1 /* 2 * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.io.FileDescriptor; 30 import java.io.File; 31 import java.io.FilePermission; 32 import java.util.PropertyPermission; 33 import java.lang.RuntimePermission; 34 import java.net.SocketPermission; 35 import java.net.NetPermission; 36 import java.util.Hashtable; 37 import java.net.InetAddress; 38 import java.lang.reflect.*; 39 import java.net.URL; 40 41 import sun.reflect.CallerSensitive; 42 import sun.security.util.SecurityConstants; 43 44 /** 45 * The security manager is a class that allows 46 * applications to implement a security policy. It allows an 47 * application to determine, before performing a possibly unsafe or 48 * sensitive operation, what the operation is and whether 49 * it is being attempted in a security context that allows the 50 * operation to be performed. The 51 * application can allow or disallow the operation. 52 * <p> 53 * The <code>SecurityManager</code> class contains many methods with 54 * names that begin with the word <code>check</code>. These methods 55 * are called by various methods in the Java libraries before those 56 * methods perform certain potentially sensitive operations. The 57 * invocation of such a <code>check</code> method typically looks like this: 58 * <blockquote><pre> 59 * SecurityManager security = System.getSecurityManager(); 60 * if (security != null) { 61 * security.check<i>XXX</i>(argument, . . . ); 62 * } 63 * </pre></blockquote> 64 * <p> 65 * The security manager is thereby given an opportunity to prevent 66 * completion of the operation by throwing an exception. A security 67 * manager routine simply returns if the operation is permitted, but 68 * throws a <code>SecurityException</code> if the operation is not 69 * permitted. 70 * <p> 71 * The current security manager is set by the 72 * <code>setSecurityManager</code> method in class 73 * <code>System</code>. The current security manager is obtained 74 * by the <code>getSecurityManager</code> method. 75 * <p> 76 * The special method 77 * {@link SecurityManager#checkPermission(java.security.Permission)} 78 * determines whether an access request indicated by a specified 79 * permission should be granted or denied. The 80 * default implementation calls 81 * 82 * <pre> 83 * AccessController.checkPermission(perm); 84 * </pre> 85 * 86 * <p> 87 * If a requested access is allowed, 88 * <code>checkPermission</code> returns quietly. If denied, a 89 * <code>SecurityException</code> is thrown. 90 * <p> 91 * As of Java 2 SDK v1.2, the default implementation of each of the other 92 * <code>check</code> methods in <code>SecurityManager</code> is to 93 * call the <code>SecurityManager checkPermission</code> method 94 * to determine if the calling thread has permission to perform the requested 95 * operation. 96 * <p> 97 * Note that the <code>checkPermission</code> method with 98 * just a single permission argument always performs security checks 99 * within the context of the currently executing thread. 100 * Sometimes a security check that should be made within a given context 101 * will actually need to be done from within a 102 * <i>different</i> context (for example, from within a worker thread). 103 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 104 * and the {@link SecurityManager#checkPermission(java.security.Permission, 105 * java.lang.Object) checkPermission} 106 * method that includes a context argument are provided 107 * for this situation. The 108 * <code>getSecurityContext</code> method returns a "snapshot" 109 * of the current calling context. (The default implementation 110 * returns an AccessControlContext object.) A sample call is 111 * the following: 112 * 113 * <pre> 114 * Object context = null; 115 * SecurityManager sm = System.getSecurityManager(); 116 * if (sm != null) context = sm.getSecurityContext(); 117 * </pre> 118 * 119 * <p> 120 * The <code>checkPermission</code> method 121 * that takes a context object in addition to a permission 122 * makes access decisions based on that context, 123 * rather than on that of the current execution thread. 124 * Code within a different context can thus call that method, 125 * passing the permission and the 126 * previously-saved context object. A sample call, using the 127 * SecurityManager <code>sm</code> obtained as in the previous example, 128 * is the following: 129 * 130 * <pre> 131 * if (sm != null) sm.checkPermission(permission, context); 132 * </pre> 133 * 134 * <p>Permissions fall into these categories: File, Socket, Net, 135 * Security, Runtime, Property, AWT, Reflect, and Serializable. 136 * The classes managing these various 137 * permission categories are <code>java.io.FilePermission</code>, 138 * <code>java.net.SocketPermission</code>, 139 * <code>java.net.NetPermission</code>, 140 * <code>java.security.SecurityPermission</code>, 141 * <code>java.lang.RuntimePermission</code>, 142 * <code>java.util.PropertyPermission</code>, 143 * <code>java.awt.AWTPermission</code>, 144 * <code>java.lang.reflect.ReflectPermission</code>, and 145 * <code>java.io.SerializablePermission</code>. 146 * 147 * <p>All but the first two (FilePermission and SocketPermission) are 148 * subclasses of <code>java.security.BasicPermission</code>, which itself 149 * is an abstract subclass of the 150 * top-level class for permissions, which is 151 * <code>java.security.Permission</code>. BasicPermission defines the 152 * functionality needed for all permissions that contain a name 153 * that follows the hierarchical property naming convention 154 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 155 * An asterisk 156 * may appear at the end of the name, following a ".", or by itself, to 157 * signify a wildcard match. For example: "a.*" or "*" is valid, 158 * "*a" or "a*b" is not valid. 159 * 160 * <p>FilePermission and SocketPermission are subclasses of the 161 * top-level class for permissions 162 * (<code>java.security.Permission</code>). Classes like these 163 * that have a more complicated name syntax than that used by 164 * BasicPermission subclass directly from Permission rather than from 165 * BasicPermission. For example, 166 * for a <code>java.io.FilePermission</code> object, the permission name is 167 * the path name of a file (or directory). 168 * 169 * <p>Some of the permission classes have an "actions" list that tells 170 * the actions that are permitted for the object. For example, 171 * for a <code>java.io.FilePermission</code> object, the actions list 172 * (such as "read, write") specifies which actions are granted for the 173 * specified file (or for files in the specified directory). 174 * 175 * <p>Other permission classes are for "named" permissions - 176 * ones that contain a name but no actions list; you either have the 177 * named permission or you don't. 178 * 179 * <p>Note: There is also a <code>java.security.AllPermission</code> 180 * permission that implies all permissions. It exists to simplify the work 181 * of system administrators who might need to perform multiple 182 * tasks that require all (or numerous) permissions. 