PageRenderTime 55ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/projects/jre-1.6.0/src/java/lang/SecurityManager.java

https://gitlab.com/essere.lab.public/qualitas.class-corpus
Java | 1203 lines | 231 code | 43 blank | 929 comment | 60 complexity | 22b64a725fcc0117e5ee3e3bed45ce56 MD5 | raw file
  1. /*
  2. * %W% %E%
  3. *
  4. * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
  5. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  6. */
  7. package java.lang;
  8. import java.security.*;
  9. import java.io.FileDescriptor;
  10. import java.io.File;
  11. import java.io.FilePermission;
  12. import java.awt.AWTPermission;
  13. import java.util.PropertyPermission;
  14. import java.lang.RuntimePermission;
  15. import java.net.SocketPermission;
  16. import java.net.NetPermission;
  17. import java.util.Hashtable;
  18. import java.net.InetAddress;
  19. import java.lang.reflect.Member;
  20. import java.lang.reflect.*;
  21. import java.net.URL;
  22. import sun.security.util.SecurityConstants;
  23. /**
  24. * The security manager is a class that allows
  25. * applications to implement a security policy. It allows an
  26. * application to determine, before performing a possibly unsafe or
  27. * sensitive operation, what the operation is and whether
  28. * it is being attempted in a security context that allows the
  29. * operation to be performed. The
  30. * application can allow or disallow the operation.
  31. * <p>
  32. * The <code>SecurityManager</code> class contains many methods with
  33. * names that begin with the word <code>check</code>. These methods
  34. * are called by various methods in the Java libraries before those
  35. * methods perform certain potentially sensitive operations. The
  36. * invocation of such a <code>check</code> method typically looks like this:
  37. * <p><blockquote><pre>
  38. * SecurityManager security = System.getSecurityManager();
  39. * if (security != null) {
  40. * security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
  41. * }
  42. * </pre></blockquote>
  43. * <p>
  44. * The security manager is thereby given an opportunity to prevent
  45. * completion of the operation by throwing an exception. A security
  46. * manager routine simply returns if the operation is permitted, but
  47. * throws a <code>SecurityException</code> if the operation is not
  48. * permitted. The only exception to this convention is
  49. * <code>checkTopLevelWindow</code>, which returns a
  50. * <code>boolean</code> value.
  51. * <p>
  52. * The current security manager is set by the
  53. * <code>setSecurityManager</code> method in class
  54. * <code>System</code>. The current security manager is obtained
  55. * by the <code>getSecurityManager</code> method.
  56. * <p>
  57. * The special method
  58. * {@link SecurityManager#checkPermission(java.security.Permission)}
  59. * determines whether an access request indicated by a specified
  60. * permission should be granted or denied. The
  61. * default implementation calls
  62. *
  63. * <pre>
  64. * AccessController.checkPermission(perm);
  65. * </pre>
  66. *
  67. * <p>
  68. * If a requested access is allowed,
  69. * <code>checkPermission</code> returns quietly. If denied, a
  70. * <code>SecurityException</code> is thrown.
  71. * <p>
  72. * As of Java 2 SDK v1.2, the default implementation of each of the other
  73. * <code>check</code> methods in <code>SecurityManager</code> is to
  74. * call the <code>SecurityManager checkPermission</code> method
  75. * to determine if the calling thread has permission to perform the requested
  76. * operation.
  77. * <p>
  78. * Note that the <code>checkPermission</code> method with
  79. * just a single permission argument always performs security checks
  80. * within the context of the currently executing thread.
  81. * Sometimes a security check that should be made within a given context
  82. * will actually need to be done from within a
  83. * <i>different</i> context (for example, from within a worker thread).
  84. * The {@link SecurityManager#getSecurityContext getSecurityContext} method
  85. * and the {@link SecurityManager#checkPermission(java.security.Permission,
  86. * java.lang.Object) checkPermission}
  87. * method that includes a context argument are provided
  88. * for this situation. The
  89. * <code>getSecurityContext</code> method returns a "snapshot"
  90. * of the current calling context. (The default implementation
  91. * returns an AccessControlContext object.) A sample call is
  92. * the following:
  93. *
  94. * <pre>
  95. * Object context = null;
  96. * SecurityManager sm = System.getSecurityManager();
  97. * if (sm != null) context = sm.getSecurityContext();
  98. * </pre>
  99. *
  100. * <p>
  101. * The <code>checkPermission</code> method
  102. * that takes a context object in addition to a permission
  103. * makes access decisions based on that context,
  104. * rather than on that of the current execution thread.
  105. * Code within a different context can thus call that method,
  106. * passing the permission and the
  107. * previously-saved context object. A sample call, using the
  108. * SecurityManager <code>sm</code> obtained as in the previous example,
  109. * is the following:
  110. *
  111. * <pre>
  112. * if (sm != null) sm.checkPermission(permission, context);
  113. * </pre>
  114. *
  115. * <p>Permissions fall into these categories: File, Socket, Net,
  116. * Security, Runtime, Property, AWT, Reflect, and Serializable.
  117. * The classes managing these various
  118. * permission categories are <code>java.io.FilePermission</code>,
  119. * <code>java.net.SocketPermission</code>,
  120. * <code>java.net.NetPermission</code>,
  121. * <code>java.security.SecurityPermission</code>,
  122. * <code>java.lang.RuntimePermission</code>,
  123. * <code>java.util.PropertyPermission</code>,
  124. * <code>java.awt.AWTPermission</code>,
  125. * <code>java.lang.reflect.ReflectPermission</code>, and
  126. * <code>java.io.SerializablePermission</code>.
