1 /*
2 * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26 package sun.security.util;
27
28 import java.net.SocketPermission;
29 import java.net.NetPermission;
30 import java.security.AccessController;
31 import java.security.PrivilegedAction;
32 import java.security.Permission;
33 import java.security.BasicPermission;
34 import java.security.SecurityPermission;
35 import java.security.AllPermission;
36 import javax.security.auth.AuthPermission;
37
38 /**
39 * Permission constants and string constants used to create permissions
40 * used throughout the JDK.
41 */
42 public final class SecurityConstants {
43 // Cannot create one of these
44 private SecurityConstants () {
45 }
46
47 // Commonly used string constants for permission actions used by
48 // SecurityManager. Declare here for shortcut when checking permissions
49 // in FilePermission, SocketPermission, and PropertyPermission.
50
51 public static final String FILE_DELETE_ACTION = "delete";
52 public static final String FILE_EXECUTE_ACTION = "execute";
53 public static final String FILE_READ_ACTION = "read";
54 public static final String FILE_WRITE_ACTION = "write";
55 public static final String FILE_READLINK_ACTION = "readlink";
56
57 public static final String SOCKET_RESOLVE_ACTION = "resolve";
58 public static final String SOCKET_CONNECT_ACTION = "connect";
59 public static final String SOCKET_LISTEN_ACTION = "listen";
60 public static final String SOCKET_ACCEPT_ACTION = "accept";
61 public static final String SOCKET_CONNECT_ACCEPT_ACTION = "connect,accept";
62
63 public static final String PROPERTY_RW_ACTION = "read,write";
64 public static final String PROPERTY_READ_ACTION = "read";
65 public static final String PROPERTY_WRITE_ACTION = "write";
66
67 // Permission constants used in the various checkPermission() calls in JDK.
68
69 // java.lang.Class, java.lang.SecurityManager, java.lang.System,
70 // java.net.URLConnection, java.security.AllPermission, java.security.Policy,
71 // sun.security.provider.PolicyFile
72 public static final AllPermission ALL_PERMISSION = new AllPermission();
73
74 /**
75 * Permission type used when AWT is not present.
76 */
77 private static class FakeAWTPermission extends BasicPermission {
78 private static final long serialVersionUID = -1L;
79 public FakeAWTPermission(String name) {
80 super(name);
81 }
82 public String toString() {
83 return "(\"java.awt.AWTPermission\" \"" + getName() + "\")";
84 }
85 }
86
87 /**
88 * Permission factory used when AWT is not present.
89 */
90 private static class FakeAWTPermissionFactory
91 implements PermissionFactory<FakeAWTPermission>
92 {
93 @Override
94 public FakeAWTPermission newPermission(String name) {
95 return new FakeAWTPermission(name);
96 }
97 }
98
99 /**
100 * AWT Permissions used in the JDK.
101 */
102 public static class AWT {
103 private AWT() { }
104
105 /**
106 * The class name of the factory to create java.awt.AWTPermission objects.
107 */
108 private static final String AWTFactory = "sun.awt.AWTPermissionFactory";
109
110 /**
111 * The PermissionFactory to create AWT permissions (or fake permissions
112 * if AWT is not present).
113 */
114 private static final PermissionFactory<?> factory = permissionFactory();
115
116 private static PermissionFactory<?> permissionFactory() {
117 Class<?> c = AccessController
118 .doPrivileged(new PrivilegedAction<Class<?>>() {
119 public Class<?> run() {
120 try {
121 return Class.forName(AWTFactory, true, null);
122 } catch (ClassNotFoundException e) {
123 // not available
124 return null;
125 }
126 }});
127 if (c != null) {
128 // AWT present
129 try {
130 return (PermissionFactory<?>)c.newInstance();
131 } catch (InstantiationException x) {
132 throw new InternalError(x.getMessage());
133 } catch (IllegalAccessException x) {
134 throw new InternalError(x.getMessage());
135 }
136 } else {
137 // AWT not present
138 return new FakeAWTPermissionFactory();
139 }
140 }
141
142 private static Permission newAWTPermission(String name) {
143 return factory.newPermission(name);
144 }
145
146 // java.lang.SecurityManager
147 public static final Permission TOPLEVEL_WINDOW_PERMISSION =
148 newAWTPermission("showWindowWithoutWarningBanner");
149 // java.lang.SecurityManager
150 public static final Permission ACCESS_CLIPBOARD_PERMISSION =
151 newAWTPermission("accessClipboard");
152
153 // java.lang.SecurityManager