183 * <p> 184 * See <a href ="../../../technotes/guides/security/permissions.html"> 185 * Permissions in the JDK</a> for permission-related information. 186 * This document includes, for example, a table listing the various SecurityManager 187 * <code>check</code> methods and the permission(s) the default 188 * implementation of each such method requires. 189 * It also contains a table of all the version 1.2 methods 190 * that require permissions, and for each such method tells 191 * which permission it requires. 192 * <p> 193 * For more information about <code>SecurityManager</code> changes made in 194 * the JDK and advice regarding porting of 1.1-style security managers, 195 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>. 196 * 197 * @author Arthur van Hoff 198 * @author Roland Schemers 199 * 200 * @see java.lang.ClassLoader 201 * @see java.lang.SecurityException 202 * @see java.lang.System#getSecurityManager() getSecurityManager 203 * @see java.lang.System#setSecurityManager(java.lang.SecurityManager) 204 * setSecurityManager 205 * @see java.security.AccessController AccessController 206 * @see java.security.AccessControlContext AccessControlContext 207 * @see java.security.AccessControlException AccessControlException 208 * @see java.security.Permission 209 * @see java.security.BasicPermission 210 * @see java.io.FilePermission 211 * @see java.net.SocketPermission 212 * @see java.util.PropertyPermission 213 * @see java.lang.RuntimePermission 214 * @see java.awt.AWTPermission 215 * @see java.security.Policy Policy 216 * @see java.security.SecurityPermission SecurityPermission 217 * @see java.security.ProtectionDomain 218 * 219 * @since 1.0 220 */ 221 public 222 class SecurityManager { 223 224 /** 225 * This field is <code>true</code> if there is a security check in 226 * progress; <code>false</code> otherwise. 227 * 228 * @deprecated This type of security checking is not recommended. 229 * It is recommended that the <code>checkPermission</code> 230 * call be used instead. 231 */ 232 @Deprecated 233 protected boolean inCheck; 234 235 /* 236 * Have we been initialized. Effective against finalizer attacks. 237 */ 238 private boolean initialized = false; 239 240 241 /** 242 * returns true if the current context has been granted AllPermission 243 */ 244 private boolean hasAllPermission() { 245 try { 246 checkPermission(SecurityConstants.ALL_PERMISSION); 247 return true; 248 } catch (SecurityException se) { 249 return false; 250 } 251 } 252 253 /** 254 * Tests if there is a security check in progress. 255 * 256 * @return the value of the <code>inCheck</code> field. This field 257 * should contain <code>true</code> if a security check is 258 * in progress, 259 * <code>false</code> otherwise. 260 * @see java.lang.SecurityManager#inCheck 261 * @deprecated This type of security checking is not recommended. 262 * It is recommended that the <code>checkPermission</code> 263 * call be used instead. 264 */ 265 @Deprecated 266 public boolean getInCheck() { 267 return inCheck; 268 } 269 270 /** 271 * Constructs a new <code>SecurityManager</code>. 272 * 273 * <p> If there is a security manager already installed, this method first 274 * calls the security manager's <code>checkPermission</code> method 275 * with the <code>RuntimePermission("createSecurityManager")</code> 276 * permission to ensure the calling thread has permission to create a new 277 * security manager. 278 * This may result in throwing a <code>SecurityException</code>. 279 * 280 * @exception java.lang.SecurityException if a security manager already 281 * exists and its <code>checkPermission</code> method 282 * doesn't allow creation of a new security manager. 283 * @see java.lang.System#getSecurityManager() 284 * @see #checkPermission(java.security.Permission) checkPermission 285 * @see java.lang.RuntimePermission 286 */ 287 public SecurityManager() { 288 synchronized(SecurityManager.class) { 289 SecurityManager sm = System.getSecurityManager(); 290 if (sm != null) { 291 // ask the currently installed security manager if we 292 // can create a new one. 293 sm.checkPermission(new RuntimePermission 294 ("createSecurityManager")); 295 } 296 initialized = true; 297 } 298 } 299 300 /** 301 * Returns the current execution stack as an array of classes. 302 * <p> 303 * The length of the array is the number of methods on the execution 304 * stack. The element at index <code>0</code> is the class of the 305 * currently executing method, the element at index <code>1</code> is 306 * the class of that method's caller, and so on. 307 * 308 * @return the execution stack. 309 */ 310 protected native Class<?>[] getClassContext(); 311 312 /** 313 * Returns the class loader of the most recently executing method from 314 * a class defined using a non-system class loader. A non-system 315 * class loader is defined as being a class loader that is not equal to 316 * the system class loader (as returned 317 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 318 * <p> 319 * This method will return 320 * <code>null</code> in the following three cases: 321 * <ol> 322 * <li>All methods on the execution stack are from classes 323 * defined using the system class loader or one of its ancestors. 324 * 325 * <li>All methods on the execution stack up to the first 326 * "privileged" caller 327 * (see {@link java.security.AccessController#doPrivileged}) 328 * are from classes 329 * defined using the system class loader or one of its ancestors. 330 * 331 * <li> A call to <code>checkPermission</code> with 332 * <code>java.security.AllPermission</code> does not 333 * result in a SecurityException. 334 * 335 * </ol> 336 * 337 * @return the class loader of the most recent occurrence on the stack 338 * of a method from a class defined using a non-system class 339 * loader. 340 * 341 * @deprecated This type of security checking is not recommended. 342 * It is recommended that the <code>checkPermission</code> 343 * call be used instead. 344 * 345 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 346 * @see #checkPermission(java.security.Permission) checkPermission 347 */ 348 @Deprecated 349 protected ClassLoader currentClassLoader() { 350 ClassLoader cl = currentClassLoader0(); 351 if ((cl != null) && hasAllPermission()) 352 cl = null; 353 return cl; 354 } 355 356 private native ClassLoader currentClassLoader0(); 357 358 /** 359 * Returns the class of the most recently executing method from 360 * a class defined using a non-system class loader. A non-system 361 * class loader is defined as being a class loader that is not equal to 362 * the system class loader (as returned 363 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 364 * <p> 365 * This method will return 366 * <code>null</code> in the following three cases: 367 * <ol> 368 * <li>All methods on the execution stack are from classes 369 * defined using the system class loader or one of its ancestors. 370 * 371 * <li>All methods on the execution stack up to the first 372 * "privileged" caller 373 * (see {@link java.security.AccessController#doPrivileged}) 374 * are from classes 375 * defined using the system class loader or one of its ancestors. 