Restrict native code functionality from Java

views:

144

answers:

+7 Q:

Restrict native code functionality from Java

Hello all,

I have a java application which uses JNI in some parts to do some work. It follows the usual loading of DLL and then calling native methods of DLL. Is there any way we can restrict what native methods can do from the java application? For example, can we restrict DLLs not to open any files or not to open any sockets even if it has the code to do it? It can just forbid DLLs it loads for doing certain things, may be by loggin something or throwing an exception.

Thanks & Regards Prasanna Ram

+1 A:

Normally you would run your application under the Java security Manager but I don't believe it has any effect on code running through the JNI.

Kevin 2010-01-13 14:12:21

Thanks. I was wondering whether we can restrcit atleast file creation or deletion by setting some properties in security manager regarding DLL loading.

Aviator 2010-01-13 14:14:46

+7 A:

No you can't. The DLL gets loaded as a whole and then the Java side has no control on what the native code is doing.

One solution might be kind of man in the middle approach. This would involve coding a "shell" DLL that has the same interface as the original DLL. You tell Java to load a "shell" DLL for instance by putting it in a specific location and using the java.library.path property. Then the role of the "shell" DLL is to load the "true" DLL by sandboxing it and redirecting standard functions. This sounds like a lot of pain and this something that would happen in the native side on things, not from Java.

Gregory Pakosz 2010-01-13 14:12:31

THanks. I understand that. Is there no way by which we can tell the java process to load it with kind-of-restricted property itself?

Aviator 2010-01-13 14:15:57

Wow! Thanks a lot. But this ties the shell to the original DLL and if we have many DLLs we might need to have correponding shell DLLs as well :( which as you said is really heavy. I was thinking whether is this possible through some property while loading or JVM startup args. But thanks a lot for the insight.

Aviator 2010-01-13 14:21:26

+6 A:

I liked Gregory Pakosz' answer a lot. However, what you could do is sandbox the Java instance itself. Start the Java application itself in a restricted context.

In Windows or Unix you can create a user which is limited to a certain directory and only has access to some DLLs. Thus the DLL called from JNI can do whatever it wants, but it will not get very far, because the user the Java runs as can not do very much.

If your Java program needs to do privileged things, the Java side of it will have to talk to another program (Java or not) to do its' privileged things for it.

Amigable Clark Kant 2010-01-13 14:59:32

+1 - was about to write something similar. Only thing I'd add is that it might be worthwhile to wrap the DLL in some sort of service layer that is accessed from the Java application. But that may introduce unacceptable overhead.

kdgregory 2010-01-13 15:05:31

Nice suggestion. Thanks a lot Clark and Gregory!

Aviator 2010-01-13 19:10:33

+1 A:

You could implement some kind of setting that your JNI code could get. For example, on an UNIX system, you could create groups for special types of privileges, and check if the current user has the required privileges, else just return 0 or something.

Tristan Seifert 2010-01-31 07:38:42

Exactly. Thanks a lot!. This was the one that was discussed in Clark's answer. We could use the same in Unix also.

Aviator 2010-02-11 05:51:29

ansaurus

tags:

views:

answers:

Restrict native code functionality from Java

related questions