GNU Classpath (0.20) | |
Frames | No Frames |
1: /* SecurityManager.java -- security checks for privileged actions 2: Copyright (C) 1998, 1999, 2001, 2002, 2005 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package java.lang; 40: 41: import gnu.classpath.VMStackWalker; 42: 43: import java.awt.AWTPermission; 44: import java.io.File; 45: import java.io.FileDescriptor; 46: import java.io.FileInputStream; 47: import java.io.FileOutputStream; 48: import java.io.FilePermission; 49: import java.io.RandomAccessFile; 50: import java.lang.reflect.Member; 51: import java.net.InetAddress; 52: import java.net.ServerSocket; 53: import java.net.Socket; 54: import java.net.SocketImplFactory; 55: import java.net.SocketPermission; 56: import java.net.URL; 57: import java.net.URLStreamHandlerFactory; 58: import java.security.AccessControlContext; 59: import java.security.AccessControlException; 60: import java.security.AccessController; 61: import java.security.AllPermission; 62: import java.security.BasicPermission; 63: import java.security.Permission; 64: import java.security.Policy; 65: import java.security.PrivilegedAction; 66: import java.security.ProtectionDomain; 67: import java.security.Security; 68: import java.security.SecurityPermission; 69: import java.util.Properties; 70: import java.util.PropertyPermission; 71: import java.util.StringTokenizer; 72: 73: /** 74: * SecurityManager is a class you can extend to create your own Java 75: * security policy. By default, there is no SecurityManager installed in 76: * 1.1, which means that all things are permitted to all people. The security 77: * manager, if set, is consulted before doing anything with potentially 78: * dangerous results, and throws a <code>SecurityException</code> if the 79: * action is forbidden. 80: * 81: * <p>A typical check is as follows, just before the dangerous operation:<br> 82: * <pre> 83: * SecurityManager sm = System.getSecurityManager(); 84: * if (sm != null) 85: * sm.checkABC(<em>argument</em>, ...); 86: * </pre> 87: * Note that this is thread-safe, by caching the security manager in a local 88: * variable rather than risking a NullPointerException if the mangager is 89: * changed between the check for null and before the permission check. 90: * 91: * <p>The special method <code>checkPermission</code> is a catchall, and 92: * the default implementation calls 93: * <code>AccessController.checkPermission</code>. In fact, all the other 94: * methods default to calling checkPermission. 95: * 96: * <p>Sometimes, the security check needs to happen from a different context, 97: * such as when called from a worker thread. In such cases, use 98: * <code>getSecurityContext</code> to take a snapshot that can be passed 99: * to the worker thread:<br> 100: * <pre> 101: * Object context = null; 102: * SecurityManager sm = System.getSecurityManager(); 103: * if (sm != null) 104: * context = sm.getSecurityContext(); // defaults to an AccessControlContext 105: * // now, in worker thread 106: * if (sm != null) 107: * sm.checkPermission(permission, context); 108: * </pre> 109: * 110: * <p>Permissions fall into these categories: File, Socket, Net, Security, 111: * Runtime, Property, AWT, Reflect, and Serializable. Each of these 112: * permissions have a property naming convention, that follows a hierarchical 113: * naming convention, to make it easy to grant or deny several permissions 114: * at once. Some permissions also take a list of permitted actions, such 115: * as "read" or "write", to fine-tune control even more. The permission 116: * <code>java.security.AllPermission</code> grants all permissions. 117: * 118: * <p>The default methods in this class deny all things to all people. You 119: * must explicitly grant permission for anything you want to be legal when 120: * subclassing this class. 121: * 122: * @author John Keiser 123: * @author Eric Blake (ebb9@email.byu.edu) 124: * @see ClassLoader 125: * @see SecurityException 126: * @see #checkTopLevelWindow(Object) 127: * @see System#getSecurityManager() 128: * @see System#setSecurityManager(SecurityManager) 129: * @see AccessController 130: * @see AccessControlContext 131: * @see AccessControlException 132: * @see Permission 133: * @see BasicPermission 134: * @see java.io.FilePermission 135: * @see java.net.SocketPermission 136: * @see java.util.PropertyPermission 137: * @see RuntimePermission 138: * @see java.awt.AWTPermission 139: * @see Policy 140: * @see SecurityPermission 141: * @see ProtectionDomain 142: * @since 1.0 143: * @status still missing 1.4 functionality 144: */ 145: public class SecurityManager 146: { 147: /** 148: * The current security manager. This is located here instead of in 149: * System, to avoid security problems, as well as bootstrap issues. 150: * Make sure to access it in a thread-safe manner; it is package visible 151: * to avoid overhead in java.lang. 152: */ 153: static volatile SecurityManager current; 154: 155: /** 156: * Tells whether or not the SecurityManager is currently performing a 157: * security check. 158: * @deprecated Use {@link #checkPermission(Permission)} instead. 159: */ 160: protected boolean inCheck; 161: 162: /** 163: * Construct a new security manager. There may be a security check, of 164: * <code>RuntimePermission("createSecurityManager")</code>. 