0001 /*
0002 * Copyright 1995-2006 Sun Microsystems, Inc. All Rights Reserved.
0003 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0004 *
0005 * This code is free software; you can redistribute it and/or modify it
0006 * under the terms of the GNU General Public License version 2 only, as
0007 * published by the Free Software Foundation. Sun designates this
0008 * particular file as subject to the "Classpath" exception as provided
0009 * by Sun in the LICENSE file that accompanied this code.
0010 *
0011 * This code is distributed in the hope that it will be useful, but WITHOUT
0012 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0013 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0014 * version 2 for more details (a copy is included in the LICENSE file that
0015 * accompanied this code).
0016 *
0017 * You should have received a copy of the GNU General Public License version
0018 * 2 along with this work; if not, write to the Free Software Foundation,
0019 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0020 *
0021 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
0022 * CA 95054 USA or visit www.sun.com if you need additional information or
0023 * have any questions.
0024 */
0025
0026 package java.lang;
0027
0028 import java.security.*;
0029 import java.io.FileDescriptor;
0030 import java.io.File;
0031 import java.io.FilePermission;
0032 import java.awt.AWTPermission;
0033 import java.util.PropertyPermission;
0034 import java.lang.RuntimePermission;
0035 import java.net.SocketPermission;
0036 import java.net.NetPermission;
0037 import java.util.Hashtable;
0038 import java.net.InetAddress;
0039 import java.lang.reflect.Member;
0040 import java.lang.reflect.*;
0041 import java.net.URL;
0042
0043 import sun.security.util.SecurityConstants;
0044
0045 /**
0046 * The security manager is a class that allows
0047 * applications to implement a security policy. It allows an
0048 * application to determine, before performing a possibly unsafe or
0049 * sensitive operation, what the operation is and whether
0050 * it is being attempted in a security context that allows the
0051 * operation to be performed. The
0052 * application can allow or disallow the operation.
0053 * <p>
0054 * The <code>SecurityManager</code> class contains many methods with
0055 * names that begin with the word <code>check</code>. These methods
0056 * are called by various methods in the Java libraries before those
0057 * methods perform certain potentially sensitive operations. The
0058 * invocation of such a <code>check</code> method typically looks like this:
0059 * <p><blockquote><pre>
0060 * SecurityManager security = System.getSecurityManager();
0061 * if (security != null) {
0062 * security.check<i>XXX</i>(argument, . . . );
0063 * }
0064 * </pre></blockquote>
0065 * <p>
0066 * The security manager is thereby given an opportunity to prevent
0067 * completion of the operation by throwing an exception. A security
0068 * manager routine simply returns if the operation is permitted, but
0069 * throws a <code>SecurityException</code> if the operation is not
0070 * permitted. The only exception to this convention is
0071 * <code>checkTopLevelWindow</code>, which returns a
0072 * <code>boolean</code> value.
0073 * <p>
0074 * The current security manager is set by the
0075 * <code>setSecurityManager</code> method in class
0076 * <code>System</code>. The current security manager is obtained
0077 * by the <code>getSecurityManager</code> method.
0078 * <p>
0079 * The special method
0080 * {@link SecurityManager#checkPermission(java.security.Permission)}
0081 * determines whether an access request indicated by a specified
0082 * permission should be granted or denied. The
0083 * default implementation calls
0084 *
0085 * <pre>
0086 * AccessController.checkPermission(perm);
0087 * </pre>
0088 *
0089 * <p>
0090 * If a requested access is allowed,
0091 * <code>checkPermission</code> returns quietly. If denied, a
0092 * <code>SecurityException</code> is thrown.
0093 * <p>
0094 * As of Java 2 SDK v1.2, the default implementation of each of the other
0095 * <code>check</code> methods in <code>SecurityManager</code> is to
0096 * call the <code>SecurityManager checkPermission</code> method
0097 * to determine if the calling thread has permission to perform the requested
0098 * operation.
0099 * <p>
0100 * Note that the <code>checkPermission</code> method with
0101 * just a single permission argument always performs security checks
0102 * within the context of the currently executing thread.
0103 * Sometimes a security check that should be made within a given context
0104 * will actually need to be done from within a
0105 * <i>different</i> context (for example, from within a worker thread).
0106 * The {@link SecurityManager#getSecurityContext getSecurityContext} method
0107 * and the {@link SecurityManager#checkPermission(java.security.Permission,
0108 * java.lang.Object) checkPermission}
0109 * method that includes a context argument are provided
0110 * for this situation. The
0111 * <code>getSecurityContext</code> method returns a "snapshot"
0112 * of the current calling context. (The default implementation
0113 * returns an AccessControlContext object.) A sample call is
0114 * the following:
0115 *
0116 * <pre>
0117 * Object context = null;
0118 * SecurityManager sm = System.getSecurityManager();
0119 * if (sm != null) context = sm.getSecurityContext();
0120 * </pre>
0121 *
0122 * <p>
0123 * The <code>checkPermission</code> method
0124 * that takes a context object in addition to a permission
0125 * makes access decisions based on that context,
0126 * rather than on that of the current execution thread.
0127 * Code within a different context can thus call that method,
0128 * passing the permission and the
0129 * previously-saved context object. A sample call, using the
0130 * SecurityManager <code>sm</code> obtained as in the previous example,
0131 * is the following:
0132 *
0133 * <pre>
0134 * if (sm != null) sm.checkPermission(permission, context);
0135 * </pre>
0136 *
0137 * <p>Permissions fall into these categories: File, Socket, Net,
0138 * Security, Runtime, Property, AWT, Reflect, and Serializable.
0139 * The classes managing these various
0140 * permission categories are <code>java.io.FilePermission</code>,
0141 * <code>java.net.SocketPermission</code>,
0142 * <code>java.net.NetPermission</code>,
0143 * <code>java.security.SecurityPermission</code>,
0144 * <code>java.lang.RuntimePermission</code>,
0145 * <code>java.util.PropertyPermission</code>,
0146 * <code>java.awt.AWTPermission</code>,
0147 * <code>java.lang.reflect.ReflectPermission</code>, and
0148 * <code>java.io.SerializablePermission</code>.
0149 *
0150 * <p>All but the first two (FilePermission and SocketPermission) are
0151 * subclasses of <code>java.security.BasicPermission</code>, which itself
0152 * is an abstract subclass of the
0153 * top-level class for permissions, which is
0154 * <code>java.security.Permission</code>. BasicPermission defines the
0155 * functionality needed for all permissions that contain a name
0156 * that follows the hierarchical property naming convention
0157 * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
0158 * An asterisk
0159 * may appear at the end of the name, following a ".", or by itself, to
0160 * signify a wildcard match. For example: "a.*" or "*" is valid,
0161 * "*a" or "a*b" is not valid.
0162 *
0163 * <p>FilePermission and SocketPermission are subclasses of the
0164 * top-level class for permissions
0165 * (<code>java.security.Permission</code>). Classes like these
0166 * that have a more complicated name syntax than that used by
0167 * BasicPermission subclass directly from Permission rather than from
0168 * BasicPermission. For example,
0169 * for a <code>java.io.FilePermission</code> object, the permission name is
0170 * the path name of a file (or directory).
0171 *
0172 * <p>Some of the permission classes have an "actions" list that tells
0173 * the actions that are permitted for the object. For example,
0174 * for a <code>java.io.FilePermission</code> object, the actions list
0175 * (such as "read, write") specifies which actions are granted for the
0176 * specified file (or for files in the specified directory).
0177 *
0178 * <p>Other permission classes are for "named" permissions -
0179 * ones that contain a name but no actions list; you either have the
0180 * named permission or you don't.
0181 *
0182 * <p>Note: There is also a <code>java.security.AllPermission</code>
0183 * permission that implies all permissions. It exists to simplify the work
0184 * of system administrators who might need to perform multiple
0185 * tasks that require all (or numerous) permissions.
0186 * <p>
0187 * See <a href ="../../../technotes/guides/security/permissions.html">
0188 * Permissions in the JDK</a> for permission-related information.
0189 * This document includes, for example, a table listing the various SecurityManager
0190 * <code>check</code> methods and the permission(s) the default
0191 * implementation of each such method requires.
