63 static {
64 try {
65 facc = URLClassLoader.class.getDeclaredField("acc");
66 facc.setAccessible(true);
67 fcontext = AccessControlContext.class.getDeclaredField("context");
68 fcontext.setAccessible(true);
69 } catch (NoSuchFieldException e) {
70 throw new UnsupportedOperationException(e);
71 }
72 }
73
74
75 /**
76 * Construct and initialize.
77 */
78 public AppletSecurity() {
79 reset();
80 }
81
82 // Cache to store known restricted packages
83 private HashSet restrictedPackages = new HashSet();
84
85 /**
86 * Reset from Properties
87 */
88 public void reset()
89 {
90 // Clear cache
91 restrictedPackages.clear();
92
93 AccessController.doPrivileged(new PrivilegedAction() {
94 public Object run()
95 {
96 // Enumerate system properties
97 Enumeration e = System.getProperties().propertyNames();
98
99 while (e.hasMoreElements())
100 {
101 String name = (String) e.nextElement();
102
103 if (name != null && name.startsWith("package.restrict.access."))
104 {
105 String value = System.getProperty(name);
106
107 if (value != null && value.equalsIgnoreCase("true"))
108 {
109 String pkg = name.substring(24);
110
111 // Cache restricted packages
112 restrictedPackages.add(pkg);
113 }
114 }
115 }
116 return null;
117 }
118 });
119 }
120
121 /**
122 * get the current (first) instance of an AppletClassLoader on the stack.
123 */
124 private AppletClassLoader currentAppletClassLoader()
125 {
126 // try currentClassLoader first
127 ClassLoader loader = currentClassLoader();
128
129 if ((loader == null) || (loader instanceof AppletClassLoader))
130 return (AppletClassLoader)loader;
131
132 // if that fails, get all the classes on the stack and check them.
133 Class[] context = getClassContext();
134 for (int i = 0; i < context.length; i++) {
135 loader = context[i].getClassLoader();
136 if (loader instanceof AppletClassLoader)
137 return (AppletClassLoader)loader;
138 }
139
140 /*
141 * fix bug # 6433620 the logic here is : try to find URLClassLoader from
142 * class context, check its AccessControlContext to see if
143 * AppletClassLoader is in stack when it's created. for this kind of
144 * URLClassLoader, return the AppContext associated with the
145 * AppletClassLoader.
146 */
147 for (int i = 0; i < context.length; i++) {
148 final ClassLoader currentLoader = context[i].getClassLoader();
149
150 if (currentLoader instanceof URLClassLoader) {
151 loader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction() {
152 public Object run() {
153
154 AccessControlContext acc = null;
155 ProtectionDomain[] pds = null;
156
157 try {
158 acc = (AccessControlContext) facc.get(currentLoader);
159 if (acc == null) {
160 return null;
161 }
162
163 pds = (ProtectionDomain[]) fcontext.get(acc);
164 if (pds == null) {
165 return null;
166 }
167 } catch (Exception e) {
168 throw new UnsupportedOperationException(e);
169 }
170
171 for (int i=0; i<pds.length; i++) {
172 ClassLoader cl = pds[i].getClassLoader();
265 * This method is used by the <code>loadClass</code> method of class
266 * loaders.
267 * <p>
268 * The <code>checkPackageAccess</code> method for class
269 * <code>SecurityManager</code> calls
270 * <code>checkPermission</code> with the
271 * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
272 * permission.
273 *
274 * @param pkg the package name.
275 * @exception SecurityException if the caller does not have
276 * permission to access the specified package.
277 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
278 */
279 public void checkPackageAccess(final String pkgname) {
280
281 // first see if the VM-wide policy allows access to this package
282 super.checkPackageAccess(pkgname);
283
284 // now check the list of restricted packages
285 for (Iterator iter = restrictedPackages.iterator(); iter.hasNext();)
286 {
287 String pkg = (String) iter.next();
288
289 // Prevent matching "sun" and "sunir" even if they
290 // starts with similar beginning characters
291 //
292 if (pkgname.equals(pkg) || pkgname.startsWith(pkg + "."))
293 {
294 checkPermission(new java.lang.RuntimePermission
295 ("accessClassInPackage." + pkgname));
296 }
297 }
298 }
299
300 /**
301 * Tests if a client can get access to the AWT event queue.
302 * <p>
303 * This method calls <code>checkPermission</code> with the
304 * <code>AWTPermission("accessEventQueue")</code> permission.