  127. *
  128. * <p>All but the first two (FilePermission and SocketPermission) are
  129. * subclasses of <code>java.security.BasicPermission</code>, which itself
  130. * is an abstract subclass of the
  131. * top-level class for permissions, which is
  132. * <code>java.security.Permission</code>. BasicPermission defines the
  133. * functionality needed for all permissions that contain a name
  134. * that follows the hierarchical property naming convention
  135. * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
  136. * An asterisk
  137. * may appear at the end of the name, following a ".", or by itself, to
  138. * signify a wildcard match. For example: "a.*" or "*" is valid,
  139. * "*a" or "a*b" is not valid.
  140. *
  141. * <p>FilePermission and SocketPermission are subclasses of the
  142. * top-level class for permissions
  143. * (<code>java.security.Permission</code>). Classes like these
  144. * that have a more complicated name syntax than that used by
  145. * BasicPermission subclass directly from Permission rather than from
  146. * BasicPermission. For example,
  147. * for a <code>java.io.FilePermission</code> object, the permission name is
  148. * the path name of a file (or directory).
  149. *
  150. * <p>Some of the permission classes have an "actions" list that tells
  151. * the actions that are permitted for the object. For example,
  152. * for a <code>java.io.FilePermission</code> object, the actions list
  153. * (such as "read, write") specifies which actions are granted for the
  154. * specified file (or for files in the specified directory).
  155. *
  156. * <p>Other permission classes are for "named" permissions -
  157. * ones that contain a name but no actions list; you either have the
  158. * named permission or you don't.
  159. *
  160. * <p>Note: There is also a <code>java.security.AllPermission</code>
  161. * permission that implies all permissions. It exists to simplify the work
  162. * of system administrators who might need to perform multiple
  163. * tasks that require all (or numerous) permissions.
  164. * <p>
  165. * See <a href ="../../../technotes/guides/security/permissions.html">
  166. * Permissions in the JDK</a> for permission-related information.
  167. * This document includes, for example, a table listing the various SecurityManager
  168. * <code>check</code> methods and the permission(s) the default
  169. * implementation of each such method requires.
  170. * It also contains a table of all the version 1.2 methods
  171. * that require permissions, and for each such method tells
  172. * which permission it requires.
  173. * <p>
  174. * For more information about <code>SecurityManager</code> changes made in
  175. * the JDK and advice regarding porting of 1.1-style security managers,
  176. * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
  177. *
  178. * @author Arthur van Hoff
  179. * @author Roland Schemers
  180. *
  181. * @version %I%, %G%
  182. * @see java.lang.ClassLoader
  183. * @see java.lang.SecurityException
  184. * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
  185. * checkTopLevelWindow
  186. * @see java.lang.System#getSecurityManager() getSecurityManager
  187. * @see java.lang.System#setSecurityManager(java.lang.SecurityManager)
  188. * setSecurityManager
  189. * @see java.security.AccessController AccessController
  190. * @see java.security.AccessControlContext AccessControlContext
  191. * @see java.security.AccessControlException AccessControlException
  192. * @see java.security.Permission
  193. * @see java.security.BasicPermission
  194. * @see java.io.FilePermission
  195. * @see java.net.SocketPermission
  196. * @see java.util.PropertyPermission
  197. * @see java.lang.RuntimePermission
  198. * @see java.awt.AWTPermission
  199. * @see java.security.Policy Policy
  200. * @see java.security.SecurityPermission SecurityPermission
  201. * @see java.security.ProtectionDomain
  202. *
  203. * @since JDK1.0
  204. */
  205. public
  206. class SecurityManager {
  207. /**
  208. * This field is <code>true</code> if there is a security check in
  209. * progress; <code>false</code> otherwise.
  210. *
  211. * @deprecated This type of security checking is not recommended.
  212. * It is recommended that the <code>checkPermission</code>
  213. * call be used instead.
  214. */
  215. @Deprecated
  216. protected boolean inCheck;
  217. /*
  218. * Have we been initialized. Effective against finalizer attacks.
  219. */
  220. private boolean initialized = false;
  221. /**
  222. * returns true if the current context has been granted AllPermission
  223. */
  224. private boolean hasAllPermission()
  225. {
  226. try {
  227. checkPermission(SecurityConstants.ALL_PERMISSION);
  228. return true;
  229. } catch (SecurityException se) {
  230. return false;
  231. }
  232. }
  233. /**
  234. * Tests if there is a security check in progress.
  235. *
  236. * @return the value of the <code>inCheck</code> field. This field
  237. * should contain <code>true</code> if a security check is
  238. * in progress,
  239. * <code>false</code> otherwise.
  240. * @see java.lang.SecurityManager#inCheck
  241. * @deprecated This type of security checking is not recommended.
  242. * It is recommended that the <code>checkPermission</code>
  243. * call be used instead.
  244. */
  245. @Deprecated
  246. public boolean getInCheck() {
  247. return inCheck;
  248. }
  249. /**
  250. * Constructs a new <code>SecurityManager</code>.
  251. *
  252. * <p> If there is a security manager already installed, this method first
  253. * calls the security manager's <code>checkPermission</code> method
  254. * with the <code>RuntimePermission("createSecurityManager")</code>
  255. * permission to ensure the calling thread has permission to create a new
  256. * security manager.
  257. * This may result in throwing a <code>SecurityException</code>.
  258. *
  259. * @exception java.lang.SecurityException if a security manager already
  260. * exists and its <code>checkPermission</code> method
  261. * doesn't allow creation of a new security manager.
  262. * @see java.lang.System#getSecurityManager()
  263. * @see #checkPermission(java.security.Permission) checkPermission
  264. * @see java.lang.RuntimePermission
  265. */
  266. public SecurityManager() {
  267. synchronized(SecurityManager.class) {
  268. SecurityManager sm = System.getSecurityManager();
  269. if (sm != null) {
  270. // ask the currently installed security manager if we
  271. // can create a new one.
  272. sm.checkPermission(new RuntimePermission
  273. ("createSecurityManager"));
  274. }
  275. initialized = true;
  276. }
  277. }
  278. /**
  279. * Returns the current execution stack as an array of classes.
