0001: /*
0002: * @(#)SecurityManager.java 1.4 06/10/10
0003: *
0004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
0005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
0006: *
0007: * This program is free software; you can redistribute it and/or
0008: * modify it under the terms of the GNU General Public License version
0009: * 2 only, as published by the Free Software Foundation.
0010: *
0011: * This program is distributed in the hope that it will be useful, but
0012: * WITHOUT ANY WARRANTY; without even the implied warranty of
0013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0014: * General Public License version 2 for more details (a copy is
0015: * included at /legal/license.txt).
0016: *
0017: * You should have received a copy of the GNU General Public License
0018: * version 2 along with this work; if not, write to the Free Software
0019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
0020: * 02110-1301 USA
0021: *
0022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
0023: * Clara, CA 95054 or visit www.sun.com if you need additional
0024: * information or have any questions.
0025: *
0026: */
0027:
0028: package java.lang;
0029:
0030: import java.security.*;
0031: import java.io.FileDescriptor;
0032: import java.io.File;
0033: import java.io.FilePermission;
0034: import java.util.PropertyPermission;
0035: import java.lang.RuntimePermission;
0036: import java.net.SocketPermission;
0037: import java.net.NetPermission;
0038: import java.util.Hashtable;
0039: import java.net.InetAddress;
0040: import java.lang.reflect.Member;
0041: import java.lang.reflect.*;
0042: import java.net.URL;
0043:
0044: import sun.security.util.SecurityConstants;
0045:
0046: /**
0047: * The security manager is a class that allows
0048: * applications to implement a security policy. It allows an
0049: * application to determine, before performing a possibly unsafe or
0050: * sensitive operation, what the operation is and whether
0051: * it is being attempted in a security context that allows the
0052: * operation to be performed. The
0053: * application can allow or disallow the operation.
0054: * <p>
0055: * The <code>SecurityManager</code> class contains many methods with
0056: * names that begin with the word <code>check</code>. These methods
0057: * are called by various methods in the Java libraries before those
0058: * methods perform certain potentially sensitive operations. The
0059: * invocation of such a <code>check</code> method typically looks like this:
0060: * <p><blockquote><pre>
0061: * SecurityManager security = System.getSecurityManager();
0062: * if (security != null) {
0063: * security.check<i>XXX</i>(argument, . . . );
0064: * }
0065: * </pre></blockquote>
0066: * <p>
0067: * The security manager is thereby given an opportunity to prevent
0068: * completion of the operation by throwing an exception. A security
0069: * manager routine simply returns if the operation is permitted, but
0070: * throws a <code>SecurityException</code> if the operation is not
0071: * permitted. The only exception to this convention is
0072: * <code>checkTopLevelWindow</code>, which returns a
0073: * <code>boolean</code> value.
0074: * <p>
0075: * The current security manager is set by the
0076: * <code>setSecurityManager</code> method in class
0077: * <code>System</code>. The current security manager is obtained
0078: * by the <code>getSecurityManager</code> method.
0079: * <p>
0080: * The special method
0081: * {@link SecurityManager#checkPermission(java.security.Permission)}
0082: * determines whether an access request indicated by a specified
0083: * permission should be granted or denied. The
0084: * default implementation calls
0085: *
0086: * <pre>
0087: * AccessController.checkPermission(perm);
0088: * </pre>
0089: *
0090: * <p>
0091: * If a requested access is allowed,
0092: * <code>checkPermission</code> returns quietly. If denied, a
0093: * <code>SecurityException</code> is thrown.
0094: * <p>
0095: * As of Java 2 SDK v1.2, the default implementation of each of the other
0096: * <code>check</code> methods in <code>SecurityManager</code> is to
0097: * call the <code>SecurityManager checkPermission</code> method
0098: * to determine if the calling thread has permission to perform the requested
0099: * operation.
0100: * <p>
0101: * Note that the <code>checkPermission</code> method with
0102: * just a single permission argument always performs security checks
0103: * within the context of the currently executing thread.
0104: * Sometimes a security check that should be made within a given context
0105: * will actually need to be done from within a
0106: * <i>different</i> context (for example, from within a worker thread).
0107: * The {@link SecurityManager#getSecurityContext getSecurityContext} method
0108: * and the {@link SecurityManager#checkPermission(java.security.Permission,
0109: * java.lang.Object) checkPermission}
0110: * method that includes a context argument are provided
0111: * for this situation. The
0112: * <code>getSecurityContext</code> method returns a "snapshot"
0113: * of the current calling context. (The default implementation
0114: * returns an AccessControlContext object.) A sample call is
0115: * the following:
0116: *
0117: * <pre>
0118: * Object context = null;
0119: * SecurityManager sm = System.getSecurityManager();
0120: * if (sm != null) context = sm.getSecurityContext();
0121: * </pre>
0122: *
0123: * <p>
0124: * The <code>checkPermission</code> method
0125: * that takes a context object in addition to a permission
0126: * makes access decisions based on that context,
0127: * rather than on that of the current execution thread.
0128: * Code within a different context can thus call that method,
0129: * passing the permission and the
0130: * previously-saved context object. A sample call, using the
0131: * SecurityManager <code>sm</code> obtained as in the previous example,
0132: * is the following:
0133: *
0134: * <pre>
0135: * if (sm != null) sm.checkPermission(permission, context);
0136: * </pre>
0137: *
0138: * <p>Permissions fall into these categories: File, Socket, Net,
0139: * Security, Runtime, Property, AWT, Reflect, and Serializable.
0140: * The classes managing these various
0141: * permission categories are <code>java.io.FilePermission</code>,
0142: * <code>java.net.SocketPermission</code>,
0143: * <code>java.net.NetPermission</code>,
0144: * <code>java.security.SecurityPermission</code>,
0145: * <code>java.lang.RuntimePermission</code>,
0146: * <code>java.util.PropertyPermission</code>,
0147: * <code>java.awt.AWTPermission</code>,
0148: * <code>java.lang.reflect.ReflectPermission</code>, and
0149: * <code>java.io.SerializablePermission</code>.
0150: *
0151: * <p>All but the first two (FilePermission and SocketPermission) are
0152: * subclasses of <code>java.security.BasicPermission</code>, which itself
0153: * is an abstract subclass of the
0154: * top-level class for permissions, which is
0155: * <code>java.security.Permission</code>. BasicPermission defines the
0156: * functionality needed for all permissions that contain a name
0157: * that follows the hierarchical property naming convention
0158: * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
0159: * An asterisk
0160: * may appear at the end of the name, following a ".", or by itself, to
0161: * signify a wildcard match. For example: "a.*" or "*" is valid,
0162: * "*a" or "a*b" is not valid.
0163: *
0164: * <p>FilePermission and SocketPermission are subclasses of the
0165: * top-level class for permissions
0166: * (<code>java.security.Permission</code>). Classes like these
0167: * that have a more complicated name syntax than that used by
0168: * BasicPermission subclass directly from Permission rather than from
0169: * BasicPermission. For example,
0170: * for a <code>java.io.FilePermission</code> object, the permission name is
0171: * the path name of a file (or directory).
0172: *
0173: * <p>Some of the permission classes have an "actions" list that tells
0174: * the actions that are permitted for the object. For example,
0175: * for a <code>java.io.FilePermission</code> object, the actions list
0176: * (such as "read, write") specifies which actions are granted for the
0177: * specified file (or for files in the specified directory).
0178: *
0179: * <p>Other permission classes are for "named" permissions -
0180: * ones that contain a name but no actions list; you either have the
0181: * named permission or you don't.
0182: *
0183: * <p>Note: There is also a <code>java.security.AllPermission</code>
0184: * permission that implies all permissions. It exists to simplify the work
0185: * of system administrators who might need to perform multiple
0186: * tasks that require all (or numerous) permissions.
0187: * <p>
0188: * See <a href ="../../../guide/security/permissions.html">
0189: * Permissions in the Java 2 SDK</a> for permission-related information.
0190: * This document includes, for example, a table listing the various SecurityManager
0191: * <code>check</code> methods and the permission(s) the default
0192: * implementation of each such method requires.
0193: * It also contains a table of all the version 1.2 methods
0194: * that require permissions, and for each such method tells
0195: * which permission it requires.
0196: * <p>
0197: * For more information about <code>SecurityManager</code> changes made in
0198: * the Java 2 SDK and advice regarding porting of 1.1-style security managers,
0199: * see the <a href="../../../guide/security/index.html">security documentation</a>.
