
...
An alternative is to read the file names from a source existing in a secure directory, inaccessible to an attacker. The security policy file may grant permissions to the application to read files from a specific directory. The security manager must be used when running the application (ENVxxENV30-J. Create a secure sandbox using a Security Manager). It is also possibe to define a custom permission to control access to specific programs and using a security manager to enforce this permission (SEC10-J. Define custom security permissions for fine grained security).
...