376 * 377 * <li> A call to <code>checkPermission</code> with 378 * <code>java.security.AllPermission</code> does not 379 * result in a SecurityException. 380 * 381 * </ol> 382 * 383 * @return the class of the most recent occurrence on the stack 384 * of a method from a class defined using a non-system class 385 * loader. 386 * 387 * @deprecated This type of security checking is not recommended. 388 * It is recommended that the <code>checkPermission</code> 389 * call be used instead. 390 * 391 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 392 * @see #checkPermission(java.security.Permission) checkPermission 393 */ 394 @Deprecated 395 protected Class<?> currentLoadedClass() { 396 Class<?> c = currentLoadedClass0(); 397 if ((c != null) && hasAllPermission()) 398 c = null; 399 return c; 400 } 401 402 /** 403 * Returns the stack depth of the specified class. 404 * 405 * @param name the fully qualified name of the class to search for. 406 * @return the depth on the stack frame of the first occurrence of a 407 * method from a class with the specified name; 408 * <code>-1</code> if such a frame cannot be found. 409 * @deprecated This type of security checking is not recommended. 410 * It is recommended that the <code>checkPermission</code> 411 * call be used instead. 412 * 413 */ 414 @Deprecated 415 protected native int classDepth(String name); 416 417 /** 418 * Returns the stack depth of the most recently executing method 419 * from a class defined using a non-system class loader. A non-system 420 * class loader is defined as being a class loader that is not equal to 421 * the system class loader (as returned 422 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 423 * <p> 424 * This method will return 425 * -1 in the following three cases: 426 * <ol> 427 * <li>All methods on the execution stack are from classes 428 * defined using the system class loader or one of its ancestors. 429 * 430 * <li>All methods on the execution stack up to the first 431 * "privileged" caller 432 * (see {@link java.security.AccessController#doPrivileged}) 433 * are from classes 434 * defined using the system class loader or one of its ancestors. 435 * 436 * <li> A call to <code>checkPermission</code> with 437 * <code>java.security.AllPermission</code> does not 438 * result in a SecurityException. 439 * 440 * </ol> 441 * 442 * @return the depth on the stack frame of the most recent occurrence of 443 * a method from a class defined using a non-system class loader. 444 * 445 * @deprecated This type of security checking is not recommended. 446 * It is recommended that the <code>checkPermission</code> 447 * call be used instead. 448 * 449 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 450 * @see #checkPermission(java.security.Permission) checkPermission 451 */ 452 @Deprecated 453 protected int classLoaderDepth() { 454 int depth = classLoaderDepth0(); 455 if (depth != -1) { 456 if (hasAllPermission()) 457 depth = -1; 458 else 459 depth--; // make sure we don't include ourself 460 } 461 return depth; 462 } 463 464 private native int classLoaderDepth0(); 465 466 /** 467 * Tests if a method from a class with the specified 468 * name is on the execution stack. 469 * 470 * @param name the fully qualified name of the class. 471 * @return <code>true</code> if a method from a class with the specified 472 * name is on the execution stack; <code>false</code> otherwise. 473 * @deprecated This type of security checking is not recommended. 474 * It is recommended that the <code>checkPermission</code> 475 * call be used instead. 476 */ 477 @Deprecated 478 protected boolean inClass(String name) { 479 return classDepth(name) >= 0; 480 } 481 482 /** 483 * Basically, tests if a method from a class defined using a 484 * class loader is on the execution stack. 485 * 486 * @return <code>true</code> if a call to <code>currentClassLoader</code> 487 * has a non-null return value. 488 * 489 * @deprecated This type of security checking is not recommended. 490 * It is recommended that the <code>checkPermission</code> 491 * call be used instead. 492 * @see #currentClassLoader() currentClassLoader 493 */ 494 @Deprecated 495 protected boolean inClassLoader() { 496 return currentClassLoader() != null; 497 } 498 499 /** 500 * Creates an object that encapsulates the current execution 501 * environment. The result of this method is used, for example, by the 502 * three-argument <code>checkConnect</code> method and by the 503 * two-argument <code>checkRead</code> method. 504 * These methods are needed because a trusted method may be called 505 * on to read a file or open a socket on behalf of another method. 506 * The trusted method needs to determine if the other (possibly 507 * untrusted) method would be allowed to perform the operation on its 508 * own. 509 * <p> The default implementation of this method is to return 510 * an <code>AccessControlContext</code> object. 511 * 512 * @return an implementation-dependent object that encapsulates 513 * sufficient information about the current execution environment 514 * to perform some security checks later. 515 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, 516 * java.lang.Object) checkConnect 517 * @see java.lang.SecurityManager#checkRead(java.lang.String, 518 * java.lang.Object) checkRead 519 * @see java.security.AccessControlContext AccessControlContext 520 */ 521 public Object getSecurityContext() { 522 return AccessController.getContext(); 523 } 524 525 /** 526 * Throws a <code>SecurityException</code> if the requested 527 * access, specified by the given permission, is not permitted based 528 * on the security policy currently in effect. 529 * <p> 530 * This method calls <code>AccessController.checkPermission</code> 531 * with the given permission. 532 * 533 * @param perm the requested permission. 534 * @exception SecurityException if access is not permitted based on 535 * the current security policy. 536 * @exception NullPointerException if the permission argument is 537 * <code>null</code>. 538 * @since 1.2 539 */ 540 public void checkPermission(Permission perm) { 541 java.security.AccessController.checkPermission(perm); 542 } 543 544 /** 545 * Throws a <code>SecurityException</code> if the 546 * specified security context is denied access to the resource 547 * specified by the given permission. 548 * The context must be a security 549 * context returned by a previous call to 550 * <code>getSecurityContext</code> and the access control 551 * decision is based upon the configured security policy for 552 * that security context. 553 * <p> 554 * If <code>context</code> is an instance of 555 * <code>AccessControlContext</code> then the 556 * <code>AccessControlContext.checkPermission</code> method is 557 * invoked with the specified permission. 558 * <p> 559 * If <code>context</code> is not an instance of 560 * <code>AccessControlContext</code> then a 561 * <code>SecurityException</code> is thrown. 562 * 563 * @param perm the specified permission 564 * @param context a system-dependent security context. 