0200: *
0201: * @author Arthur van Hoff
0202: * @author Roland Schemers
0203: *
0204: * @version 1.125, 05/16/00
0205: * @see java.lang.ClassLoader
0206: * @see java.lang.SecurityException
0207: * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
0208: * checkTopLevelWindow
0209: * @see java.lang.System#getSecurityManager() getSecurityManager
0210: * @see java.lang.System#setSecurityManager(java.lang.SecurityManager)
0211: * setSecurityManager
0212: * @see java.security.AccessController AccessController
0213: * @see java.security.AccessControlContext AccessControlContext
0214: * @see java.security.AccessControlException AccessControlException
0215: * @see java.security.Permission
0216: * @see java.security.BasicPermission
0217: * @see java.io.FilePermission
0218: * @see java.net.SocketPermission
0219: * @see java.util.PropertyPermission
0220: * @see java.lang.RuntimePermission
0221: * @see java.awt.AWTPermission
0222: * @see java.security.Policy Policy
0223: * @see java.security.SecurityPermission SecurityPermission
0224: * @see java.security.ProtectionDomain
0225: *
0226: * @since JDK1.0
0227: */
0228: public class SecurityManager {
0229:
0230: /**
0231: * This field is <code>true</code> if there is a security check in
0232: * progress; <code>false</code> otherwise.
0233: *
0234: * deprecated This type of security checking is not recommended.
0235: * It is recommended that the <code>checkPermission</code>
0236: * call be used instead.
0237: *
0238: protected boolean inCheck;
0239: */
0240:
0241: /*
0242: * Have we been initialized. Effective against finalizer attacks.
0243: */
0244: private boolean initialized = false;
0245:
0246: private static Constructor AWTPermissionCtor;
0247:
0248: private static BasicPermission topLevelWindowPermission;
0249:
0250: /**
0251: * returns true if the current context has been granted AllPermission
0252: */
0253: private boolean hasAllPermission() {
0254: try {
0255: checkPermission(SecurityConstants.ALL_PERMISSION);
0256: return true;
0257: } catch (SecurityException se) {
0258: return false;
0259: }
0260: }
0261:
0262: /**
0263: * Tests if there is a security check in progress.
0264: *
0265: * return the value of the <code>inCheck</code> field. This field
0266: * should contain <code>true</code> if a security check is
0267: * in progress,
0268: * <code>false</code> otherwise.
0269: * see java.lang.SecurityManager#inCheck
0270: * deprecated This type of security checking is not recommended.
0271: * It is recommended that the <code>checkPermission</code>
0272: * call be used instead.
0273: *
0274: public boolean getInCheck() {
0275: return inCheck;
0276: }
0277: */
0278:
0279: /**
0280: * Constructs a new <code>SecurityManager</code>.
0281: *
0282: * <p> If there is a security manager already installed, this method first
0283: * calls the security manager's <code>checkPermission</code> method
0284: * with the <code>RuntimePermission("createSecurityManager")</code>
0285: * permission to ensure the calling thread has permission to create a new
0286: * security manager.
0287: * This may result in throwing a <code>SecurityException</code>.
0288: *
0289: * @exception java.lang.SecurityException if a security manager already
0290: * exists and its <code>checkPermission</code> method
0291: * doesn't allow creation of a new security manager.
0292: * @see java.lang.System#getSecurityManager()
0293: * @see #checkPermission(java.security.Permission) checkPermission
0294: * @see java.lang.RuntimePermission
0295: */
0296: public SecurityManager() {
0297: synchronized (SecurityManager.class) {
0298: SecurityManager sm = System.getSecurityManager();
0299: if (sm != null) {
0300: // ask the currently installed security manager if we
0301: // can create a new one.
0302: sm.checkPermission(new RuntimePermission(
0303: "createSecurityManager"));
0304: }
0305: initialized = true;
0306: }
0307: }
0308:
0309: /**
0310: * Returns the current execution stack as an array of classes.
0311: * <p>
0312: * The length of the array is the number of methods on the execution
0313: * stack. The element at index <code>0</code> is the class of the
0314: * currently executing method, the element at index <code>1</code> is
0315: * the class of that method's caller, and so on.
0316: *
0317: * @return the execution stack.
0318: */
0319: protected native Class[] getClassContext();
0320:
0321: /**
0322: * Returns the class loader of the most recently executing method from
0323: * a class defined using a non-system class loader. A non-system
0324: * class loader is defined as being a class loader that is not equal to
0325: * the system class loader (as returned
0326: * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0327: * <p>
0328: * This method will return
0329: * <code>null</code> in the following three cases:<p>
0330: * <ol>
0331: * <li>All methods on the execution stack are from classes
0332: * defined using the system class loader or one of its ancestors.
0333: *
0334: * <li>All methods on the execution stack up to the first
0335: * "privileged" caller
0336: * (see {@link java.security.AccessController#doPrivileged})
0337: * are from classes
0338: * defined using the system class loader or one of its ancestors.
0339: *
0340: * <li> A call to <code>checkPermission</code> with
0341: * <code>java.security.AllPermission</code> does not
0342: * result in a SecurityException.
0343: *
0344: * </ol>
0345: *
0346: * return the class loader of the most recent occurrence on the stack
0347: * of a method from a class defined using a non-system class
0348: * loader.
0349: *
0350: * deprecated This type of security checking is not recommended.
0351: * It is recommended that the <code>checkPermission</code>
0352: * call be used instead.
0353: *
0354: * see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0355: * see #checkPermission(java.security.Permission) checkPermission
0356: *
0357: protected ClassLoader currentClassLoader()
0358: {
0359: ClassLoader cl = currentClassLoader0();
0360: if ((cl != null) && hasAllPermission())
0361: cl = null;
0362: return cl;
0363: }
0364: */
0365:
0366: /* deprecated
0367: private native ClassLoader currentClassLoader0();
0368: */
0369:
0370: /**
0371: * Returns the class of the most recently executing method from
0372: * a class defined using a non-system class loader. A non-system
0373: * class loader is defined as being a class loader that is not equal to
0374: * the system class loader (as returned
0375: * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0376: * <p>
0377: * This method will return
0378: * <code>null</code> in the following three cases:<p>
0379: * <ol>
0380: * <li>All methods on the execution stack are from classes
0381: * defined using the system class loader or one of its ancestors.
0382: *
0383: * <li>All methods on the execution stack up to the first
0384: * "privileged" caller
0385: * (see {@link java.security.AccessController#doPrivileged})
0386: * are from classes
0387: * defined using the system class loader or one of its ancestors.
0388: *
0389: * <li> A call to <code>checkPermission</code> with
0390: * <code>java.security.AllPermission</code> does not
0391: * result in a SecurityException.
0392: *
0393: * </ol>
0394: *
0395: * return the class of the most recent occurrence on the stack
0396: * of a method from a class defined using a non-system class
0397: * loader.
0398: *
0399: * deprecated This type of security checking is not recommended.
0400: * It is recommended that the <code>checkPermission</code>
0401: * call be used instead.
0402: *
0403: * see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0404: * see #checkPermission(java.security.Permission) checkPermission
0405: *
0406: protected Class currentLoadedClass() {
0407: Class c = currentLoadedClass0();
0408: if ((c != null) && hasAllPermission())
0409: c = null;
0410: return c;
0411: }
0412: */
0413:
0414: /**
0415: * Returns the stack depth of the specified class.
0416: *
0417: * param name the fully qualified name of the class to search for.
0418: * return the depth on the stack frame of the first occurrence of a
0419: * method from a class with the specified name;
0420: * <code>-1</code> if such a frame cannot be found.
0421: * deprecated This type of security checking is not recommended.
0422: * It is recommended that the <code>checkPermission</code>
0423: * call be used instead.
0424: *
0425: *
0426: protected native int classDepth(String name);
0427: */
0428:
0429: /**
0430: * Returns the stack depth of the most recently executing method
0431: * from a class defined using a non-system class loader. A non-system
0432: * class loader is defined as being a class loader that is not equal to
0433: * the system class loader (as returned
0434: * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0435: * <p>
0436: * This method will return
0437: * -1 in the following three cases:<p>
0438: * <ol>
0439: * <li>All methods on the execution stack are from classes
0440: * defined using the system class loader or one of its ancestors.
