--- a/ChangeLog	Wed Jul 28 15:40:48 2010 -0400
+++ b/ChangeLog	Wed Jul 28 15:42:06 2010 -0400
@@ -1,3 +1,9 @@
+2010-07-28  Deepak Bhole <dbhole@redhat.com>
+
+	* netx/net/sourceforge/jnlp/SecurityDesc.java (getPermissions): Clean up
+	method, and make sure sandbox permissions are always a subset of what is
+	returned.
+
 2010-07-28  Deepak Bhole <dbhole@redhat.com>
 
 	* netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum

--- a/netx/net/sourceforge/jnlp/SecurityDesc.java	Wed Jul 28 15:40:48 2010 -0400
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java	Wed Jul 28 15:42:06 2010 -0400
@@ -160,33 +160,20 @@
      * permissions granted depending on the security type.
      */
     public PermissionCollection getPermissions() {
-        Permissions permissions = new Permissions();
+        PermissionCollection permissions = getSandBoxPermissions();
 
-        // all
+        // discard sandbox, give all
         if (type == ALL_PERMISSIONS) {
+            permissions = new Permissions();
             permissions.add(new AllPermission());
             return permissions;
         }
 
-        // restricted
-        if (type == SANDBOX_PERMISSIONS) {
-            for (int i=0; i < sandboxPermissions.length; i++)
-                permissions.add(sandboxPermissions[i]);
-
-            if (downloadHost != null)
-                permissions.add(new SocketPermission(downloadHost,
-                                                     "connect, accept"));
-        }
-
-        // j2ee
+        // add j2ee to sandbox if needed
         if (type == J2EE_PERMISSIONS)
             for (int i=0; i < j2eePermissions.length; i++)
                 permissions.add(j2eePermissions[i]);
 
-        if (file.isApplication())
-            for (int i=0; i < jnlpRIAPermissions.length; i++)
-                permissions.add(jnlpRIAPermissions[i]);
-
         return permissions;
     }