565 * @exception SecurityException if the specified security context 566 * is not an instance of <code>AccessControlContext</code> 567 * (e.g., is <code>null</code>), or is denied access to the 568 * resource specified by the given permission. 569 * @exception NullPointerException if the permission argument is 570 * <code>null</code>. 571 * @see java.lang.SecurityManager#getSecurityContext() 572 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 573 * @since 1.2 574 */ 575 public void checkPermission(Permission perm, Object context) { 576 if (context instanceof AccessControlContext) { 577 ((AccessControlContext)context).checkPermission(perm); 578 } else { 579 throw new SecurityException(); 580 } 581 } 582 583 /** 584 * Throws a <code>SecurityException</code> if the 585 * calling thread is not allowed to create a new class loader. 586 * <p> 587 * This method calls <code>checkPermission</code> with the 588 * <code>RuntimePermission("createClassLoader")</code> 589 * permission. 590 * <p> 591 * If you override this method, then you should make a call to 592 * <code>super.checkCreateClassLoader</code> 593 * at the point the overridden method would normally throw an 594 * exception. 595 * 596 * @exception SecurityException if the calling thread does not 597 * have permission 598 * to create a new class loader. 599 * @see java.lang.ClassLoader#ClassLoader() 600 * @see #checkPermission(java.security.Permission) checkPermission 601 */ 602 public void checkCreateClassLoader() { 603 checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); 604 } 605 606 /** 607 * reference to the root thread group, used for the checkAccess 608 * methods. 609 */ 610 611 private static ThreadGroup rootGroup = getRootGroup(); 612 613 private static ThreadGroup getRootGroup() { 614 ThreadGroup root = Thread.currentThread().getThreadGroup(); 615 while (root.getParent() != null) { 616 root = root.getParent(); 617 } 618 return root; 619 } 620 621 /** 622 * Throws a <code>SecurityException</code> if the 623 * calling thread is not allowed to modify the thread argument. 624 * <p> 625 * This method is invoked for the current security manager by the 626 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 627 * <code>setPriority</code>, <code>setName</code>, and 628 * <code>setDaemon</code> methods of class <code>Thread</code>. 629 * <p> 630 * If the thread argument is a system thread (belongs to 631 * the thread group with a <code>null</code> parent) then 632 * this method calls <code>checkPermission</code> with the 633 * <code>RuntimePermission("modifyThread")</code> permission. 634 * If the thread argument is <i>not</i> a system thread, 635 * this method just returns silently. 636 * <p> 637 * Applications that want a stricter policy should override this 638 * method. If this method is overridden, the method that overrides 639 * it should additionally check to see if the calling thread has the 640 * <code>RuntimePermission("modifyThread")</code> permission, and 641 * if so, return silently. This is to ensure that code granted 642 * that permission (such as the JDK itself) is allowed to 643 * manipulate any thread. 644 * <p> 645 * If this method is overridden, then 646 * <code>super.checkAccess</code> should 647 * be called by the first statement in the overridden method, or the 648 * equivalent security check should be placed in the overridden method. 649 * 650 * @param t the thread to be checked. 651 * @exception SecurityException if the calling thread does not have 652 * permission to modify the thread. 653 * @exception NullPointerException if the thread argument is 654 * <code>null</code>. 655 * @see java.lang.Thread#resume() resume 656 * @see java.lang.Thread#setDaemon(boolean) setDaemon 657 * @see java.lang.Thread#setName(java.lang.String) setName 658 * @see java.lang.Thread#setPriority(int) setPriority 659 * @see java.lang.Thread#stop() stop 660 * @see java.lang.Thread#suspend() suspend 661 * @see #checkPermission(java.security.Permission) checkPermission 662 */ 663 public void checkAccess(Thread t) { 664 if (t == null) { 665 throw new NullPointerException("thread can't be null"); 666 } 667 if (t.getThreadGroup() == rootGroup) { 668 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); 669 } else { 670 // just return 671 } 672 } 673 /** 674 * Throws a <code>SecurityException</code> if the 675 * calling thread is not allowed to modify the thread group argument. 676 * <p> 677 * This method is invoked for the current security manager when a 678 * new child thread or child thread group is created, and by the 679 * <code>setDaemon</code>, <code>setMaxPriority</code>, 680 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 681 * <code>destroy</code> methods of class <code>ThreadGroup</code>. 682 * <p> 683 * If the thread group argument is the system thread group ( 684 * has a <code>null</code> parent) then 685 * this method calls <code>checkPermission</code> with the 686 * <code>RuntimePermission("modifyThreadGroup")</code> permission. 687 * If the thread group argument is <i>not</i> the system thread group, 688 * this method just returns silently. 689 * <p> 690 * Applications that want a stricter policy should override this 691 * method. If this method is overridden, the method that overrides 692 * it should additionally check to see if the calling thread has the 693 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and 694 * if so, return silently. This is to ensure that code granted 695 * that permission (such as the JDK itself) is allowed to 696 * manipulate any thread. 697 * <p> 698 * If this method is overridden, then 699 * <code>super.checkAccess</code> should 700 * be called by the first statement in the overridden method, or the 701 * equivalent security check should be placed in the overridden method. 702 * 703 * @param g the thread group to be checked. 704 * @exception SecurityException if the calling thread does not have 705 * permission to modify the thread group. 706 * @exception NullPointerException if the thread group argument is 707 * <code>null</code>. 708 * @see java.lang.ThreadGroup#destroy() destroy 709 * @see java.lang.ThreadGroup#resume() resume 710 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon 711 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority 712 * @see java.lang.ThreadGroup#stop() stop 713 * @see java.lang.ThreadGroup#suspend() suspend 714 * @see #checkPermission(java.security.Permission) checkPermission 715 */ 716 public void checkAccess(ThreadGroup g) { 717 if (g == null) { 718 throw new NullPointerException("thread group can't be null"); 719 } 720 if (g == rootGroup) { 721 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 722 } else { 723 // just return 724 } 725 } 726 727 /** 728 * Throws a <code>SecurityException</code> if the 729 * calling thread is not allowed to cause the Java Virtual Machine to 730 * halt with the specified status code. 731 * <p> 732 * This method is invoked for the current security manager by the 733 * <code>exit</code> method of class <code>Runtime</code>. A status 734 * of <code>0</code> indicates success; other values indicate various 735 * errors. 736 * <p> 737 * This method calls <code>checkPermission</code> with the 738 * <code>RuntimePermission("exitVM."