0441: *
0442: * <li>All methods on the execution stack up to the first
0443: * "privileged" caller
0444: * (see {@link java.security.AccessController#doPrivileged})
0445: * are from classes
0446: * defined using the system class loader or one of its ancestors.
0447: *
0448: * <li> A call to <code>checkPermission</code> with
0449: * <code>java.security.AllPermission</code> does not
0450: * result in a SecurityException.
0451: *
0452: * </ol>
0453: *
0454: * return the depth on the stack frame of the most recent occurrence of
0455: * a method from a class defined using a non-system class loader.
0456: *
0457: * deprecated This type of security checking is not recommended.
0458: * It is recommended that the <code>checkPermission</code>
0459: * call be used instead.
0460: *
0461: * see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0462: * see #checkPermission(java.security.Permission) checkPermission
0463: *
0464: protected int classLoaderDepth()
0465: {
0466: int depth = classLoaderDepth0();
0467: if (depth != -1) {
0468: if (hasAllPermission())
0469: depth = -1;
0470: else
0471: depth--; // make sure we don't include ourself
0472: }
0473: return depth;
0474: }
0475:
0476: private native int classLoaderDepth0();
0477: */
0478:
0479: /**
0480: * Tests if a method from a class with the specified
0481: * name is on the execution stack.
0482: *
0483: * param name the fully qualified name of the class.
0484: * return <code>true</code> if a method from a class with the specified
0485: * name is on the execution stack; <code>false</code> otherwise.
0486: * deprecated This type of security checking is not recommended.
0487: * It is recommended that the <code>checkPermission</code>
0488: * call be used instead.
0489: *
0490: protected boolean inClass(String name) {
0491: return classDepth(name) >= 0;
0492: }
0493: */
0494:
0495: /**
0496: * Basically, tests if a method from a class defined using a
0497: * class loader is on the execution stack.
0498: *
0499: * return <code>true</code> if a call to <code>currentClassLoader</code>
0500: * has a non-null return value.
0501: *
0502: * deprecated This type of security checking is not recommended.
0503: * It is recommended that the <code>checkPermission</code>
0504: * call be used instead.
0505: * see #currentClassLoader() currentClassLoader
0506: *
0507: protected boolean inClassLoader() {
0508: return currentClassLoader() != null;
0509: }
0510: */
0511:
0512: /**
0513: * Creates an object that encapsulates the current execution
0514: * environment. The result of this method is used, for example, by the
0515: * three-argument <code>checkConnect</code> method and by the
0516: * two-argument <code>checkRead</code> method.
0517: * These methods are needed because a trusted method may be called
0518: * on to read a file or open a socket on behalf of another method.
0519: * The trusted method needs to determine if the other (possibly
0520: * untrusted) method would be allowed to perform the operation on its
0521: * own.
0522: * <p> The default implementation of this method is to return
0523: * an <code>AccessControlContext</code> object.
0524: *
0525: * @return an implementation-dependent object that encapsulates
0526: * sufficient information about the current execution environment
0527: * to perform some security checks later.
0528: * @see java.lang.SecurityManager#checkConnect(java.lang.String, int,
0529: * java.lang.Object) checkConnect
0530: * @see java.lang.SecurityManager#checkRead(java.lang.String,
0531: * java.lang.Object) checkRead
0532: * @see java.security.AccessControlContext AccessControlContext
0533: */
0534: public Object getSecurityContext() {
0535: return AccessController.getContext();
0536: }
0537:
0538: /**
0539: * Throws a <code>SecurityException</code> if the requested
0540: * access, specified by the given permission, is not permitted based
0541: * on the security policy currently in effect.
0542: * <p>
0543: * This method calls <code>AccessController.checkPermission</code>
0544: * with the given permission.
0545: *
0546: * @param perm the requested permission.
0547: * @exception SecurityException if access is not permitted based on
0548: * the current security policy.
0549: * @exception NullPointerException if the permission argument is
0550: * <code>null</code>.
0551: * @since 1.2
0552: */
0553: public void checkPermission(Permission perm) {
0554: java.security.AccessController.checkPermission(perm);
0555: }
0556:
0557: /**
0558: * Throws a <code>SecurityException</code> if the
0559: * specified security context is denied access to the resource
0560: * specified by the given permission.
0561: * The context must be a security
0562: * context returned by a previous call to
0563: * <code>getSecurityContext</code> and the access control
0564: * decision is based upon the configured security policy for
0565: * that security context.
0566: * <p>
0567: * If <code>context</code> is an instance of
0568: * <code>AccessControlContext</code> then the
0569: * <code>AccessControlContext.checkPermission</code> method is
0570: * invoked with the specified permission.
0571: * <p>
0572: * If <code>context</code> is not an instance of
0573: * <code>AccessControlContext</code> then a
0574: * <code>SecurityException</code> is thrown.
0575: *
0576: * @param perm the specified permission
0577: * @param context a system-dependent security context.
0578: * @exception SecurityException if the specified security context
0579: * is not an instance of <code>AccessControlContext</code>
0580: * (e.g., is <code>null</code>), or is denied access to the
0581: * resource specified by the given permission.
0582: * @exception NullPointerException if the permission argument is
0583: * <code>null</code>.
0584: * @see java.lang.SecurityManager#getSecurityContext()
0585: * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
0586: * @since 1.2
0587: */
0588: public void checkPermission(Permission perm, Object context) {
0589: if (context instanceof AccessControlContext) {
0590: ((AccessControlContext) context).checkPermission(perm);
0591: } else {
0592: throw new SecurityException();
0593: }
0594: }
0595:
0596: /**
0597: * Throws a <code>SecurityException</code> if the
0598: * calling thread is not allowed to create a new class loader.
0599: * <p>
0600: * This method calls <code>checkPermission</code> with the
0601: * <code>RuntimePermission("createClassLoader")</code>
0602: * permission.
0603: * <p>
0604: * If you override this method, then you should make a call to
0605: * <code>super.checkCreateClassLoader</code>
0606: * at the point the overridden method would normally throw an
0607: * exception.
0608: *
0609: * @exception SecurityException if the calling thread does not
0610: * have permission
0611: * to create a new class loader.
0612: * @see java.lang.ClassLoader#ClassLoader()
0613: * @see #checkPermission(java.security.Permission) checkPermission
0614: */
0615: public void checkCreateClassLoader() {
0616: checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
0617: }
0618:
0619: /**
0620: * reference to the root thread group, used for the checkAccess
0621: * methods.
0622: */
0623:
0624: private static ThreadGroup rootGroup = getRootGroup();
0625:
0626: private static ThreadGroup getRootGroup() {
0627: ThreadGroup root = Thread.currentThread().getThreadGroup();
0628: while (root.getParent() != null) {
0629: root = root.getParent();
0630: }
0631: return root;
0632: }
0633:
0634: /**
0635: * Throws a <code>SecurityException</code> if the
0636: * calling thread is not allowed to modify the thread argument.
0637: * <p>
0638: * This method is invoked for the current security manager by the
0639: * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
0640: * <code>setPriority</code>, <code>setName</code>, and
0641: * <code>setDaemon</code> methods of class <code>Thread</code>.
0642: * <p>
0643: * If the thread argument is a system thread (belongs to
0644: * the thread group with a <code>null</code> parent) then
0645: * this method calls <code>checkPermission</code> with the
0646: * <code>RuntimePermission("modifyThread")</code> permission.
0647: * If the thread argument is <i>not</i> a system thread,
0648: * this method just returns silently.
0649: * <p>
0650: * Applications that want a stricter policy should override this
0651: * method. If this method is overridden, the method that overrides
0652: * it should additionally check to see if the calling thread has the
0653: * <code>RuntimePermission("modifyThread")</code> permission, and
0654: * if so, return silently. This is to ensure that code granted
0655: * that permission (such as the SDK itself) is allowed to
0656: * manipulate any thread.
0657: * <p>
0658: * If this method is overridden, then
0659: * <code>super.checkAccess</code> should
0660: * be called by the first statement in the overridden method, or the
0661: * equivalent security check should be placed in the overridden method.
0662: *
0663: * @param t the thread to be checked.
0664: * @exception SecurityException if the calling thread does not have
0665: * permission to modify the thread.
0666: * @exception NullPointerException if the thread argument is
0667: * <code>null</code>.