  280. * <p>
  281. * The length of the array is the number of methods on the execution
  282. * stack. The element at index <code>0</code> is the class of the
  283. * currently executing method, the element at index <code>1</code> is
  284. * the class of that method's caller, and so on.
  285. *
  286. * @return the execution stack.
  287. */
  288. protected native Class[] getClassContext();
  289. /**
  290. * Returns the class loader of the most recently executing method from
  291. * a class defined using a non-system class loader. A non-system
  292. * class loader is defined as being a class loader that is not equal to
  293. * the system class loader (as returned
  294. * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
  295. * <p>
  296. * This method will return
  297. * <code>null</code> in the following three cases:<p>
  298. * <ol>
  299. * <li>All methods on the execution stack are from classes
  300. * defined using the system class loader or one of its ancestors.
  301. *
  302. * <li>All methods on the execution stack up to the first
  303. * "privileged" caller
  304. * (see {@link java.security.AccessController#doPrivileged})
  305. * are from classes
  306. * defined using the system class loader or one of its ancestors.
  307. *
  308. * <li> A call to <code>checkPermission</code> with
  309. * <code>java.security.AllPermission</code> does not
  310. * result in a SecurityException.
  311. *
  312. * </ol>
  313. *
  314. * @return the class loader of the most recent occurrence on the stack
  315. * of a method from a class defined using a non-system class
  316. * loader.
  317. *
  318. * @deprecated This type of security checking is not recommended.
  319. * It is recommended that the <code>checkPermission</code>
  320. * call be used instead.
  321. *
  322. * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
  323. * @see #checkPermission(java.security.Permission) checkPermission
  324. */
  325. @Deprecated
  326. protected ClassLoader currentClassLoader()
  327. {
  328. ClassLoader cl = currentClassLoader0();
  329. if ((cl != null) && hasAllPermission())
  330. cl = null;
  331. return cl;
  332. }
  333. private native ClassLoader currentClassLoader0();
  334. /**
  335. * Returns the class of the most recently executing method from
  336. * a class defined using a non-system class loader. A non-system
  337. * class loader is defined as being a class loader that is not equal to
  338. * the system class loader (as returned
  339. * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
  340. * <p>
  341. * This method will return
  342. * <code>null</code> in the following three cases:<p>
  343. * <ol>
  344. * <li>All methods on the execution stack are from classes
  345. * defined using the system class loader or one of its ancestors.
  346. *
  347. * <li>All methods on the execution stack up to the first
  348. * "privileged" caller
  349. * (see {@link java.security.AccessController#doPrivileged})
  350. * are from classes
  351. * defined using the system class loader or one of its ancestors.
  352. *
  353. * <li> A call to <code>checkPermission</code> with
  354. * <code>java.security.AllPermission</code> does not
  355. * result in a SecurityException.
  356. *
  357. * </ol>
  358. *
  359. * @return the class of the most recent occurrence on the stack
  360. * of a method from a class defined using a non-system class
  361. * loader.
  362. *
  363. * @deprecated This type of security checking is not recommended.
  364. * It is recommended that the <code>checkPermission</code>
  365. * call be used instead.
  366. *
  367. * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
  368. * @see #checkPermission(java.security.Permission) checkPermission
  369. */
  370. @Deprecated
  371. protected Class<?> currentLoadedClass() {
  372. Class c = currentLoadedClass0();
  373. if ((c != null) && hasAllPermission())
  374. c = null;
  375. return c;
  376. }
  377. /**
  378. * Returns the stack depth of the specified class.
  379. *
  380. * @param name the fully qualified name of the class to search for.
  381. * @return the depth on the stack frame of the first occurrence of a
  382. * method from a class with the specified name;
  383. * <code>-1</code> if such a frame cannot be found.
  384. * @deprecated This type of security checking is not recommended.
  385. * It is recommended that the <code>checkPermission</code>
  386. * call be used instead.
  387. *
  388. */
  389. @Deprecated
  390. protected native int classDepth(String name);
  391. /**
  392. * Returns the stack depth of the most recently executing method
  393. * from a class defined using a non-system class loader. A non-system
  394. * class loader is defined as being a class loader that is not equal to
  395. * the system class loader (as returned
  396. * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
  397. * <p>
  398. * This method will return
  399. * -1 in the following three cases:<p>
  400. * <ol>
  401. * <li>All methods on the execution stack are from classes
  402. * defined using the system class loader or one of its ancestors.
  403. *
  404. * <li>All methods on the execution stack up to the first
  405. * "privileged" caller
  406. * (see {@link java.security.AccessController#doPrivileged})
  407. * are from classes
  408. * defined using the system class loader or one of its ancestors.
  409. *
  410. * <li> A call to <code>checkPermission</code> with
  411. * <code>java.security.AllPermission</code> does not
  412. * result in a SecurityException.
  413. *
  414. * </ol>
  415. *
  416. * @return the depth on the stack frame of the most recent occurrence of
  417. * a method from a class defined using a non-system class loader.
  418. *
  419. * @deprecated This type of security checking is not recommended.
  420. * It is recommended that the <code>checkPermission</code>
  421. * call be used instead.
  422. *
  423. * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
  424. * @see #checkPermission(java.security.Permission) checkPermission
  425. */
  426. @Deprecated
  427. protected int classLoaderDepth()
  428. {
  429. int depth = classLoaderDepth0();
  430. if (depth != -1) {
  431. if (hasAllPermission())
  432. depth = -1;
  433. else
  434. depth--; // make sure we don't include ourself
  435. }
  436. return depth;
  437. }
  438. private native int classLoaderDepth0();
  439. /**
  440. * Tests if a method from a class with the specified
  441. * name is on the execution stack.
  442. *
  443. * @param name the fully qualified name of the class.
  444. * @return <code>true</code> if a method from a class with the specified
  445. * name is on the execution stack; <code>false</code> otherwise.
  446. * @deprecated This type of security checking is not recommended.