165: * 166: * @throws SecurityException if permission is denied 167: */ 168: public SecurityManager() 169: { 170: SecurityManager sm = System.getSecurityManager(); 171: if (sm != null) 172: sm.checkPermission(new RuntimePermission("createSecurityManager")); 173: } 174: 175: /** 176: * Tells whether or not the SecurityManager is currently performing a 177: * security check. 178: * 179: * @return true if the SecurityManager is in a security check 180: * @see #inCheck 181: * @deprecated use {@link #checkPermission(Permission)} instead 182: */ 183: public boolean getInCheck() 184: { 185: return inCheck; 186: } 187: 188: /** 189: * Get a list of all the classes currently executing methods on the Java 190: * stack. getClassContext()[0] is the currently executing method (ie. the 191: * class that CALLED getClassContext, not SecurityManager). 192: * 193: * @return an array of classes on the Java execution stack 194: */ 195: protected Class[] getClassContext() 196: { 197: Class[] stack1 = VMStackWalker.getClassContext(); 198: Class[] stack2 = new Class[stack1.length - 1]; 199: System.arraycopy(stack1, 1, stack2, 0, stack1.length - 1); 200: return stack2; 201: } 202: 203: /** 204: * Find the ClassLoader of the first non-system class on the execution 205: * stack. A non-system class is one whose ClassLoader is not equal to 206: * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This 207: * will return null in three cases: 208: * 209: * <ul> 210: * <li>All methods on the stack are from system classes</li> 211: * <li>All methods on the stack up to the first "privileged" caller, as 212: * created by {@link AccessController#doPrivileged(PrivilegedAction)}, 213: * are from system classes</li> 214: * <li>A check of <code>java.security.AllPermission</code> succeeds.</li> 215: * </ul> 216: * 217: * @return the most recent non-system ClassLoader on the execution stack 218: * @deprecated use {@link #checkPermission(Permission)} instead 219: */ 220: protected ClassLoader currentClassLoader() 221: { 222: Class cl = currentLoadedClass(); 223: return cl != null ? cl.getClassLoader() : null; 224: } 225: 226: /** 227: * Find the first non-system class on the execution stack. A non-system 228: * class is one whose ClassLoader is not equal to 229: * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This 230: * will return null in three cases: 231: * 232: * <ul> 233: * <li>All methods on the stack are from system classes</li> 234: * <li>All methods on the stack up to the first "privileged" caller, as 235: * created by {@link AccessController#doPrivileged(PrivilegedAction)}, 236: * are from system classes</li> 237: * <li>A check of <code>java.security.AllPermission</code> succeeds.</li> 238: * </ul> 239: * 240: * @return the most recent non-system Class on the execution stack 241: * @deprecated use {@link #checkPermission(Permission)} instead 242: */ 243: protected Class currentLoadedClass() 244: { 245: int i = classLoaderDepth(); 246: return i >= 0 ? getClassContext()[i] : null; 247: } 248: 249: /** 250: * Get the depth of a particular class on the execution stack. 251: * 252: * @param className the fully-qualified name to search for 253: * @return the index of the class on the stack, or -1 254: * @deprecated use {@link #checkPermission(Permission)} instead 255: */ 256: protected int classDepth(String className) 257: { 258: Class[] c = getClassContext(); 259: for (int i = 0; i < c.length; i++) 260: if (className.equals(c[i].getName())) 261: return i; 262: return -1; 263: } 264: 265: /** 266: * Get the depth on the execution stack of the most recent non-system class. 267: * A non-system class is one whose ClassLoader is not equal to 268: * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This 269: * will return -1 in three cases: 270: * 271: * <ul> 272: * <li>All methods on the stack are from system classes</li> 273: * <li>All methods on the stack up to the first "privileged" caller, as 274: * created by {@link AccessController#doPrivileged(PrivilegedAction)}, 275: * are from system classes</li> 276: * <li>A check of <code>java.security.AllPermission</code> succeeds.</li> 277: * </ul> 278: * 279: * @return the index of the most recent non-system Class on the stack 280: * @deprecated use {@link #checkPermission(Permission)} instead 281: */ 282: protected int classLoaderDepth() 283: { 284: try 285: { 286: checkPermission(new AllPermission()); 287: } 288: catch (SecurityException e) 289: { 290: Class[] c = getClassContext(); 291: for (int i = 0; i < c.length; i++) 292: if (c[i].getClassLoader() != null) 293: // XXX Check if c[i] is AccessController, or a system class. 294: return i; 295: } 296: return -1; 297: } 298: 299: /** 300: * Tell whether the specified class is on the execution stack. 301: * 302: * @param className the fully-qualified name of the class to find 303: * @return whether the specified class is on the execution stack 304: * @deprecated use {@link #checkPermission(Permission)} instead 305: */ 306: protected boolean inClass(String className) 307: { 308: return classDepth(className) != -1; 309: } 310: 311: /** 312: * Tell whether there is a class loaded with an explicit ClassLoader on 313: * the stack. 