Policy.getPermissions should not have an additional permission check.
the existing check on Policy.getPolicy should be sufficient.

this has some extra ramifications.
PolicyFile should not be doing any doPrivileged calls.
this is to circumvent rogue code that attempts to directly instantiate
the actual PolicyFile class.

the higher level JAAS code (SubjectDomainCombiner) should access
the JAAS Policy within a doPrivileged block.