1 /* 2 * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.rmi.rmid; 27 28 import java.security.*; 29 import java.io.*; 30 import java.util.*; 31 32 /** 33 * The ExecPermission class represents permission for rmid to execute 34 * a specific command to launch an activation group. An ExecPermission 35 * consists of a pathname of a command to launch an activation group. 36 * <P> 37 * Pathname is the pathname of the file or directory to grant rmid 38 * execute permission. A pathname that ends in "/*" (where "/" is 39 * the file separator character, <code>File.separatorChar</code>) indicates 40 * all the files and directories contained in that directory. A pathname 41 * that ends with "/-" indicates (recursively) all files 42 * and subdirectories contained in that directory. A pathname consisting of 43 * the special token "{@code <<ALL FILES>>}" matches <b>any</b> file. 44 * <P> 45 * Note: A pathname consisting of a single "*" indicates all the files 46 * in the current directory, while a pathname consisting of a single "-" 47 * indicates all the files in the current directory and 48 * (recursively) all files and subdirectories contained in the current 49 * directory. 50 * 51 * 52 * @author Ann Wollrath 53 * 54 * @serial exclude 55 */ 56 public final class ExecPermission extends Permission 57 { 58 /** 59 * UID for serialization 60 */ 61 private static final long serialVersionUID = -6208470287358147919L; 62 63 private transient FilePermission fp; 64 65 /** 66 * Creates a new ExecPermission object with the specified path. 67 * <i>path</i> is the pathname of a file or directory. 68 * 69 * <p>A pathname that ends in "/*" (where "/" is 70 * the file separator character, <code>File.separatorChar</code>) indicates 71 * a directory and all the files contained in that directory. A pathname 72 * that ends with "/-" indicates a directory and (recursively) all files 73 * and subdirectories contained in that directory. The special pathname 74 * "{@code <<ALL FILES>>}" matches all files. 75 * 76 * <p>A pathname consisting of a single "*" indicates all the files 77 * in the current directory, while a pathname consisting of a single "-" 78 * indicates all the files in the current directory and 79 * (recursively) all files and subdirectories contained in the current 80 * directory. 81 * 82 * @param path the pathname of the file/directory. 83 */ 84 public ExecPermission(String path) { 85 super(path); 86 init(path); 87 } 88 89 /** 90 * Creates a new ExecPermission object with the specified path. 91 * <i>path</i> is the pathname of a file or directory. 92 * 93 * <p>A pathname that ends in "/*" (where "/" is 94 * the file separator character, <code>File.separatorChar</code>) indicates 95 * a directory and all the files contained in that directory. A pathname 96 * that ends with "/-" indicates a directory and (recursively) all files 97 * and subdirectories contained in that directory. The special pathname 98 * "{@code <<ALL FILES>>}" matches all files. 99 * 100 * <p>A pathname consisting of a single "*" indicates all the files 101 * in the current directory, while a pathname consisting of a single "-" 102 * indicates all the files in the current directory and 103 * (recursively) all files and subdirectories contained in the current 104 * directory. 105 * 106 * @param path the pathname of the file/directory. 107 * @param actions the action string (unused) 108 */ 109 public ExecPermission(String path, String actions) { 110 this(path); 111 } 112 113 /** 114 * Checks if this ExecPermission object "implies" the specified permission. 115 * <P> 116 * More specifically, this method returns true if: 117 * <ul> 118 * <li> <i>p</i> is an instanceof ExecPermission, and 119 * <li> <i>p</i>'s pathname is implied by this object's 120 * pathname. For example, "/tmp/*" implies "/tmp/foo", since 121 * "/tmp/*" encompasses the "/tmp" directory and all files in that 122 * directory, including the one named "foo". 123 * </ul> 124 * @param p the permission to check against. 125 * 126 * @return true if the specified permission is implied by this object, 127 * false if not. 128 */ 129 public boolean implies(Permission p) { 130 if (!(p instanceof ExecPermission)) 131 return false; 132 133 ExecPermission that = (ExecPermission) p; 134 135 return fp.implies(that.fp); 136 } 137 138 /** 139 * Checks two ExecPermission objects for equality. 140 * Checks that <i>obj</i>'s class is the same as this object's class 141 * and has the same name as this object. 