+status)</code> permission. 739 * <p> 740 * If you override this method, then you should make a call to 741 * <code>super.checkExit</code> 742 * at the point the overridden method would normally throw an 743 * exception. 744 * 745 * @param status the exit status. 746 * @exception SecurityException if the calling thread does not have 747 * permission to halt the Java Virtual Machine with 748 * the specified status. 749 * @see java.lang.Runtime#exit(int) exit 750 * @see #checkPermission(java.security.Permission) checkPermission 751 */ 752 public void checkExit(int status) { 753 checkPermission(new RuntimePermission("exitVM."+status)); 754 } 755 756 /** 757 * Throws a <code>SecurityException</code> if the 758 * calling thread is not allowed to create a subprocess. 759 * <p> 760 * This method is invoked for the current security manager by the 761 * <code>exec</code> methods of class <code>Runtime</code>. 762 * <p> 763 * This method calls <code>checkPermission</code> with the 764 * <code>FilePermission(cmd,"execute")</code> permission 765 * if cmd is an absolute path, otherwise it calls 766 * <code>checkPermission</code> with 767 * <code>FilePermission("<<ALL FILES>>","execute")</code>. 768 * <p> 769 * If you override this method, then you should make a call to 770 * <code>super.checkExec</code> 771 * at the point the overridden method would normally throw an 772 * exception. 773 * 774 * @param cmd the specified system command. 775 * @exception SecurityException if the calling thread does not have 776 * permission to create a subprocess. 777 * @exception NullPointerException if the <code>cmd</code> argument is 778 * <code>null</code>. 779 * @see java.lang.Runtime#exec(java.lang.String) 780 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) 781 * @see java.lang.Runtime#exec(java.lang.String[]) 782 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) 783 * @see #checkPermission(java.security.Permission) checkPermission 784 */ 785 public void checkExec(String cmd) { 786 File f = new File(cmd); 787 if (f.isAbsolute()) { 788 checkPermission(new FilePermission(cmd, 789 SecurityConstants.FILE_EXECUTE_ACTION)); 790 } else { 791 checkPermission(new FilePermission("<<ALL FILES>>", 792 SecurityConstants.FILE_EXECUTE_ACTION)); 793 } 794 } 795 796 /** 797 * Throws a <code>SecurityException</code> if the 798 * calling thread is not allowed to dynamic link the library code 799 * specified by the string argument file. The argument is either a 800 * simple library name or a complete filename. 801 * <p> 802 * This method is invoked for the current security manager by 803 * methods <code>load</code> and <code>loadLibrary</code> of class 804 * <code>Runtime</code>. 805 * <p> 806 * This method calls <code>checkPermission</code> with the 807 * <code>RuntimePermission("loadLibrary."+lib)</code> permission. 808 * <p> 809 * If you override this method, then you should make a call to 810 * <code>super.checkLink</code> 811 * at the point the overridden method would normally throw an 812 * exception. 813 * 814 * @param lib the name of the library. 815 * @exception SecurityException if the calling thread does not have 816 * permission to dynamically link the library. 817 * @exception NullPointerException if the <code>lib</code> argument is 818 * <code>null</code>. 819 * @see java.lang.Runtime#load(java.lang.String) 820 * @see java.lang.Runtime#loadLibrary(java.lang.String) 821 * @see #checkPermission(java.security.Permission) checkPermission 822 */ 823 public void checkLink(String lib) { 824 if (lib == null) { 825 throw new NullPointerException("library can't be null"); 826 } 827 checkPermission(new RuntimePermission("loadLibrary."+lib)); 828 } 829 830 /** 831 * Throws a <code>SecurityException</code> if the 832 * calling thread is not allowed to read from the specified file 833 * descriptor. 834 * <p> 835 * This method calls <code>checkPermission</code> with the 836 * <code>RuntimePermission("readFileDescriptor")</code> 837 * permission. 838 * <p> 839 * If you override this method, then you should make a call to 840 * <code>super.checkRead</code> 841 * at the point the overridden method would normally throw an 842 * exception. 843 * 844 * @param fd the system-dependent file descriptor. 845 * @exception SecurityException if the calling thread does not have 846 * permission to access the specified file descriptor. 847 * @exception NullPointerException if the file descriptor argument is 848 * <code>null</code>. 849 * @see java.io.FileDescriptor 850 * @see #checkPermission(java.security.Permission) checkPermission 851 */ 852 public void checkRead(FileDescriptor fd) { 853 if (fd == null) { 854 throw new NullPointerException("file descriptor can't be null"); 855 } 856 checkPermission(new RuntimePermission("readFileDescriptor")); 857 } 858 859 /** 860 * Throws a <code>SecurityException</code> if the 861 * calling thread is not allowed to read the file specified by the 862 * string argument. 863 * <p> 864 * This method calls <code>checkPermission</code> with the 865 * <code>FilePermission(file,"read")</code> permission. 866 * <p> 867 * If you override this method, then you should make a call to 868 * <code>super.checkRead</code> 869 * at the point the overridden method would normally throw an 870 * exception. 871 * 872 * @param file the system-dependent file name. 873 * @exception SecurityException if the calling thread does not have 874 * permission to access the specified file. 875 * @exception NullPointerException if the <code>file</code> argument is 876 * <code>null</code>. 877 * @see #checkPermission(java.security.Permission) checkPermission 878 */ 879 public void checkRead(String file) { 880 checkPermission(new FilePermission(file, 881 SecurityConstants.FILE_READ_ACTION)); 882 } 883 884 /** 885 * Throws a <code>SecurityException</code> if the 886 * specified security context is not allowed to read the file 887 * specified by the string argument. The context must be a security 888 * context returned by a previous call to 889 * <code>getSecurityContext</code>. 890 * <p> If <code>context</code> is an instance of 891 * <code>AccessControlContext</code> then the 892 * <code>AccessControlContext.checkPermission</code> method will 893 * be invoked with the <code>FilePermission(file,"read")</code> permission. 894 * <p> If <code>context</code> is not an instance of 895 * <code>AccessControlContext</code> then a 896 * <code>SecurityException</code> is thrown. 897 * <p> 898 * If you override this method, then you should make a call to 899 * <code>super.checkRead</code> 900 * at the point the overridden method would normally throw an 901 * exception. 902 * 903 * @param file the system-dependent filename. 904 * @param context a system-dependent security context. 905 * @exception SecurityException if the specified security context 906 * is not an instance of <code>AccessControlContext</code> 907 * (e.g., is <code>null</code>), or does not have permission 908 * to read the specified file. 909 * @exception NullPointerException if the <code>file</code> argument is 910 * <code>null</code>. 