  447. * It is recommended that the <code>checkPermission</code>
  448. * call be used instead.
  449. */
  450. @Deprecated
  451. protected boolean inClass(String name) {
  452. return classDepth(name) >= 0;
  453. }
  454. /**
  455. * Basically, tests if a method from a class defined using a
  456. * class loader is on the execution stack.
  457. *
  458. * @return <code>true</code> if a call to <code>currentClassLoader</code>
  459. * has a non-null return value.
  460. *
  461. * @deprecated This type of security checking is not recommended.
  462. * It is recommended that the <code>checkPermission</code>
  463. * call be used instead.
  464. * @see #currentClassLoader() currentClassLoader
  465. */
  466. @Deprecated
  467. protected boolean inClassLoader() {
  468. return currentClassLoader() != null;
  469. }
  470. /**
  471. * Creates an object that encapsulates the current execution
  472. * environment. The result of this method is used, for example, by the
  473. * three-argument <code>checkConnect</code> method and by the
  474. * two-argument <code>checkRead</code> method.
  475. * These methods are needed because a trusted method may be called
  476. * on to read a file or open a socket on behalf of another method.
  477. * The trusted method needs to determine if the other (possibly
  478. * untrusted) method would be allowed to perform the operation on its
  479. * own.
  480. * <p> The default implementation of this method is to return
  481. * an <code>AccessControlContext</code> object.
  482. *
  483. * @return an implementation-dependent object that encapsulates
  484. * sufficient information about the current execution environment
  485. * to perform some security checks later.
  486. * @see java.lang.SecurityManager#checkConnect(java.lang.String, int,
  487. * java.lang.Object) checkConnect
  488. * @see java.lang.SecurityManager#checkRead(java.lang.String,
  489. * java.lang.Object) checkRead
  490. * @see java.security.AccessControlContext AccessControlContext
  491. */
  492. public Object getSecurityContext() {
  493. return AccessController.getContext();
  494. }
  495. /**
  496. * Throws a <code>SecurityException</code> if the requested
  497. * access, specified by the given permission, is not permitted based
  498. * on the security policy currently in effect.
  499. * <p>
  500. * This method calls <code>AccessController.checkPermission</code>
  501. * with the given permission.
  502. *
  503. * @param perm the requested permission.
  504. * @exception SecurityException if access is not permitted based on
  505. * the current security policy.
  506. * @exception NullPointerException if the permission argument is
  507. * <code>null</code>.
  508. * @since 1.2
  509. */
  510. public void checkPermission(Permission perm) {
  511. java.security.AccessController.checkPermission(perm);
  512. }
  513. /**
  514. * Throws a <code>SecurityException</code> if the
  515. * specified security context is denied access to the resource
  516. * specified by the given permission.
  517. * The context must be a security
  518. * context returned by a previous call to
  519. * <code>getSecurityContext</code> and the access control
  520. * decision is based upon the configured security policy for
  521. * that security context.
  522. * <p>
  523. * If <code>context</code> is an instance of
  524. * <code>AccessControlContext</code> then the
  525. * <code>AccessControlContext.checkPermission</code> method is
  526. * invoked with the specified permission.
  527. * <p>
  528. * If <code>context</code> is not an instance of
  529. * <code>AccessControlContext</code> then a
  530. * <code>SecurityException</code> is thrown.
  531. *
  532. * @param perm the specified permission
  533. * @param context a system-dependent security context.
  534. * @exception SecurityException if the specified security context
  535. * is not an instance of <code>AccessControlContext</code>
  536. * (e.g., is <code>null</code>), or is denied access to the
  537. * resource specified by the given permission.
  538. * @exception NullPointerException if the permission argument is
  539. * <code>null</code>.
  540. * @see java.lang.SecurityManager#getSecurityContext()
  541. * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
  542. * @since 1.2
  543. */
  544. public void checkPermission(Permission perm, Object context) {
  545. if (context instanceof AccessControlContext) {
  546. ((AccessControlContext)context).checkPermission(perm);
  547. } else {
  548. throw new SecurityException();
  549. }
  550. }
  551. /**
  552. * Throws a <code>SecurityException</code> if the
  553. * calling thread is not allowed to create a new class loader.
  554. * <p>
  555. * This method calls <code>checkPermission</code> with the
  556. * <code>RuntimePermission("createClassLoader")</code>
  557. * permission.
  558. * <p>
  559. * If you override this method, then you should make a call to
  560. * <code>super.checkCreateClassLoader</code>
  561. * at the point the overridden method would normally throw an
  562. * exception.
  563. *
  564. * @exception SecurityException if the calling thread does not
  565. * have permission
  566. * to create a new class loader.
  567. * @see java.lang.ClassLoader#ClassLoader()
  568. * @see #checkPermission(java.security.Permission) checkPermission
  569. */
  570. public void checkCreateClassLoader() {
  571. checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
  572. }
  573. /**
  574. * reference to the root thread group, used for the checkAccess
  575. * methods.
  576. */
  577. private static ThreadGroup rootGroup = getRootGroup();
  578. private static ThreadGroup getRootGroup() {
  579. ThreadGroup root = Thread.currentThread().getThreadGroup();
  580. while (root.getParent() != null) {
  581. root = root.getParent();
  582. }
  583. return root;
  584. }
  585. /**
  586. * Throws a <code>SecurityException</code> if the
  587. * calling thread is not allowed to modify the thread argument.
  588. * <p>
  589. * This method is invoked for the current security manager by the
  590. * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
  591. * <code>setPriority</code>, <code>setName</code>, and
  592. * <code>setDaemon</code> methods of class <code>Thread</code>.
  593. * <p>
  594. * If the thread argument is a system thread (belongs to
  595. * the thread group with a <code>null</code> parent) then
  596. * this method calls <code>checkPermission</code> with the
  597. * <code>RuntimePermission("modifyThread")</code> permission.
