hiredman/sandbox.clj

## sandbox.clj
;; need a java policy file that allows all or enabling the security manager will
;; lock you out
;;
;; grant {
;;  permission java.security.AllPermission;
;; };


(System/setSecurityManager (SecurityManager.))

(defn sandbox [func]
      (let [perms (java.security.Permissions.)
            domain (java.security.ProtectionDomain.
                     (java.security.CodeSource. nil
                                                (cast java.security.cert.Certificate nil))
                     perms)
            context (java.security.AccessControlContext. (into-array [domain]))
            pA (proxy [java.security.PrivilegedAction] [] (run [] (func)))]
        (java.security.AccessController/doPrivileged
          pA context)))

;; this fails
(sandbox
  #(doto (-> "foo.bar" java.io.File. java.io.FileWriter.) (.write "foo") .close))
	;; need a java policy file that allows all or enabling the security manager will
	;; lock you out
	;;
	;; grant {
	;; permission java.security.AllPermission;
	;; };


	(System/setSecurityManager (SecurityManager.))

	(defn sandbox [func]
	(let [perms (java.security.Permissions.)
	domain (java.security.ProtectionDomain.
	(java.security.CodeSource. nil
	(cast java.security.cert.Certificate nil))
	perms)
	context (java.security.AccessControlContext. (into-array [domain]))
	pA (proxy [java.security.PrivilegedAction] [] (run [] (func)))]
	(java.security.AccessController/doPrivileged
	pA context)))

	;; this fails
	(sandbox
	#(doto (-> "foo.bar" java.io.File. java.io.FileWriter.) (.write "foo") .close))