0192 * It also contains a table of all the version 1.2 methods
0193 * that require permissions, and for each such method tells
0194 * which permission it requires.
0195 * <p>
0196 * For more information about <code>SecurityManager</code> changes made in
0197 * the JDK and advice regarding porting of 1.1-style security managers,
0198 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
0199 *
0200 * @author Arthur van Hoff
0201 * @author Roland Schemers
0202 *
0203 * @version 1.145, 05/05/07
0204 * @see java.lang.ClassLoader
0205 * @see java.lang.SecurityException
0206 * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
0207 * checkTopLevelWindow
0208 * @see java.lang.System#getSecurityManager() getSecurityManager
0209 * @see java.lang.System#setSecurityManager(java.lang.SecurityManager)
0210 * setSecurityManager
0211 * @see java.security.AccessController AccessController
0212 * @see java.security.AccessControlContext AccessControlContext
0213 * @see java.security.AccessControlException AccessControlException
0214 * @see java.security.Permission
0215 * @see java.security.BasicPermission
0216 * @see java.io.FilePermission
0217 * @see java.net.SocketPermission
0218 * @see java.util.PropertyPermission
0219 * @see java.lang.RuntimePermission
0220 * @see java.awt.AWTPermission
0221 * @see java.security.Policy Policy
0222 * @see java.security.SecurityPermission SecurityPermission
0223 * @see java.security.ProtectionDomain
0224 *
0225 * @since JDK1.0
0226 */
0227 public class SecurityManager {
0228
0229 /**
0230 * This field is <code>true</code> if there is a security check in
0231 * progress; <code>false</code> otherwise.
0232 *
0233 * @deprecated This type of security checking is not recommended.
0234 * It is recommended that the <code>checkPermission</code>
0235 * call be used instead.
0236 */
0237 @Deprecated
0238 protected boolean inCheck;
0239
0240 /*
0241 * Have we been initialized. Effective against finalizer attacks.
0242 */
0243 private boolean initialized = false;
0244
0245 /**
0246 * returns true if the current context has been granted AllPermission
0247 */
0248 private boolean hasAllPermission() {
0249 try {
0250 checkPermission(SecurityConstants.ALL_PERMISSION);
0251 return true;
0252 } catch (SecurityException se) {
0253 return false;
0254 }
0255 }
0256
0257 /**
0258 * Tests if there is a security check in progress.
0259 *
0260 * @return the value of the <code>inCheck</code> field. This field
0261 * should contain <code>true</code> if a security check is
0262 * in progress,
0263 * <code>false</code> otherwise.
0264 * @see java.lang.SecurityManager#inCheck
0265 * @deprecated This type of security checking is not recommended.
0266 * It is recommended that the <code>checkPermission</code>
0267 * call be used instead.
0268 */
0269 @Deprecated
0270 public boolean getInCheck() {
0271 return inCheck;
0272 }
0273
0274 /**
0275 * Constructs a new <code>SecurityManager</code>.
0276 *
0277 * <p> If there is a security manager already installed, this method first
0278 * calls the security manager's <code>checkPermission</code> method
0279 * with the <code>RuntimePermission("createSecurityManager")</code>
0280 * permission to ensure the calling thread has permission to create a new
0281 * security manager.
0282 * This may result in throwing a <code>SecurityException</code>.
0283 *
0284 * @exception java.lang.SecurityException if a security manager already
0285 * exists and its <code>checkPermission</code> method
0286 * doesn't allow creation of a new security manager.
0287 * @see java.lang.System#getSecurityManager()
0288 * @see #checkPermission(java.security.Permission) checkPermission
0289 * @see java.lang.RuntimePermission
0290 */
0291 public SecurityManager() {
0292 synchronized (SecurityManager.class) {
0293 SecurityManager sm = System.getSecurityManager();
0294 if (sm != null) {
0295 // ask the currently installed security manager if we
0296 // can create a new one.
0297 sm.checkPermission(new RuntimePermission(
0298 "createSecurityManager"));
0299 }
0300 initialized = true;
0301 }
0302 }
0303
0304 /**
0305 * Returns the current execution stack as an array of classes.
0306 * <p>
0307 * The length of the array is the number of methods on the execution
0308 * stack. The element at index <code>0</code> is the class of the
0309 * currently executing method, the element at index <code>1</code> is
0310 * the class of that method's caller, and so on.
0311 *
0312 * @return the execution stack.
0313 */
0314 protected native Class[] getClassContext();
0315
0316 /**
0317 * Returns the class loader of the most recently executing method from
0318 * a class defined using a non-system class loader. A non-system
0319 * class loader is defined as being a class loader that is not equal to
0320 * the system class loader (as returned
0321 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0322 * <p>
0323 * This method will return
0324 * <code>null</code> in the following three cases:<p>
0325 * <ol>
0326 * <li>All methods on the execution stack are from classes
0327 * defined using the system class loader or one of its ancestors.
0328 *
0329 * <li>All methods on the execution stack up to the first
0330 * "privileged" caller
0331 * (see {@link java.security.AccessController#doPrivileged})
0332 * are from classes
0333 * defined using the system class loader or one of its ancestors.
0334 *
0335 * <li> A call to <code>checkPermission</code> with
0336 * <code>java.security.AllPermission</code> does not
0337 * result in a SecurityException.
0338 *
0339 * </ol>
0340 *
0341 * @return the class loader of the most recent occurrence on the stack
0342 * of a method from a class defined using a non-system class
0343 * loader.
0344 *
0345 * @deprecated This type of security checking is not recommended.
0346 * It is recommended that the <code>checkPermission</code>
0347 * call be used instead.
0348 *
0349 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0350 * @see #checkPermission(java.security.Permission) checkPermission
0351 */
0352 @Deprecated
0353 protected ClassLoader currentClassLoader() {
0354 ClassLoader cl = currentClassLoader0();
0355 if ((cl != null) && hasAllPermission())
0356 cl = null;
0357 return cl;
0358 }
0359
0360 private native ClassLoader currentClassLoader0();
0361
0362 /**
0363 * Returns the class of the most recently executing method from
0364 * a class defined using a non-system class loader. A non-system
0365 * class loader is defined as being a class loader that is not equal to
0366 * the system class loader (as returned
0367 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0368 * <p>
0369 * This method will return
0370 * <code>null</code> in the following three cases:<p>
0371 * <ol>
0372 * <li>All methods on the execution stack are from classes
0373 * defined using the system class loader or one of its ancestors.
0374 *
0375 * <li>All methods on the execution stack up to the first
0376 * "privileged" caller
0377 * (see {@link java.security.AccessController#doPrivileged})
0378 * are from classes
0379 * defined using the system class loader or one of its ancestors.
0380 *
0381 * <li> A call to <code>checkPermission</code> with
0382 * <code>java.security.AllPermission</code> does not
0383 * result in a SecurityException.
0384 *
0385 * </ol>
0386 *
0387 * @return the class of the most recent occurrence on the stack
0388 * of a method from a class defined using a non-system class
0389 * loader.
0390 *
0391 * @deprecated This type of security checking is not recommended.
0392 * It is recommended that the <code>checkPermission</code>
0393 * call be used instead.
0394 *
0395 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0396 * @see #checkPermission(java.security.Permission) checkPermission
0397 */
0398 @Deprecated
0399 protected Class<?> currentLoadedClass() {
0400 Class c = currentLoadedClass0();
0401 if ((c != null) && hasAllPermission())
0402 c = null;
0403 return c;
0404 }
0405
0406 /**
0407 * Returns the stack depth of the specified class.
0408 *
0409 * @param name the fully qualified name of the class to search for.
0410 * @return the depth on the stack frame of the first occurrence of a
0411 * method from a class with the specified name;
0412 * <code>-1</code> if such a frame cannot be found.
0413 * @deprecated This type of security checking is not recommended.
0414 * It is recommended that the <code>checkPermission</code>
0415 * call be used instead.
0416 *
0417 */
0418 @Deprecated
0419 protected native int classDepth(String name);
0420
0421 /**
0422 * Returns the stack depth of the most recently executing method
0423 * from a class defined using a non-system class loader. A non-system
0424 * class loader is defined as being a class loader that is not equal to
0425 * the system class loader (as returned
0426 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0427 * <p>
0428 * This method will return
0429 * -1 in the following three cases:<p>
0430 * <ol>
0431 * <li>All methods on the execution stack are from classes
0432 * defined using the system class loader or one of its ancestors.