142 * 143 * @param obj the object we are testing for equality with this object. 144 * @return true if <i>obj</i> is an ExecPermission, and has the same 145 * pathname as this ExecPermission object, false otherwise. 146 */ 147 public boolean equals(Object obj) { 148 if (obj == this) 149 return true; 150 151 if (! (obj instanceof ExecPermission)) 152 return false; 153 154 ExecPermission that = (ExecPermission) obj; 155 156 return fp.equals(that.fp); 157 } 158 159 /** 160 * Returns the hash code value for this object. 161 * 162 * @return a hash code value for this object. 163 */ 164 public int hashCode() { 165 return this.fp.hashCode(); 166 } 167 168 /** 169 * Returns the canonical string representation of the actions. 170 * 171 * @return the canonical string representation of the actions. 172 */ 173 public String getActions() { 174 return ""; 175 } 176 177 /** 178 * Returns a new PermissionCollection object for storing 179 * ExecPermission objects. 180 * <p> 181 * A ExecPermissionCollection stores a collection of 182 * ExecPermission permissions. 183 * 184 * <p>ExecPermission objects must be stored in a manner that allows 185 * them to be inserted in any order, but that also enables the 186 * PermissionCollection <code>implies</code> method 187 * to be implemented in an efficient (and consistent) manner. 188 * 189 * @return a new PermissionCollection object suitable for 190 * storing ExecPermissions. 191 */ 192 public PermissionCollection newPermissionCollection() { 193 return new ExecPermissionCollection(); 194 } 195 196 /** 197 * readObject is called to restore the state of the ExecPermission 198 * from a stream. 199 */ 200 private synchronized void readObject(java.io.ObjectInputStream s) 201 throws IOException, ClassNotFoundException 202 { 203 s.defaultReadObject(); 204 // init is called to initialize the rest of the values. 205 init(getName()); 206 } 207 208 /** 209 * Initialize a ExecPermission object. Common to all constructors. 210 * Also called during de-serialization. 211 */ 212 private void init(String path) { 213 this.fp = new FilePermission(path, "execute"); 214 } 215 216 /** 217 * A ExecPermissionCollection stores a collection 218 * of ExecPermission permissions. ExecPermission objects 219 * must be stored in a manner that allows them to be inserted in any 220 * order, but enable the implies function to evaluate the implies 221 * method in an efficient (and consistent) manner. 222 * 223 * @serial include 224 */ 225 private static class ExecPermissionCollection 226 extends PermissionCollection 227 implements java.io.Serializable 228 { 229 private Vector<Permission> permissions; 230 231 private static final long serialVersionUID = -3352558508888368273L; 232 233 /** 234 * Create an empty ExecPermissionCollection. 235 */ 236 public ExecPermissionCollection() { 237 permissions = new Vector<>(); 238 } 239 240 /** 241 * Adds a permission to the collection. 242 * 243 * @param permission the Permission object to add. 244 * 245 * @exception IllegalArgumentException - if the permission is not a 246 * ExecPermission 247 * 248 * @exception SecurityException - if this ExecPermissionCollection 249 * object has been marked readonly 250 */ 251 public void add(Permission permission) 252 { 253 if (! (permission instanceof ExecPermission)) 254 throw new IllegalArgumentException("invalid permission: "+ 255 permission); 256 if (isReadOnly()) 257 throw new SecurityException("attempt to add a Permission to a readonly PermissionCollection"); 258 259 permissions.addElement(permission); 260 } 261 262 /** 263 * Check and see if this set of permissions implies the permissions 264 * expressed in "permission". 265 * 266 * @param p the Permission object to compare 267 * 268 * @return true if "permission" is a proper subset of a permission in 269 * the set, false if not. 270 */ 271 public boolean implies(Permission permission) 272 { 273 if (! (permission instanceof ExecPermission)) 274 return false; 275 276 Enumeration<Permission> e = permissions.elements(); 277 278 while (e.hasMoreElements()) { 279 ExecPermission x = (ExecPermission)e.nextElement(); 280 if (x.implies(permission)) { 281 return true; 282 } 283 } 284 return false; 285 } 286 287 /** 288 * Returns an enumeration of all the ExecPermission objects in the 289 * container. 290 * 291 * @return an enumeration of all the ExecPermission objects. 292 */ 293 public Enumeration<Permission> elements() 294 { 295 return permissions.elements(); 296 } 297 } 298 }