Java Unsigned Applet - Passing VM-argument "java.security.policy" is ignored?

Question

Before anyone asks me why I am doing this, or suggests that I sign the applet, or deploy it via JWS under J2EE client permissions, it is for purely academic reasons and to satisfy my own curiosity.

I am trying to provide a VM argument (java.security.policy) to point to the policy file used to govern the applet in question as shown below, but it seems to be ignored, consistently throwing a security exception. I can find nothing in Oracle's documentation that states that this is to be expected. Can anyone shed some light on this for me? Thanks

(result)

java.security.AccessControlException: access denied ("java.io.FilePermission" "frustrated.txt" "write")

(html)

<html>
    <body>
        <applet name ="Frustrated" 
                code="com.test.Main.class" 
                archive="Frustrated.jar" 
                width="100" 
                height="100"
        >
            <PARAM name="separate_jvm" value="true">
            <PARAM name="java_arguments" value="-Djava.security.policy=C:\Frustrated.policy">
        </applet>
    </body>
</html>

(java)

package com.test;

import java.applet.Applet;
import java.io.FileOutputStream;
import java.io.IOException;

@SuppressWarnings("serial")
public class Main extends Applet
{
    @Override
    public final void init()
    {
        try
        {
            new FileOutputStream("frustrated.txt");
        }
        catch (IOException e) { }
    }
}

(policy)

grant
{
    permission java.security.AllPermission;
};

Answer 1

<PARAM name="java_arguments" value="-Djava.security.policy=C:\Frustrated.policy">

If it were possible to establish a custom policy through an applet parameter, that would be a (severe) security bug.

As an aside. Given this is for "purely academic reasons" I'll add one of my common advices re. applets and academia.

Why code an applet? If it is due to spec. by teacher, please refer them to Why CS teachers should stop teaching Java applets.