  598. * If the thread argument is <i>not</i> a system thread,
  599. * this method just returns silently.
  600. * <p>
  601. * Applications that want a stricter policy should override this
  602. * method. If this method is overridden, the method that overrides
  603. * it should additionally check to see if the calling thread has the
  604. * <code>RuntimePermission("modifyThread")</code> permission, and
  605. * if so, return silently. This is to ensure that code granted
  606. * that permission (such as the JDK itself) is allowed to
  607. * manipulate any thread.
  608. * <p>
  609. * If this method is overridden, then
  610. * <code>super.checkAccess</code> should
  611. * be called by the first statement in the overridden method, or the
  612. * equivalent security check should be placed in the overridden method.
  613. *
  614. * @param t the thread to be checked.
  615. * @exception SecurityException if the calling thread does not have
  616. * permission to modify the thread.
  617. * @exception NullPointerException if the thread argument is
  618. * <code>null</code>.
  619. * @see java.lang.Thread#resume() resume
  620. * @see java.lang.Thread#setDaemon(boolean) setDaemon
  621. * @see java.lang.Thread#setName(java.lang.String) setName
  622. * @see java.lang.Thread#setPriority(int) setPriority
  623. * @see java.lang.Thread#stop() stop
  624. * @see java.lang.Thread#suspend() suspend
  625. * @see #checkPermission(java.security.Permission) checkPermission
  626. */
  627. public void checkAccess(Thread t) {
  628. if (t == null) {
  629. throw new NullPointerException("thread can't be null");
  630. }
  631. if (t.getThreadGroup() == rootGroup) {
  632. checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
  633. } else {
  634. // just return
  635. }
  636. }
  637. /**
  638. * Throws a <code>SecurityException</code> if the
  639. * calling thread is not allowed to modify the thread group argument.
  640. * <p>
  641. * This method is invoked for the current security manager when a
  642. * new child thread or child thread group is created, and by the
  643. * <code>setDaemon</code>, <code>setMaxPriority</code>,
  644. * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
  645. * <code>destroy</code> methods of class <code>ThreadGroup</code>.
  646. * <p>
  647. * If the thread group argument is the system thread group (
  648. * has a <code>null</code> parent) then
  649. * this method calls <code>checkPermission</code> with the
  650. * <code>RuntimePermission("modifyThreadGroup")</code> permission.
  651. * If the thread group argument is <i>not</i> the system thread group,
  652. * this method just returns silently.
  653. * <p>
  654. * Applications that want a stricter policy should override this
  655. * method. If this method is overridden, the method that overrides
  656. * it should additionally check to see if the calling thread has the
  657. * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
  658. * if so, return silently. This is to ensure that code granted
  659. * that permission (such as the JDK itself) is allowed to
  660. * manipulate any thread.
  661. * <p>
  662. * If this method is overridden, then
  663. * <code>super.checkAccess</code> should
  664. * be called by the first statement in the overridden method, or the
  665. * equivalent security check should be placed in the overridden method.
  666. *
  667. * @param g the thread group to be checked.
  668. * @exception SecurityException if the calling thread does not have
  669. * permission to modify the thread group.
  670. * @exception NullPointerException if the thread group argument is
  671. * <code>null</code>.
  672. * @see java.lang.ThreadGroup#destroy() destroy
  673. * @see java.lang.ThreadGroup#resume() resume
  674. * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon
  675. * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
  676. * @see java.lang.ThreadGroup#stop() stop
  677. * @see java.lang.ThreadGroup#suspend() suspend
  678. * @see #checkPermission(java.security.Permission) checkPermission
  679. */
  680. public void checkAccess(ThreadGroup g) {
  681. if (g == null) {
  682. throw new NullPointerException("thread group can't be null");
  683. }
  684. if (g == rootGroup) {
  685. checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
  686. } else {
  687. // just return
  688. }
  689. }
  690. /**
  691. * Throws a <code>SecurityException</code> if the
  692. * calling thread is not allowed to cause the Java Virtual Machine to
  693. * halt with the specified status code.
  694. * <p>
  695. * This method is invoked for the current security manager by the
  696. * <code>exit</code> method of class <code>Runtime</code>. A status
  697. * of <code>0</code> indicates success; other values indicate various
  698. * errors.
  699. * <p>
  700. * This method calls <code>checkPermission</code> with the
  701. * <code>RuntimePermission("exitVM."+status)</code> permission.
  702. * <p>
  703. * If you override this method, then you should make a call to
  704. * <code>super.checkExit</code>
  705. * at the point the overridden method would normally throw an
  706. * exception.
  707. *
  708. * @param status the exit status.
  709. * @exception SecurityException if the calling thread does not have
  710. * permission to halt the Java Virtual Machine with
  711. * the specified status.
  712. * @see java.lang.Runtime#exit(int) exit
  713. * @see #checkPermission(java.security.Permission) checkPermission
  714. */
  715. public void checkExit(int status) {
  716. checkPermission(new RuntimePermission("exitVM."+status));
  717. }
  718. /**
  719. * Throws a <code>SecurityException</code> if the
  720. * calling thread is not allowed to create a subprocess.
  721. * <p>
  722. * This method is invoked for the current security manager by the
  723. * <code>exec</code> methods of class <code>Runtime</code>.
  724. * <p>
  725. * This method calls <code>checkPermission</code> with the
  726. * <code>FilePermission(cmd,"execute")</code> permission
  727. * if cmd is an absolute path, otherwise it calls
  728. * <code>checkPermission</code> with
  729. * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;","execute")</code>.
  730. * <p>
  731. * If you override this method, then you should make a call to
  732. * <code>super.checkExec</code>
  733. * at the point the overridden method would normally throw an
  734. * exception.
  735. *
  736. * @param cmd the specified system command.
  737. * @exception SecurityException if the calling thread does not have
  738. * permission to create a subprocess.
  739. * @exception NullPointerException if the <code>cmd</code> argument is
  740. * <code>null</code>.
