wsargent/Hello.scala

## build.sbt

// https://github.com/pro-grade/pro-grade
libraryDependencies += "net.sourceforge.pro-grade" % "pro-grade" % "1.1.1"

// Require fork to avoid the SBT security manager
fork := true

// Once prograde has been generated, use the security policy defined.
// REMINDER: You will have to run "reload" if you change these settings with a running SBT.
javaOptions in (run) ++= Seq("-Djava.security.manager=net.sourceforge.prograde.sm.ProGradeJSM",
                             "-Djava.security.policy==prograde.policy")

// Run the app initially with the policy file generator (with ALL USE CASES)
javaOptions in (Test) ++= Seq("-Djava.security.manager=net.sourceforge.prograde.sm.PolicyFileGeneratorJSM",
                              "-Djava.security.policy==/dev/null",
                              "-Dprograde.generated.policy=prograde.policy")

## Hello.scala
package com.example

object Hello {
  def main(args: Array[String]): Unit = {
    val runtime = Runtime.getRuntime
    val cwd = System.getProperty("user.dir")
    val process = runtime.exec(s"$cwd/testscript.sh") // pick something harmless
    println("Process executed without security manager interference!")
  }
}

## loose.policy
// Loose security policy, you must explicitly deny things here.
// https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html

priority "grant";

deny {
  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AWTPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#FilePermission
  // minimum necessary to make program faile
  // permission java.io.FilePermission "<<ALL FILES>>", "execute";

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SerializablePermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#ManagementPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#RuntimePermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#NetPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SocketPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#URLPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#LinkPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AllPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SecurityPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#UnresolvedPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SQLPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#LoggingPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#PropertyPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanServerPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanTrustPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SubjectDelegationPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SSLPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AuthPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#DelegationPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#ServicePermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#PrivateCredentialPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AudioPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#JAXBPermission

  // https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#WebServicePermission

};

## strict.policy
// Strict security policy that will only give the minimum needed.
// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
// https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html

grant {
  // You can read user.dir
  permission java.util.PropertyPermission "user.dir", "read";

  // Gets access to the current user directory script
  permission java.io.FilePermission "${user.dir}/testscript.sh", "execute";
  permission java.util.PropertyPermission "scala.control.noTraceSuppression", "read";
};

	// https://github.com/pro-grade/pro-grade
	libraryDependencies += "net.sourceforge.pro-grade" % "pro-grade" % "1.1.1"

	// Require fork to avoid the SBT security manager
	fork := true

	// Once prograde has been generated, use the security policy defined.
	// REMINDER: You will have to run "reload" if you change these settings with a running SBT.
	javaOptions in (run) ++= Seq("-Djava.security.manager=net.sourceforge.prograde.sm.ProGradeJSM",
	"-Djava.security.policy==prograde.policy")

	// Run the app initially with the policy file generator (with ALL USE CASES)
	javaOptions in (Test) ++= Seq("-Djava.security.manager=net.sourceforge.prograde.sm.PolicyFileGeneratorJSM",
	"-Djava.security.policy==/dev/null",
	"-Dprograde.generated.policy=prograde.policy")
	package com.example

	object Hello {
	def main(args: Array[String]): Unit = {
	val runtime = Runtime.getRuntime
	val cwd = System.getProperty("user.dir")
	val process = runtime.exec(s"$cwd/testscript.sh") // pick something harmless
	println("Process executed without security manager interference!")
	}
	}
	// Loose security policy, you must explicitly deny things here.
	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html

	priority "grant";

	deny {
	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AWTPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#FilePermission
	// minimum necessary to make program faile
	// permission java.io.FilePermission "<<ALL FILES>>", "execute";

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SerializablePermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#ManagementPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#RuntimePermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#NetPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SocketPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#URLPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#LinkPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AllPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SecurityPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#UnresolvedPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SQLPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#LoggingPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#PropertyPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanServerPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#MBeanTrustPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SubjectDelegationPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#SSLPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AuthPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#DelegationPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#ServicePermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#PrivateCredentialPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#AudioPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#JAXBPermission

	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html#WebServicePermission

	};
	// Strict security policy that will only give the minimum needed.
	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
	// https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html

	grant {
	// You can read user.dir
	permission java.util.PropertyPermission "user.dir", "read";

	// Gets access to the current user directory script
	permission java.io.FilePermission "${user.dir}/testscript.sh", "execute";
	permission java.util.PropertyPermission "scala.control.noTraceSuppression", "read";
	};