OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [java/] [lang/] [SecurityManager.java] - Blame information for rev 771

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 771 jeremybenn
/* SecurityManager.java -- security checks for privileged actions
2
   Copyright (C) 1998, 1999, 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
3
 
4
This file is part of GNU Classpath.
5
 
6
GNU Classpath is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2, or (at your option)
9
any later version.
10
 
11
GNU Classpath is distributed in the hope that it will be useful, but
12
WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
General Public License for more details.
15
 
16
You should have received a copy of the GNU General Public License
17
along with GNU Classpath; see the file COPYING.  If not, write to the
18
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19
02110-1301 USA.
20
 
21
Linking this library statically or dynamically with other modules is
22
making a combined work based on this library.  Thus, the terms and
23
conditions of the GNU General Public License cover the whole
24
combination.
25
 
26
As a special exception, the copyright holders of this library give you
27
permission to link this library with independent modules to produce an
28
executable, regardless of the license terms of these independent
29
modules, and to copy and distribute the resulting executable under
30
terms of your choice, provided that you also meet, for each linked
31
independent module, the terms and conditions of the license of that
32
module.  An independent module is a module which is not derived from
33
or based on this library.  If you modify this library, you may extend
34
this exception to your version of the library, but you are not
35
obligated to do so.  If you do not wish to do so, delete this
36
exception statement from your version. */
37
 
38
 
39
package java.lang;
40
 
41
import gnu.classpath.VMStackWalker;
42
 
43
import java.awt.AWTPermission;
44
import java.io.File;
45
import java.io.FileDescriptor;
46
import java.io.FileInputStream;
47
import java.io.FileOutputStream;
48
import java.io.FilePermission;
49
import java.io.RandomAccessFile;
50
import java.lang.reflect.Member;
51
import java.net.InetAddress;
52
import java.net.ServerSocket;
53
import java.net.Socket;
54
import java.net.SocketImplFactory;
55
import java.net.SocketPermission;
56
import java.net.URL;
57
import java.net.URLStreamHandlerFactory;
58
import java.security.AccessControlContext;
59
import java.security.AccessControlException;
60
import java.security.AccessController;
61
import java.security.AllPermission;
62
import java.security.BasicPermission;
63
import java.security.Permission;
64
import java.security.Policy;
65
import java.security.PrivilegedAction;
66
import java.security.ProtectionDomain;
67
import java.security.Security;
68
import java.security.SecurityPermission;
69
import java.util.Properties;
70
import java.util.PropertyPermission;
71
import java.util.StringTokenizer;
72
 
73
/**
74
 * SecurityManager is a class you can extend to create your own Java
75
 * security policy.  By default, there is no SecurityManager installed in
76
 * 1.1, which means that all things are permitted to all people. The security
77
 * manager, if set, is consulted before doing anything with potentially
78
 * dangerous results, and throws a <code>SecurityException</code> if the
79
 * action is forbidden.
80
 *
81
 * <p>A typical check is as follows, just before the dangerous operation:<br>
82
 * <pre>
83
 * SecurityManager sm = System.getSecurityManager();
84
 * if (sm != null)
85
 *   sm.checkABC(<em>argument</em>, ...);
86
 * </pre>
87
 * Note that this is thread-safe, by caching the security manager in a local
88
 * variable rather than risking a NullPointerException if the mangager is
89
 * changed between the check for null and before the permission check.
90
 *
91
 * <p>The special method <code>checkPermission</code> is a catchall, and
92
 * the default implementation calls
93
 * <code>AccessController.checkPermission</code>. In fact, all the other
94
 * methods default to calling checkPermission.
95
 *
96
 * <p>Sometimes, the security check needs to happen from a different context,
97
 * such as when called from a worker thread. In such cases, use
98
 * <code>getSecurityContext</code> to take a snapshot that can be passed
99
 * to the worker thread:<br>
100
 * <pre>
101
 * Object context = null;
102
 * SecurityManager sm = System.getSecurityManager();
103
 * if (sm != null)
104
 *   context = sm.getSecurityContext(); // defaults to an AccessControlContext
105
 * // now, in worker thread
106
 * if (sm != null)
107
 *   sm.checkPermission(permission, context);
108
 * </pre>
109
 *
110
 * <p>Permissions fall into these categories: File, Socket, Net, Security,
111
 * Runtime, Property, AWT, Reflect, and Serializable. Each of these
112
 * permissions have a property naming convention, that follows a hierarchical
113
 * naming convention, to make it easy to grant or deny several permissions
114
 * at once. Some permissions also take a list of permitted actions, such
115
 * as "read" or "write", to fine-tune control even more. The permission
116
 * <code>java.security.AllPermission</code> grants all permissions.
117
 *
118
 * <p>The default methods in this class deny all things to all people. You
119
 * must explicitly grant permission for anything you want to be legal when
120
 * subclassing this class.
121
 *
122
 * @author John Keiser
123
 * @author Eric Blake (ebb9@email.byu.edu)
124
 * @see ClassLoader
125
 * @see SecurityException
126
 * @see #checkTopLevelWindow(Object)
127
 * @see System#getSecurityManager()
128
 * @see System#setSecurityManager(SecurityManager)
129
 * @see AccessController
130
 * @see AccessControlContext
131
 * @see AccessControlException
132
 * @see Permission
133
 * @see BasicPermission
134
 * @see java.io.FilePermission
135
 * @see java.net.SocketPermission
136
 * @see java.util.PropertyPermission
137
 * @see RuntimePermission
138
 * @see java.awt.AWTPermission
139
 * @see Policy
140
 * @see SecurityPermission
141
 * @see ProtectionDomain
142
 * @since 1.0
143
 * @status still missing 1.4 functionality
144
 */
145
public class SecurityManager
146
{
147
  /**
148
   * The current security manager. This is located here instead of in
149
   * System, to avoid security problems, as well as bootstrap issues.
150
   * Make sure to access it in a thread-safe manner; it is package visible
151
   * to avoid overhead in java.lang.
152
   */
153
  static volatile SecurityManager current;
154
 
