243 if (inThreadGroupCheck) { 244 // if we are in a recursive check, it is because 245 // inThreadGroup is calling appletLoader.getThreadGroup 246 // in that case, only do the super check, as appletLoader 247 // has a begin/endPrivileged 248 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 249 } else { 250 try { 251 inThreadGroupCheck = true; 252 if (!inThreadGroup(g)) { 253 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 254 } 255 } finally { 256 inThreadGroupCheck = false; 257 } 258 } 259 } 260 261 262 /** 263 * Throws a <code>SecurityException</code> if the 264 * calling thread is not allowed to access the package specified by 265 * the argument. 266 * <p> 267 * This method is used by the <code>loadClass</code> method of class 268 * loaders. 269 * <p> 270 * The <code>checkPackageAccess</code> method for class 271 * <code>SecurityManager</code> calls 272 * <code>checkPermission</code> with the 273 * <code>RuntimePermission("accessClassInPackage."+ pkgname)</code> 274 * permission. 275 * 276 * @param pkgname the package name. 277 * @exception SecurityException if the caller does not have 278 * permission to access the specified package. 279 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 280 */ 281 public void checkPackageAccess(final String pkgname) { 282 283 // first see if the VM-wide policy allows access to this package 284 super.checkPackageAccess(pkgname); 285 286 // now check the list of restricted packages 287 for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();) 288 { 289 String pkg = iter.next(); 290 291 // Prevent matching "sun" and "sunir" even if they 292 // starts with similar beginning characters 293 // 294 if (pkgname.equals(pkg) || pkgname.startsWith(pkg + ".")) 295 { 296 checkPermission(new java.lang.RuntimePermission 297 ("accessClassInPackage." + pkgname)); 298 } 299 } 300 } 301 302 /** 303 * Tests if a client can get access to the AWT event queue. 304 * <p> 305 * This method calls <code>checkPermission</code> with the 306 * <code>AWTPermission("accessEventQueue")</code> permission. 307 * 308 * @since 1.1 309 * @exception SecurityException if the caller does not have 310 * permission to access the AWT event queue. 311 */ 312 @SuppressWarnings("deprecation") 313 public void checkAwtEventQueueAccess() { 314 AppContext appContext = AppContext.getAppContext(); 315 AppletClassLoader appletClassLoader = currentAppletClassLoader(); 316 317 if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) { 318 // If we're about to allow access to the main EventQueue, 319 // and anything untrusted is on the class context stack, 320 // disallow access. 321 super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION); 322 } 323 } // checkAwtEventQueueAccess() 324 325 /** 326 * Returns the thread group of the applet. We consult the classloader | 243 if (inThreadGroupCheck) { 244 // if we are in a recursive check, it is because 245 // inThreadGroup is calling appletLoader.getThreadGroup 246 // in that case, only do the super check, as appletLoader 247 // has a begin/endPrivileged 248 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 249 } else { 250 try { 251 inThreadGroupCheck = true; 252 if (!inThreadGroup(g)) { 253 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 254 } 255 } finally { 256 inThreadGroupCheck = false; 257 } 258 } 259 } 260 261 262 /** 263 * Throws a {@code SecurityException} if the 264 * calling thread is not allowed to access the package specified by 265 * the argument. 266 * <p> 267 * This method is used by the {@code loadClass} method of class 268 * loaders. 269 * <p> 270 * The {@code checkPackageAccess} method for class 271 * {@code SecurityManager} calls 272 * {@code checkPermission} with the 273 * {@code RuntimePermission("accessClassInPackage."+ pkgname)} 274 * permission. 275 * 276 * @param pkgname the package name. 277 * @exception SecurityException if the caller does not have 278 * permission to access the specified package. 279 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 280 */ 281 public void checkPackageAccess(final String pkgname) { 282 283 // first see if the VM-wide policy allows access to this package 284 super.checkPackageAccess(pkgname); 285 286 // now check the list of restricted packages 287 for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();) 288 { 289 String pkg = iter.next(); 290 291 // Prevent matching "sun" and "sunir" even if they 292 // starts with similar beginning characters 293 // 294 if (pkgname.equals(pkg) || pkgname.startsWith(pkg + ".")) 295 { 296 checkPermission(new java.lang.RuntimePermission 297 ("accessClassInPackage." + pkgname)); 298 } 299 } 300 } 301 302 /** 303 * Tests if a client can get access to the AWT event queue. 304 * <p> 305 * This method calls {@code checkPermission} with the 306 * {@code AWTPermission("accessEventQueue")} permission. 307 * 308 * @since 1.1 309 * @exception SecurityException if the caller does not have 310 * permission to access the AWT event queue. 311 */ 312 @SuppressWarnings("deprecation") 313 public void checkAwtEventQueueAccess() { 314 AppContext appContext = AppContext.getAppContext(); 315 AppletClassLoader appletClassLoader = currentAppletClassLoader(); 316 317 if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) { 318 // If we're about to allow access to the main EventQueue, 319 // and anything untrusted is on the class context stack, 320 // disallow access. 321 super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION); 322 } 323 } // checkAwtEventQueueAccess() 324 325 /** 326 * Returns the thread group of the applet. We consult the classloader |