314: * 315: * @return whether a class with an explicit ClassLoader is on the stack 316: * @deprecated use {@link #checkPermission(Permission)} instead 317: */ 318: protected boolean inClassLoader() 319: { 320: return classLoaderDepth() != -1; 321: } 322: 323: /** 324: * Get an implementation-dependent Object that contains enough information 325: * about the current environment to be able to perform standard security 326: * checks later. This is used by trusted methods that need to verify that 327: * their callers have sufficient access to perform certain operations. 328: * 329: * <p>Currently the only methods that use this are checkRead() and 330: * checkConnect(). The default implementation returns an 331: * <code>AccessControlContext</code>. 332: * 333: * @return a security context 334: * @see #checkConnect(String, int, Object) 335: * @see #checkRead(String, Object) 336: * @see AccessControlContext 337: * @see AccessController#getContext() 338: */ 339: public Object getSecurityContext() 340: { 341: return AccessController.getContext(); 342: } 343: 344: /** 345: * Check if the current thread is allowed to perform an operation that 346: * requires the specified <code>Permission</code>. This defaults to 347: * <code>AccessController.checkPermission</code>. 348: * 349: * @param perm the <code>Permission</code> required 350: * @throws SecurityException if permission is denied 351: * @throws NullPointerException if perm is null 352: * @since 1.2 353: */ 354: public void checkPermission(Permission perm) 355: { 356: AccessController.checkPermission(perm); 357: } 358: 359: /** 360: * Check if the current thread is allowed to perform an operation that 361: * requires the specified <code>Permission</code>. This is done in a 362: * context previously returned by <code>getSecurityContext()</code>. The 363: * default implementation expects context to be an AccessControlContext, 364: * and it calls <code>AccessControlContext.checkPermission(perm)</code>. 365: * 366: * @param perm the <code>Permission</code> required 367: * @param context a security context 368: * @throws SecurityException if permission is denied, or if context is 369: * not an AccessControlContext 370: * @throws NullPointerException if perm is null 371: * @see #getSecurityContext() 372: * @see AccessControlContext#checkPermission(Permission) 373: * @since 1.2 374: */ 375: public void checkPermission(Permission perm, Object context) 376: { 377: if (! (context instanceof AccessControlContext)) 378: throw new SecurityException("Missing context"); 379: ((AccessControlContext) context).checkPermission(perm); 380: } 381: 382: /** 383: * Check if the current thread is allowed to create a ClassLoader. This 384: * method is called from ClassLoader.ClassLoader(), and checks 385: * <code>RuntimePermission("createClassLoader")</code>. If you override 386: * this, you should call <code>super.checkCreateClassLoader()</code> rather 387: * than throwing an exception. 388: * 389: * @throws SecurityException if permission is denied 390: * @see ClassLoader#ClassLoader() 391: */ 392: public void checkCreateClassLoader() 393: { 394: checkPermission(new RuntimePermission("createClassLoader")); 395: } 396: 397: /** 398: * Check if the current thread is allowed to modify another Thread. This is 399: * called by Thread.stop(), suspend(), resume(), interrupt(), destroy(), 400: * setPriority(), setName(), and setDaemon(). The default implementation 401: * checks <code>RuntimePermission("modifyThread")</code> on system threads 402: * (ie. threads in ThreadGroup with a null parent), and returns silently on 403: * other threads. 404: * 405: * <p>If you override this, you must do two things. First, call 406: * <code>super.checkAccess(t)</code>, to make sure you are not relaxing 407: * requirements. Second, if the calling thread has 408: * <code>RuntimePermission("modifyThread")</code>, return silently, so that 409: * core classes (the Classpath library!) can modify any thread. 410: * 411: * @param thread the other Thread to check 412: * @throws SecurityException if permission is denied 413: * @throws NullPointerException if thread is null 414: * @see Thread#stop() 415: * @see Thread#suspend() 416: * @see Thread#resume() 417: * @see Thread#setPriority(int) 418: * @see Thread#setName(String) 419: * @see Thread#setDaemon(boolean) 420: */ 421: public void checkAccess(Thread thread) 422: { 423: if (thread.getThreadGroup() != null 424: && thread.getThreadGroup().getParent() == null) 425: checkPermission(new RuntimePermission("modifyThread")); 426: } 427: 428: /** 429: * Check if the current thread is allowed to modify a ThreadGroup. This is 430: * called by Thread.Thread() (to add a thread to the ThreadGroup), 431: * ThreadGroup.ThreadGroup() (to add this ThreadGroup to a parent), 432: * ThreadGroup.stop(), suspend(), resume(), interrupt(), destroy(), 433: * setDaemon(), and setMaxPriority(). The default implementation 434: * checks <code>RuntimePermission("modifyThread")</code> on the system group 435: * (ie. the one with a null parent), and returns silently on other groups. 