155
  /**
156
   * Tells whether or not the SecurityManager is currently performing a
157
   * security check.
158
   * @deprecated Use {@link #checkPermission(Permission)} instead.
159
   */
160
  protected boolean inCheck;
161
 
162
  /**
163
   * Construct a new security manager. There may be a security check, of
164
   * <code>RuntimePermission("createSecurityManager")</code>.
165
   *
166
   * @throws SecurityException if permission is denied
167
   */
168
  public SecurityManager()
169
  {
170
    /* "When there is security manager installed, the security manager
171
       need to check the package access. However, if the security
172
       manager itself uses any unloaded class, it will trigger the
173
       classloading, which causes infinite loop. There is no easy
174
       legal solution. The workaround will be that security manager
175
       can not depend on any unloaded class. In the constructor of
176
       security manager, it must transitively load all classes it
177
       refers to."  Sun bug #4242924.  */
178
 
179
    // Load and initialize java.security.Security
180
    java.security.Security.getProvider((String)null);
181
 
182
    SecurityManager sm = System.getSecurityManager();
183
    if (sm != null)
184
      sm.checkPermission(new RuntimePermission("createSecurityManager"));
185
  }
186
 
187
  /**
188
   * Tells whether or not the SecurityManager is currently performing a
189
   * security check.
190
   *
191
   * @return true if the SecurityManager is in a security check
192
   * @see #inCheck
193
   * @deprecated use {@link #checkPermission(Permission)} instead
194
   */
195
  public boolean getInCheck()
196
  {
197
    return inCheck;
198
  }
199
 
200
  /**
201
   * Get a list of all the classes currently executing methods on the Java
202
   * stack.  getClassContext()[0] is the currently executing method (ie. the
203
   * class that CALLED getClassContext, not SecurityManager).
204
   *
205
   * @return an array of classes on the Java execution stack
206
   */
207
  protected Class[] getClassContext()
208
  {
209
    Class[] stack1 = VMStackWalker.getClassContext();
210
    Class[] stack2 = new Class[stack1.length - 1];
211
    System.arraycopy(stack1, 1, stack2, 0, stack1.length - 1);
212
    return stack2;
213
  }
214
 
215
  /**
216
   * Find the ClassLoader of the first non-system class on the execution
217
   * stack. A non-system class is one whose ClassLoader is not equal to
218
   * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
219
   * will return null in three cases:
220
   *
221
   * <ul>
222
   * <li>All methods on the stack are from system classes</li>
223
   * <li>All methods on the stack up to the first "privileged" caller, as
224
   *  created by {@link AccessController#doPrivileged(PrivilegedAction)},
225
   *  are from system classes</li>
226
   * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
227
   * </ul>
228
   *
229
   * @return the most recent non-system ClassLoader on the execution stack
230
   * @deprecated use {@link #checkPermission(Permission)} instead
231
   */
232
  protected ClassLoader currentClassLoader()
233
  {
234
    Class cl = currentLoadedClass();
235
    return cl != null ? cl.getClassLoader() : null;
236
  }
237
 
238
  /**
239
   * Find the first non-system class on the execution stack. A non-system
240
   * class is one whose ClassLoader is not equal to
241
   * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
242
   * will return null in three cases:
243
   *
244
   * <ul>
245
   * <li>All methods on the stack are from system classes</li>
246
   * <li>All methods on the stack up to the first "privileged" caller, as
247
   *  created by {@link AccessController#doPrivileged(PrivilegedAction)},
248
   *  are from system classes</li>
249
   * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
250
   * </ul>
251
   *
252
   * @return the most recent non-system Class on the execution stack
253
   * @deprecated use {@link #checkPermission(Permission)} instead
254
   */
255
  protected Class<?> currentLoadedClass()
256
  {
257
    int i = classLoaderDepth();
258
    return i >= 0 ? getClassContext()[i] : null;
259
  }
260
 
261
  /**
262
   * Get the depth of a particular class on the execution stack.
263
   *
264
   * @param className the fully-qualified name to search for
265
   * @return the index of the class on the stack, or -1
266
   * @deprecated use {@link #checkPermission(Permission)} instead
267
   */
268
  protected int classDepth(String className)
269
  {
270
    Class[] c = getClassContext();
271
    for (int i = 0; i < c.length; i++)
272
      if (className.equals(c[i].getName()))
273
        return i;
274
    return -1;
275
  }
276
 