0433 *
0434 * <li>All methods on the execution stack up to the first
0435 * "privileged" caller
0436 * (see {@link java.security.AccessController#doPrivileged})
0437 * are from classes
0438 * defined using the system class loader or one of its ancestors.
0439 *
0440 * <li> A call to <code>checkPermission</code> with
0441 * <code>java.security.AllPermission</code> does not
0442 * result in a SecurityException.
0443 *
0444 * </ol>
0445 *
0446 * @return the depth on the stack frame of the most recent occurrence of
0447 * a method from a class defined using a non-system class loader.
0448 *
0449 * @deprecated This type of security checking is not recommended.
0450 * It is recommended that the <code>checkPermission</code>
0451 * call be used instead.
0452 *
0453 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0454 * @see #checkPermission(java.security.Permission) checkPermission
0455 */
0456 @Deprecated
0457 protected int classLoaderDepth() {
0458 int depth = classLoaderDepth0();
0459 if (depth != -1) {
0460 if (hasAllPermission())
0461 depth = -1;
0462 else
0463 depth--; // make sure we don't include ourself
0464 }
0465 return depth;
0466 }
0467
0468 private native int classLoaderDepth0();
0469
0470 /**
0471 * Tests if a method from a class with the specified
0472 * name is on the execution stack.
0473 *
0474 * @param name the fully qualified name of the class.
0475 * @return <code>true</code> if a method from a class with the specified
0476 * name is on the execution stack; <code>false</code> otherwise.
0477 * @deprecated This type of security checking is not recommended.
0478 * It is recommended that the <code>checkPermission</code>
0479 * call be used instead.
0480 */
0481 @Deprecated
0482 protected boolean inClass(String name) {
0483 return classDepth(name) >= 0;
0484 }
0485
0486 /**
0487 * Basically, tests if a method from a class defined using a
0488 * class loader is on the execution stack.
0489 *
0490 * @return <code>true</code> if a call to <code>currentClassLoader</code>
0491 * has a non-null return value.
0492 *
0493 * @deprecated This type of security checking is not recommended.
0494 * It is recommended that the <code>checkPermission</code>
0495 * call be used instead.
0496 * @see #currentClassLoader() currentClassLoader
0497 */
0498 @Deprecated
0499 protected boolean inClassLoader() {
0500 return currentClassLoader() != null;
0501 }
0502
0503 /**
0504 * Creates an object that encapsulates the current execution
0505 * environment. The result of this method is used, for example, by the
0506 * three-argument <code>checkConnect</code> method and by the
0507 * two-argument <code>checkRead</code> method.
0508 * These methods are needed because a trusted method may be called
0509 * on to read a file or open a socket on behalf of another method.
0510 * The trusted method needs to determine if the other (possibly
0511 * untrusted) method would be allowed to perform the operation on its
0512 * own.
0513 * <p> The default implementation of this method is to return
0514 * an <code>AccessControlContext</code> object.
0515 *
0516 * @return an implementation-dependent object that encapsulates
0517 * sufficient information about the current execution environment
0518 * to perform some security checks later.
0519 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int,
0520 * java.lang.Object) checkConnect
0521 * @see java.lang.SecurityManager#checkRead(java.lang.String,
0522 * java.lang.Object) checkRead
0523 * @see java.security.AccessControlContext AccessControlContext
0524 */
0525 public Object getSecurityContext() {
0526 return AccessController.getContext();
0527 }
0528
0529 /**
0530 * Throws a <code>SecurityException</code> if the requested
0531 * access, specified by the given permission, is not permitted based
0532 * on the security policy currently in effect.
0533 * <p>
0534 * This method calls <code>AccessController.checkPermission</code>
0535 * with the given permission.
0536 *
0537 * @param perm the requested permission.
0538 * @exception SecurityException if access is not permitted based on
0539 * the current security policy.
0540 * @exception NullPointerException if the permission argument is
0541 * <code>null</code>.
0542 * @since 1.2
0543 */
0544 public void checkPermission(Permission perm) {
0545 java.security.AccessController.checkPermission(perm);
0546 }
0547
0548 /**
0549 * Throws a <code>SecurityException</code> if the
0550 * specified security context is denied access to the resource
0551 * specified by the given permission.
0552 * The context must be a security
0553 * context returned by a previous call to
0554 * <code>getSecurityContext</code> and the access control
0555 * decision is based upon the configured security policy for
0556 * that security context.
0557 * <p>
0558 * If <code>context</code> is an instance of
0559 * <code>AccessControlContext</code> then the
0560 * <code>AccessControlContext.checkPermission</code> method is
0561 * invoked with the specified permission.
0562 * <p>
0563 * If <code>context</code> is not an instance of
0564 * <code>AccessControlContext</code> then a
0565 * <code>SecurityException</code> is thrown.
0566 *
0567 * @param perm the specified permission
0568 * @param context a system-dependent security context.
0569 * @exception SecurityException if the specified security context
0570 * is not an instance of <code>AccessControlContext</code>
0571 * (e.g., is <code>null</code>), or is denied access to the
0572 * resource specified by the given permission.
0573 * @exception NullPointerException if the permission argument is
0574 * <code>null</code>.
0575 * @see java.lang.SecurityManager#getSecurityContext()
0576 * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
0577 * @since 1.2
0578 */
0579 public void checkPermission(Permission perm, Object context) {
0580 if (context instanceof AccessControlContext) {
0581 ((AccessControlContext) context).checkPermission(perm);
0582 } else {
0583 throw new SecurityException();
0584 }
0585 }
0586
0587 /**
0588 * Throws a <code>SecurityException</code> if the
0589 * calling thread is not allowed to create a new class loader.
0590 * <p>
0591 * This method calls <code>checkPermission</code> with the
0592 * <code>RuntimePermission("createClassLoader")</code>
0593 * permission.
0594 * <p>
0595 * If you override this method, then you should make a call to
0596 * <code>super.checkCreateClassLoader</code>
0597 * at the point the overridden method would normally throw an
0598 * exception.
0599 *
0600 * @exception SecurityException if the calling thread does not
0601 * have permission
0602 * to create a new class loader.
0603 * @see java.lang.ClassLoader#ClassLoader()
0604 * @see #checkPermission(java.security.Permission) checkPermission
0605 */
0606 public void checkCreateClassLoader() {
0607 checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
0608 }
0609
0610 /**
0611 * reference to the root thread group, used for the checkAccess
0612 * methods.
0613 */
0614
0615 private static ThreadGroup rootGroup = getRootGroup();
0616
0617 private static ThreadGroup getRootGroup() {
0618 ThreadGroup root = Thread.currentThread().getThreadGroup();
0619 while (root.getParent() != null) {
0620 root = root.getParent();
0621 }
0622 return root;
0623 }
0624
0625 /**
0626 * Throws a <code>SecurityException</code> if the
0627 * calling thread is not allowed to modify the thread argument.
0628 * <p>
0629 * This method is invoked for the current security manager by the
0630 * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
0631 * <code>setPriority</code>, <code>setName</code>, and
0632 * <code>setDaemon</code> methods of class <code>Thread</code>.
0633 * <p>
0634 * If the thread argument is a system thread (belongs to
0635 * the thread group with a <code>null</code> parent) then
0636 * this method calls <code>checkPermission</code> with the
0637 * <code>RuntimePermission("modifyThread")</code> permission.
0638 * If the thread argument is <i>not</i> a system thread,
0639 * this method just returns silently.
0640 * <p>
0641 * Applications that want a stricter policy should override this
0642 * method. If this method is overridden, the method that overrides
0643 * it should additionally check to see if the calling thread has the
0644 * <code>RuntimePermission("modifyThread")</code> permission, and
0645 * if so, return silently. This is to ensure that code granted
0646 * that permission (such as the JDK itself) is allowed to
0647 * manipulate any thread.
0648 * <p>
0649 * If this method is overridden, then
0650 * <code>super.checkAccess</code> should
0651 * be called by the first statement in the overridden method, or the
0652 * equivalent security check should be placed in the overridden method.