0668: * @see java.lang.Thread#setDaemon(boolean) setDaemon
0669: * @see java.lang.Thread#setName(java.lang.String) setName
0670: * @see java.lang.Thread#setPriority(int) setPriority
0671: * @see #checkPermission(java.security.Permission) checkPermission
0672: */
0673: public void checkAccess(Thread t) {
0674: if (t == null) {
0675: throw new NullPointerException("thread can't be null");
0676: }
0677: if (t.getThreadGroup() == rootGroup) {
0678: checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
0679: } else {
0680: // just return
0681: }
0682: }
0683:
0684: /**
0685: * Throws a <code>SecurityException</code> if the
0686: * calling thread is not allowed to modify the thread group argument.
0687: * <p>
0688: * This method is invoked for the current security manager when a
0689: * new child thread or child thread group is created, and by the
0690: * <code>setDaemon</code>, <code>setMaxPriority</code>,
0691: * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
0692: * <code>destroy</code> methods of class <code>ThreadGroup</code>.
0693: * <p>
0694: * If the thread group argument is the system thread group (
0695: * has a <code>null</code> parent) then
0696: * this method calls <code>checkPermission</code> with the
0697: * <code>RuntimePermission("modifyThreadGroup")</code> permission.
0698: * If the thread group argument is <i>not</i> the system thread group,
0699: * this method just returns silently.
0700: * <p>
0701: * Applications that want a stricter policy should override this
0702: * method. If this method is overridden, the method that overrides
0703: * it should additionally check to see if the calling thread has the
0704: * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
0705: * if so, return silently. This is to ensure that code granted
0706: * that permission (such as the SDK itself) is allowed to
0707: * manipulate any thread.
0708: * <p>
0709: * If this method is overridden, then
0710: * <code>super.checkAccess</code> should
0711: * be called by the first statement in the overridden method, or the
0712: * equivalent security check should be placed in the overridden method.
0713: *
0714: * @param g the thread group to be checked.
0715: * @exception SecurityException if the calling thread does not have
0716: * permission to modify the thread group.
0717: * @exception NullPointerException if the thread group argument is
0718: * <code>null</code>.
0719: * @see java.lang.ThreadGroup#destroy() destroy
0720: * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon
0721: * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
0722: * @see #checkPermission(java.security.Permission) checkPermission
0723: */
0724: public void checkAccess(ThreadGroup g) {
0725: if (g == null) {
0726: throw new NullPointerException("thread group can't be null");
0727: }
0728: if (g == rootGroup) {
0729: checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
0730: } else {
0731: // just return
0732: }
0733: }
0734:
0735: /**
0736: * Throws a <code>SecurityException</code> if the
0737: * calling thread is not allowed to cause the Java Virtual Machine to
0738: * halt with the specified status code.
0739: * <p>
0740: * This method is invoked for the current security manager by the
0741: * <code>exit</code> method of class <code>Runtime</code>. A status
0742: * of <code>0</code> indicates success; other values indicate various
0743: * errors.
0744: * <p>
0745: * This method calls <code>checkPermission</code> with the
0746: * <code>RuntimePermission("exitVM")</code> permission.
0747: * <p>
0748: * If you override this method, then you should make a call to
0749: * <code>super.checkExit</code>
0750: * at the point the overridden method would normally throw an
0751: * exception.
0752: *
0753: * @param status the exit status.
0754: * @exception SecurityException if the calling thread does not have
0755: * permission to halt the Java Virtual Machine with
0756: * the specified status.
0757: * @see java.lang.Runtime#exit(int) exit
0758: * @see #checkPermission(java.security.Permission) checkPermission
0759: */
0760: public void checkExit(int status) {
0761: checkPermission(new RuntimePermission("exitVM"));
0762: }
0763:
0764: /**
0765: * Throws a <code>SecurityException</code> if the
0766: * calling thread is not allowed to create a subprocess.
0767: * <p>
0768: * This method is invoked for the current security manager by the
0769: * <code>exec</code> methods of class <code>Runtime</code>.
0770: * <p>
0771: * This method calls <code>checkPermission</code> with the
0772: * <code>FilePermission(cmd,"execute")</code> permission
0773: * if cmd is an absolute path, otherwise it calls
0774: * <code>checkPermission</code> with
0775: * <code>FilePermission("<<ALL FILES>>","execute")</code>.
0776: * <p>
0777: * If you override this method, then you should make a call to
0778: * <code>super.checkExec</code>
0779: * at the point the overridden method would normally throw an
0780: * exception.
0781: *
0782: * @param cmd the specified system command.
0783: * @exception SecurityException if the calling thread does not have
0784: * permission to create a subprocess.
0785: * @exception NullPointerException if the <code>cmd</code> argument is
0786: * <code>null</code>.
0787: * @see java.lang.Runtime#exec(java.lang.String)
0788: * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[])
0789: * @see java.lang.Runtime#exec(java.lang.String[])
0790: * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
0791: * @see #checkPermission(java.security.Permission) checkPermission
0792: */
0793: public void checkExec(String cmd) {
0794: File f = new File(cmd);
0795: if (f.isAbsolute()) {
0796: checkPermission(new FilePermission(cmd,
0797: SecurityConstants.FILE_EXECUTE_ACTION));
0798: } else {
0799: checkPermission(new FilePermission("<<ALL FILES>>",
0800: SecurityConstants.FILE_EXECUTE_ACTION));
0801: }
0802: }
0803:
0804: /**
0805: * Throws a <code>SecurityException</code> if the
0806: * calling thread is not allowed to dynamic link the library code
0807: * specified by the string argument file. The argument is either a
0808: * simple library name or a complete filename.
0809: * <p>
0810: * This method is invoked for the current security manager by
0811: * methods <code>load</code> and <code>loadLibrary</code> of class
0812: * <code>Runtime</code>.
0813: * <p>
0814: * This method calls <code>checkPermission</code> with the
0815: * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
0816: * <p>
0817: * If you override this method, then you should make a call to
0818: * <code>super.checkLink</code>
0819: * at the point the overridden method would normally throw an
0820: * exception.
0821: *
0822: * @param lib the name of the library.
0823: * @exception SecurityException if the calling thread does not have
0824: * permission to dynamically link the library.
0825: * @exception NullPointerException if the <code>lib</code> argument is
0826: * <code>null</code>.
0827: * @see java.lang.Runtime#load(java.lang.String)
0828: * @see java.lang.Runtime#loadLibrary(java.lang.String)
0829: * @see #checkPermission(java.security.Permission) checkPermission
0830: */
0831: public void checkLink(String lib) {
0832: if (lib == null) {
0833: throw new NullPointerException("library can't be null");
0834: }
0835: checkPermission(new RuntimePermission("loadLibrary." + lib));
0836: }
0837:
0838: /**
0839: * Throws a <code>SecurityException</code> if the
0840: * calling thread is not allowed to read from the specified file
0841: * descriptor.
0842: * <p>
0843: * This method calls <code>checkPermission</code> with the
0844: * <code>RuntimePermission("readFileDescriptor")</code>
0845: * permission.
0846: * <p>
0847: * If you override this method, then you should make a call to
0848: * <code>super.checkRead</code>
0849: * at the point the overridden method would normally throw an
0850: * exception.
0851: *
0852: * @param fd the system-dependent file descriptor.
0853: * @exception SecurityException if the calling thread does not have
0854: * permission to access the specified file descriptor.
0855: * @exception NullPointerException if the file descriptor argument is
0856: * <code>null</code>.
0857: * @see java.io.FileDescriptor
0858: * @see #checkPermission(java.security.Permission) checkPermission
0859: */
0860: public void checkRead(FileDescriptor fd) {
0861: if (fd == null) {
0862: throw new NullPointerException(
0863: "file descriptor can't be null");
0864: }
0865: checkPermission(new RuntimePermission("readFileDescriptor"));
0866: }
0867:
0868: /**
0869: * Throws a <code>SecurityException</code> if the
0870: * calling thread is not allowed to read the file specified by the
0871: * string argument.
0872: * <p>
0873: * This method calls <code>checkPermission</code> with the
0874: * <code>FilePermission(file,"read")</code> permission.
0875: * <p>
0876: * If you override this method, then you should make a call to
0877: * <code>super.checkRead</code>
0878: * at the point the overridden method would normally throw an
0879: * exception.
0880: *
0881: * @param file the system-dependent file name.
0882: * @exception SecurityException if the calling thread does not have
0883: * permission to access the specified file.