277
  /**
278
   * Get the depth on the execution stack of the most recent non-system class.
279
   * A non-system class is one whose ClassLoader is not equal to
280
   * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
281
   * will return -1 in three cases:
282
   *
283
   * <ul>
284
   * <li>All methods on the stack are from system classes</li>
285
   * <li>All methods on the stack up to the first "privileged" caller, as
286
   *  created by {@link AccessController#doPrivileged(PrivilegedAction)},
287
   *  are from system classes</li>
288
   * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
289
   * </ul>
290
   *
291
   * @return the index of the most recent non-system Class on the stack
292
   * @deprecated use {@link #checkPermission(Permission)} instead
293
   */
294
  protected int classLoaderDepth()
295
  {
296
    try
297
      {
298
        checkPermission(new AllPermission());
299
      }
300
    catch (SecurityException e)
301
      {
302
        Class[] c = getClassContext();
303
        for (int i = 0; i < c.length; i++)
304
          if (c[i].getClassLoader() != null)
305
            // XXX Check if c[i] is AccessController, or a system class.
306
            return i;
307
      }
308
    return -1;
309
  }
310
 
311
  /**
312
   * Tell whether the specified class is on the execution stack.
313
   *
314
   * @param className the fully-qualified name of the class to find
315
   * @return whether the specified class is on the execution stack
316
   * @deprecated use {@link #checkPermission(Permission)} instead
317
   */
318
  protected boolean inClass(String className)
319
  {
320
    return classDepth(className) != -1;
321
  }
322
 
323
  /**
324
   * Tell whether there is a class loaded with an explicit ClassLoader on
325
   * the stack.
326
   *
327
   * @return whether a class with an explicit ClassLoader is on the stack
328
   * @deprecated use {@link #checkPermission(Permission)} instead
329
   */
330
  protected boolean inClassLoader()
331
  {
332
    return classLoaderDepth() != -1;
333
  }
334
 
335
  /**
336
   * Get an implementation-dependent Object that contains enough information
337
   * about the current environment to be able to perform standard security
338
   * checks later.  This is used by trusted methods that need to verify that
339
   * their callers have sufficient access to perform certain operations.
340
   *
341
   * <p>Currently the only methods that use this are checkRead() and
342
   * checkConnect(). The default implementation returns an
343
   * <code>AccessControlContext</code>.
344
   *
345
   * @return a security context
346
   * @see #checkConnect(String, int, Object)
347
   * @see #checkRead(String, Object)
348
   * @see AccessControlContext
349
   * @see AccessController#getContext()
350
   */
351
  public Object getSecurityContext()
352
  {
353
    return AccessController.getContext();
354
  }
355
 
356
  /**
357
   * Check if the current thread is allowed to perform an operation that
358
   * requires the specified <code>Permission</code>. This defaults to
359
   * <code>AccessController.checkPermission</code>.
360
   *
361
   * @param perm the <code>Permission</code> required
362
   * @throws SecurityException if permission is denied
363
   * @throws NullPointerException if perm is null
364
   * @since 1.2
365
   */
366
  public void checkPermission(Permission perm)
367
  {
368
    AccessController.checkPermission(perm);
369
  }
370
 
371
  /**
372
   * Check if the current thread is allowed to perform an operation that
373
   * requires the specified <code>Permission</code>. This is done in a
374
   * context previously returned by <code>getSecurityContext()</code>. The
375
   * default implementation expects context to be an AccessControlContext,
376
   * and it calls <code>AccessControlContext.checkPermission(perm)</code>.
377
   *
378
   * @param perm the <code>Permission</code> required
379
   * @param context a security context
380
   * @throws SecurityException if permission is denied, or if context is
381
   *         not an AccessControlContext
382
   * @throws NullPointerException if perm is null
383
   * @see #getSecurityContext()
384
   * @see AccessControlContext#checkPermission(Permission)
385
   * @since 1.2
386
   */
387
  public void checkPermission(Permission perm, Object context)
388
  {
389
    if (! (context instanceof AccessControlContext))
390
      throw new SecurityException("Missing context");
391
    ((AccessControlContext) context).checkPermission(perm);
392
  }
393
 
394
  /**
395
   * Check if the current thread is allowed to create a ClassLoader. This
396
   * method is called from ClassLoader.ClassLoader(), and checks
397
   * <code>RuntimePermission("createClassLoader")</code>. If you override
398
   * this, you should call <code>super.checkCreateClassLoader()</code> rather
399
   * than throwing an exception.
400
   *
401
   * @throws SecurityException if permission is denied
402
   * @see ClassLoader#ClassLoader()
403
   */
404
  public void checkCreateClassLoader()
405
  {
406
    checkPermission(new RuntimePermission("createClassLoader"));
407
  }
408
 
409
  /**
410
   * Check if the current thread is allowed to modify another Thread. This is
411
   * called by Thread.stop(), suspend(), resume(), interrupt(), destroy(),
412
   * setPriority(), setName(), and setDaemon(). The default implementation
413
   * checks <code>RuntimePermission("modifyThread")</code> on system threads
414
   * (ie. threads in ThreadGroup with a null parent), and returns silently on
415
   * other threads.
416
   *
417
   * <p>If you override this, you must do two things. First, call
418
   * <code>super.checkAccess(t)</code>, to make sure you are not relaxing
419
   * requirements. Second, if the calling thread has
420
   * <code>RuntimePermission("modifyThread")</code>, return silently, so that
421
   * core classes (the Classpath library!) can modify any thread.
422
   *
423
   * @param thread the other Thread to check
424
   * @throws SecurityException if permission is denied
425
   * @throws NullPointerException if thread is null
426
   * @see Thread#stop()
427
   * @see Thread#suspend()
428
   * @see Thread#resume()
429
   * @see Thread#setPriority(int)
430
   * @see Thread#setName(String)
431
   * @see Thread#setDaemon(boolean)
432
   */
433
  public void checkAccess(Thread thread)
434
  {
435
    if (thread.getThreadGroup() != null
436
        && thread.getThreadGroup().parent == null)
437
      checkPermission(new RuntimePermission("modifyThread"));
438
  }
439
 