0653 *
0654 * @param t the thread to be checked.
0655 * @exception SecurityException if the calling thread does not have
0656 * permission to modify the thread.
0657 * @exception NullPointerException if the thread argument is
0658 * <code>null</code>.
0659 * @see java.lang.Thread#resume() resume
0660 * @see java.lang.Thread#setDaemon(boolean) setDaemon
0661 * @see java.lang.Thread#setName(java.lang.String) setName
0662 * @see java.lang.Thread#setPriority(int) setPriority
0663 * @see java.lang.Thread#stop() stop
0664 * @see java.lang.Thread#suspend() suspend
0665 * @see #checkPermission(java.security.Permission) checkPermission
0666 */
0667 public void checkAccess(Thread t) {
0668 if (t == null) {
0669 throw new NullPointerException("thread can't be null");
0670 }
0671 if (t.getThreadGroup() == rootGroup) {
0672 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
0673 } else {
0674 // just return
0675 }
0676 }
0677
0678 /**
0679 * Throws a <code>SecurityException</code> if the
0680 * calling thread is not allowed to modify the thread group argument.
0681 * <p>
0682 * This method is invoked for the current security manager when a
0683 * new child thread or child thread group is created, and by the
0684 * <code>setDaemon</code>, <code>setMaxPriority</code>,
0685 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
0686 * <code>destroy</code> methods of class <code>ThreadGroup</code>.
0687 * <p>
0688 * If the thread group argument is the system thread group (
0689 * has a <code>null</code> parent) then
0690 * this method calls <code>checkPermission</code> with the
0691 * <code>RuntimePermission("modifyThreadGroup")</code> permission.
0692 * If the thread group argument is <i>not</i> the system thread group,
0693 * this method just returns silently.
0694 * <p>
0695 * Applications that want a stricter policy should override this
0696 * method. If this method is overridden, the method that overrides
0697 * it should additionally check to see if the calling thread has the
0698 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
0699 * if so, return silently. This is to ensure that code granted
0700 * that permission (such as the JDK itself) is allowed to
0701 * manipulate any thread.
0702 * <p>
0703 * If this method is overridden, then
0704 * <code>super.checkAccess</code> should
0705 * be called by the first statement in the overridden method, or the
0706 * equivalent security check should be placed in the overridden method.
0707 *
0708 * @param g the thread group to be checked.
0709 * @exception SecurityException if the calling thread does not have
0710 * permission to modify the thread group.
0711 * @exception NullPointerException if the thread group argument is
0712 * <code>null</code>.
0713 * @see java.lang.ThreadGroup#destroy() destroy
0714 * @see java.lang.ThreadGroup#resume() resume
0715 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon
0716 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
0717 * @see java.lang.ThreadGroup#stop() stop
0718 * @see java.lang.ThreadGroup#suspend() suspend
0719 * @see #checkPermission(java.security.Permission) checkPermission
0720 */
0721 public void checkAccess(ThreadGroup g) {
0722 if (g == null) {
0723 throw new NullPointerException("thread group can't be null");
0724 }
0725 if (g == rootGroup) {
0726 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
0727 } else {
0728 // just return
0729 }
0730 }
0731
0732 /**
0733 * Throws a <code>SecurityException</code> if the
0734 * calling thread is not allowed to cause the Java Virtual Machine to
0735 * halt with the specified status code.
0736 * <p>
0737 * This method is invoked for the current security manager by the
0738 * <code>exit</code> method of class <code>Runtime</code>. A status
0739 * of <code>0</code> indicates success; other values indicate various
0740 * errors.
0741 * <p>
0742 * This method calls <code>checkPermission</code> with the
0743 * <code>RuntimePermission("exitVM."+status)</code> permission.
0744 * <p>
0745 * If you override this method, then you should make a call to
0746 * <code>super.checkExit</code>
0747 * at the point the overridden method would normally throw an
0748 * exception.
0749 *
0750 * @param status the exit status.
0751 * @exception SecurityException if the calling thread does not have
0752 * permission to halt the Java Virtual Machine with
0753 * the specified status.
0754 * @see java.lang.Runtime#exit(int) exit
0755 * @see #checkPermission(java.security.Permission) checkPermission
0756 */
0757 public void checkExit(int status) {
0758 checkPermission(new RuntimePermission("exitVM." + status));
0759 }
0760
0761 /**
0762 * Throws a <code>SecurityException</code> if the
0763 * calling thread is not allowed to create a subprocess.
0764 * <p>
0765 * This method is invoked for the current security manager by the
0766 * <code>exec</code> methods of class <code>Runtime</code>.
0767 * <p>
0768 * This method calls <code>checkPermission</code> with the
0769 * <code>FilePermission(cmd,"execute")</code> permission
0770 * if cmd is an absolute path, otherwise it calls
0771 * <code>checkPermission</code> with
0772 * <code>FilePermission("<<ALL FILES>>","execute")</code>.
0773 * <p>
0774 * If you override this method, then you should make a call to
0775 * <code>super.checkExec</code>
0776 * at the point the overridden method would normally throw an
0777 * exception.
0778 *
0779 * @param cmd the specified system command.
0780 * @exception SecurityException if the calling thread does not have
0781 * permission to create a subprocess.
0782 * @exception NullPointerException if the <code>cmd</code> argument is
0783 * <code>null</code>.
0784 * @see java.lang.Runtime#exec(java.lang.String)
0785 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[])
0786 * @see java.lang.Runtime#exec(java.lang.String[])
0787 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
0788 * @see #checkPermission(java.security.Permission) checkPermission
0789 */
0790 public void checkExec(String cmd) {
0791 File f = new File(cmd);
0792 if (f.isAbsolute()) {
0793 checkPermission(new FilePermission(cmd,
0794 SecurityConstants.FILE_EXECUTE_ACTION));
0795 } else {
0796 checkPermission(new FilePermission("<<ALL FILES>>",
0797 SecurityConstants.FILE_EXECUTE_ACTION));
0798 }
0799 }
0800
0801 /**
0802 * Throws a <code>SecurityException</code> if the
0803 * calling thread is not allowed to dynamic link the library code
0804 * specified by the string argument file. The argument is either a
0805 * simple library name or a complete filename.
0806 * <p>
0807 * This method is invoked for the current security manager by
0808 * methods <code>load</code> and <code>loadLibrary</code> of class
0809 * <code>Runtime</code>.
0810 * <p>
0811 * This method calls <code>checkPermission</code> with the
0812 * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
0813 * <p>
0814 * If you override this method, then you should make a call to
0815 * <code>super.checkLink</code>
0816 * at the point the overridden method would normally throw an
0817 * exception.
0818 *
0819 * @param lib the name of the library.
0820 * @exception SecurityException if the calling thread does not have
0821 * permission to dynamically link the library.
0822 * @exception NullPointerException if the <code>lib</code> argument is
0823 * <code>null</code>.
0824 * @see java.lang.Runtime#load(java.lang.String)
0825 * @see java.lang.Runtime#loadLibrary(java.lang.String)
0826 * @see #checkPermission(java.security.Permission) checkPermission
0827 */
0828 public void checkLink(String lib) {
0829 if (lib == null) {
0830 throw new NullPointerException("library can't be null");
0831 }
0832 checkPermission(new RuntimePermission("loadLibrary." + lib));
0833 }
0834
0835 /**
0836 * Throws a <code>SecurityException</code> if the
0837 * calling thread is not allowed to read from the specified file
0838 * descriptor.
0839 * <p>
0840 * This method calls <code>checkPermission</code> with the
0841 * <code>RuntimePermission("readFileDescriptor")</code>
0842 * permission.
0843 * <p>
0844 * If you override this method, then you should make a call to
0845 * <code>super.checkRead</code>
0846 * at the point the overridden method would normally throw an
0847 * exception.
0848 *
0849 * @param fd the system-dependent file descriptor.
0850 * @exception SecurityException if the calling thread does not have
0851 * permission to access the specified file descriptor.
0852 * @exception NullPointerException if the file descriptor argument is
0853 * <code>null</code>.