436: * 437: * <p>If you override this, you must do two things. First, call 438: * <code>super.checkAccess(t)</code>, to make sure you are not relaxing 439: * requirements. Second, if the calling thread has 440: * <code>RuntimePermission("modifyThreadGroup")</code>, return silently, 441: * so that core classes (the Classpath library!) can modify any thread. 442: * 443: * @param g the ThreadGroup to check 444: * @throws SecurityException if permission is denied 445: * @throws NullPointerException if g is null 446: * @see Thread#Thread() 447: * @see ThreadGroup#ThreadGroup(String) 448: * @see ThreadGroup#stop() 449: * @see ThreadGroup#suspend() 450: * @see ThreadGroup#resume() 451: * @see ThreadGroup#interrupt() 452: * @see ThreadGroup#setDaemon(boolean) 453: * @see ThreadGroup#setMaxPriority(int) 454: */ 455: public void checkAccess(ThreadGroup g) 456: { 457: if (g.getParent() == null) 458: checkPermission(new RuntimePermission("modifyThreadGroup")); 459: } 460: 461: /** 462: * Check if the current thread is allowed to exit the JVM with the given 463: * status. This method is called from Runtime.exit() and Runtime.halt(). 464: * The default implementation checks 465: * <code>RuntimePermission("exitVM")</code>. If you override this, call 466: * <code>super.checkExit</code> rather than throwing an exception. 467: * 468: * @param status the status to exit with 469: * @throws SecurityException if permission is denied 470: * @see Runtime#exit(int) 471: * @see Runtime#halt(int) 472: */ 473: public void checkExit(int status) 474: { 475: checkPermission(new RuntimePermission("exitVM")); 476: } 477: 478: /** 479: * Check if the current thread is allowed to execute the given program. This 480: * method is called from Runtime.exec(). If the name is an absolute path, 481: * the default implementation checks 482: * <code>FilePermission(program, "execute")</code>, otherwise it checks 483: * <code>FilePermission("<<ALL FILES>>", "execute")</code>. If 484: * you override this, call <code>super.checkExec</code> rather than 485: * throwing an exception. 486: * 487: * @param program the name of the program to exec 488: * @throws SecurityException if permission is denied 489: * @throws NullPointerException if program is null 490: * @see Runtime#exec(String[], String[], File) 491: */ 492: public void checkExec(String program) 493: { 494: if (! program.equals(new File(program).getAbsolutePath())) 495: program = "<<ALL FILES>>"; 496: checkPermission(new FilePermission(program, "execute")); 497: } 498: 499: /** 500: * Check if the current thread is allowed to link in the given native 501: * library. This method is called from Runtime.load() (and hence, by 502: * loadLibrary() as well). The default implementation checks 503: * <code>RuntimePermission("loadLibrary." + filename)</code>. If you 504: * override this, call <code>super.checkLink</code> rather than throwing 505: * an exception. 506: * 507: * @param filename the full name of the library to load 508: * @throws SecurityException if permission is denied 509: * @throws NullPointerException if filename is null 510: * @see Runtime#load(String) 511: */ 512: public void checkLink(String filename) 513: { 514: // Use the toString() hack to do the null check. 515: checkPermission(new RuntimePermission("loadLibrary." 516: + filename.toString())); 517: } 518: 519: /** 520: * Check if the current thread is allowed to read the given file using the 521: * FileDescriptor. This method is called from 522: * FileInputStream.FileInputStream(). The default implementation checks 523: * <code>RuntimePermission("readFileDescriptor")</code>. If you override 524: * this, call <code>super.checkRead</code> rather than throwing an 525: * exception. 526: * 527: * @param desc the FileDescriptor representing the file to access 528: * @throws SecurityException if permission is denied 529: * @throws NullPointerException if desc is null 530: * @see FileInputStream#FileInputStream(FileDescriptor) 531: */ 532: public void checkRead(FileDescriptor desc) 533: { 534: if (desc == null) 535: throw new NullPointerException(); 536: checkPermission(new RuntimePermission("readFileDescriptor")); 537: } 538: 539: /** 540: * Check if the current thread is allowed to read the given file. This 541: * method is called from FileInputStream.FileInputStream(), 542: * RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(), 543: * isDirectory(), lastModified(), length() and list(). The default 544: * implementation checks <code>FilePermission(filename, "read")</code>. If 545: * you override this, call <code>super.checkRead</code> rather than 546: * throwing an exception. 547: * 548: * @param filename the full name of the file to access 549: * @throws SecurityException if permission is denied 550: * @throws NullPointerException if filename is null 551: * @see File 552: * @see FileInputStream#FileInputStream(String) 553: * @see RandomAccessFile#RandomAccessFile(String, String) 554: */ 555: public void checkRead(String filename) 556: { 557: checkPermission(new FilePermission(filename, "read")); 558: } 559: 560: /** 561: * Check if the current thread is allowed to read the given file. using the 562: * given security context. The context must be a result of a previous call 563: * to <code>getSecurityContext()</code>. The default implementation checks 564: * <code>AccessControlContext.checkPermission(new FilePermission(filename, 565: * "read"))</code>. If you override this, call <code>super.checkRead</code> 566: * rather than throwing an exception. 