154 public static final Permission CHECK_AWT_EVENTQUEUE_PERMISSION =
155 newAWTPermission("accessEventQueue");
156
157 // java.awt.Dialog
158 public static final Permission TOOLKIT_MODALITY_PERMISSION =
159 newAWTPermission("toolkitModality");
160
161 // java.awt.Robot
162 public static final Permission READ_DISPLAY_PIXELS_PERMISSION =
163 newAWTPermission("readDisplayPixels");
164
165 // java.awt.Robot
166 public static final Permission CREATE_ROBOT_PERMISSION =
167 newAWTPermission("createRobot");
168
169 // java.awt.MouseInfo
170 public static final Permission WATCH_MOUSE_PERMISSION =
171 newAWTPermission("watchMousePointer");
172
173 // java.awt.Window
174 public static final Permission SET_WINDOW_ALWAYS_ON_TOP_PERMISSION =
175 newAWTPermission("setWindowAlwaysOnTop");
176
177 // java.awt.Toolkit
178 public static final Permission ALL_AWT_EVENTS_PERMISSION =
179 newAWTPermission("listenToAllAWTEvents");
180
181 // java.awt.SystemTray
182 public static final Permission ACCESS_SYSTEM_TRAY_PERMISSION =
183 newAWTPermission("accessSystemTray");
184 }
185
186 // java.net.URL
187 public static final NetPermission SPECIFY_HANDLER_PERMISSION =
188 new NetPermission("specifyStreamHandler");
189
190 // java.net.ProxySelector
191 public static final NetPermission SET_PROXYSELECTOR_PERMISSION =
192 new NetPermission("setProxySelector");
193
194 // java.net.ProxySelector
195 public static final NetPermission GET_PROXYSELECTOR_PERMISSION =
196 new NetPermission("getProxySelector");
197
198 // java.net.CookieHandler
199 public static final NetPermission SET_COOKIEHANDLER_PERMISSION =
200 new NetPermission("setCookieHandler");
201
202 // java.net.CookieHandler
203 public static final NetPermission GET_COOKIEHANDLER_PERMISSION =
204 new NetPermission("getCookieHandler");
205
206 // java.net.ResponseCache
207 public static final NetPermission SET_RESPONSECACHE_PERMISSION =
208 new NetPermission("setResponseCache");
209
210 // java.net.ResponseCache
211 public static final NetPermission GET_RESPONSECACHE_PERMISSION =
212 new NetPermission("getResponseCache");
213
214 // java.lang.SecurityManager, sun.applet.AppletPanel, sun.misc.Launcher
215 public static final RuntimePermission CREATE_CLASSLOADER_PERMISSION =
216 new RuntimePermission("createClassLoader");
217
218 // java.lang.SecurityManager
219 public static final RuntimePermission CHECK_MEMBER_ACCESS_PERMISSION =
220 new RuntimePermission("accessDeclaredMembers");
221
222 // java.lang.SecurityManager, sun.applet.AppletSecurity
223 public static final RuntimePermission MODIFY_THREAD_PERMISSION =
224 new RuntimePermission("modifyThread");
225
226 // java.lang.SecurityManager, sun.applet.AppletSecurity
227 public static final RuntimePermission MODIFY_THREADGROUP_PERMISSION =
228 new RuntimePermission("modifyThreadGroup");
229
230 // java.lang.Class
231 public static final RuntimePermission GET_PD_PERMISSION =
232 new RuntimePermission("getProtectionDomain");
233
234 // java.lang.Class, java.lang.ClassLoader, java.lang.Thread
235 public static final RuntimePermission GET_CLASSLOADER_PERMISSION =
236 new RuntimePermission("getClassLoader");
237
238 // java.lang.Thread
239 public static final RuntimePermission STOP_THREAD_PERMISSION =
240 new RuntimePermission("stopThread");
241
242 // java.lang.Thread
243 public static final RuntimePermission GET_STACK_TRACE_PERMISSION =
244 new RuntimePermission("getStackTrace");
245
246 // java.security.AccessControlContext
247 public static final SecurityPermission CREATE_ACC_PERMISSION =
248 new SecurityPermission("createAccessControlContext");
249
250 // java.security.AccessControlContext
251 public static final SecurityPermission GET_COMBINER_PERMISSION =
252 new SecurityPermission("getDomainCombiner");
253
254 // java.security.Policy, java.security.ProtectionDomain
255 public static final SecurityPermission GET_POLICY_PERMISSION =
256 new SecurityPermission ("getPolicy");
257
258 // java.lang.SecurityManager
259 public static final SocketPermission LOCAL_LISTEN_PERMISSION =
260 new SocketPermission("localhost:1024-", SOCKET_LISTEN_ACTION);
261
262 // javax.security.auth.Subject
263 public static final AuthPermission DO_AS_PERMISSION =
264 new AuthPermission("doAs");
265
266 // javax.security.auth.Subject
267 public static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
268 new AuthPermission("doAsPrivileged");
269 }