0854 * @see java.io.FileDescriptor
0855 * @see #checkPermission(java.security.Permission) checkPermission
0856 */
0857 public void checkRead(FileDescriptor fd) {
0858 if (fd == null) {
0859 throw new NullPointerException(
0860 "file descriptor can't be null");
0861 }
0862 checkPermission(new RuntimePermission("readFileDescriptor"));
0863 }
0864
0865 /**
0866 * Throws a <code>SecurityException</code> if the
0867 * calling thread is not allowed to read the file specified by the
0868 * string argument.
0869 * <p>
0870 * This method calls <code>checkPermission</code> with the
0871 * <code>FilePermission(file,"read")</code> permission.
0872 * <p>
0873 * If you override this method, then you should make a call to
0874 * <code>super.checkRead</code>
0875 * at the point the overridden method would normally throw an
0876 * exception.
0877 *
0878 * @param file the system-dependent file name.
0879 * @exception SecurityException if the calling thread does not have
0880 * permission to access the specified file.
0881 * @exception NullPointerException if the <code>file</code> argument is
0882 * <code>null</code>.
0883 * @see #checkPermission(java.security.Permission) checkPermission
0884 */
0885 public void checkRead(String file) {
0886 checkPermission(new FilePermission(file,
0887 SecurityConstants.FILE_READ_ACTION));
0888 }
0889
0890 /**
0891 * Throws a <code>SecurityException</code> if the
0892 * specified security context is not allowed to read the file
0893 * specified by the string argument. The context must be a security
0894 * context returned by a previous call to
0895 * <code>getSecurityContext</code>.
0896 * <p> If <code>context</code> is an instance of
0897 * <code>AccessControlContext</code> then the
0898 * <code>AccessControlContext.checkPermission</code> method will
0899 * be invoked with the <code>FilePermission(file,"read")</code> permission.
0900 * <p> If <code>context</code> is not an instance of
0901 * <code>AccessControlContext</code> then a
0902 * <code>SecurityException</code> is thrown.
0903 * <p>
0904 * If you override this method, then you should make a call to
0905 * <code>super.checkRead</code>
0906 * at the point the overridden method would normally throw an
0907 * exception.
0908 *
0909 * @param file the system-dependent filename.
0910 * @param context a system-dependent security context.
0911 * @exception SecurityException if the specified security context
0912 * is not an instance of <code>AccessControlContext</code>
0913 * (e.g., is <code>null</code>), or does not have permission
0914 * to read the specified file.
0915 * @exception NullPointerException if the <code>file</code> argument is
0916 * <code>null</code>.
0917 * @see java.lang.SecurityManager#getSecurityContext()
0918 * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
0919 */
0920 public void checkRead(String file, Object context) {
0921 checkPermission(new FilePermission(file,
0922 SecurityConstants.FILE_READ_ACTION), context);
0923 }
0924
0925 /**
0926 * Throws a <code>SecurityException</code> if the
0927 * calling thread is not allowed to write to the specified file
0928 * descriptor.
0929 * <p>
0930 * This method calls <code>checkPermission</code> with the
0931 * <code>RuntimePermission("writeFileDescriptor")</code>
0932 * permission.
0933 * <p>
0934 * If you override this method, then you should make a call to
0935 * <code>super.checkWrite</code>
0936 * at the point the overridden method would normally throw an
0937 * exception.
0938 *
0939 * @param fd the system-dependent file descriptor.
0940 * @exception SecurityException if the calling thread does not have
0941 * permission to access the specified file descriptor.
0942 * @exception NullPointerException if the file descriptor argument is
0943 * <code>null</code>.
0944 * @see java.io.FileDescriptor
0945 * @see #checkPermission(java.security.Permission) checkPermission
0946 */
0947 public void checkWrite(FileDescriptor fd) {
0948 if (fd == null) {
0949 throw new NullPointerException(
0950 "file descriptor can't be null");
0951 }
0952 checkPermission(new RuntimePermission("writeFileDescriptor"));
0953
0954 }
0955
0956 /**
0957 * Throws a <code>SecurityException</code> if the
0958 * calling thread is not allowed to write to the file specified by
0959 * the string argument.
0960 * <p>
0961 * This method calls <code>checkPermission</code> with the
0962 * <code>FilePermission(file,"write")</code> permission.
0963 * <p>
0964 * If you override this method, then you should make a call to
0965 * <code>super.checkWrite</code>
0966 * at the point the overridden method would normally throw an
0967 * exception.
0968 *
0969 * @param file the system-dependent filename.
0970 * @exception SecurityException if the calling thread does not
0971 * have permission to access the specified file.
0972 * @exception NullPointerException if the <code>file</code> argument is
0973 * <code>null</code>.
0974 * @see #checkPermission(java.security.Permission) checkPermission
0975 */
0976 public void checkWrite(String file) {
0977 checkPermission(new FilePermission(file,
0978 SecurityConstants.FILE_WRITE_ACTION));
0979 }
0980
0981 /**
0982 * Throws a <code>SecurityException</code> if the
0983 * calling thread is not allowed to delete the specified file.
0984 * <p>
0985 * This method is invoked for the current security manager by the
0986 * <code>delete</code> method of class <code>File</code>.
0987 * <p>
0988 * This method calls <code>checkPermission</code> with the
0989 * <code>FilePermission(file,"delete")</code> permission.
0990 * <p>
0991 * If you override this method, then you should make a call to
0992 * <code>super.checkDelete</code>
0993 * at the point the overridden method would normally throw an
0994 * exception.
0995 *
0996 * @param file the system-dependent filename.
0997 * @exception SecurityException if the calling thread does not
0998 * have permission to delete the file.
0999 * @exception NullPointerException if the <code>file</code> argument is
1000 * <code>null</code>.
1001 * @see java.io.File#delete()
1002 * @see #checkPermission(java.security.Permission) checkPermission
1003 */
1004 public void checkDelete(String file) {
1005 checkPermission(new FilePermission(file,
1006 SecurityConstants.FILE_DELETE_ACTION));
1007 }
1008
1009 /**
1010 * Throws a <code>SecurityException</code> if the
1011 * calling thread is not allowed to open a socket connection to the
1012 * specified host and port number.
1013 * <p>
1014 * A port number of <code>-1</code> indicates that the calling
1015 * method is attempting to determine the IP address of the specified
1016 * host name.
1017 * <p>
1018 * This method calls <code>checkPermission</code> with the
1019 * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1020 * the port is not equal to -1. If the port is equal to -1, then
1021 * it calls <code>checkPermission</code> with the
1022 * <code>SocketPermission(host,"resolve")</code> permission.
1023 * <p>
1024 * If you override this method, then you should make a call to
1025 * <code>super.checkConnect</code>
1026 * at the point the overridden method would normally throw an
1027 * exception.
1028 *
1029 * @param host the host name port to connect to.
1030 * @param port the protocol port to connect to.
1031 * @exception SecurityException if the calling thread does not have
1032 * permission to open a socket connection to the specified
1033 * <code>host</code> and <code>port</code>.
1034 * @exception NullPointerException if the <code>host</code> argument is
1035 * <code>null</code>.
1036 * @see #checkPermission(java.security.Permission) checkPermission
1037 */
1038 public void checkConnect(String host, int port) {
1039 if (host == null) {
1040 throw new NullPointerException("host can't be null");
1041 }
1042 if (!host.startsWith("[") && host.indexOf(':') != -1) {
1043 host = "[" + host + "]";
1044 }
1045 if (port == -1) {
1046 checkPermission(new SocketPermission(host,
1047 SecurityConstants.SOCKET_RESOLVE_ACTION));
1048 } else {
1049 checkPermission(new SocketPermission(host + ":" + port,
1050 SecurityConstants.SOCKET_CONNECT_ACTION));
1051 }
1052 }
1053
1054 /**
1055 * Throws a <code>SecurityException</code> if the
1056 * specified security context is not allowed to open a socket
1057 * connection to the specified host and port number.
1058 * <p>
1059 * A port number of <code>-1</code> indicates that the calling
1060 * method is attempting to determine the IP address of the specified
1061 * host name.
1062 * <p> If <code>context</code> is not an instance of
1063 * <code>AccessControlContext</code> then a
1064 * <code>SecurityException</code> is thrown.