  741. * @see java.lang.Runtime#exec(java.lang.String)
  742. * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[])
  743. * @see java.lang.Runtime#exec(java.lang.String[])
  744. * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
  745. * @see #checkPermission(java.security.Permission) checkPermission
  746. */
  747. public void checkExec(String cmd) {
  748. File f = new File(cmd);
  749. if (f.isAbsolute()) {
  750. checkPermission(new FilePermission(cmd,
  751. SecurityConstants.FILE_EXECUTE_ACTION));
  752. } else {
  753. checkPermission(new FilePermission("<<ALL FILES>>",
  754. SecurityConstants.FILE_EXECUTE_ACTION));
  755. }
  756. }
  757. /**
  758. * Throws a <code>SecurityException</code> if the
  759. * calling thread is not allowed to dynamic link the library code
  760. * specified by the string argument file. The argument is either a
  761. * simple library name or a complete filename.
  762. * <p>
  763. * This method is invoked for the current security manager by
  764. * methods <code>load</code> and <code>loadLibrary</code> of class
  765. * <code>Runtime</code>.
  766. * <p>
  767. * This method calls <code>checkPermission</code> with the
  768. * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
  769. * <p>
  770. * If you override this method, then you should make a call to
  771. * <code>super.checkLink</code>
  772. * at the point the overridden method would normally throw an
  773. * exception.
  774. *
  775. * @param lib the name of the library.
  776. * @exception SecurityException if the calling thread does not have
  777. * permission to dynamically link the library.
  778. * @exception NullPointerException if the <code>lib</code> argument is
  779. * <code>null</code>.
  780. * @see java.lang.Runtime#load(java.lang.String)
  781. * @see java.lang.Runtime#loadLibrary(java.lang.String)
  782. * @see #checkPermission(java.security.Permission) checkPermission
  783. */
  784. public void checkLink(String lib) {
  785. if (lib == null) {
  786. throw new NullPointerException("library can't be null");
  787. }
  788. checkPermission(new RuntimePermission("loadLibrary."+lib));
  789. }
  790. /**
  791. * Throws a <code>SecurityException</code> if the
  792. * calling thread is not allowed to read from the specified file
  793. * descriptor.
  794. * <p>
  795. * This method calls <code>checkPermission</code> with the
  796. * <code>RuntimePermission("readFileDescriptor")</code>
  797. * permission.
  798. * <p>
  799. * If you override this method, then you should make a call to
  800. * <code>super.checkRead</code>
  801. * at the point the overridden method would normally throw an
  802. * exception.
  803. *
  804. * @param fd the system-dependent file descriptor.
  805. * @exception SecurityException if the calling thread does not have
  806. * permission to access the specified file descriptor.
  807. * @exception NullPointerException if the file descriptor argument is
  808. * <code>null</code>.
  809. * @see java.io.FileDescriptor
  810. * @see #checkPermission(java.security.Permission) checkPermission
  811. */
  812. public void checkRead(FileDescriptor fd) {
  813. if (fd == null) {
  814. throw new NullPointerException("file descriptor can't be null");
  815. }
  816. checkPermission(new RuntimePermission("readFileDescriptor"));
  817. }
  818. /**
  819. * Throws a <code>SecurityException</code> if the
  820. * calling thread is not allowed to read the file specified by the
  821. * string argument.
  822. * <p>
  823. * This method calls <code>checkPermission</code> with the
  824. * <code>FilePermission(file,"read")</code> permission.
  825. * <p>
  826. * If you override this method, then you should make a call to
  827. * <code>super.checkRead</code>
  828. * at the point the overridden method would normally throw an
  829. * exception.
  830. *
  831. * @param file the system-dependent file name.
  832. * @exception SecurityException if the calling thread does not have
  833. * permission to access the specified file.
  834. * @exception NullPointerException if the <code>file</code> argument is
  835. * <code>null</code>.
  836. * @see #checkPermission(java.security.Permission) checkPermission
  837. */
  838. public void checkRead(String file) {
  839. checkPermission(new FilePermission(file,
  840. SecurityConstants.FILE_READ_ACTION));
  841. }
  842. /**
  843. * Throws a <code>SecurityException</code> if the
  844. * specified security context is not allowed to read the file
  845. * specified by the string argument. The context must be a security
  846. * context returned by a previous call to
  847. * <code>getSecurityContext</code>.
  848. * <p> If <code>context</code> is an instance of
  849. * <code>AccessControlContext</code> then the
  850. * <code>AccessControlContext.checkPermission</code> method will
  851. * be invoked with the <code>FilePermission(file,"read")</code> permission.
  852. * <p> If <code>context</code> is not an instance of
  853. * <code>AccessControlContext</code> then a
  854. * <code>SecurityException</code> is thrown.
  855. * <p>
  856. * If you override this method, then you should make a call to
  857. * <code>super.checkRead</code>
  858. * at the point the overridden method would normally throw an
  859. * exception.
  860. *
  861. * @param file the system-dependent filename.
  862. * @param context a system-dependent security context.
  863. * @exception SecurityException if the specified security context
  864. * is not an instance of <code>AccessControlContext</code>
  865. * (e.g., is <code>null</code>), or does not have permission
  866. * to read the specified file.
  867. * @exception NullPointerException if the <code>file</code> argument is
  868. * <code>null</code>.
  869. * @see java.lang.SecurityManager#getSecurityContext()
  870. * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
  871. */
  872. public void checkRead(String file, Object context) {
  873. checkPermission(
  874. new FilePermission(file, SecurityConstants.FILE_READ_ACTION),
  875. context);
  876. }
  877. /**
  878. * Throws a <code>SecurityException</code> if the
  879. * calling thread is not allowed to write to the specified file
  880. * descriptor.
  881. * <p>
  882. * This method calls <code>checkPermission</code> with the
  883. * <code>RuntimePermission("writeFileDescriptor")</code>
  884. * permission.