567: * 568: * @param filename the full name of the file to access 569: * @param context the context to determine access for 570: * @throws SecurityException if permission is denied, or if context is 571: * not an AccessControlContext 572: * @throws NullPointerException if filename is null 573: * @see #getSecurityContext() 574: * @see AccessControlContext#checkPermission(Permission) 575: */ 576: public void checkRead(String filename, Object context) 577: { 578: if (! (context instanceof AccessControlContext)) 579: throw new SecurityException("Missing context"); 580: AccessControlContext ac = (AccessControlContext) context; 581: ac.checkPermission(new FilePermission(filename, "read")); 582: } 583: 584: /** 585: * Check if the current thread is allowed to write the given file using the 586: * FileDescriptor. This method is called from 587: * FileOutputStream.FileOutputStream(). The default implementation checks 588: * <code>RuntimePermission("writeFileDescriptor")</code>. If you override 589: * this, call <code>super.checkWrite</code> rather than throwing an 590: * exception. 591: * 592: * @param desc the FileDescriptor representing the file to access 593: * @throws SecurityException if permission is denied 594: * @throws NullPointerException if desc is null 595: * @see FileOutputStream#FileOutputStream(FileDescriptor) 596: */ 597: public void checkWrite(FileDescriptor desc) 598: { 599: if (desc == null) 600: throw new NullPointerException(); 601: checkPermission(new RuntimePermission("writeFileDescriptor")); 602: } 603: 604: /** 605: * Check if the current thread is allowed to write the given file. This 606: * method is called from FileOutputStream.FileOutputStream(), 607: * RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and 608: * renameTo(). The default implementation checks 609: * <code>FilePermission(filename, "write")</code>. If you override this, 610: * call <code>super.checkWrite</code> rather than throwing an exception. 611: * 612: * @param filename the full name of the file to access 613: * @throws SecurityException if permission is denied 614: * @throws NullPointerException if filename is null 615: * @see File 616: * @see File#canWrite() 617: * @see File#mkdir() 618: * @see File#renameTo(File) 619: * @see FileOutputStream#FileOutputStream(String) 620: * @see RandomAccessFile#RandomAccessFile(String, String) 621: */ 622: public void checkWrite(String filename) 623: { 624: checkPermission(new FilePermission(filename, "write")); 625: } 626: 627: /** 628: * Check if the current thread is allowed to delete the given file. This 629: * method is called from File.delete(). The default implementation checks 630: * <code>FilePermission(filename, "delete")</code>. If you override this, 631: * call <code>super.checkDelete</code> rather than throwing an exception. 632: * 633: * @param filename the full name of the file to delete 634: * @throws SecurityException if permission is denied 635: * @throws NullPointerException if filename is null 636: * @see File#delete() 637: */ 638: public void checkDelete(String filename) 639: { 640: checkPermission(new FilePermission(filename, "delete")); 641: } 642: 643: /** 644: * Check if the current thread is allowed to connect to a given host on a 645: * given port. This method is called from Socket.Socket(). A port number 646: * of -1 indicates the caller is attempting to determine an IP address, so 647: * the default implementation checks 648: * <code>SocketPermission(host, "resolve")</code>. Otherwise, the default 649: * implementation checks 650: * <code>SocketPermission(host + ":" + port, "connect")</code>. If you 651: * override this, call <code>super.checkConnect</code> rather than throwing 652: * an exception. 653: * 654: * @param host the host to connect to 655: * @param port the port to connect on 656: * @throws SecurityException if permission is denied 657: * @throws NullPointerException if host is null 658: * @see Socket#Socket() 659: */ 660: public void checkConnect(String host, int port) 661: { 662: if (port == -1) 663: checkPermission(new SocketPermission(host, "resolve")); 664: else 665: // Use the toString() hack to do the null check. 666: checkPermission(new SocketPermission(host.toString() + ":" + port, 667: "connect")); 668: } 669: 670: /** 671: * Check if the current thread is allowed to connect to a given host on a 672: * given port, using the given security context. The context must be a 673: * result of a previous call to <code>getSecurityContext</code>. A port 674: * number of -1 indicates the caller is attempting to determine an IP 675: * address, so the default implementation checks 676: * <code>AccessControlContext.checkPermission(new SocketPermission(host, 677: * "resolve"))</code>. Otherwise, the default implementation checks 678: * <code>AccessControlContext.checkPermission(new SocketPermission(host 679: * + ":" + port, "connect"))</code>. If you override this, call 680: * <code>super.checkConnect</code> rather than throwing an exception. 