440
  /**
441
   * Check if the current thread is allowed to modify a ThreadGroup. This is
442
   * called by Thread.Thread() (to add a thread to the ThreadGroup),
443
   * ThreadGroup.ThreadGroup() (to add this ThreadGroup to a parent),
444
   * ThreadGroup.stop(), suspend(), resume(), interrupt(), destroy(),
445
   * setDaemon(), and setMaxPriority(). The default implementation
446
   * checks <code>RuntimePermission("modifyThread")</code> on the system group
447
   * (ie. the one with a null parent), and returns silently on other groups.
448
   *
449
   * <p>If you override this, you must do two things. First, call
450
   * <code>super.checkAccess(t)</code>, to make sure you are not relaxing
451
   * requirements. Second, if the calling thread has
452
   * <code>RuntimePermission("modifyThreadGroup")</code>, return silently,
453
   * so that core classes (the Classpath library!) can modify any thread.
454
   *
455
   * @param g the ThreadGroup to check
456
   * @throws SecurityException if permission is denied
457
   * @throws NullPointerException if g is null
458
   * @see Thread#Thread()
459
   * @see ThreadGroup#ThreadGroup(String)
460
   * @see ThreadGroup#stop()
461
   * @see ThreadGroup#suspend()
462
   * @see ThreadGroup#resume()
463
   * @see ThreadGroup#interrupt()
464
   * @see ThreadGroup#setDaemon(boolean)
465
   * @see ThreadGroup#setMaxPriority(int)
466
   */
467
  public void checkAccess(ThreadGroup g)
468
  {
469
    if (g.parent == null)
470
      checkPermission(new RuntimePermission("modifyThreadGroup"));
471
  }
472
 
473
  /**
474
   * Check if the current thread is allowed to exit the JVM with the given
475
   * status. This method is called from Runtime.exit() and Runtime.halt().
476
   * The default implementation checks
477
   * <code>RuntimePermission("exitVM")</code>. If you override this, call
478
   * <code>super.checkExit</code> rather than throwing an exception.
479
   *
480
   * @param status the status to exit with
481
   * @throws SecurityException if permission is denied
482
   * @see Runtime#exit(int)
483
   * @see Runtime#halt(int)
484
   */
485
  public void checkExit(int status)
486
  {
487
    checkPermission(new RuntimePermission("exitVM"));
488
  }
489
 
490
  /**
491
   * Check if the current thread is allowed to execute the given program. This
492
   * method is called from Runtime.exec(). If the name is an absolute path,
493
   * the default implementation checks
494
   * <code>FilePermission(program, "execute")</code>, otherwise it checks
495
   * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;", "execute")</code>. If
496
   * you override this, call <code>super.checkExec</code> rather than
497
   * throwing an exception.
498
   *
499
   * @param program the name of the program to exec
500
   * @throws SecurityException if permission is denied
501
   * @throws NullPointerException if program is null
502
   * @see Runtime#exec(String[], String[], File)
503
   */
504
  public void checkExec(String program)
505
  {
506
    if (! program.equals(new File(program).getAbsolutePath()))
507
      program = "<<ALL FILES>>";
508
    checkPermission(new FilePermission(program, "execute"));
509
  }
510
 
511
  /**
512
   * Check if the current thread is allowed to link in the given native
513
   * library. This method is called from Runtime.load() (and hence, by
514
   * loadLibrary() as well). The default implementation checks
515
   * <code>RuntimePermission("loadLibrary." + filename)</code>. If you
516
   * override this, call <code>super.checkLink</code> rather than throwing
517
   * an exception.
518
   *
519
   * @param filename the full name of the library to load
520
   * @throws SecurityException if permission is denied
521
   * @throws NullPointerException if filename is null
522
   * @see Runtime#load(String)
523
   */
524
  public void checkLink(String filename)
525
  {
526
    // Use the toString() hack to do the null check.
527
    checkPermission(new RuntimePermission("loadLibrary."
528
                                          + filename.toString()));
529
  }
530
 
531
  /**
532
   * Check if the current thread is allowed to read the given file using the
533
   * FileDescriptor. This method is called from
534
   * FileInputStream.FileInputStream(). The default implementation checks
535
   * <code>RuntimePermission("readFileDescriptor")</code>. If you override
536
   * this, call <code>super.checkRead</code> rather than throwing an
537
   * exception.
538
   *
539
   * @param desc the FileDescriptor representing the file to access
540
   * @throws SecurityException if permission is denied
541
   * @throws NullPointerException if desc is null
542
   * @see FileInputStream#FileInputStream(FileDescriptor)
543
   */
544
  public void checkRead(FileDescriptor desc)
545
  {
546
    if (desc == null)
547
      throw new NullPointerException();
548
    checkPermission(new RuntimePermission("readFileDescriptor"));
549
  }
550
 
