The first step would be to make sure that the policy file that contains your modifications is being used at all. Maybe create a new Permission class, require that in the applet, but don't add it to the file. Then the applet should fail.
Or comment out some of the permissions that were in the file before, and make sure that the applet fails where those are required.
Once you know the file is being used you can work on the individual permission you actually want to add. I seem to recall seeing a discussion recently that implied different browsers didn't recognize quite the same policy file syntax (which doesn't make much sense, as it's the JVM doing the interpreting, but it was being claimed).
Thanks for the response. I've asked questions on this problem from several points of view. You probably saw some of them. The .java.policy file has been working for years with some browsers. It works for IE7 if the file to be writtten is fully referenced, but not with the - or * wildcard. It seems that IE7 must have a different Security Manager.
The only techniques I've seen are what I call the shotgun method, try every possible combination until you find the one that works. No way to trace the Security manager to see what it needs or what it doesn't like.