0884: * @exception NullPointerException if the <code>file</code> argument is
0885: * <code>null</code>.
0886: * @see #checkPermission(java.security.Permission) checkPermission
0887: */
0888: public void checkRead(String file) {
0889: checkPermission(new FilePermission(file,
0890: SecurityConstants.FILE_READ_ACTION));
0891: }
0892:
0893: /**
0894: * Throws a <code>SecurityException</code> if the
0895: * specified security context is not allowed to read the file
0896: * specified by the string argument. The context must be a security
0897: * context returned by a previous call to
0898: * <code>getSecurityContext</code>.
0899: * <p> If <code>context</code> is an instance of
0900: * <code>AccessControlContext</code> then the
0901: * <code>AccessControlContext.checkPermission</code> method will
0902: * be invoked with the <code>FilePermission(file,"read")</code> permission.
0903: * <p> If <code>context</code> is not an instance of
0904: * <code>AccessControlContext</code> then a
0905: * <code>SecurityException</code> is thrown.
0906: * <p>
0907: * If you override this method, then you should make a call to
0908: * <code>super.checkRead</code>
0909: * at the point the overridden method would normally throw an
0910: * exception.
0911: *
0912: * @param file the system-dependent filename.
0913: * @param context a system-dependent security context.
0914: * @exception SecurityException if the specified security context
0915: * is not an instance of <code>AccessControlContext</code>
0916: * (e.g., is <code>null</code>), or does not have permission
0917: * to read the specified file.
0918: * @exception NullPointerException if the <code>file</code> argument is
0919: * <code>null</code>.
0920: * @see java.lang.SecurityManager#getSecurityContext()
0921: * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
0922: */
0923: public void checkRead(String file, Object context) {
0924: checkPermission(new FilePermission(file,
0925: SecurityConstants.FILE_READ_ACTION), context);
0926: }
0927:
0928: /**
0929: * Throws a <code>SecurityException</code> if the
0930: * calling thread is not allowed to write to the specified file
0931: * descriptor.
0932: * <p>
0933: * This method calls <code>checkPermission</code> with the
0934: * <code>RuntimePermission("writeFileDescriptor")</code>
0935: * permission.
0936: * <p>
0937: * If you override this method, then you should make a call to
0938: * <code>super.checkWrite</code>
0939: * at the point the overridden method would normally throw an
0940: * exception.
0941: *
0942: * @param fd the system-dependent file descriptor.
0943: * @exception SecurityException if the calling thread does not have
0944: * permission to access the specified file descriptor.
0945: * @exception NullPointerException if the file descriptor argument is
0946: * <code>null</code>.
0947: * @see java.io.FileDescriptor
0948: * @see #checkPermission(java.security.Permission) checkPermission
0949: */
0950: public void checkWrite(FileDescriptor fd) {
0951: if (fd == null) {
0952: throw new NullPointerException(
0953: "file descriptor can't be null");
0954: }
0955: checkPermission(new RuntimePermission("writeFileDescriptor"));
0956:
0957: }
0958:
0959: /**
0960: * Throws a <code>SecurityException</code> if the
0961: * calling thread is not allowed to write to the file specified by
0962: * the string argument.
0963: * <p>
0964: * This method calls <code>checkPermission</code> with the
0965: * <code>FilePermission(file,"write")</code> permission.
0966: * <p>
0967: * If you override this method, then you should make a call to
0968: * <code>super.checkWrite</code>
0969: * at the point the overridden method would normally throw an
0970: * exception.
0971: *
0972: * @param file the system-dependent filename.
0973: * @exception SecurityException if the calling thread does not
0974: * have permission to access the specified file.
0975: * @exception NullPointerException if the <code>file</code> argument is
0976: * <code>null</code>.
0977: * @see #checkPermission(java.security.Permission) checkPermission
0978: */
0979: public void checkWrite(String file) {
0980: checkPermission(new FilePermission(file,
0981: SecurityConstants.FILE_WRITE_ACTION));
0982: }
0983:
0984: /**
0985: * Throws a <code>SecurityException</code> if the
0986: * calling thread is not allowed to delete the specified file.
0987: * <p>
0988: * This method is invoked for the current security manager by the
0989: * <code>delete</code> method of class <code>File</code>.
0990: * <p>
0991: * This method calls <code>checkPermission</code> with the
0992: * <code>FilePermission(file,"delete")</code> permission.
0993: * <p>
0994: * If you override this method, then you should make a call to
0995: * <code>super.checkDelete</code>
0996: * at the point the overridden method would normally throw an
0997: * exception.
0998: *
0999: * @param file the system-dependent filename.
1000: * @exception SecurityException if the calling thread does not
1001: * have permission to delete the file.
1002: * @exception NullPointerException if the <code>file</code> argument is
1003: * <code>null</code>.
1004: * @see java.io.File#delete()
1005: * @see #checkPermission(java.security.Permission) checkPermission
1006: */
1007: public void checkDelete(String file) {
1008: checkPermission(new FilePermission(file,
1009: SecurityConstants.FILE_DELETE_ACTION));
1010: }
1011:
1012: /**
1013: * Throws a <code>SecurityException</code> if the
1014: * calling thread is not allowed to open a socket connection to the
1015: * specified host and port number.
1016: * <p>
1017: * A port number of <code>-1</code> indicates that the calling
1018: * method is attempting to determine the IP address of the specified
1019: * host name.
1020: * <p>
1021: * This method calls <code>checkPermission</code> with the
1022: * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1023: * the port is not equal to -1. If the port is equal to -1, then
1024: * it calls <code>checkPermission</code> with the
1025: * <code>SocketPermission(host,"resolve")</code> permission.
1026: * <p>
1027: * If you override this method, then you should make a call to
1028: * <code>super.checkConnect</code>
1029: * at the point the overridden method would normally throw an
1030: * exception.
1031: *
1032: * @param host the host name port to connect to.
1033: * @param port the protocol port to connect to.
1034: * @exception SecurityException if the calling thread does not have
1035: * permission to open a socket connection to the specified
1036: * <code>host</code> and <code>port</code>.
1037: * @exception NullPointerException if the <code>host</code> argument is
1038: * <code>null</code>.
1039: * @see #checkPermission(java.security.Permission) checkPermission
1040: */
1041: public void checkConnect(String host, int port) {
1042: if (host == null) {
1043: throw new NullPointerException("host can't be null");
1044: }
1045: if (!host.startsWith("[") && host.indexOf(':') != -1) {
1046: host = "[" + host + "]";
1047: }
1048: if (port == -1) {
1049: checkPermission(new SocketPermission(host,
1050: SecurityConstants.SOCKET_RESOLVE_ACTION));
1051: } else {
1052: checkPermission(new SocketPermission(host + ":" + port,
1053: SecurityConstants.SOCKET_CONNECT_ACTION));
1054: }
1055: }
1056:
1057: /**
1058: * Throws a <code>SecurityException</code> if the
1059: * specified security context is not allowed to open a socket
1060: * connection to the specified host and port number.
1061: * <p>
1062: * A port number of <code>-1</code> indicates that the calling
1063: * method is attempting to determine the IP address of the specified
1064: * host name.
1065: * <p> If <code>context</code> is not an instance of
1066: * <code>AccessControlContext</code> then a
1067: * <code>SecurityException</code> is thrown.
1068: * <p>
1069: * Otherwise, the port number is checked. If it is not equal
1070: * to -1, the <code>context</code>'s <code>checkPermission</code>
1071: * method is called with a
1072: * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1073: * If the port is equal to -1, then
1074: * the <code>context</code>'s <code>checkPermission</code> method
1075: * is called with a
1076: * <code>SocketPermission(host,"resolve")</code> permission.
1077: * <p>
1078: * If you override this method, then you should make a call to
1079: * <code>super.checkConnect</code>
1080: * at the point the overridden method would normally throw an
1081: * exception.
1082: *
1083: * @param host the host name port to connect to.
1084: * @param port the protocol port to connect to.
1085: * @param context a system-dependent security context.
1086: * @exception SecurityException if the specified security context
1087: * is not an instance of <code>AccessControlContext</code>
1088: * (e.g., is <code>null</code>), or does not have permission
1089: * to open a socket connection to the specified
1090: * <code>host</code> and <code>port</code>.
1091: * @exception NullPointerException if the <code>host</code> argument is
1092: * <code>null</code>.