681: * 682: * @param host the host to connect to 683: * @param port the port to connect on 684: * @param context the context to determine access for 685: * 686: * @throws SecurityException if permission is denied, or if context is 687: * not an AccessControlContext 688: * @throws NullPointerException if host is null 689: * 690: * @see #getSecurityContext() 691: * @see AccessControlContext#checkPermission(Permission) 692: */ 693: public void checkConnect(String host, int port, Object context) 694: { 695: if (! (context instanceof AccessControlContext)) 696: throw new SecurityException("Missing context"); 697: AccessControlContext ac = (AccessControlContext) context; 698: if (port == -1) 699: ac.checkPermission(new SocketPermission(host, "resolve")); 700: else 701: // Use the toString() hack to do the null check. 702: ac.checkPermission(new SocketPermission(host.toString() + ":" + port, 703: "connect")); 704: } 705: 706: /** 707: * Check if the current thread is allowed to listen to a specific port for 708: * data. This method is called by ServerSocket.ServerSocket(). The default 709: * implementation checks 710: * <code>SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port), 711: * "listen")</code>. If you override this, call 712: * <code>super.checkListen</code> rather than throwing an exception. 713: * 714: * @param port the port to listen on 715: * @throws SecurityException if permission is denied 716: * @see ServerSocket#ServerSocket(int) 717: */ 718: public void checkListen(int port) 719: { 720: checkPermission(new SocketPermission("localhost:" 721: + (port == 0 ? "1024-" : "" +port), 722: "listen")); 723: } 724: 725: /** 726: * Check if the current thread is allowed to accept a connection from a 727: * particular host on a particular port. This method is called by 728: * ServerSocket.implAccept(). The default implementation checks 729: * <code>SocketPermission(host + ":" + port, "accept")</code>. If you 730: * override this, call <code>super.checkAccept</code> rather than throwing 731: * an exception. 732: * 733: * @param host the host which wishes to connect 734: * @param port the port the connection will be on 735: * @throws SecurityException if permission is denied 736: * @throws NullPointerException if host is null 737: * @see ServerSocket#accept() 738: */ 739: public void checkAccept(String host, int port) 740: { 741: // Use the toString() hack to do the null check. 742: checkPermission(new SocketPermission(host.toString() + ":" + port, 743: "accept")); 744: } 745: 746: /** 747: * Check if the current thread is allowed to read and write multicast to 748: * a particular address. The default implementation checks 749: * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>. 750: * If you override this, call <code>super.checkMulticast</code> rather than 751: * throwing an exception. 752: * 753: * @param addr the address to multicast to 754: * @throws SecurityException if permission is denied 755: * @throws NullPointerException if host is null 756: * @since 1.1 757: */ 758: public void checkMulticast(InetAddress addr) 759: { 760: checkPermission(new SocketPermission(addr.getHostAddress(), 761: "accept,connect")); 762: } 763: 764: /** 765: *Check if the current thread is allowed to read and write multicast to 766: * a particular address with a particular ttl (time-to-live) value. The 767: * default implementation ignores ttl, and checks 768: * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>. 769: * If you override this, call <code>super.checkMulticast</code> rather than 770: * throwing an exception. 771: * 772: * @param addr the address to multicast to 773: * @param ttl value in use for multicast send 774: * @throws SecurityException if permission is denied 775: * @throws NullPointerException if host is null 776: * @since 1.1 777: * @deprecated use {@link #checkPermission(Permission)} instead 778: */ 779: public void checkMulticast(InetAddress addr, byte ttl) 780: { 781: checkPermission(new SocketPermission(addr.getHostAddress(), 782: "accept,connect")); 783: } 784: 785: /** 786: * Check if the current thread is allowed to read or write all the system 787: * properties at once. This method is called by System.getProperties() 788: * and setProperties(). The default implementation checks 789: * <code>PropertyPermission("*", "read,write")</code>. If you override 790: * this, call <code>super.checkPropertiesAccess</code> rather than 791: * throwing an exception. 792: * 793: * @throws SecurityException if permission is denied 794: * @see System#getProperties() 795: * @see System#setProperties(Properties) 796: */ 797: public void checkPropertiesAccess() 798: { 799: checkPermission(new PropertyPermission("*", "read,write")); 800: } 801: 802: /** 803: * Check if the current thread is allowed to read a particular system 804: * property (writes are checked directly via checkPermission). This method 805: * is called by System.getProperty() and setProperty(). The default 806: * implementation checks <code>PropertyPermission(key, "read")</code>. If 807: * you override this, call <code>super.checkPropertyAccess</code> rather 808: * than throwing an exception. 