...
The corresponding code is granted the permissions to both read and write to the file i in the security policy. However, the caller only requires read access to the file. This code violates the principle of least privilege by also providing the caller with write access.
...