1093: * @see java.lang.SecurityManager#getSecurityContext()
1094: * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
1095: */
1096: public void checkConnect(String host, int port, Object context) {
1097: if (host == null) {
1098: throw new NullPointerException("host can't be null");
1099: }
1100: if (!host.startsWith("[") && host.indexOf(':') != -1) {
1101: host = "[" + host + "]";
1102: }
1103: if (port == -1)
1104: checkPermission(new SocketPermission(host,
1105: SecurityConstants.SOCKET_RESOLVE_ACTION), context);
1106: else
1107: checkPermission(new SocketPermission(host + ":" + port,
1108: SecurityConstants.SOCKET_CONNECT_ACTION), context);
1109: }
1110:
1111: /**
1112: * Throws a <code>SecurityException</code> if the
1113: * calling thread is not allowed to wait for a connection request on
1114: * the specified local port number.
1115: * <p>
1116: * If port is not 0, this method calls
1117: * <code>checkPermission</code> with the
1118: * <code>SocketPermission("localhost:"+port,"listen")</code>.
1119: * If port is zero, this method calls <code>checkPermission</code>
1120: * with <code>SocketPermission("localhost:1024-","listen").</code>
1121: * <p>
1122: * If you override this method, then you should make a call to
1123: * <code>super.checkListen</code>
1124: * at the point the overridden method would normally throw an
1125: * exception.
1126: *
1127: * @param port the local port.
1128: * @exception SecurityException if the calling thread does not have
1129: * permission to listen on the specified port.
1130: * @see #checkPermission(java.security.Permission) checkPermission
1131: */
1132: public void checkListen(int port) {
1133: if (port == 0) {
1134: checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
1135: } else {
1136: checkPermission(new SocketPermission("localhost:" + port,
1137: SecurityConstants.SOCKET_LISTEN_ACTION));
1138: }
1139: }
1140:
1141: /**
1142: * Throws a <code>SecurityException</code> if the
1143: * calling thread is not permitted to accept a socket connection from
1144: * the specified host and port number.
1145: * <p>
1146: * This method is invoked for the current security manager by the
1147: * <code>accept</code> method of class <code>ServerSocket</code>.
1148: * NOTE: <B>java.net.ServerSocket</B> is found in J2ME CDC profiles such as
1149: * J2ME Foundation Profile.
1150: * <p>
1151: * This method calls <code>checkPermission</code> with the
1152: * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1153: * <p>
1154: * If you override this method, then you should make a call to
1155: * <code>super.checkAccept</code>
1156: * at the point the overridden method would normally throw an
1157: * exception.
1158: *
1159: * @param host the host name of the socket connection.
1160: * @param port the port number of the socket connection.
1161: * @exception SecurityException if the calling thread does not have
1162: * permission to accept the connection.
1163: * @exception NullPointerException if the <code>host</code> argument is
1164: * <code>null</code>.
1165: * @see java.net.ServerSocket#accept()
1166: * @see #checkPermission(java.security.Permission) checkPermission
1167: */
1168: public void checkAccept(String host, int port) {
1169: if (host == null) {
1170: throw new NullPointerException("host can't be null");
1171: }
1172: if (!host.startsWith("[") && host.indexOf(':') != -1) {
1173: host = "[" + host + "]";
1174: }
1175: checkPermission(new SocketPermission(host + ":" + port,
1176: SecurityConstants.SOCKET_ACCEPT_ACTION));
1177: }
1178:
1179: /**
1180: * Throws a <code>SecurityException</code> if the
1181: * calling thread is not allowed to use
1182: * (join/leave/send/receive) IP multicast.
1183: * <p>
1184: * This method calls <code>checkPermission</code> with the
1185: * <code>java.net.SocketPermission(maddr.getHostAddress(),
1186: * "accept,connect")</code> permission.
1187: * <p>
1188: * If you override this method, then you should make a call to
1189: * <code>super.checkMulticast</code>
1190: * at the point the overridden method would normally throw an
1191: * exception.
1192: *
1193: * @param maddr Internet group address to be used.
1194: * @exception SecurityException if the calling thread is not allowed to
1195: * use (join/leave/send/receive) IP multicast.
1196: * @exception NullPointerException if the address argument is
1197: * <code>null</code>.
1198: * @since JDK1.1
1199: * @see #checkPermission(java.security.Permission) checkPermission
1200: */
1201: public void checkMulticast(InetAddress maddr) {
1202: String host = maddr.getHostAddress();
1203: if (!host.startsWith("[") && host.indexOf(':') != -1) {
1204: host = "[" + host + "]";
1205: }
1206: checkPermission(new SocketPermission(host,
1207: SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1208: }
1209:
1210: /**
1211: * Throws a <code>SecurityException</code> if the
1212: * calling thread is not allowed to use
1213: * (join/leave/send/receive) IP multicast.
1214: * <p>
1215: * This method calls <code>checkPermission</code> with the
1216: * <code>java.net.SocketPermission(maddr.getHostAddress(),
1217: * "accept,connect")</code> permission.
1218: * <p>
1219: * If you override this method, then you should make a call to
1220: * <code>super.checkMulticast</code>
1221: * at the point the overridden method would normally throw an
1222: * exception.
1223: *
1224: * @param maddr Internet group address to be used.
1225: * @param ttl value in use, if it is multicast send.
1226: * Note: this particular implementation does not use the ttl
1227: * parameter.
1228: * @exception SecurityException if the calling thread is not allowed to
1229: * use (join/leave/send/receive) IP multicast.
1230: * @exception NullPointerException if the address argument is
1231: * <code>null</code>.
1232: * @since JDK1.1
1233: * @deprecated Use #checkPermission(java.security.Permission) instead
1234: * @see #checkPermission(java.security.Permission) checkPermission
1235: */
1236: public void checkMulticast(InetAddress maddr, byte ttl) {
1237: String host = maddr.getHostAddress();
1238: if (!host.startsWith("[") && host.indexOf(':') != -1) {
1239: host = "[" + host + "]";
1240: }
1241: checkPermission(new SocketPermission(host,
1242: SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1243: }
1244:
1245: /**
1246: * Throws a <code>SecurityException</code> if the
1247: * calling thread is not allowed to access or modify the system
1248: * properties.
1249: * <p>
1250: * This method is used by the <code>getProperties</code> and
1251: * <code>setProperties</code> methods of class <code>System</code>.
1252: * <p>
1253: * This method calls <code>checkPermission</code> with the
1254: * <code>PropertyPermission("*", "read,write")</code> permission.
1255: * <p>
1256: * If you override this method, then you should make a call to
1257: * <code>super.checkPropertiesAccess</code>
1258: * at the point the overridden method would normally throw an
1259: * exception.
1260: * <p>
1261: *
1262: * @exception SecurityException if the calling thread does not have
1263: * permission to access or modify the system properties.
1264: * @see java.lang.System#getProperties()
1265: * @see java.lang.System#setProperties(java.util.Properties)
1266: * @see #checkPermission(java.security.Permission) checkPermission
1267: */
1268: public void checkPropertiesAccess() {
1269: checkPermission(new PropertyPermission("*",
1270: SecurityConstants.PROPERTY_RW_ACTION));
1271: }
1272:
1273: /**
1274: * Throws a <code>SecurityException</code> if the
1275: * calling thread is not allowed to access the system property with
1276: * the specified <code>key</code> name.
1277: * <p>
1278: * This method is used by the <code>getProperty</code> method of
1279: * class <code>System</code>.
1280: * <p>
1281: * This method calls <code>checkPermission</code> with the
1282: * <code>PropertyPermission(key, "read")</code> permission.
1283: * <p>
1284: * <p>
1285: * If you override this method, then you should make a call to
1286: * <code>super.checkPropertyAccess</code>
1287: * at the point the overridden method would normally throw an
1288: * exception.
1289: *
1290: * @param key a system property key.
1291: *
1292: * @exception SecurityException if the calling thread does not have
1293: * permission to access the specified system property.
1294: * @exception NullPointerException if the <code>key</code> argument is
1295: * <code>null</code>.
1296: * @exception IllegalArgumentException if <code>key</code> is empty.
