Quote:
Originally Posted by ixtab
I don't have the time to test it right now, but just a quick shot: did you try putting the .jar file into /opt/amazon/ebook/lib instead of /mnt/us/extensions?
|
I didn't try it before, but you are right, if you put it in there and modify the jar attribute in config.xml, it works without adding a custom policy bit.
I've looked into it and the Kindle Touch has these Java security restrictions:
Code:
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
# key system components.
policy.url.3=file:${policy.home}/framework.policy
policy.url.4=file:${policy.home}/application.policy
policy.url.5=file:${policy.home}/external.policy
$HOME/.java.policy would be an option for custom policies, although we'd need to regenerate that every time the kindle reboots. Root's home directory is not persistent.
java.policy looks like Java's standard java.policy file. external.policy defines permissions for stuff signed by Amazon.
framework.policy and application.policy allow anything under
/opt/amazon/ebook/lib, /usr/local/ebook/lib, and /opt/amazon/ebook/booklet full permissions for everything (although the comments suggests that they wanted change that to signed jars at a [future?] time).
Although a really simple solution would be to specify a separate policy file but for that we'd need to modify /etc/upstart/framework.
Quote:
Originally Posted by ixtab
This would still require access to the root FS, but at least one doesn't need to *modify* Amazon's files, but just add/remove files.
|
Technically, it's modifying Sun's/Oracle's files, not Amazon's
Quote:
Originally Posted by ixtab
|
I guess without some sort of modifications you can't achieve this. IMO modifications of /etc/upstart/framework would be the best solution as this can be handled centrally and is easier to handle than some fs trickery.