I am wanting to be able to allow third party mods to be pluged into my game however since i cannot garentee that the mods will not access the local disk or do other bad stuff, is it possible to 'sandbox' the code of the mod?
Basically i would want to allow the mod code the same functionality as would an applet.
Yes it is possible.
Load your game classes using the default class loader (in other words do nothing).
Load 3rd party game classes using a totally different classloader.
Extend security manager, override the checkPermission(Permission p) method. There is a method in the security manager class that allows you to get the classes on the execution stack. For each class on the execution stack, check which class loader was used to load it, e.g. Class c = ...; c.getClassLoader();
If the class loader is the one used to load the 3rd party game classes then throw a security exception.
Ah, thanks, that gives me direction to go looking in the API, i was not sure what exacty i was looking for!
That last point is alittle illusive... wont it throw a security exception even if they do no I/O ? your test simply sees which classloader was used not whether it accesses 'dangerous' classes or attempts communication outside the game.
It would throw an exception if they attempt to call any method that calls checkPermission(...), (File, Socket, ClassLoader, etc).
I'm not sure why you think I/O should not be sandboxed, but you can check the type of Permssion and if the permission asks to read a file from a certain location then you can decide not to throw an exception. You can basically tailor it to the level of detail required by your application.
There is a lot of potential for Java. For example, if every application was written in Java then for each application you could assign a list of permissions. Then if any application tried to access a protected resource then the user could be made aware of this. This would get rid of the spyware problem and probably some other problems that will continue to cause problems for users.