1297: *
1298: * @see java.lang.System#getProperty(java.lang.String)
1299: * @see #checkPermission(java.security.Permission) checkPermission
1300: */
1301: public void checkPropertyAccess(String key) {
1302: checkPermission(new PropertyPermission(key,
1303: SecurityConstants.PROPERTY_READ_ACTION));
1304: }
1305:
1306: /**
1307: * Returns <code>false</code> if the calling
1308: * thread is not trusted to bring up the top-level window indicated
1309: * by the <code>window</code> argument, or the AWT package is not
1310: * available.
1311: * In this case, the caller can
1312: * still decide to show the window, but the window should include
1313: * some sort of visual warning. If the method returns
1314: * <code>true</code>, then the window can be shown without any
1315: * special restrictions.
1316: * <p>
1317: * See class <code>Window</code> for more information on trusted and
1318: * untrusted windows.
1319: * <p>
1320: * This method calls
1321: * <code>checkPermission</code> with the
1322: * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1323: * and returns <code>true</code> if a SecurityException is not thrown,
1324: * otherwise it returns <code>false</code>.
1325: * <p>
1326: * If you override this method, then you should make a call to
1327: * <code>super.checkTopLevelWindow</code>
1328: * at the point the overridden method would normally return
1329: * <code>false</code>, and the value of
1330: * <code>super.checkTopLevelWindow</code> should
1331: * be returned.
1332: *
1333: * @param window the new window that is being created.
1334: * @return <code>true</code> if the calling thread is trusted to put up
1335: * top-level windows; <code>false</code> otherwise.
1336: * @exception NullPointerException if the <code>window</code> argument is
1337: * <code>null</code>.
1338: * @see java.awt.Window
1339: * @see #checkPermission(java.security.Permission) checkPermission
1340: */
1341: public boolean checkTopLevelWindow(Object window) {
1342: if (window == null) {
1343: throw new NullPointerException("window can't be null");
1344: }
1345:
1346: if (topLevelWindowPermission == null) {
1347: if (AWTPermissionCtor == null) {
1348: try {
1349: AWTPermissionCtor = Class.forName(
1350: "java.awt.AWTPermission").getConstructor(
1351: new Class[] { String.class });
1352: } catch (ClassNotFoundException ce) {
1353: // No AWT, so what are you playing with windows for?
1354: return false;
1355: } catch (NoSuchMethodException ne) {
1356: // Hunh? This "should never happen".
1357: return false;
1358: }
1359: }
1360:
1361: try {
1362: topLevelWindowPermission = (BasicPermission) AWTPermissionCtor
1363: .newInstance(new Object[] { "showWindowWithoutWarningBanner" });
1364: } catch (InstantiationException ie) {
1365: // Hunh? This "should never happen".
1366: return false;
1367: } catch (IllegalAccessException ie) {
1368: // Hunh? This "should never happen".
1369: return false;
1370: } catch (InvocationTargetException ie) {
1371: // Hunh? This "should never happen".
1372: return false;
1373: }
1374: }
1375:
1376: try {
1377: if (SecurityConstants.getTopLevelWindowPermission() == null)
1378: return false;
1379:
1380: checkPermission(SecurityConstants
1381: .getTopLevelWindowPermission());
1382: return true;
1383: } catch (SecurityException se) {
1384: // just fall through to...
1385: }
1386:
1387: return false;
1388: }
1389:
1390: /**
1391: * Throws a <code>SecurityException</code> if the
1392: * calling thread is not allowed to initiate a print job request.
1393: * <p>
1394: * This method calls
1395: * <code>checkPermission</code> with the
1396: * <code>RuntimePermission("queuePrintJob")</code> permission.
1397: * <p>
1398: * If you override this method, then you should make a call to
1399: * <code>super.checkPrintJobAccess</code>
1400: * at the point the overridden method would normally throw an
1401: * exception.
1402: * <p>
1403: *
1404: * @exception SecurityException if the calling thread does not have
1405: * permission to initiate a print job request.
1406: * @since JDK1.1
1407: * @see #checkPermission(java.security.Permission) checkPermission
1408: */
1409: public void checkPrintJobAccess() {
1410: checkPermission(new RuntimePermission("queuePrintJob"));
1411: }
1412:
1413: /**
1414: * Throws a <code>SecurityException</code> if the
1415: * calling thread is not allowed to access the system clipboard, or
1416: * the AWT package is not available.
1417: * <p>
1418: * This method calls <code>checkPermission</code> with the
1419: * <code>AWTPermission("accessClipboard")</code>
1420: * permission.
1421: * <p>
1422: * If you override this method, then you should make a call to
1423: * <code>super.checkSystemClipboardAccess</code>
1424: * at the point the overridden method would normally throw an
1425: * exception.
1426: *
1427: * @since JDK1.1
1428: * @exception SecurityException if the calling thread does not have
1429: * permission to access the system clipboard.
1430: * @see #checkPermission(java.security.Permission) checkPermission
1431: */
1432: public void checkSystemClipboardAccess() {
1433: if (SecurityConstants.getAccessClipboardPermission() == null) {
1434: throw new SecurityException("AWT package not available");
1435: }
1436: checkPermission(SecurityConstants
1437: .getAccessClipboardPermission());
1438: }
1439:
1440: /**
1441: * Throws a <code>SecurityException</code> if the
1442: * calling thread is not allowed to access the AWT event queue, or
1443: * the AWT package is not available.
1444: * <p>
1445: * This method calls <code>checkPermission</code> with the
1446: * <code>AWTPermission("accessEventQueue")</code> permission.
1447: * <p>
1448: * If you override this method, then you should make a call to
1449: * <code>super.checkAwtEventQueueAccess</code>
1450: * at the point the overridden method would normally throw an
1451: * exception.
1452: *
1453: * @since JDK1.1
1454: * @exception SecurityException if the calling thread does not have
1455: * permission to access the AWT event queue.
1456: * @see #checkPermission(java.security.Permission) checkPermission
1457: */
1458: public void checkAwtEventQueueAccess() {
1459: if (SecurityConstants.getCheckAwtEventQueuePermission() == null) {
1460: throw new SecurityException("AWT package not available");
1461: }
1462: checkPermission(SecurityConstants
1463: .getCheckAwtEventQueuePermission());
1464: }
1465:
1466: /*
1467: * We have an initial invalid bit (initially false) for the class
1468: * variables which tell if the cache is valid. If the underlying
1469: * java.security.Security property changes via setProperty(), the
1470: * Security class uses reflection to change the variable and thus
1471: * invalidate the cache.
1472: *
1473: * Locking is handled by synchronization to the
1474: * packageAccess/packageDefinition variables. They are only
1475: * used in this class.
1476: */
1477: private static boolean packageAccessValid = false;
1478: private static String[] packageAccess = new String[0];
1479:
1480: private static boolean packageDefinitionValid = false;
1481: private static String[] packageDefinition = new String[0];
1482:
1483: private static String[] getPackages(String p) {
1484: String packages[] = null;
1485: if (p != null && !p.equals("")) {
1486: java.util.StringTokenizer tok = new java.util.StringTokenizer(
1487: p, ",");
1488: int n = tok.countTokens();
1489: if (n > 0) {
1490: packages = new String[n];
1491: int i = 0;
1492: while (tok.hasMoreElements()) {
1493: String s = tok.nextToken().trim();
1494: packages[i++] = s;
1495: }
1496: }
1497: }
1498:
1499: if (packages == null)
1500: packages = new String[0];
1501: return packages;
1502: }
1503:
1504: /**
1505: * Throws a <code>SecurityException</code> if the
1506: * calling thread is not allowed to access the package specified by
1507: * the argument.
1508: * <p>
1509: * This method is used by the <code>loadClass</code> method of class
1510: * loaders.
1511: * <p>
1512: * This method first gets a list of
1513: * restricted packages by obtaining a comma-separated list from
1514: * a call to
1515: * <code>java.security.Security.getProperty("package.access")</code>,
1516: * and checks to see if <code>pkg</code> starts with or equals
1517: * any of the restricted packages. If it does, then
1518: * <code>checkPermission</code> gets called with the
1519: * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1520: * permission.
1521: * <p>
1522: * If this method is overridden, then
1523: * <code>super.checkPackageAccess</code> should be called
1524: * as the first line in the overridden method.
1525: *
1526: * @param pkg the package name.
1527: * @exception SecurityException if the calling thread does not have
1528: * permission to access the specified package.
1529: * @exception NullPointerException if the package name argument is
1530: * <code>null</code>.