551
  /**
552
   * Check if the current thread is allowed to read the given file. This
553
   * method is called from FileInputStream.FileInputStream(),
554
   * RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(),
555
   * isDirectory(), lastModified(), length() and list(). The default
556
   * implementation checks <code>FilePermission(filename, "read")</code>. If
557
   * you override this, call <code>super.checkRead</code> rather than
558
   * throwing an exception.
559
   *
560
   * @param filename the full name of the file to access
561
   * @throws SecurityException if permission is denied
562
   * @throws NullPointerException if filename is null
563
   * @see File
564
   * @see FileInputStream#FileInputStream(String)
565
   * @see RandomAccessFile#RandomAccessFile(String, String)
566
   */
567
  public void checkRead(String filename)
568
  {
569
    checkPermission(new FilePermission(filename, "read"));
570
  }
571
 
572
  /**
573
   * Check if the current thread is allowed to read the given file. using the
574
   * given security context. The context must be a result of a previous call
575
   * to <code>getSecurityContext()</code>. The default implementation checks
576
   * <code>AccessControlContext.checkPermission(new FilePermission(filename,
577
   * "read"))</code>. If you override this, call <code>super.checkRead</code>
578
   * rather than throwing an exception.
579
   *
580
   * @param filename the full name of the file to access
581
   * @param context the context to determine access for
582
   * @throws SecurityException if permission is denied, or if context is
583
   *         not an AccessControlContext
584
   * @throws NullPointerException if filename is null
585
   * @see #getSecurityContext()
586
   * @see AccessControlContext#checkPermission(Permission)
587
   */
588
  public void checkRead(String filename, Object context)
589
  {
590
    if (! (context instanceof AccessControlContext))
591
      throw new SecurityException("Missing context");
592
    AccessControlContext ac = (AccessControlContext) context;
593
    ac.checkPermission(new FilePermission(filename, "read"));
594
  }
595
 
596
  /**
597
   * Check if the current thread is allowed to write the given file using the
598
   * FileDescriptor. This method is called from
599
   * FileOutputStream.FileOutputStream(). The default implementation checks
600
   * <code>RuntimePermission("writeFileDescriptor")</code>. If you override
601
   * this, call <code>super.checkWrite</code> rather than throwing an
602
   * exception.
603
   *
604
   * @param desc the FileDescriptor representing the file to access
605
   * @throws SecurityException if permission is denied
606
   * @throws NullPointerException if desc is null
607
   * @see FileOutputStream#FileOutputStream(FileDescriptor)
608
   */
609
  public void checkWrite(FileDescriptor desc)
610
  {
611
    if (desc == null)
612
      throw new NullPointerException();
613
    checkPermission(new RuntimePermission("writeFileDescriptor"));
614
  }
615
 
616
  /**
617
   * Check if the current thread is allowed to write the given file. This
618
   * method is called from FileOutputStream.FileOutputStream(),
619
   * RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and
620
   * renameTo(). The default implementation checks
621
   * <code>FilePermission(filename, "write")</code>. If you override this,
622
   * call <code>super.checkWrite</code> rather than throwing an exception.
623
   *
624
   * @param filename the full name of the file to access
625
   * @throws SecurityException if permission is denied
626
   * @throws NullPointerException if filename is null
627
   * @see File
628
   * @see File#canWrite()
629
   * @see File#mkdir()
630
   * @see File#renameTo(File)
631
   * @see FileOutputStream#FileOutputStream(String)
632
   * @see RandomAccessFile#RandomAccessFile(String, String)
633
   */
634
  public void checkWrite(String filename)
635
  {
636
    checkPermission(new FilePermission(filename, "write"));
637
  }
638
 
639
  /**
640
   * Check if the current thread is allowed to delete the given file. This
641
   * method is called from File.delete(). The default implementation checks
642
   * <code>FilePermission(filename, "delete")</code>. If you override this,
643
   * call <code>super.checkDelete</code> rather than throwing an exception.
644
   *
645
   * @param filename the full name of the file to delete
646
   * @throws SecurityException if permission is denied
647
   * @throws NullPointerException if filename is null
648
   * @see File#delete()
649
   */
650
  public void checkDelete(String filename)
651
  {
652
    checkPermission(new FilePermission(filename, "delete"));
653
  }
654
 
655
  /**
656
   * Check if the current thread is allowed to connect to a given host on a
657
   * given port. This method is called from Socket.Socket(). A port number
658
   * of -1 indicates the caller is attempting to determine an IP address, so
659
   * the default implementation checks
660
   * <code>SocketPermission(host, "resolve")</code>. Otherwise, the default
661
   * implementation checks
662
   * <code>SocketPermission(host + ":" + port, "connect")</code>. If you
663
   * override this, call <code>super.checkConnect</code> rather than throwing
664
   * an exception.
665
   *
666
   * @param host the host to connect to
667
   * @param port the port to connect on
668
   * @throws SecurityException if permission is denied
669
   * @throws NullPointerException if host is null
670
   * @see Socket#Socket()
671
   */
672
  public void checkConnect(String host, int port)
673
  {
674
    if (port == -1)
675
      checkPermission(new SocketPermission(host, "resolve"));
676
    else
677
      // Use the toString() hack to do the null check.
678
      checkPermission(new SocketPermission(host.toString() + ":" + port,
679
                                           "connect"));
680
  }
681
 
