Skip to main content

SecurityException reading VFS file

3 replies [Last post]
Joined: 2008-07-22

First, I should acknowledge that this may be an issue PowerDVD, hinted-to by some postings:

I'm am attempting to read-in a properties file I am storing on-disc, but get a SecurityException. This is using the bookmenu example. I've verified that the orgid (0x56789abc) and appid (0x4002 in MenuXlet and 0x4001 for MonitorXlet) are consistent across my .perm and id.xml (id.bdmv) and main_bdjo.xml and app.discroot.crt files.

My code is:
String root = System.getProperty("bluray.vfs.root");
char sep = File.separatorChar;
File file = new File(root + sep + "BDMV" +sep + "META" + sep + "");
try {
if (!file.exists()) {
throw new FileNotFoundException("File not found: "+file);
} catch (Exception e) {
e.printStackTrace();//exists() throws SecurityException here...

Some questions I have are:

a) Am I coding the path correct for on-disc access? (I do, in fact, have a non-standard META dir beneath the disc's /BDMV, I presume this is OK)

b) The getMessage() from the SecurityException is empty and the stack trace also seems to provide few hints about the cause. Is there a way to trace this to say, mismatched orgids, etc, without depending on the implementor filling the exception message?

c) Can anyone corroborate this as a Pdvd problem as in the first link above?

Thank you,

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2006-11-08

Hi Ken,

For your case, I think it'll be much simpler to include the property file into the xlet's jar file and get InputStream through Class.getResouceAsStream("") rather than trying to read it from the filesystem. (Class instance can be any class in that jar).

As for your questions, the path seems OK, but I don't know if having extra files in META is. Most likely a verifier will complain, but not sure if players choke on it during playback.

For getting SecurityException details, no, not that I know of. As a principle, it's a not a good idea for the platform to disclose to an untrusted app why it's been regarded as untrusted.


Joined: 2008-07-22

I may well follow your advise and include the props in the jar, but for learning purposes, may I ask what dissuades from using the filesystem? Has it proven unreliable on some devices, or just extra complexity in terms of signing or permissions, or both?

For this case in-jar is a viable and good suggestion, though I in the future will like to read-in other files from the disc.

Thank you again,

Joined: 2008-07-22

I was able to get the file read access by adding a persistentfilecredential section to my bluray.MenuXlet.perm file, like:


Of course if there some players that this has been seen not to work on, I would still be curious. It is relatively complex and I still agree with your suggestion to store in-jar instead.