1531: * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1532: * loadClass
1533: * @see java.security.Security#getProperty getProperty
1534: * @see #checkPermission(java.security.Permission) checkPermission
1535: */
1536: public void checkPackageAccess(String pkg) {
1537: if (pkg == null) {
1538: throw new NullPointerException("package name can't be null");
1539: }
1540:
1541: synchronized (packageAccess) {
1542: /*
1543: * Do we need to update our property array?
1544: */
1545: if (!packageAccessValid) {
1546: String tmpPropertyStr = (String) AccessController
1547: .doPrivileged(new PrivilegedAction() {
1548: public Object run() {
1549: return java.security.Security
1550: .getProperty("package.access");
1551: }
1552: });
1553: packageAccess = getPackages(tmpPropertyStr);
1554: packageAccessValid = true;
1555: }
1556:
1557: /*
1558: * Traverse the list of packages, check for any matches.
1559: */
1560: for (int i = 0; i < packageAccess.length; i++) {
1561: if (pkg.startsWith(packageAccess[i])
1562: || packageAccess[i].equals(pkg + ".")) {
1563: checkPermission(new RuntimePermission(
1564: "accessClassInPackage." + pkg));
1565: }
1566: }
1567: } /* synchronized */
1568: }
1569:
1570: /**
1571: * Throws a <code>SecurityException</code> if the
1572: * calling thread is not allowed to define classes in the package
1573: * specified by the argument.
1574: * <p>
1575: * This method is used by the <code>loadClass</code> method of some
1576: * class loaders.
1577: * <p>
1578: * This method first gets a list of restricted packages by
1579: * obtaining a comma-separated list from a call to
1580: * <code>java.security.Security.getProperty("package.definition")</code>,
1581: * and checks to see if <code>pkg</code> starts with or equals
1582: * any of the restricted packages. If it does, then
1583: * <code>checkPermission</code> gets called with the
1584: * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1585: * permission.
1586: * <p>
1587: * If this method is overridden, then
1588: * <code>super.checkPackageDefinition</code> should be called
1589: * as the first line in the overridden method.
1590: *
1591: * @param pkg the package name.
1592: * @exception SecurityException if the calling thread does not have
1593: * permission to define classes in the specified package.
1594: * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1595: * @see java.security.Security#getProperty getProperty
1596: * @see #checkPermission(java.security.Permission) checkPermission
1597: */
1598: public void checkPackageDefinition(String pkg) {
1599: if (pkg == null) {
1600: throw new NullPointerException("package name can't be null");
1601: }
1602:
1603: synchronized (packageDefinition) {
1604: /*
1605: * Do we need to update our property array?
1606: */
1607: if (!packageDefinitionValid) {
1608: String tmpPropertyStr = (String) AccessController
1609: .doPrivileged(new PrivilegedAction() {
1610: public Object run() {
1611: return java.security.Security
1612: .getProperty("package.definition");
1613: }
1614: });
1615: packageDefinition = getPackages(tmpPropertyStr);
1616: packageDefinitionValid = true;
1617: }
1618:
1619: /*
1620: * Traverse the list of packages, check for any matches.
1621: */
1622: for (int i = 0; i < packageDefinition.length; i++) {
1623: if (pkg.startsWith(packageDefinition[i])
1624: || packageDefinition[i].equals(pkg + ".")) {
1625: checkPermission(new RuntimePermission(
1626: "defineClassInPackage." + pkg));
1627: }
1628: }
1629: } /* synchronized */
1630: }
1631:
1632: /**
1633: * Throws a <code>SecurityException</code> if the
1634: * calling thread is not allowed to set the socket factory used by
1635: * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1636: * handler factory used by <code>URL</code>.
1637: * NOTE: <B>java.net.ServerSocket</B> is found in J2ME CDC profiles such as
1638: * J2ME Foundation Profile.
1639: * <p>
1640: * This method calls <code>checkPermission</code> with the
1641: * <code>RuntimePermission("setFactory")</code> permission.
1642: * <p>
1643: * If you override this method, then you should make a call to
1644: * <code>super.checkSetFactory</code>
1645: * at the point the overridden method would normally throw an
1646: * exception.
1647: * <p>
1648: *
1649: * @exception SecurityException if the calling thread does not have
1650: * permission to specify a socket factory or a stream
1651: * handler factory.
1652: *
1653: * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1654: * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1655: * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1656: * @see #checkPermission(java.security.Permission) checkPermission
1657: */
1658: public void checkSetFactory() {
1659: checkPermission(new RuntimePermission("setFactory"));
1660: }
1661:
1662: /**
1663: * Throws a <code>SecurityException</code> if the
1664: * calling thread is not allowed to access members.
1665: * <p>
1666: * The default policy is to allow access to PUBLIC members, as well
1667: * as access to classes that have the same class loader as the caller.
1668: * In all other cases, this method calls <code>checkPermission</code>
1669: * with the <code>RuntimePermission("accessDeclaredMembers")
1670: * </code> permission.
1671: * <p>
1672: * If this method is overridden, then a call to
1673: * <code>super.checkMemberAccess</code> cannot be made,
1674: * as the default implementation of <code>checkMemberAccess</code>
1675: * relies on the code being checked being at a stack depth of
1676: * 4.
1677: *
1678: * @param clazz the class that reflection is to be performed on.
1679: *
1680: * @param which type of access, PUBLIC or DECLARED.
1681: *
1682: * @exception SecurityException if the caller does not have
1683: * permission to access members.
1684: * @exception NullPointerException if the <code>clazz</code> argument is
1685: * <code>null</code>.
1686: * @see java.lang.reflect.Member
1687: * @since JDK1.1
1688: * @see #checkPermission(java.security.Permission) checkPermission
1689: */
1690: public void checkMemberAccess(Class clazz, int which) {
1691: if (clazz == null) {
1692: throw new NullPointerException("class can't be null");
1693: }
1694: if (which != Member.PUBLIC) {
1695: Class stack[] = getClassContext();
1696: /*
1697: * stack depth of 4 should be the caller of one of the
1698: * methods in java.lang.Class that invoke checkMember
1699: * access. The stack should look like:
1700: *
1701: * someCaller [3]
1702: * java.lang.Class.someReflectionAPI [2]
1703: * java.lang.Class.checkMemeberAccess [1]
1704: * SecurityManager.checkMemeberAccess [0]
1705: *
1706: */
1707: if ((stack.length < 4)
1708: || (stack[3].getClassLoader() != clazz
1709: .getClassLoader())) {
1710: checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1711: }
1712: }
1713: }
1714:
1715: /**
1716: * Determines whether the permission with the specified permission target
1717: * name should be granted or denied.
1718: *
1719: * <p> If the requested permission is allowed, this method returns
1720: * quietly. If denied, a SecurityException is raised.
1721: *
1722: * <p> This method creates a <code>SecurityPermission</code> object for
1723: * the given permission target name and calls <code>checkPermission</code>
1724: * with it.
1725: *
1726: * <p> See the documentation for
1727: * <code>{@link java.security.SecurityPermission}</code> for
1728: * a list of possible permission target names.
1729: *
1730: * <p> If you override this method, then you should make a call to
1731: * <code>super.checkSecurityAccess</code>
1732: * at the point the overridden method would normally throw an
1733: * exception.
1734: *
1735: * @param target the target name of the <code>SecurityPermission</code>.
1736: *
1737: * @exception SecurityException if the calling thread does not have
1738: * permission for the requested access.
1739: * @exception NullPointerException if <code>target</code> is null.
1740: * @exception IllegalArgumentException if <code>target</code> is empty.
1741: *
1742: * @since JDK1.1
1743: * @see #checkPermission(java.security.Permission) checkPermission
1744: */
1745: public void checkSecurityAccess(String target) {
1746: checkPermission(new SecurityPermission(target));
1747: }
1748:
1749: /* Deprecated
1750: private native Class currentLoadedClass0();
1751: */
1752:
1753: /**
1754: * Returns the thread group into which to instantiate any new
1755: * thread being created at the time this is being called.
1756: * By default, it returns the thread group of the current
1757: * thread. This should be overridden by a specific security
1758: * manager to return the appropriate thread group.
1759: *
1760: * @return ThreadGroup that new threads are instantiated into
1761: * @since JDK1.1
1762: * @see java.lang.ThreadGroup
1763: */
1764: public ThreadGroup getThreadGroup() {
1765: return Thread.currentThread().getThreadGroup();
1766: }
1767:
1768: }
|