--- a/ChangeLog	Mon Mar 24 17:04:51 2014 +0100
+++ b/ChangeLog	Mon Mar 24 14:08:17 2014 -0400
@@ -1,3 +1,8 @@
+2014-03-24  Andrew Azores  <aazores@redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
+	(checkTrustedOnlyAttrubute) works properly with sandboxing
+
 2014-03-24  Jiri Vanek  <jvanek@redhat.com>
 
 	Client applications now log into new console.

--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Mon Mar 24 17:04:51 2014 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Mon Mar 24 14:08:17 2014 -0400
@@ -102,16 +102,21 @@
             securityType = "Unknown";
         }
 
-        final boolean isFullySigned = signing == SigningState.FULL || (signing == SigningState.PARTIAL && securityDelegate.getRunInSandbox());
+        final boolean isFullySigned = signing == SigningState.FULL;
+        final boolean isSandboxed = securityDelegate.getRunInSandbox();
+        final boolean requestsCorrectPermissions = (isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))
+                || (isSandboxed && SecurityDesc.SANDBOX_PERMISSIONS.equals(desc));
         final String signedMsg;
-        if (isFullySigned) {
+        if (isFullySigned && !isSandboxed) {
             signedMsg = "The applet is fully signed";
+        } else if (isFullySigned && isSandboxed) {
+            signedMsg = "The applet is fully signed and sandboxed";
         } else {
             signedMsg = "The applet is not fully signed";
         }
         OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG,
                 "Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType);
-        if (!(isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))) {
+        if (!(isFullySigned && requestsCorrectPermissions)) {
             throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType));
         }
     }