1065 * <p>
1066 * Otherwise, the port number is checked. If it is not equal
1067 * to -1, the <code>context</code>'s <code>checkPermission</code>
1068 * method is called with a
1069 * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1070 * If the port is equal to -1, then
1071 * the <code>context</code>'s <code>checkPermission</code> method
1072 * is called with a
1073 * <code>SocketPermission(host,"resolve")</code> permission.
1074 * <p>
1075 * If you override this method, then you should make a call to
1076 * <code>super.checkConnect</code>
1077 * at the point the overridden method would normally throw an
1078 * exception.
1079 *
1080 * @param host the host name port to connect to.
1081 * @param port the protocol port to connect to.
1082 * @param context a system-dependent security context.
1083 * @exception SecurityException if the specified security context
1084 * is not an instance of <code>AccessControlContext</code>
1085 * (e.g., is <code>null</code>), or does not have permission
1086 * to open a socket connection to the specified
1087 * <code>host</code> and <code>port</code>.
1088 * @exception NullPointerException if the <code>host</code> argument is
1089 * <code>null</code>.
1090 * @see java.lang.SecurityManager#getSecurityContext()
1091 * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
1092 */
1093 public void checkConnect(String host, int port, Object context) {
1094 if (host == null) {
1095 throw new NullPointerException("host can't be null");
1096 }
1097 if (!host.startsWith("[") && host.indexOf(':') != -1) {
1098 host = "[" + host + "]";
1099 }
1100 if (port == -1)
1101 checkPermission(new SocketPermission(host,
1102 SecurityConstants.SOCKET_RESOLVE_ACTION), context);
1103 else
1104 checkPermission(new SocketPermission(host + ":" + port,
1105 SecurityConstants.SOCKET_CONNECT_ACTION), context);
1106 }
1107
1108 /**
1109 * Throws a <code>SecurityException</code> if the
1110 * calling thread is not allowed to wait for a connection request on
1111 * the specified local port number.
1112 * <p>
1113 * If port is not 0, this method calls
1114 * <code>checkPermission</code> with the
1115 * <code>SocketPermission("localhost:"+port,"listen")</code>.
1116 * If port is zero, this method calls <code>checkPermission</code>
1117 * with <code>SocketPermission("localhost:1024-","listen").</code>
1118 * <p>
1119 * If you override this method, then you should make a call to
1120 * <code>super.checkListen</code>
1121 * at the point the overridden method would normally throw an
1122 * exception.
1123 *
1124 * @param port the local port.
1125 * @exception SecurityException if the calling thread does not have
1126 * permission to listen on the specified port.
1127 * @see #checkPermission(java.security.Permission) checkPermission
1128 */
1129 public void checkListen(int port) {
1130 if (port == 0) {
1131 checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
1132 } else {
1133 checkPermission(new SocketPermission("localhost:" + port,
1134 SecurityConstants.SOCKET_LISTEN_ACTION));
1135 }
1136 }
1137
1138 /**
1139 * Throws a <code>SecurityException</code> if the
1140 * calling thread is not permitted to accept a socket connection from
1141 * the specified host and port number.
1142 * <p>
1143 * This method is invoked for the current security manager by the
1144 * <code>accept</code> method of class <code>ServerSocket</code>.
1145 * <p>
1146 * This method calls <code>checkPermission</code> with the
1147 * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1148 * <p>
1149 * If you override this method, then you should make a call to
1150 * <code>super.checkAccept</code>
1151 * at the point the overridden method would normally throw an
1152 * exception.
1153 *
1154 * @param host the host name of the socket connection.
1155 * @param port the port number of the socket connection.
1156 * @exception SecurityException if the calling thread does not have
1157 * permission to accept the connection.
1158 * @exception NullPointerException if the <code>host</code> argument is
1159 * <code>null</code>.
1160 * @see java.net.ServerSocket#accept()
1161 * @see #checkPermission(java.security.Permission) checkPermission
1162 */
1163 public void checkAccept(String host, int port) {
1164 if (host == null) {
1165 throw new NullPointerException("host can't be null");
1166 }
1167 if (!host.startsWith("[") && host.indexOf(':') != -1) {
1168 host = "[" + host + "]";
1169 }
1170 checkPermission(new SocketPermission(host + ":" + port,
1171 SecurityConstants.SOCKET_ACCEPT_ACTION));
1172 }
1173
1174 /**
1175 * Throws a <code>SecurityException</code> if the
1176 * calling thread is not allowed to use
1177 * (join/leave/send/receive) IP multicast.
1178 * <p>
1179 * This method calls <code>checkPermission</code> with the
1180 * <code>java.net.SocketPermission(maddr.getHostAddress(),
1181 * "accept,connect")</code> permission.
1182 * <p>
1183 * If you override this method, then you should make a call to
1184 * <code>super.checkMulticast</code>
1185 * at the point the overridden method would normally throw an
1186 * exception.
1187 *
1188 * @param maddr Internet group address to be used.
1189 * @exception SecurityException if the calling thread is not allowed to
1190 * use (join/leave/send/receive) IP multicast.
1191 * @exception NullPointerException if the address argument is
1192 * <code>null</code>.
1193 * @since JDK1.1
1194 * @see #checkPermission(java.security.Permission) checkPermission
1195 */
1196 public void checkMulticast(InetAddress maddr) {
1197 String host = maddr.getHostAddress();
1198 if (!host.startsWith("[") && host.indexOf(':') != -1) {
1199 host = "[" + host + "]";
1200 }
1201 checkPermission(new SocketPermission(host,
1202 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1203 }
1204
1205 /**
1206 * Throws a <code>SecurityException</code> if the
1207 * calling thread is not allowed to use
1208 * (join/leave/send/receive) IP multicast.
1209 * <p>
1210 * This method calls <code>checkPermission</code> with the
1211 * <code>java.net.SocketPermission(maddr.getHostAddress(),
1212 * "accept,connect")</code> permission.
1213 * <p>
1214 * If you override this method, then you should make a call to
1215 * <code>super.checkMulticast</code>
1216 * at the point the overridden method would normally throw an
1217 * exception.
1218 *
1219 * @param maddr Internet group address to be used.
1220 * @param ttl value in use, if it is multicast send.
1221 * Note: this particular implementation does not use the ttl
1222 * parameter.
1223 * @exception SecurityException if the calling thread is not allowed to
1224 * use (join/leave/send/receive) IP multicast.
1225 * @exception NullPointerException if the address argument is
1226 * <code>null</code>.
1227 * @since JDK1.1
1228 * @deprecated Use #checkPermission(java.security.Permission) instead
1229 * @see #checkPermission(java.security.Permission) checkPermission
1230 */
1231 @Deprecated
1232 public void checkMulticast(InetAddress maddr, byte ttl) {
1233 String host = maddr.getHostAddress();
1234 if (!host.startsWith("[") && host.indexOf(':') != -1) {
1235 host = "[" + host + "]";
1236 }
1237 checkPermission(new SocketPermission(host,
1238 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1239 }
1240
1241 /**
1242 * Throws a <code>SecurityException</code> if the
1243 * calling thread is not allowed to access or modify the system
1244 * properties.
1245 * <p>
1246 * This method is used by the <code>getProperties</code> and
1247 * <code>setProperties</code> methods of class <code>System</code>.
1248 * <p>
1249 * This method calls <code>checkPermission</code> with the
1250 * <code>PropertyPermission("*", "read,write")</code> permission.
1251 * <p>
1252 * If you override this method, then you should make a call to
1253 * <code>super.checkPropertiesAccess</code>
1254 * at the point the overridden method would normally throw an
1255 * exception.
1256 * <p>
1257 *
1258 * @exception SecurityException if the calling thread does not have
1259 * permission to access or modify the system properties.
1260 * @see java.lang.System#getProperties()
1261 * @see java.lang.System#setProperties(java.util.Properties)
1262 * @see #checkPermission(java.security.Permission) checkPermission
1263 */
1264 public void checkPropertiesAccess() {
1265 checkPermission(new PropertyPermission("*",
1266 SecurityConstants.PROPERTY_RW_ACTION));
1267 }
1268
1269 /**
1270 * Throws a <code>SecurityException</code> if the
1271 * calling thread is not allowed to access the system property with
1272 * the specified <code>key</code> name.
