Working with MS VM
 In this topic

*Permissions

 

Tools    PreviousTools
Java Permissions .INI Values Reference     Previous Tools

 


Java Permissions .INI Values Reference

Custom Java permissions can be set by specifying a custom permissions .ini file when using the signcode tool's -jp command line option. These .ini files can be generated by hand, or by using the cprmedit and piniedit tools included with the Microsoft SDK for Java. For more information on setting Java permissions with the signcode tool for Microsoft® Internet Explorer 4.01 (and later), see Using Signcode with Java Permission Information.

When using an .ini file to set custom permissions, you set permission variables to values that define the permissions you want. The following table can be used as a reference to help you decide how to set these variables. For each permission, the variables are listed and the meaning of each variable is described.

Permissions

ExecutionPermission

Variable Meaning
Unrestricted If true, any application can be executed.
IncludeNames These applications can be executed.
ExcludeNames These applications cannot be executed.

ClientStoragePermission

Variable Meaning
Limit The maximum number of bytes of data that can be written.
RoamingFiles If true, roaming files can be created.
GlobalExempt If true, the storage limit is an absolute limit. If false, the limit is also bounded by the global storage limit.

FileIOPermission

Variable Meaning
IncludeRead These files can be read.
ExcludeRead These files cannot be read.
IncludeWrite These files can be written to.
ExcludeWrite These files cannot be written to.
IncludeDelete These files can be deleted.
ExcludeDelete These files cannot be deleted.
ReadFileURLCodeBase If true, classes that have this permission will have read access to the directory that they were loaded from if that location is a file://URL.

MultimediaPermission

No specific settings are required.

NetIOPermission

Variable Meaning
IncludeConnectIPs General communication with the hosts at these IP addresses is allowed.
ExcludeConnectIPs General communication with the hosts at these IP addresses is not allowed.
IncludeBindIPs Listening for connections on these local IP addresses is allowed.
ExcludeBindIPs Listening for connections on these local IP addresses is not allowed.
IncludeMulticastIPs The multicast groups specified by these IP addresses can be joined.
ExcludeMulticastIPs The multicast groups specified by these IP addresses cannot be joined.
IncludeConnectHosts General communication with these hosts is allowed.
ExcludeConnectHosts General communication with these hosts is not allowed.
IncludeBindHosts Listening for connections with these hosts is allowed.
ExcludeBindHosts Listening for connections with these hosts is not allowed.
IncludeMulticastHosts The multicast groups specified by these hosts can be joined.
ExcludeMulticastHosts The multicast groups specified by these hosts cannot be joined.
IncludeConnectGlobalPorts General communication with allowed hosts or IP addresses using the specified ports is allowed.
ExcludeConnectGlobalPorts General communication with allowed hosts or IP addresses using the specified ports is not allowed.
IncludeBindGlobalPorts Listening for connections with allowed hosts on the local IP addresses using the specified ports is allowed.
ExcludeBindGlobalPorts Listening for connections with allowed hosts on the local IP addresses using the specified ports is not allowed.
ConnectToFileURLCodebase If true, connection permissions are adjusted so that general communication is allowed with the location that the class with this permission is loaded from if that location is a file://URL/codebase.
ConnectToNonFileURLCodebaseIf true, connection permissions are adjusted so that general communication is allowed with the location that the class with this permission is loaded from if that location is a non-file://URL/codebase.

PrintingPermission

No specific settings are required.

PropertyPermissison

Variable Meaning
Unrestricted If true, any system property can be accessed.
AllowedSuffixes These suffixes indicate system properties that could be accessed based on the following rule: If suffix "x" is listed, you have access to a system property "y" if a second system property named "y.x" exists that is set to true.
IncludedProperties System properties represented by these WildcardExpressions can be accessed.
ExcludedProperties System properties represented by these WildcardExpressions cannot be accessed.

ReflectionPermission

Variable Meaning
PublicSame If true, access is allowed to public members of any class loaded by the same loader as the class initiating the reflection operation.
PublicDifferent If true, access is allowed to public members of a non-system class loaded by a different loader than the class initiating the reflection operation.
PublicSystem If true, access is allowed to public members of any system class.
DeclaredSame If true, access is allowed to any member of any class loaded by the same loader as the class initiating the reflection operation.
DeclaredDifferent If true, access is allowed to any member of a non-system class loaded by a different loader than the class initiating the reflection operation.
DeclaredSystem If true, access is allowed to any member of any system class.

RegistryPermission

Variable Meaning
IncludeOpen These keys can be opened.
ExcludeOpen These keys cannot be opened.
IncludeRead These keys/values can be read.
ExcludeRead These keys/values cannot be read.
IncludeWrite These keys/values can be modified.
ExcludeWrite These keys/values cannot be modified.
IncludeDelete These keys/values can be deleted.
ExcludeDelete These keys/values cannot be deleted.
IncludeCreate These keys/values can be created.
ExcludeCreate These keys/values cannot be created.

SecurityPermission

No specific settings are required.

SystemStreamsPermission

Variable Meaning
SetSysIn If true, the system stream java.lang.System.in can be set.
SetSysOut If true, the system stream java.lang.System.out can be set.
SetSysErr If true, the system stream java.lang.System.err can be set.

ThreadPermission

Variable Meaning
AllThreadGroups If true, all thread groups can be accessed.
AllThreads If true, all threads can be accessed.

UIPermission

Variable Meaning
ClipboardAccess If true, the system clipboard can be accessed.
TopLevelWindows If true, top-level windows can be created.
NoWarningBanners If true, top-level windows do not require warning banners.
FileDialogs If true, file dialog boxes can be created.
EventQueueAccess If true, the AWT event queue can be accessed.

UserFileIOPermission

Variable Meaning
CanRead If true, user-directed read operations are allowed.
CanWrite If true, user-directed write operations are allowed.

Top © 1998 Microsoft Corporation. All rights reserved. Terms of use.