/Test/examplepolicy
If you’re on a UNIX system, add
policy.url.3=file:$/test/examplepolicy
On a UNIX system you can alternatively explicitly specify your home directory, as in
policy.url.3=file:/home/jones/test/examplepolicy
Run the Application
Now you should be able to successfully run the following.
java -Djava.security.manager GetProps
As with approach 1, if you still get a security exception, something is wrong in the policy file. Use the Policy Tool to check the policy entry you just created in the Set up the Policy File to Grant the Required Permissions step. Then fix any typos or other errors.
Important: You do not need to include the examplepolicy file unless you are running this Tutorial lesson. To exclude this file, open the security properties file and delete the line you just added.
Before continuing, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want the examplepolicy file included when you are not running the tutorial lessons.