911 * @see java.lang.SecurityManager#getSecurityContext() 912 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 913 */ 914 public void checkRead(String file, Object context) { 915 checkPermission( 916 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), 917 context); 918 } 919 920 /** 921 * Throws a <code>SecurityException</code> if the 922 * calling thread is not allowed to write to the specified file 923 * descriptor. 924 * <p> 925 * This method calls <code>checkPermission</code> with the 926 * <code>RuntimePermission("writeFileDescriptor")</code> 927 * permission. 928 * <p> 929 * If you override this method, then you should make a call to 930 * <code>super.checkWrite</code> 931 * at the point the overridden method would normally throw an 932 * exception. 933 * 934 * @param fd the system-dependent file descriptor. 935 * @exception SecurityException if the calling thread does not have 936 * permission to access the specified file descriptor. 937 * @exception NullPointerException if the file descriptor argument is 938 * <code>null</code>. 939 * @see java.io.FileDescriptor 940 * @see #checkPermission(java.security.Permission) checkPermission 941 */ 942 public void checkWrite(FileDescriptor fd) { 943 if (fd == null) { 944 throw new NullPointerException("file descriptor can't be null"); 945 } 946 checkPermission(new RuntimePermission("writeFileDescriptor")); 947 948 } 949 950 /** 951 * Throws a <code>SecurityException</code> if the 952 * calling thread is not allowed to write to the file specified by 953 * the string argument. 954 * <p> 955 * This method calls <code>checkPermission</code> with the 956 * <code>FilePermission(file,"write")</code> permission. 957 * <p> 958 * If you override this method, then you should make a call to 959 * <code>super.checkWrite</code> 960 * at the point the overridden method would normally throw an 961 * exception. 962 * 963 * @param file the system-dependent filename. 964 * @exception SecurityException if the calling thread does not 965 * have permission to access the specified file. 966 * @exception NullPointerException if the <code>file</code> argument is 967 * <code>null</code>. 968 * @see #checkPermission(java.security.Permission) checkPermission 969 */ 970 public void checkWrite(String file) { 971 checkPermission(new FilePermission(file, 972 SecurityConstants.FILE_WRITE_ACTION)); 973 } 974 975 /** 976 * Throws a <code>SecurityException</code> if the 977 * calling thread is not allowed to delete the specified file. 978 * <p> 979 * This method is invoked for the current security manager by the 980 * <code>delete</code> method of class <code>File</code>. 981 * <p> 982 * This method calls <code>checkPermission</code> with the 983 * <code>FilePermission(file,"delete")</code> permission. 984 * <p> 985 * If you override this method, then you should make a call to 986 * <code>super.checkDelete</code> 987 * at the point the overridden method would normally throw an 988 * exception. 989 * 990 * @param file the system-dependent filename. 991 * @exception SecurityException if the calling thread does not 992 * have permission to delete the file. 993 * @exception NullPointerException if the <code>file</code> argument is 994 * <code>null</code>. 995 * @see java.io.File#delete() 996 * @see #checkPermission(java.security.Permission) checkPermission 997 */ 998 public void checkDelete(String file) { 999 checkPermission(new FilePermission(file, 1000 SecurityConstants.FILE_DELETE_ACTION)); 1001 } 1002 1003 /** 1004 * Throws a <code>SecurityException</code> if the 1005 * calling thread is not allowed to open a socket connection to the 1006 * specified host and port number. 1007 * <p> 1008 * A port number of <code>-1</code> indicates that the calling 1009 * method is attempting to determine the IP address of the specified 1010 * host name. 1011 * <p> 1012 * This method calls <code>checkPermission</code> with the 1013 * <code>SocketPermission(host+":"+port,"connect")</code> permission if 1014 * the port is not equal to -1. If the port is equal to -1, then 1015 * it calls <code>checkPermission</code> with the 1016 * <code>SocketPermission(host,"resolve")</code> permission. 1017 * <p> 1018 * If you override this method, then you should make a call to 1019 * <code>super.checkConnect</code> 1020 * at the point the overridden method would normally throw an 1021 * exception. 1022 * 1023 * @param host the host name port to connect to. 1024 * @param port the protocol port to connect to. 1025 * @exception SecurityException if the calling thread does not have 1026 * permission to open a socket connection to the specified 1027 * <code>host</code> and <code>port</code>. 1028 * @exception NullPointerException if the <code>host</code> argument is 1029 * <code>null</code>. 1030 * @see #checkPermission(java.security.Permission) checkPermission 1031 */ 1032 public void checkConnect(String host, int port) { 1033 if (host == null) { 1034 throw new NullPointerException("host can't be null"); 1035 } 1036 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1037 host = "[" + host + "]"; 1038 } 1039 if (port == -1) { 1040 checkPermission(new SocketPermission(host, 1041 SecurityConstants.SOCKET_RESOLVE_ACTION)); 1042 } else { 1043 checkPermission(new SocketPermission(host+":"+port, 1044 SecurityConstants.SOCKET_CONNECT_ACTION)); 1045 } 1046 } 1047 1048 /** 1049 * Throws a <code>SecurityException</code> if the 1050 * specified security context is not allowed to open a socket 1051 * connection to the specified host and port number. 1052 * <p> 1053 * A port number of <code>-1</code> indicates that the calling 1054 * method is attempting to determine the IP address of the specified 1055 * host name. 1056 * <p> If <code>context</code> is not an instance of 1057 * <code>AccessControlContext</code> then a 1058 * <code>SecurityException</code> is thrown. 1059 * <p> 1060 * Otherwise, the port number is checked. If it is not equal 1061 * to -1, the <code>context</code>'s <code>checkPermission</code> 1062 * method is called with a 1063 * <code>SocketPermission(host+":"+port,"connect")</code> permission. 1064 * If the port is equal to -1, then 1065 * the <code>context</code>'s <code>checkPermission</code> method 1066 * is called with a 1067 * <code>SocketPermission(host,"resolve")</code> permission. 1068 * <p> 1069 * If you override this method, then you should make a call to 1070 * <code>super.checkConnect</code> 1071 * at the point the overridden method would normally throw an 1072 * exception. 1073 * 1074 * @param host the host name port to connect to. 1075 * @param port the protocol port to connect to. 1076 * @param context a system-dependent security context. 1077 * @exception SecurityException if the specified security context 1078 * is not an instance of <code>AccessControlContext</code> 1079 * (e.g., is <code>null</code>), or does not have permission 1080 * to open a socket connection to the specified 1081 * <code>host</code> and <code>port</code>. 1082 * @exception NullPointerException if the <code>host</code> argument is 1083 * <code>null</code>. 