How do I know which granted permission is not needed?

[Weijun Wang]

Suppose I have a Java program running with a security manager and a 
policy file. There are quite a lot of permissions granted in the policy 
file but maybe not all of them are necessary.

Is there a way I can find out which one is not needed?
I tried to write my own security manager to remember all permission 
objects checked and then compare it with the policy file, but if the 
policy file has permissions granted to different codebases, I cannot 
tell which one is for which.

Thanks
Max