  885. * <p>
  886. * If you override this method, then you should make a call to
  887. * <code>super.checkWrite</code>
  888. * at the point the overridden method would normally throw an
  889. * exception.
  890. *
  891. * @param fd the system-dependent file descriptor.
  892. * @exception SecurityException if the calling thread does not have
  893. * permission to access the specified file descriptor.
  894. * @exception NullPointerException if the file descriptor argument is
  895. * <code>null</code>.
  896. * @see java.io.FileDescriptor
  897. * @see #checkPermission(java.security.Permission) checkPermission
  898. */
  899. public void checkWrite(FileDescriptor fd) {
  900. if (fd == null) {
  901. throw new NullPointerException("file descriptor can't be null");
  902. }
  903. checkPermission(new RuntimePermission("writeFileDescriptor"));
  904. }
  905. /**
  906. * Throws a <code>SecurityException</code> if the
  907. * calling thread is not allowed to write to the file specified by
  908. * the string argument.
  909. * <p>
  910. * This method calls <code>checkPermission</code> with the
  911. * <code>FilePermission(file,"write")</code> permission.
  912. * <p>
  913. * If you override this method, then you should make a call to
  914. * <code>super.checkWrite</code>
  915. * at the point the overridden method would normally throw an
  916. * exception.
  917. *
  918. * @param file the system-dependent filename.
  919. * @exception SecurityException if the calling thread does not
  920. * have permission to access the specified file.
  921. * @exception NullPointerException if the <code>file</code> argument is
  922. * <code>null</code>.
  923. * @see #checkPermission(java.security.Permission) checkPermission
  924. */
  925. public void checkWrite(String file) {
  926. checkPermission(new FilePermission(file,
  927. SecurityConstants.FILE_WRITE_ACTION));
  928. }
  929. /**
  930. * Throws a <code>SecurityException</code> if the
  931. * calling thread is not allowed to delete the specified file.
  932. * <p>
  933. * This method is invoked for the current security manager by the
  934. * <code>delete</code> method of class <code>File</code>.
  935. * <p>
  936. * This method calls <code>checkPermission</code> with the
  937. * <code>FilePermission(file,"delete")</code> permission.
  938. * <p>
  939. * If you override this method, then you should make a call to
  940. * <code>super.checkDelete</code>
  941. * at the point the overridden method would normally throw an
  942. * exception.
  943. *
  944. * @param file the system-dependent filename.
  945. * @exception SecurityException if the calling thread does not
  946. * have permission to delete the file.
  947. * @exception NullPointerException if the <code>file</code> argument is
  948. * <code>null</code>.
  949. * @see java.io.File#delete()
  950. * @see #checkPermission(java.security.Permission) checkPermission
  951. */
  952. public void checkDelete(String file) {
  953. checkPermission(new FilePermission(file,
  954. SecurityConstants.FILE_DELETE_ACTION));
  955. }
  956. /**
  957. * Throws a <code>SecurityException</code> if the
  958. * calling thread is not allowed to open a socket connection to the
  959. * specified host and port number.
  960. * <p>
  961. * A port number of <code>-1</code> indicates that the calling
  962. * method is attempting to determine the IP address of the specified
  963. * host name.
  964. * <p>
  965. * This method calls <code>checkPermission</code> with the
  966. * <code>SocketPermission(host+":"+port,"connect")</code> permission if
  967. * the port is not equal to -1. If the port is equal to -1, then
  968. * it calls <code>checkPermission</code> with the
  969. * <code>SocketPermission(host,"resolve")</code> permission.
  970. * <p>
  971. * If you override this method, then you should make a call to
  972. * <code>super.checkConnect</code>
  973. * at the point the overridden method would normally throw an
  974. * exception.
  975. *
  976. * @param host the host name port to connect to.
  977. * @param port the protocol port to connect to.
  978. * @exception SecurityException if the calling thread does not have
  979. * permission to open a socket connection to the specified
  980. * <code>host</code> and <code>port</code>.
  981. * @exception NullPointerException if the <code>host</code> argument is
  982. * <code>null</code>.
  983. * @see #checkPermission(java.security.Permission) checkPermission
  984. */
  985. public void checkConnect(String host, int port) {
  986. if (host == null) {
  987. throw new NullPointerException("host can't be null");
  988. }
  989. if (!host.startsWith("[") && host.indexOf(':') != -1) {
  990. host = "[" + host + "]";
  991. }
  992. if (port == -1) {
  993. checkPermission(new SocketPermission(host,
  994. SecurityConstants.SOCKET_RESOLVE_ACTION));
  995. } else {
  996. checkPermission(new SocketPermission(host+":"+port,
  997. SecurityConstants.SOCKET_CONNECT_ACTION));
  998. }
  999. }
  1000. /**
  1001. * Throws a <code>SecurityException</code> if the
  1002. * specified security context is not allowed to open a socket
  1003. * connection to the specified host and port number.
  1004. * <p>
  1005. * A port number of <code>-1</code> indicates that the calling
  1006. * method is attempting to determine the IP address of the specified
  1007. * host name.
  1008. * <p> If <code>context</code> is not an instance of
  1009. * <code>AccessControlContext</code> then a
  1010. * <code>SecurityException</code> is thrown.
  1011. * <p>
  1012. * Otherwise, the port number is checked. If it is not equal
  1013. * to -1, the <code>context</code>'s <code>checkPermission</code>
  1014. * method is called with a
  1015. * <code>SocketPermission(host+":"+port,"connect")</code> permission.
  1016. * If the port is equal to -1, then
  1017. * the <code>context</code>'s <code>checkPermission</code> method
  1018. * is called with a
  1019. * <code>SocketPermission(host,"resolve")</code> permission.
  1020. * <p>
  1021. * If you override this method, then you should make a call to
  1022. * <code>super.checkConnect</code>
  1023. * at the point the overridden method would normally throw an
  1024. * exception.