1084 * @see java.lang.SecurityManager#getSecurityContext() 1085 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 1086 */ 1087 public void checkConnect(String host, int port, Object context) { 1088 if (host == null) { 1089 throw new NullPointerException("host can't be null"); 1090 } 1091 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1092 host = "[" + host + "]"; 1093 } 1094 if (port == -1) 1095 checkPermission(new SocketPermission(host, 1096 SecurityConstants.SOCKET_RESOLVE_ACTION), 1097 context); 1098 else 1099 checkPermission(new SocketPermission(host+":"+port, 1100 SecurityConstants.SOCKET_CONNECT_ACTION), 1101 context); 1102 } 1103 1104 /** 1105 * Throws a <code>SecurityException</code> if the 1106 * calling thread is not allowed to wait for a connection request on 1107 * the specified local port number. 1108 * <p> 1109 * This method calls <code>checkPermission</code> with the 1110 * <code>SocketPermission("localhost:"+port,"listen")</code>. 1111 * <p> 1112 * If you override this method, then you should make a call to 1113 * <code>super.checkListen</code> 1114 * at the point the overridden method would normally throw an 1115 * exception. 1116 * 1117 * @param port the local port. 1118 * @exception SecurityException if the calling thread does not have 1119 * permission to listen on the specified port. 1120 * @see #checkPermission(java.security.Permission) checkPermission 1121 */ 1122 public void checkListen(int port) { 1123 checkPermission(new SocketPermission("localhost:"+port, 1124 SecurityConstants.SOCKET_LISTEN_ACTION)); 1125 } 1126 1127 /** 1128 * Throws a <code>SecurityException</code> if the 1129 * calling thread is not permitted to accept a socket connection from 1130 * the specified host and port number. 1131 * <p> 1132 * This method is invoked for the current security manager by the 1133 * <code>accept</code> method of class <code>ServerSocket</code>. 1134 * <p> 1135 * This method calls <code>checkPermission</code> with the 1136 * <code>SocketPermission(host+":"+port,"accept")</code> permission. 1137 * <p> 1138 * If you override this method, then you should make a call to 1139 * <code>super.checkAccept</code> 1140 * at the point the overridden method would normally throw an 1141 * exception. 1142 * 1143 * @param host the host name of the socket connection. 1144 * @param port the port number of the socket connection. 1145 * @exception SecurityException if the calling thread does not have 1146 * permission to accept the connection. 1147 * @exception NullPointerException if the <code>host</code> argument is 1148 * <code>null</code>. 1149 * @see java.net.ServerSocket#accept() 1150 * @see #checkPermission(java.security.Permission) checkPermission 1151 */ 1152 public void checkAccept(String host, int port) { 1153 if (host == null) { 1154 throw new NullPointerException("host can't be null"); 1155 } 1156 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1157 host = "[" + host + "]"; 1158 } 1159 checkPermission(new SocketPermission(host+":"+port, 1160 SecurityConstants.SOCKET_ACCEPT_ACTION)); 1161 } 1162 1163 /** 1164 * Throws a <code>SecurityException</code> if the 1165 * calling thread is not allowed to use 1166 * (join/leave/send/receive) IP multicast. 1167 * <p> 1168 * This method calls <code>checkPermission</code> with the 1169 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1170 * "accept,connect")</code> permission. 1171 * <p> 1172 * If you override this method, then you should make a call to 1173 * <code>super.checkMulticast</code> 1174 * at the point the overridden method would normally throw an 1175 * exception. 1176 * 1177 * @param maddr Internet group address to be used. 1178 * @exception SecurityException if the calling thread is not allowed to 1179 * use (join/leave/send/receive) IP multicast. 1180 * @exception NullPointerException if the address argument is 1181 * <code>null</code>. 1182 * @since 1.1 1183 * @see #checkPermission(java.security.Permission) checkPermission 1184 */ 1185 public void checkMulticast(InetAddress maddr) { 1186 String host = maddr.getHostAddress(); 1187 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1188 host = "[" + host + "]"; 1189 } 1190 checkPermission(new SocketPermission(host, 1191 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1192 } 1193 1194 /** 1195 * Throws a <code>SecurityException</code> if the 1196 * calling thread is not allowed to use 1197 * (join/leave/send/receive) IP multicast. 1198 * <p> 1199 * This method calls <code>checkPermission</code> with the 1200 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1201 * "accept,connect")</code> permission. 1202 * <p> 1203 * If you override this method, then you should make a call to 1204 * <code>super.checkMulticast</code> 1205 * at the point the overridden method would normally throw an 1206 * exception. 1207 * 1208 * @param maddr Internet group address to be used. 1209 * @param ttl value in use, if it is multicast send. 1210 * Note: this particular implementation does not use the ttl 1211 * parameter. 1212 * @exception SecurityException if the calling thread is not allowed to 1213 * use (join/leave/send/receive) IP multicast. 1214 * @exception NullPointerException if the address argument is 1215 * <code>null</code>. 1216 * @since 1.1 1217 * @deprecated Use #checkPermission(java.security.Permission) instead 1218 * @see #checkPermission(java.security.Permission) checkPermission 1219 */ 1220 @Deprecated 1221 public void checkMulticast(InetAddress maddr, byte ttl) { 1222 String host = maddr.getHostAddress(); 1223 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1224 host = "[" + host + "]"; 1225 } 1226 checkPermission(new SocketPermission(host, 1227 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1228 } 1229 1230 /** 1231 * Throws a <code>SecurityException</code> if the 1232 * calling thread is not allowed to access or modify the system 1233 * properties. 1234 * <p> 1235 * This method is used by the <code>getProperties</code> and 1236 * <code>setProperties</code> methods of class <code>System</code>. 1237 * <p> 1238 * This method calls <code>checkPermission</code> with the 1239 * <code>PropertyPermission("*", "read,write")</code> permission. 1240 * <p> 1241 * If you override this method, then you should make a call to 1242 * <code>super.checkPropertiesAccess</code> 1243 * at the point the overridden method would normally throw an 1244 * exception. 1245 * 1246 * @exception SecurityException if the calling thread does not have 1247 * permission to access or modify the system properties. 1248 * @see java.lang.System#getProperties() 1249 * @see java.lang.System#setProperties(java.util.Properties) 1250 * @see #checkPermission(java.security.Permission) checkPermission 1251 */ 1252 public void checkPropertiesAccess() { 1253 checkPermission(new PropertyPermission("*", 1254 SecurityConstants.PROPERTY_RW_ACTION)); 1255 } 1256 1257 /** 1258 * Throws a <code>SecurityException</code> if the 1259 * calling thread is not allowed to access the system property with 1260 * the specified <code>key</code> name. 1261 * <p> 1262 * This method is used by the <code>getProperty</code> method of 1263 * class <code>System</code>. 