1273 * <p>
1274 * This method is used by the <code>getProperty</code> method of
1275 * class <code>System</code>.
1276 * <p>
1277 * This method calls <code>checkPermission</code> with the
1278 * <code>PropertyPermission(key, "read")</code> permission.
1279 * <p>
1280 * <p>
1281 * If you override this method, then you should make a call to
1282 * <code>super.checkPropertyAccess</code>
1283 * at the point the overridden method would normally throw an
1284 * exception.
1285 *
1286 * @param key a system property key.
1287 *
1288 * @exception SecurityException if the calling thread does not have
1289 * permission to access the specified system property.
1290 * @exception NullPointerException if the <code>key</code> argument is
1291 * <code>null</code>.
1292 * @exception IllegalArgumentException if <code>key</code> is empty.
1293 *
1294 * @see java.lang.System#getProperty(java.lang.String)
1295 * @see #checkPermission(java.security.Permission) checkPermission
1296 */
1297 public void checkPropertyAccess(String key) {
1298 checkPermission(new PropertyPermission(key,
1299 SecurityConstants.PROPERTY_READ_ACTION));
1300 }
1301
1302 /**
1303 * Returns <code>false</code> if the calling
1304 * thread is not trusted to bring up the top-level window indicated
1305 * by the <code>window</code> argument. In this case, the caller can
1306 * still decide to show the window, but the window should include
1307 * some sort of visual warning. If the method returns
1308 * <code>true</code>, then the window can be shown without any
1309 * special restrictions.
1310 * <p>
1311 * See class <code>Window</code> for more information on trusted and
1312 * untrusted windows.
1313 * <p>
1314 * This method calls
1315 * <code>checkPermission</code> with the
1316 * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1317 * and returns <code>true</code> if a SecurityException is not thrown,
1318 * otherwise it returns <code>false</code>.
1319 * <p>
1320 * If you override this method, then you should make a call to
1321 * <code>super.checkTopLevelWindow</code>
1322 * at the point the overridden method would normally return
1323 * <code>false</code>, and the value of
1324 * <code>super.checkTopLevelWindow</code> should
1325 * be returned.
1326 *
1327 * @param window the new window that is being created.
1328 * @return <code>true</code> if the calling thread is trusted to put up
1329 * top-level windows; <code>false</code> otherwise.
1330 * @exception NullPointerException if the <code>window</code> argument is
1331 * <code>null</code>.
1332 * @see java.awt.Window
1333 * @see #checkPermission(java.security.Permission) checkPermission
1334 */
1335 public boolean checkTopLevelWindow(Object window) {
1336 if (window == null) {
1337 throw new NullPointerException("window can't be null");
1338 }
1339 try {
1340 checkPermission(SecurityConstants.TOPLEVEL_WINDOW_PERMISSION);
1341 return true;
1342 } catch (SecurityException se) {
1343 // just return false
1344 }
1345 return false;
1346 }
1347
1348 /**
1349 * Throws a <code>SecurityException</code> if the
1350 * calling thread is not allowed to initiate a print job request.
1351 * <p>
1352 * This method calls
1353 * <code>checkPermission</code> with the
1354 * <code>RuntimePermission("queuePrintJob")</code> permission.
1355 * <p>
1356 * If you override this method, then you should make a call to
1357 * <code>super.checkPrintJobAccess</code>
1358 * at the point the overridden method would normally throw an
1359 * exception.
1360 * <p>
1361 *
1362 * @exception SecurityException if the calling thread does not have
1363 * permission to initiate a print job request.
1364 * @since JDK1.1
1365 * @see #checkPermission(java.security.Permission) checkPermission
1366 */
1367 public void checkPrintJobAccess() {
1368 checkPermission(new RuntimePermission("queuePrintJob"));
1369 }
1370
1371 /**
1372 * Throws a <code>SecurityException</code> if the
1373 * calling thread is not allowed to access the system clipboard.
1374 * <p>
1375 * This method calls <code>checkPermission</code> with the
1376 * <code>AWTPermission("accessClipboard")</code>
1377 * permission.
1378 * <p>
1379 * If you override this method, then you should make a call to
1380 * <code>super.checkSystemClipboardAccess</code>
1381 * at the point the overridden method would normally throw an
1382 * exception.
1383 *
1384 * @since JDK1.1
1385 * @exception SecurityException if the calling thread does not have
1386 * permission to access the system clipboard.
1387 * @see #checkPermission(java.security.Permission) checkPermission
1388 */
1389 public void checkSystemClipboardAccess() {
1390 checkPermission(SecurityConstants.ACCESS_CLIPBOARD_PERMISSION);
1391 }
1392
1393 /**
1394 * Throws a <code>SecurityException</code> if the
1395 * calling thread is not allowed to access the AWT event queue.
1396 * <p>
1397 * This method calls <code>checkPermission</code> with the
1398 * <code>AWTPermission("accessEventQueue")</code> permission.
1399 * <p>
1400 * If you override this method, then you should make a call to
1401 * <code>super.checkAwtEventQueueAccess</code>
1402 * at the point the overridden method would normally throw an
1403 * exception.
1404 *
1405 * @since JDK1.1
1406 * @exception SecurityException if the calling thread does not have
1407 * permission to access the AWT event queue.
1408 * @see #checkPermission(java.security.Permission) checkPermission
1409 */
1410 public void checkAwtEventQueueAccess() {
1411 checkPermission(SecurityConstants.CHECK_AWT_EVENTQUEUE_PERMISSION);
1412 }
1413
1414 /*
1415 * We have an initial invalid bit (initially false) for the class
1416 * variables which tell if the cache is valid. If the underlying
1417 * java.security.Security property changes via setProperty(), the
1418 * Security class uses reflection to change the variable and thus
1419 * invalidate the cache.
1420 *
1421 * Locking is handled by synchronization to the
1422 * packageAccessLock/packageDefinitionLock objects. They are only
1423 * used in this class.
1424 *
1425 * Note that cache invalidation as a result of the property change
1426 * happens without using these locks, so there may be a delay between
1427 * when a thread updates the property and when other threads updates
1428 * the cache.
1429 */
1430 private static boolean packageAccessValid = false;
1431 private static String[] packageAccess;
1432 private static final Object packageAccessLock = new Object();
1433
1434 private static boolean packageDefinitionValid = false;
1435 private static String[] packageDefinition;
1436 private static final Object packageDefinitionLock = new Object();
1437
1438 private static String[] getPackages(String p) {
1439 String packages[] = null;
1440 if (p != null && !p.equals("")) {
1441 java.util.StringTokenizer tok = new java.util.StringTokenizer(
1442 p, ",");
1443 int n = tok.countTokens();
1444 if (n > 0) {
1445 packages = new String[n];
1446 int i = 0;
1447 while (tok.hasMoreElements()) {
1448 String s = tok.nextToken().trim();
1449 packages[i++] = s;
1450 }
1451 }
1452 }
1453
1454 if (packages == null)
1455 packages = new String[0];
1456 return packages;
1457 }
1458
1459 /**
1460 * Throws a <code>SecurityException</code> if the
1461 * calling thread is not allowed to access the package specified by
1462 * the argument.
1463 * <p>
1464 * This method is used by the <code>loadClass</code> method of class
1465 * loaders.
1466 * <p>
1467 * This method first gets a list of
1468 * restricted packages by obtaining a comma-separated list from
1469 * a call to
1470 * <code>java.security.Security.getProperty("package.access")</code>,
1471 * and checks to see if <code>pkg</code> starts with or equals
1472 * any of the restricted packages. If it does, then
1473 * <code>checkPermission</code> gets called with the
1474 * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1475 * permission.
1476 * <p>
1477 * If this method is overridden, then
1478 * <code>super.checkPackageAccess</code> should be called
1479 * as the first line in the overridden method.
1480 *
1481 * @param pkg the package name.
1482 * @exception SecurityException if the calling thread does not have
1483 * permission to access the specified package.
1484 * @exception NullPointerException if the package name argument is
1485 * <code>null</code>.
1486 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1487 * loadClass
1488 * @see java.security.Security#getProperty getProperty
1489 * @see #checkPermission(java.security.Permission) checkPermission
1490 */
1491 public void checkPackageAccess(String pkg) {
1492 if (pkg == null) {
1493 throw new NullPointerException("package name can't be null");
1494 }
1495
1496 String[] pkgs;
1497 synchronized (packageAccessLock) {
1498 /*
1499 * Do we need to update our property array?