809: * 810: * @param key the key of the property to check 811: * 812: * @throws SecurityException if permission is denied 813: * @throws NullPointerException if key is null 814: * @throws IllegalArgumentException if key is "" 815: * 816: * @see System#getProperty(String) 817: */ 818: public void checkPropertyAccess(String key) 819: { 820: checkPermission(new PropertyPermission(key, "read")); 821: } 822: 823: /** 824: * Check if the current thread is allowed to create a top-level window. If 825: * it is not, the operation should still go through, but some sort of 826: * nonremovable warning should be placed on the window to show that it 827: * is untrusted. This method is called by Window.Window(). The default 828: * implementation checks 829: * <code>AWTPermission("showWindowWithoutWarningBanner")</code>, and returns 830: * true if no exception was thrown. If you override this, use 831: * <code>return super.checkTopLevelWindow</code> rather than returning 832: * false. 833: * 834: * @param window the window to create 835: * @return true if there is permission to show the window without warning 836: * @throws NullPointerException if window is null 837: * @see java.awt.Window#Window(java.awt.Frame) 838: */ 839: public boolean checkTopLevelWindow(Object window) 840: { 841: if (window == null) 842: throw new NullPointerException(); 843: try 844: { 845: checkPermission(new AWTPermission("showWindowWithoutWarningBanner")); 846: return true; 847: } 848: catch (SecurityException e) 849: { 850: return false; 851: } 852: } 853: 854: /** 855: * Check if the current thread is allowed to create a print job. This 856: * method is called by Toolkit.getPrintJob(). The default implementation 857: * checks <code>RuntimePermission("queuePrintJob")</code>. If you override 858: * this, call <code>super.checkPrintJobAccess</code> rather than throwing 859: * an exception. 860: * 861: * @throws SecurityException if permission is denied 862: * @see java.awt.Toolkit#getPrintJob(java.awt.Frame, String, Properties) 863: * @since 1.1 864: */ 865: public void checkPrintJobAccess() 866: { 867: checkPermission(new RuntimePermission("queuePrintJob")); 868: } 869: 870: /** 871: * Check if the current thread is allowed to use the system clipboard. This 872: * method is called by Toolkit.getSystemClipboard(). The default 873: * implementation checks <code>AWTPermission("accessClipboard")</code>. If 874: * you override this, call <code>super.checkSystemClipboardAccess</code> 875: * rather than throwing an exception. 876: * 877: * @throws SecurityException if permission is denied 878: * @see java.awt.Toolkit#getSystemClipboard() 879: * @since 1.1 880: */ 881: public void checkSystemClipboardAccess() 882: { 883: checkPermission(new AWTPermission("accessClipboard")); 884: } 885: 886: /** 887: * Check if the current thread is allowed to use the AWT event queue. This 888: * method is called by Toolkit.getSystemEventQueue(). The default 889: * implementation checks <code>AWTPermission("accessEventQueue")</code>. 890: * you override this, call <code>super.checkAwtEventQueueAccess</code> 891: * rather than throwing an exception. 892: * 893: * @throws SecurityException if permission is denied 894: * @see java.awt.Toolkit#getSystemEventQueue() 895: * @since 1.1 896: */ 897: public void checkAwtEventQueueAccess() 898: { 899: checkPermission(new AWTPermission("accessEventQueue")); 900: } 901: 902: /** 903: * Check if the current thread is allowed to access the specified package 904: * at all. This method is called by ClassLoader.loadClass() in user-created 905: * ClassLoaders. The default implementation gets a list of all restricted 906: * packages, via <code>Security.getProperty("package.access")</code>. Then, 907: * if packageName starts with or equals any restricted package, it checks 908: * <code>RuntimePermission("accessClassInPackage." + packageName)</code>. 909: * If you override this, you should call 910: * <code>super.checkPackageAccess</code> before doing anything else. 911: * 912: * @param packageName the package name to check access to 913: * @throws SecurityException if permission is denied 914: * @throws NullPointerException if packageName is null 915: * @see ClassLoader#loadClass(String, boolean) 916: * @see Security#getProperty(String) 917: */ 918: public void checkPackageAccess(String packageName) 919: { 920: checkPackageList(packageName, "package.access", "accessClassInPackage."); 921: } 922: 923: /** 924: * Check if the current thread is allowed to define a class into the 925: * specified package. This method is called by ClassLoader.loadClass() in 926: * user-created ClassLoaders. The default implementation gets a list of all 927: * restricted packages, via 928: * <code>Security.getProperty("package.definition")</code>. Then, if 929: * packageName starts with or equals any restricted package, it checks 930: * <code>RuntimePermission("defineClassInPackage." + packageName)</code>. 931: * If you override this, you should call 932: * <code>super.checkPackageDefinition</code> before doing anything else. 933: * 934: * @param packageName the package name to check access to 935: * @throws SecurityException if permission is denied 936: * @throws NullPointerException if packageName is null 937: * @see ClassLoader#loadClass(String, boolean) 938: * @see Security#getProperty(String) 939: */ 940: public void checkPackageDefinition(String packageName) 941: { 942: checkPackageList(packageName, "package.definition", "defineClassInPackage."); 943: } 944: 945: /** 946: * Check if the current thread is allowed to set the current socket factory. 