305 *
306 * @since 1.1
307 * @exception SecurityException if the caller does not have
|
63 static {
64 try {
65 facc = URLClassLoader.class.getDeclaredField("acc");
66 facc.setAccessible(true);
67 fcontext = AccessControlContext.class.getDeclaredField("context");
68 fcontext.setAccessible(true);
69 } catch (NoSuchFieldException e) {
70 throw new UnsupportedOperationException(e);
71 }
72 }
73
74
75 /**
76 * Construct and initialize.
77 */
78 public AppletSecurity() {
79 reset();
80 }
81
82 // Cache to store known restricted packages
83 private HashSet<String> restrictedPackages = new HashSet<>();
84
85 /**
86 * Reset from Properties
87 */
88 public void reset()
89 {
90 // Clear cache
91 restrictedPackages.clear();
92
93 AccessController.doPrivileged(new PrivilegedAction<Object>() {
94 public Object run()
95 {
96 // Enumerate system properties
97 Enumeration<?> e = System.getProperties().propertyNames();
98
99 while (e.hasMoreElements())
100 {
101 String name = (String) e.nextElement();
102
103 if (name != null && name.startsWith("package.restrict.access."))
104 {
105 String value = System.getProperty(name);
106
107 if (value != null && value.equalsIgnoreCase("true"))
108 {
109 String pkg = name.substring(24);
110
111 // Cache restricted packages
112 restrictedPackages.add(pkg);
113 }
114 }
115 }
116 return null;
117 }
118 });
119 }
120
121 /**
122 * get the current (first) instance of an AppletClassLoader on the stack.
123 */
124 private AppletClassLoader currentAppletClassLoader()
125 {
126 // try currentClassLoader first
127 ClassLoader loader = currentClassLoader();
128
129 if ((loader == null) || (loader instanceof AppletClassLoader))
130 return (AppletClassLoader)loader;
131
132 // if that fails, get all the classes on the stack and check them.
133 Class<?>[] context = getClassContext();
134 for (int i = 0; i < context.length; i++) {
135 loader = context[i].getClassLoader();
136 if (loader instanceof AppletClassLoader)
137 return (AppletClassLoader)loader;
138 }
139
140 /*
141 * fix bug # 6433620 the logic here is : try to find URLClassLoader from
142 * class context, check its AccessControlContext to see if
143 * AppletClassLoader is in stack when it's created. for this kind of
144 * URLClassLoader, return the AppContext associated with the
145 * AppletClassLoader.
146 */
147 for (int i = 0; i < context.length; i++) {
148 final ClassLoader currentLoader = context[i].getClassLoader();
149
150 if (currentLoader instanceof URLClassLoader) {
151 loader = AccessController.doPrivileged(
152 new PrivilegedAction<ClassLoader>() {
153 public ClassLoader run() {
154
155 AccessControlContext acc = null;
156 ProtectionDomain[] pds = null;
157
158 try {
159 acc = (AccessControlContext) facc.get(currentLoader);
160 if (acc == null) {
161 return null;
162 }
163
164 pds = (ProtectionDomain[]) fcontext.get(acc);
165 if (pds == null) {
166 return null;
167 }
168 } catch (Exception e) {
169 throw new UnsupportedOperationException(e);
170 }
171
172 for (int i=0; i<pds.length; i++) {
173 ClassLoader cl = pds[i].getClassLoader();
266 * This method is used by the <code>loadClass</code> method of class
267 * loaders.
268 * <p>
269 * The <code>checkPackageAccess</code> method for class
270 * <code>SecurityManager</code> calls
271 * <code>checkPermission</code> with the
272 * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
273 * permission.
274 *
275 * @param pkg the package name.
276 * @exception SecurityException if the caller does not have
277 * permission to access the specified package.
278 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
279 */
280 public void checkPackageAccess(final String pkgname) {
281
282 // first see if the VM-wide policy allows access to this package
283 super.checkPackageAccess(pkgname);
284
285 // now check the list of restricted packages
286 for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();)
287 {
288 String pkg = iter.next();
289
290 // Prevent matching "sun" and "sunir" even if they
291 // starts with similar beginning characters
292 //
293 if (pkgname.equals(pkg) || pkgname.startsWith(pkg + "."))
294 {
295 checkPermission(new java.lang.RuntimePermission
296 ("accessClassInPackage." + pkgname));
297 }
298 }
299 }
300
301 /**
302 * Tests if a client can get access to the AWT event queue.
303 * <p>
304 * This method calls <code>checkPermission</code> with the
305 * <code>AWTPermission("accessEventQueue")</code> permission.
306 *
307 * @since 1.1
308 * @exception SecurityException if the caller does not have
|