  1025. *
  1026. * @param host the host name port to connect to.
  1027. * @param port the protocol port to connect to.
  1028. * @param context a system-dependent security context.
  1029. * @exception SecurityException if the specified security context
  1030. * is not an instance of <code>AccessControlContext</code>
  1031. * (e.g., is <code>null</code>), or does not have permission
  1032. * to open a socket connection to the specified
  1033. * <code>host</code> and <code>port</code>.
  1034. * @exception NullPointerException if the <code>host</code> argument is
  1035. * <code>null</code>.
  1036. * @see java.lang.SecurityManager#getSecurityContext()
  1037. * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
  1038. */
  1039. public void checkConnect(String host, int port, Object context) {
  1040. if (host == null) {
  1041. throw new NullPointerException("host can't be null");
  1042. }
  1043. if (!host.startsWith("[") && host.indexOf(':') != -1) {
  1044. host = "[" + host + "]";
  1045. }
  1046. if (port == -1)
  1047. checkPermission(new SocketPermission(host,
  1048. SecurityConstants.SOCKET_RESOLVE_ACTION),
  1049. context);
  1050. else
  1051. checkPermission(new SocketPermission(host+":"+port,
  1052. SecurityConstants.SOCKET_CONNECT_ACTION),
  1053. context);
  1054. }
  1055. /**
  1056. * Throws a <code>SecurityException</code> if the
  1057. * calling thread is not allowed to wait for a connection request on
  1058. * the specified local port number.
  1059. * <p>
  1060. * If port is not 0, this method calls
  1061. * <code>checkPermission</code> with the
  1062. * <code>SocketPermission("localhost:"+port,"listen")</code>.
  1063. * If port is zero, this method calls <code>checkPermission</code>
  1064. * with <code>SocketPermission("localhost:1024-","listen").</code>
  1065. * <p>
  1066. * If you override this method, then you should make a call to
  1067. * <code>super.checkListen</code>
  1068. * at the point the overridden method would normally throw an
  1069. * exception.
  1070. *
  1071. * @param port the local port.
  1072. * @exception SecurityException if the calling thread does not have
  1073. * permission to listen on the specified port.
  1074. * @see #checkPermission(java.security.Permission) checkPermission
  1075. */
  1076. public void checkListen(int port) {
  1077. if (port == 0) {
  1078. checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
  1079. } else {
  1080. checkPermission(new SocketPermission("localhost:"+port,
  1081. SecurityConstants.SOCKET_LISTEN_ACTION));
  1082. }
  1083. }
  1084. /**
  1085. * Throws a <code>SecurityException</code> if the
  1086. * calling thread is not permitted to accept a socket connection from
  1087. * the specified host and port number.
  1088. * <p>
  1089. * This method is invoked for the current security manager by the
  1090. * <code>accept</code> method of class <code>ServerSocket</code>.
  1091. * <p>
  1092. * This method calls <code>checkPermission</code> with the
  1093. * <code>SocketPermission(host+":"+port,"accept")</code> permission.
  1094. * <p>
  1095. * If you override this method, then you should make a call to
  1096. * <code>super.checkAccept</code>
  1097. * at the point the overridden method would normally throw an
  1098. * exception.
  1099. *
  1100. * @param host the host name of the socket connection.
  1101. * @param port the port number of the socket connection.
  1102. * @exception SecurityException if the calling thread does not have
  1103. * permission to accept the connection.
  1104. * @exception NullPointerException if the <code>host</code> argument is
  1105. * <code>null</code>.
  1106. * @see java.net.ServerSocket#accept()
  1107. * @see #checkPermission(java.security.Permission) checkPermission
  1108. */
  1109. public void checkAccept(String host, int port) {
  1110. if (host == null) {
  1111. throw new NullPointerException("host can't be null");
  1112. }
  1113. if (!host.startsWith("[") && host.indexOf(':') != -1) {
  1114. host = "[" + host + "]";
  1115. }
  1116. checkPermission(new SocketPermission(host+":"+port,
  1117. SecurityConstants.SOCKET_ACCEPT_ACTION));
  1118. }
  1119. /**
  1120. * Throws a <code>SecurityException</code> if the
  1121. * calling thread is not allowed to use
  1122. * (join/leave/send/receive) IP multicast.
  1123. * <p>
  1124. * This method calls <code>checkPermission</code> with the
  1125. * <code>java.net.SocketPermission(maddr.getHostAddress(),
  1126. * "accept,connect")</code> permission.
  1127. * <p>
  1128. * If you override this method, then you should make a call to
  1129. * <code>super.checkMulticast</code>
  1130. * at the point the overridden method would normally throw an
  1131. * exception.
  1132. *
  1133. * @param maddr Internet group address to be used.
  1134. * @exception SecurityException if the calling thread is not allowed to
  1135. * use (join/leave/send/receive) IP multicast.
  1136. * @exception NullPointerException if the address argument is
  1137. * <code>null</code>.
  1138. * @since JDK1.1
  1139. * @see #checkPermission(java.security.Permission) checkPermission
  1140. */
  1141. public void checkMulticast(InetAddress maddr) {
  1142. String host = maddr.getHostAddress();
  1143. if (!host.startsWith("[") && host.indexOf(':') != -1) {
  1144. host = "[" + host + "]";
  1145. }
  1146. checkPermission(new SocketPermission(host,
  1147. SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
  1148. }
  1149. /**
  1150. * Throws a <code>SecurityException</code> if the
  1151. * calling thread is not allowed to use
  1152. * (join/leave/send/receive) IP multicast.
  1153. * <p>
  1154. * This method calls <code>checkPermission</code> with the
  1155. * <code>java.net.SocketPermission(maddr.getHostAddress(),
  1156. * "accept,connect")</code> permission.
  1157. * <p>
  1158. * If you override this method, then you should make a call to
  1159. * <code>super.checkMulticast</code>
  1160. * a