947: * This method is called by Socket.setSocketImplFactory(), 948: * ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory(). 949: * The default implementation checks 950: * <code>RuntimePermission("setFactory")</code>. If you override this, call 951: * <code>super.checkSetFactory</code> rather than throwing an exception. 952: * 953: * @throws SecurityException if permission is denied 954: * @see Socket#setSocketImplFactory(SocketImplFactory) 955: * @see ServerSocket#setSocketFactory(SocketImplFactory) 956: * @see URL#setURLStreamHandlerFactory(URLStreamHandlerFactory) 957: */ 958: public void checkSetFactory() 959: { 960: checkPermission(new RuntimePermission("setFactory")); 961: } 962: 963: /** 964: * Check if the current thread is allowed to get certain types of Methods, 965: * Fields and Constructors from a Class object. This method is called by 966: * Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s], 967: * Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and 968: * Class.getDeclaredConstructor[s](). The default implementation allows 969: * PUBLIC access, and access to classes defined by the same classloader as 970: * the code performing the reflection. Otherwise, it checks 971: * <code>RuntimePermission("accessDeclaredMembers")</code>. If you override 972: * this, do not call <code>super.checkMemberAccess</code>, as this would 973: * mess up the stack depth check that determines the ClassLoader requesting 974: * the access. 975: * 976: * @param c the Class to check 977: * @param memberType either DECLARED or PUBLIC 978: * @throws SecurityException if permission is denied, including when 979: * memberType is not DECLARED or PUBLIC 980: * @throws NullPointerException if c is null 981: * @see Class 982: * @see Member#DECLARED 983: * @see Member#PUBLIC 984: * @since 1.1 985: */ 986: public void checkMemberAccess(Class c, int memberType) 987: { 988: if (c == null) 989: throw new NullPointerException(); 990: if (memberType == Member.PUBLIC) 991: return; 992: // XXX Allow access to classes created by same classloader before next 993: // check. 994: checkPermission(new RuntimePermission("accessDeclaredMembers")); 995: } 996: 997: /** 998: * Test whether a particular security action may be taken. The default 999: * implementation checks <code>SecurityPermission(action)</code>. If you 1000: * override this, call <code>super.checkSecurityAccess</code> rather than 1001: * throwing an exception. 1002: * 1003: * @param action the desired action to take 1004: * @throws SecurityException if permission is denied 1005: * @throws NullPointerException if action is null 1006: * @throws IllegalArgumentException if action is "" 1007: * @since 1.1 1008: */ 1009: public void checkSecurityAccess(String action) 1010: { 1011: checkPermission(new SecurityPermission(action)); 1012: } 1013: 1014: /** 1015: * Get the ThreadGroup that a new Thread should belong to by default. Called 1016: * by Thread.Thread(). The default implementation returns the current 1017: * ThreadGroup of the current Thread. <STRONG>Spec Note:</STRONG> it is not 1018: * clear whether the new Thread is guaranteed to pass the 1019: * checkAccessThreadGroup() test when using this ThreadGroup, but I presume 1020: * so. 1021: * 1022: * @return the ThreadGroup to put the new Thread into 1023: * @since 1.1 1024: */ 1025: public ThreadGroup getThreadGroup() 1026: { 1027: return Thread.currentThread().getThreadGroup(); 1028: } 1029: 1030: /** 1031: * Helper that checks a comma-separated list of restricted packages, from 1032: * <code>Security.getProperty("package.definition")</code>, for the given 1033: * package access permission. If packageName starts with or equals any 1034: * restricted package, it checks 1035: * <code>RuntimePermission(permission + packageName)</code>. 1036: * 1037: * @param packageName the package name to check access to 1038: * @param restriction "package.access" or "package.definition" 1039: * @param permission the base permission, including the '.' 1040: * @throws SecurityException if permission is denied 1041: * @throws NullPointerException if packageName is null 1042: * @see #checkPackageAccess(String) 1043: * @see #checkPackageDefinition(String) 1044: */ 1045: void checkPackageList(String packageName, final String restriction, 1046: String permission) 1047: { 1048: if (packageName == null) 1049: throw new NullPointerException(); 1050: 1051: String list = (String)AccessController.doPrivileged(new PrivilegedAction() 1052: { 1053: public Object run() 1054: { 1055: return Security.getProperty(restriction); 1056: } 1057: }); 1058: 1059: if (list == null || list.equals("")) 1060: return; 1061: 1062: String packageNamePlusDot = packageName + "."; 1063: 1064: StringTokenizer st = new StringTokenizer(list, ","); 1065: while (st.hasMoreTokens()) 1066: { 1067: if (packageNamePlusDot.startsWith(st.nextToken())) 1068: { 1069: Permission p = new RuntimePermission(permission + packageName); 1070: checkPermission(p); 1071: return; 1072: } 1073: } 1074: } 1075: }
GNU Classpath (0.20) |