682
  /**
683
   * Check if the current thread is allowed to connect to a given host on a
684
   * given port, using the given security context. The context must be a
685
   * result of a previous call to <code>getSecurityContext</code>. A port
686
   * number of -1 indicates the caller is attempting to determine an IP
687
   * address, so the default implementation checks
688
   * <code>AccessControlContext.checkPermission(new SocketPermission(host,
689
   * "resolve"))</code>. Otherwise, the default implementation checks
690
   * <code>AccessControlContext.checkPermission(new SocketPermission(host
691
   * + ":" + port, "connect"))</code>. If you override this, call
692
   * <code>super.checkConnect</code> rather than throwing an exception.
693
   *
694
   * @param host the host to connect to
695
   * @param port the port to connect on
696
   * @param context the context to determine access for
697
   *
698
   * @throws SecurityException if permission is denied, or if context is
699
   *         not an AccessControlContext
700
   * @throws NullPointerException if host is null
701
   *
702
   * @see #getSecurityContext()
703
   * @see AccessControlContext#checkPermission(Permission)
704
   */
705
  public void checkConnect(String host, int port, Object context)
706
  {
707
    if (! (context instanceof AccessControlContext))
708
      throw new SecurityException("Missing context");
709
    AccessControlContext ac = (AccessControlContext) context;
710
    if (port == -1)
711
      ac.checkPermission(new SocketPermission(host, "resolve"));
712
    else
713
      // Use the toString() hack to do the null check.
714
      ac.checkPermission(new SocketPermission(host.toString() + ":" + port,
715
                                              "connect"));
716
  }
717
 
718
  /**
719
   * Check if the current thread is allowed to listen to a specific port for
720
   * data. This method is called by ServerSocket.ServerSocket(). The default
721
   * implementation checks
722
   * <code>SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port),
723
   * "listen")</code>. If you override this, call
724
   * <code>super.checkListen</code> rather than throwing an exception.
725
   *
726
   * @param port the port to listen on
727
   * @throws SecurityException if permission is denied
728
   * @see ServerSocket#ServerSocket(int)
729
   */
730
  public void checkListen(int port)
731
  {
732
    checkPermission(new SocketPermission("localhost:"
733
                                         + (port == 0 ? "1024-" : "" +port),
734
                                         "listen"));
735
  }
736
 
737
  /**
738
   * Check if the current thread is allowed to accept a connection from a
739
   * particular host on a particular port. This method is called by
740
   * ServerSocket.implAccept(). The default implementation checks
741
   * <code>SocketPermission(host + ":" + port, "accept")</code>. If you
742
   * override this, call <code>super.checkAccept</code> rather than throwing
743
   * an exception.
744
   *
745
   * @param host the host which wishes to connect
746
   * @param port the port the connection will be on
747
   * @throws SecurityException if permission is denied
748
   * @throws NullPointerException if host is null
749
   * @see ServerSocket#accept()
750
   */
751
  public void checkAccept(String host, int port)
752
  {
753
    // Use the toString() hack to do the null check.
754
    checkPermission(new SocketPermission(host.toString() + ":" + port,
755
                                         "accept"));
756
  }
757
 
758
  /**
759
   * Check if the current thread is allowed to read and write multicast to
760
   * a particular address. The default implementation checks
761
   * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>.
762
   * If you override this, call <code>super.checkMulticast</code> rather than
763
   * throwing an exception.
764
   *
765
   * @param addr the address to multicast to
766
   * @throws SecurityException if permission is denied
767
   * @throws NullPointerException if host is null
768
   * @since 1.1
769
   */
770
  public void checkMulticast(InetAddress addr)
771
  {
772
    checkPermission(new SocketPermission(addr.getHostAddress(),
773
                                         "accept,connect"));
774
  }
775
 
776
  /**
777
   *Check if the current thread is allowed to read and write multicast to
778
   * a particular address with a particular ttl (time-to-live) value. The
779
   * default implementation ignores ttl, and checks
780
   * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>.
781
   * If you override this, call <code>super.checkMulticast</code> rather than
782
   * throwing an exception.
783
   *
784
   * @param addr the address to multicast to
785
   * @param ttl value in use for multicast send
786
   * @throws SecurityException if permission is denied
787
   * @throws NullPointerException if host is null
788
   * @since 1.1
789
   * @deprecated use {@link #checkPermission(Permission)} instead
790
   */
791
  public void checkMulticast(InetAddress addr, byte ttl)
792
  {
793
    checkPermission(new SocketPermission(addr.getHostAddress(),
794
                                         "accept,connect"));
795
  }
796
 
797
  /**
798
   * Check if the current thread is allowed to read or write all the system
799
   * properties at once. This method is called by System.getProperties()
800
   * and setProperties(). The default implementation checks
801
   * <code>PropertyPermission("*", "read,write")</code>. If you override
802
   * this, call <code>super.checkPropertiesAccess</code> rather than
803
   * throwing an exception.
804
   *
805
   * @throws SecurityException if permission is denied
806
   * @see System#getProperties()
807
   * @see System#setProperties(Properties)
808
   */
809
  public void checkPropertiesAccess()
810
  {
811
    checkPermission(new PropertyPermission("*", "read,write"));
812
  }
813
 