1500 */
1501 if (!packageAccessValid) {
1502 String tmpPropertyStr = (String) AccessController
1503 .doPrivileged(new PrivilegedAction() {
1504 public Object run() {
1505 return java.security.Security
1506 .getProperty("package.access");
1507 }
1508 });
1509 packageAccess = getPackages(tmpPropertyStr);
1510 packageAccessValid = true;
1511 }
1512
1513 // Using a snapshot of packageAccess -- don't care if static field
1514 // changes afterwards; array contents won't change.
1515 pkgs = packageAccess;
1516 }
1517
1518 /*
1519 * Traverse the list of packages, check for any matches.
1520 */
1521 for (int i = 0; i < pkgs.length; i++) {
1522 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1523 checkPermission(new RuntimePermission(
1524 "accessClassInPackage." + pkg));
1525 break; // No need to continue; only need to check this once
1526 }
1527 }
1528 }
1529
1530 /**
1531 * Throws a <code>SecurityException</code> if the
1532 * calling thread is not allowed to define classes in the package
1533 * specified by the argument.
1534 * <p>
1535 * This method is used by the <code>loadClass</code> method of some
1536 * class loaders.
1537 * <p>
1538 * This method first gets a list of restricted packages by
1539 * obtaining a comma-separated list from a call to
1540 * <code>java.security.Security.getProperty("package.definition")</code>,
1541 * and checks to see if <code>pkg</code> starts with or equals
1542 * any of the restricted packages. If it does, then
1543 * <code>checkPermission</code> gets called with the
1544 * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1545 * permission.
1546 * <p>
1547 * If this method is overridden, then
1548 * <code>super.checkPackageDefinition</code> should be called
1549 * as the first line in the overridden method.
1550 *
1551 * @param pkg the package name.
1552 * @exception SecurityException if the calling thread does not have
1553 * permission to define classes in the specified package.
1554 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1555 * @see java.security.Security#getProperty getProperty
1556 * @see #checkPermission(java.security.Permission) checkPermission
1557 */
1558 public void checkPackageDefinition(String pkg) {
1559 if (pkg == null) {
1560 throw new NullPointerException("package name can't be null");
1561 }
1562
1563 String[] pkgs;
1564 synchronized (packageDefinitionLock) {
1565 /*
1566 * Do we need to update our property array?
1567 */
1568 if (!packageDefinitionValid) {
1569 String tmpPropertyStr = (String) AccessController
1570 .doPrivileged(new PrivilegedAction() {
1571 public Object run() {
1572 return java.security.Security
1573 .getProperty("package.definition");
1574 }
1575 });
1576 packageDefinition = getPackages(tmpPropertyStr);
1577 packageDefinitionValid = true;
1578 }
1579 // Using a snapshot of packageDefinition -- don't care if static
1580 // field changes afterwards; array contents won't change.
1581 pkgs = packageDefinition;
1582 }
1583
1584 /*
1585 * Traverse the list of packages, check for any matches.
1586 */
1587 for (int i = 0; i < pkgs.length; i++) {
1588 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1589 checkPermission(new RuntimePermission(
1590 "defineClassInPackage." + pkg));
1591 break; // No need to continue; only need to check this once
1592 }
1593 }
1594 }
1595
1596 /**
1597 * Throws a <code>SecurityException</code> if the
1598 * calling thread is not allowed to set the socket factory used by
1599 * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1600 * handler factory used by <code>URL</code>.
1601 * <p>
1602 * This method calls <code>checkPermission</code> with the
1603 * <code>RuntimePermission("setFactory")</code> permission.
1604 * <p>
1605 * If you override this method, then you should make a call to
1606 * <code>super.checkSetFactory</code>
1607 * at the point the overridden method would normally throw an
1608 * exception.
1609 * <p>
1610 *
1611 * @exception SecurityException if the calling thread does not have
1612 * permission to specify a socket factory or a stream
1613 * handler factory.
1614 *
1615 * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1616 * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1617 * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1618 * @see #checkPermission(java.security.Permission) checkPermission
1619 */
1620 public void checkSetFactory() {
1621 checkPermission(new RuntimePermission("setFactory"));
1622 }
1623
1624 /**
1625 * Throws a <code>SecurityException</code> if the
1626 * calling thread is not allowed to access members.
1627 * <p>
1628 * The default policy is to allow access to PUBLIC members, as well
1629 * as access to classes that have the same class loader as the caller.
1630 * In all other cases, this method calls <code>checkPermission</code>
1631 * with the <code>RuntimePermission("accessDeclaredMembers")
1632 * </code> permission.
1633 * <p>
1634 * If this method is overridden, then a call to
1635 * <code>super.checkMemberAccess</code> cannot be made,
1636 * as the default implementation of <code>checkMemberAccess</code>
1637 * relies on the code being checked being at a stack depth of
1638 * 4.
1639 *
1640 * @param clazz the class that reflection is to be performed on.
1641 *
1642 * @param which type of access, PUBLIC or DECLARED.
1643 *
1644 * @exception SecurityException if the caller does not have
1645 * permission to access members.
1646 * @exception NullPointerException if the <code>clazz</code> argument is
1647 * <code>null</code>.
1648 * @see java.lang.reflect.Member
1649 * @since JDK1.1
1650 * @see #checkPermission(java.security.Permission) checkPermission
1651 */
1652 public void checkMemberAccess(Class<?> clazz, int which) {
1653 if (clazz == null) {
1654 throw new NullPointerException("class can't be null");
1655 }
1656 if (which != Member.PUBLIC) {
1657 Class stack[] = getClassContext();
1658 /*
1659 * stack depth of 4 should be the caller of one of the
1660 * methods in java.lang.Class that invoke checkMember
1661 * access. The stack should look like:
1662 *
1663 * someCaller [3]
1664 * java.lang.Class.someReflectionAPI [2]
1665 * java.lang.Class.checkMemberAccess [1]
1666 * SecurityManager.checkMemberAccess [0]
1667 *
1668 */
1669 if ((stack.length < 4)
1670 || (stack[3].getClassLoader() != clazz
1671 .getClassLoader())) {
1672 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1673 }
1674 }
1675 }
1676
1677 /**
1678 * Determines whether the permission with the specified permission target
1679 * name should be granted or denied.
1680 *
1681 * <p> If the requested permission is allowed, this method returns
1682 * quietly. If denied, a SecurityException is raised.
1683 *
1684 * <p> This method creates a <code>SecurityPermission</code> object for
1685 * the given permission target name and calls <code>checkPermission</code>
1686 * with it.
1687 *
1688 * <p> See the documentation for
1689 * <code>{@link java.security.SecurityPermission}</code> for
1690 * a list of possible permission target names.
1691 *
1692 * <p> If you override this method, then you should make a call to
1693 * <code>super.checkSecurityAccess</code>
1694 * at the point the overridden method would normally throw an
1695 * exception.
1696 *
1697 * @param target the target name of the <code>SecurityPermission</code>.
1698 *
1699 * @exception SecurityException if the calling thread does not have
1700 * permission for the requested access.
1701 * @exception NullPointerException if <code>target</code> is null.
1702 * @exception IllegalArgumentException if <code>target</code> is empty.
1703 *
1704 * @since JDK1.1
1705 * @see #checkPermission(java.security.Permission) checkPermission
1706 */
1707 public void checkSecurityAccess(String target) {
1708 checkPermission(new SecurityPermission(target));
1709 }
1710
1711 private native Class currentLoadedClass0();
1712
1713 /**
1714 * Returns the thread group into which to instantiate any new
1715 * thread being created at the time this is being called.
1716 * By default, it returns the thread group of the current
1717 * thread. This should be overridden by a specific security
1718 * manager to return the appropriate thread group.
1719 *
1720 * @return ThreadGroup that new threads are instantiated into
1721 * @since JDK1.1
1722 * @see java.lang.ThreadGroup
1723 */
1724 public ThreadGroup getThreadGroup() {
1725 return Thread.currentThread().getThreadGroup();
1726 }
1727
1728 }
|