814
  /**
815
   * Check if the current thread is allowed to read a particular system
816
   * property (writes are checked directly via checkPermission). This method
817
   * is called by System.getProperty() and setProperty(). The default
818
   * implementation checks <code>PropertyPermission(key, "read")</code>. If
819
   * you override this, call <code>super.checkPropertyAccess</code> rather
820
   * than throwing an exception.
821
   *
822
   * @param key the key of the property to check
823
   *
824
   * @throws SecurityException if permission is denied
825
   * @throws NullPointerException if key is null
826
   * @throws IllegalArgumentException if key is ""
827
   *
828
   * @see System#getProperty(String)
829
   */
830
  public void checkPropertyAccess(String key)
831
  {
832
    checkPermission(new PropertyPermission(key, "read"));
833
  }
834
 
835
  /**
836
   * Check if the current thread is allowed to create a top-level window. If
837
   * it is not, the operation should still go through, but some sort of
838
   * nonremovable warning should be placed on the window to show that it
839
   * is untrusted. This method is called by Window.Window(). The default
840
   * implementation checks
841
   * <code>AWTPermission("showWindowWithoutWarningBanner")</code>, and returns
842
   * true if no exception was thrown. If you override this, use
843
   * <code>return super.checkTopLevelWindow</code> rather than returning
844
   * false.
845
   *
846
   * @param window the window to create
847
   * @return true if there is permission to show the window without warning
848
   * @throws NullPointerException if window is null
849
   * @see java.awt.Window#Window(java.awt.Frame)
850
   */
851
  public boolean checkTopLevelWindow(Object window)
852
  {
853
    if (window == null)
854
      throw new NullPointerException();
855
    try
856
      {
857
        checkPermission(new AWTPermission("showWindowWithoutWarningBanner"));
858
        return true;
859
      }
860
    catch (SecurityException e)
861
      {
862
        return false;
863
      }
864
  }
865
 
866
  /**
867
   * Check if the current thread is allowed to create a print job. This
868
   * method is called by Toolkit.getPrintJob(). The default implementation
869
   * checks <code>RuntimePermission("queuePrintJob")</code>. If you override
870
   * this, call <code>super.checkPrintJobAccess</code> rather than throwing
871
   * an exception.
872
   *
873
   * @throws SecurityException if permission is denied
874
   * @see java.awt.Toolkit#getPrintJob(java.awt.Frame, String, Properties)
875
   * @since 1.1
876
   */
877
  public void checkPrintJobAccess()
878
  {
879
    checkPermission(new RuntimePermission("queuePrintJob"));
880
  }
881
 
882
  /**
883
   * Check if the current thread is allowed to use the system clipboard. This
884
   * method is called by Toolkit.getSystemClipboard(). The default
885
   * implementation checks <code>AWTPermission("accessClipboard")</code>. If
886
   * you override this, call <code>super.checkSystemClipboardAccess</code>
887
   * rather than throwing an exception.
888
   *
889
   * @throws SecurityException if permission is denied
890
   * @see java.awt.Toolkit#getSystemClipboard()
891
   * @since 1.1
892
   */
893
  public void checkSystemClipboardAccess()
894
  {
895
    checkPermission(new AWTPermission("accessClipboard"));
896
  }
897
 
898
  /**
899
   * Check if the current thread is allowed to use the AWT event queue. This
900
   * method is called by Toolkit.getSystemEventQueue(). The default
901
   * implementation checks <code>AWTPermission("accessEventQueue")</code>.
902
   * you override this, call <code>super.checkAwtEventQueueAccess</code>
903
   * rather than throwing an exception.
904
   *
905
   * @throws SecurityException if permission is denied
906
   * @see java.awt.Toolkit#getSystemEventQueue()
907
   * @since 1.1
908
   */
909
  public void checkAwtEventQueueAccess()
910
  {
911
    checkPermission(new AWTPermission("accessEventQueue"));
912
  }
913
 
914
  /**
915
   * Check if the current thread is allowed to access the specified package
916
   * at all. This method is called by ClassLoader.loadClass() in user-created
917
   * ClassLoaders. The default implementation gets a list of all restricted
918
   * packages, via <code>Security.getProperty("package.access")</code>. Then,
919
   * if packageName starts with or equals any restricted package, it checks
920
   * <code>RuntimePermission("accessClassInPackage." + packageName)</code>.
921
   * If you override this, you should call
922
   * <code>super.checkPackageAccess</code> before doing anything else.
923
   *
924
   * @param packageName the package name to check access to
925
   * @throws SecurityException if permission is denied
926
   * @throws NullPointerException if packageName is null
927
   * @see ClassLoader#loadClass(String, boolean)
928
   * @see Security#getProperty(String)
929
   */
930
  public void checkPackageAccess(String packageName)
931
  {
932
    checkPackageList(packageName, "package.access", "accessClassInPackage.");
933
  }
934
 
935
  /**
936
   * Check if the current thread is allowed to define a class into the
937
   * specified package. This method is called by ClassLoader.loadClass() in
938
   * user-created ClassLoaders. The default implementation gets a list of all
939
   * restricted packages, via
940
   * <code>Security.getProperty("package.definition")</code>. Then, if
941
   * packageName starts with or equals any restricted package, it checks
942
   * <code>RuntimePermission("defineClassInPackage." + packageName)</code>.
943
   * If you override this, you should call
944
   * <code>super.checkPackageDefinition</code> before doing anything else.
945
   *
946
   * @param packageName the package name to check access to
947
   * @throws SecurityException if permission is denied
948
   * @throws NullPointerException if packageName is null
949
   * @see ClassLoader#loadClass(String, boolean)
950
   * @see Security#getProperty(String)
951
   */
952
  public void checkPackageDefinition(String packageName)
953
  {
954
    checkPackageList(packageName, "package.definition", "defineClassInPackage.");
955
  }
956
 
957
  /**
958
   * Check if the current thread is allowed to set the current socket factory.
959
   * This method is called by Socket.setSocketImplFactory(),
960
   * ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory().
961
   * The default implementation checks
962
   * <code>RuntimePermission("setFactory")</code>. If you override this, call
963
   * <code>super.checkSetFactory</code> rather than throwing an exception.
964
   *
965
   * @throws SecurityException if permission is denied
966
   * @see Socket#setSocketImplFactory(SocketImplFactory)
967
   * @see ServerSocket#setSocketFactory(SocketImplFactory)
968
   * @see URL#setURLStreamHandlerFactory(URLStreamHandlerFactory)
969
   */
970
  public void checkSetFactory()
971
  {
972
    checkPermission(new RuntimePermission("setFactory"));
973
  }
974
 
975
  /**
976
   * Check if the current thread is allowed to get certain types of Methods,
977
   * Fields and Constructors from a Class object. This method is called by
978
   * Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s],
979
   * Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and
980
   * Class.getDeclaredConstructor[s](). The default implementation allows
981
   * PUBLIC access, and access to classes defined by the same classloader as
982
   * the code performing the reflection. Otherwise, it checks
983
   * <code>RuntimePermission("accessDeclaredMembers")</code>. If you override
984
   * this, do not call <code>super.checkMemberAccess</code>, as this would
985
   * mess up the stack depth check that determines the ClassLoader requesting
986
   * the access.
987
   *
988
   * @param c the Class to check
989
   * @param memberType either DECLARED or PUBLIC
990
   * @throws SecurityException if permission is denied, including when
991
   *         memberType is not DECLARED or PUBLIC
992
   * @throws NullPointerException if c is null
993
   * @see Class
994
   * @see Member#DECLARED
995
   * @see Member#PUBLIC
996
   * @since 1.1
997
   */
998
  public void checkMemberAccess(Class<?> c, int memberType)
999
  {
1000
    if (c == null)
1001
      throw new NullPointerException();
1002
    if (memberType == Member.PUBLIC)
1003
      return;
1004
    // XXX Allow access to classes created by same classloader before next
1005
    // check.
1006
    checkPermission(new RuntimePermission("accessDeclaredMembers"));
1007
  }
1008
 
1009
  /**
1010
   * Test whether a particular security action may be taken. The default
1011
   * implementation checks <code>SecurityPermission(action)</code>. If you
1012
   * override this, call <code>super.checkSecurityAccess</code> rather than
1013
   * throwing an exception.
1014
   *
1015
   * @param action the desired action to take
1016
   * @throws SecurityException if permission is denied
1017
   * @throws NullPointerException if action is null
1018
   * @throws IllegalArgumentException if action is ""
1019
   * @since 1.1
1020
   */
1021
  public void checkSecurityAccess(String action)
1022
  {
1023
    checkPermission(new SecurityPermission(action));
1024
  }
1025
 
1026
  /**
1027
   * Get the ThreadGroup that a new Thread should belong to by default. Called
1028
   * by Thread.Thread(). The default implementation returns the current
1029
   * ThreadGroup of the current Thread. <STRONG>Spec Note:</STRONG> it is not
1030
   * clear whether the new Thread is guaranteed to pass the
1031
   * checkAccessThreadGroup() test when using this ThreadGroup, but I presume
1032
   * so.
1033
   *
1034
   * @return the ThreadGroup to put the new Thread into
1035
   * @since 1.1
1036
   */
1037
  public ThreadGroup getThreadGroup()
1038
  {
1039
    return Thread.currentThread().getThreadGroup();
1040
  }
1041
 
1042
  /**
1043
   * Helper that checks a comma-separated list of restricted packages, from
1044
   * <code>Security.getProperty("package.definition")</code>, for the given
1045
   * package access permission. If packageName starts with or equals any
1046
   * restricted package, it checks
1047
   * <code>RuntimePermission(permission + packageName)</code>.
1048
   *
1049
   * @param packageName the package name to check access to
1050
   * @param restriction "package.access" or "package.definition"
1051
   * @param permission the base permission, including the '.'
1052
   * @throws SecurityException if permission is denied
1053
   * @throws NullPointerException if packageName is null
1054
   * @see #checkPackageAccess(String)
1055
   * @see #checkPackageDefinition(String)
1056
   */
1057
  void checkPackageList(String packageName, final String restriction,
1058
                        String permission)
1059
  {
1060
    if (packageName == null)
1061
      throw new NullPointerException();
1062
 
1063
    String list = (String)AccessController.doPrivileged(new PrivilegedAction()
1064
      {
1065
        public Object run()
1066
        {
1067
          return Security.getProperty(restriction);
1068
        }
1069
      });
1070
 
1071
    if (list == null || list.equals(""))
1072
      return;
1073
 
1074
    String packageNamePlusDot = packageName + ".";
1075
 
1076
    StringTokenizer st = new StringTokenizer(list, ",");
1077
    while (st.hasMoreTokens())
1078
      {
1079
        if (packageNamePlusDot.startsWith(st.nextToken()))
1080
          {
1081
            Permission p = new RuntimePermission(permission + packageName);
1082
            checkPermission(p);
1083
            return;
1084
          }
1085
      }
1086
  }
1087
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.