1264 * <p> 1265 * This method calls <code>checkPermission</code> with the 1266 * <code>PropertyPermission(key, "read")</code> permission. 1267 * <p> 1268 * If you override this method, then you should make a call to 1269 * <code>super.checkPropertyAccess</code> 1270 * at the point the overridden method would normally throw an 1271 * exception. 1272 * 1273 * @param key a system property key. 1274 * 1275 * @exception SecurityException if the calling thread does not have 1276 * permission to access the specified system property. 1277 * @exception NullPointerException if the <code>key</code> argument is 1278 * <code>null</code>. 1279 * @exception IllegalArgumentException if <code>key</code> is empty. 1280 * 1281 * @see java.lang.System#getProperty(java.lang.String) 1282 * @see #checkPermission(java.security.Permission) checkPermission 1283 */ 1284 public void checkPropertyAccess(String key) { 1285 checkPermission(new PropertyPermission(key, 1286 SecurityConstants.PROPERTY_READ_ACTION)); 1287 } 1288 1289 /** 1290 * Returns {@code true} if the calling thread has {@code AllPermission}. 1291 * 1292 * @param window not used except to check if it is {@code null}. 1293 * @return {@code true} if the calling thread has {@code AllPermission}. 1294 * @exception NullPointerException if the {@code window} argument is 1295 * {@code null}. 1296 * @deprecated This method was originally used to check if the calling thread 1297 * was trusted to bring up a top-level window. The method has been 1298 * obsoleted and code should instead use {@link #checkPermission} 1299 * to check {@code AWTPermission("showWindowWithoutWarningBanner")}. 1300 * @see #checkPermission(java.security.Permission) checkPermission 1301 */ 1302 @Deprecated 1303 public boolean checkTopLevelWindow(Object window) { 1304 if (window == null) { 1305 throw new NullPointerException("window can't be null"); 1306 } 1307 return hasAllPermission(); 1308 } 1309 1310 /** 1311 * Throws a <code>SecurityException</code> if the 1312 * calling thread is not allowed to initiate a print job request. 1313 * <p> 1314 * This method calls 1315 * <code>checkPermission</code> with the 1316 * <code>RuntimePermission("queuePrintJob")</code> permission. 1317 * <p> 1318 * If you override this method, then you should make a call to 1319 * <code>super.checkPrintJobAccess</code> 1320 * at the point the overridden method would normally throw an 1321 * exception. 1322 * 1323 * @exception SecurityException if the calling thread does not have 1324 * permission to initiate a print job request. 1325 * @since 1.1 1326 * @see #checkPermission(java.security.Permission) checkPermission 1327 */ 1328 public void checkPrintJobAccess() { 1329 checkPermission(new RuntimePermission("queuePrintJob")); 1330 } 1331 1332 /** 1333 * Throws {@code SecurityException} if the calling thread does 1334 * not have {@code AllPermission}. 1335 * 1336 * @since 1.1 1337 * @exception SecurityException if the calling thread does not have 1338 * {@code AllPermission} 1339 * @deprecated This method was originally used to check if the calling 1340 * thread could access the system clipboard. The method has been 1341 * obsoleted and code should instead use {@link #checkPermission} 1342 * to check {@code AWTPermission("accessClipboard")}. 1343 * @see #checkPermission(java.security.Permission) checkPermission 1344 */ 1345 @Deprecated 1346 public void checkSystemClipboardAccess() { 1347 checkPermission(SecurityConstants.ALL_PERMISSION); 1348 } 1349 1350 /** 1351 * Throws {@code SecurityException} if the calling thread does 1352 * not have {@code AllPermission}. 1353 * 1354 * @since 1.1 1355 * @exception SecurityException if the calling thread does not have 1356 * {@code AllPermission} 1357 * @deprecated This method was originally used to check if the calling 1358 * thread could access the AWT event queue. The method has been 1359 * obsoleted and code should instead use {@link #checkPermission} 1360 * to check {@code AWTPermission("accessEventQueue")}. 1361 * @see #checkPermission(java.security.Permission) checkPermission 1362 */ 1363 @Deprecated 1364 public void checkAwtEventQueueAccess() { 1365 checkPermission(SecurityConstants.ALL_PERMISSION); 1366 } 1367 1368 /* 1369 * We have an initial invalid bit (initially false) for the class 1370 * variables which tell if the cache is valid. If the underlying 1371 * java.security.Security property changes via setProperty(), the 1372 * Security class uses reflection to change the variable and thus 1373 * invalidate the cache. 1374 * 1375 * Locking is handled by synchronization to the 1376 * packageAccessLock/packageDefinitionLock objects. They are only 1377 * used in this class. 1378 * 1379 * Note that cache invalidation as a result of the property change 1380 * happens without using these locks, so there may be a delay between 1381 * when a thread updates the property and when other threads updates 1382 * the cache. 1383 */ 1384 private static boolean packageAccessValid = false; 1385 private static String[] packageAccess; 1386 private static final Object packageAccessLock = new Object(); 1387 1388 private static boolean packageDefinitionValid = false; 1389 private static String[] packageDefinition; 1390 private static final Object packageDefinitionLock = new Object(); 1391 1392 private static String[] getPackages(String p) { 1393 String packages[] = null; 1394 if (p != null && !p.equals("")) { 1395 java.util.StringTokenizer tok = 1396 new java.util.StringTokenizer(p, ","); 1397 int n = tok.countTokens(); 1398 if (n > 0) { 1399 packages = new String[n]; 1400 int i = 0; 1401 while (tok.hasMoreElements()) { 1402 String s = tok.nextToken().trim(); 1403 packages[i++] = s; 1404 } 1405 } 1406 } 1407 1408 if (packages == null) 1409 packages = new String[0]; 1410 return packages; 1411 } 1412 1413 /** 1414 * Throws a <code>SecurityException</code> if the 1415 * calling thread is not allowed to access the package specified by 1416 * the argument. 1417 * <p> 1418 * This method is used by the <code>loadClass</code> method of class 1419 * loaders. 1420 * <p> 1421 * This method first gets a list of 1422 * restricted packages by obtaining a comma-separated list from 1423 * a call to 1424 * <code>java.security.Security.getProperty("package.access")</code>, 1425 * and checks to see if <code>pkg</code> starts with or equals 1426 * any of the restricted packages. If it does, then 1427 * <code>checkPermission</code> gets called with the 1428 * <code>RuntimePermission("accessClassInPackage."+pkg)</code> 1429 * permission. 1430 * <p> 1431 * If this method is overridden, then 1432 * <code>super.checkPackageAccess</code> should be called 1433 * as the first line in the overridden method. 1434 * 1435 * @param pkg the package name. 1436 * @exception SecurityException if the calling thread does not have 1437 * permission to access the specified package. 1438 * @exception NullPointerException if the package name argument is 1439 * <code>null</code>. 1440 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1441 * loadClass 1442 * @see java.security.Security#getProperty getProperty 1443 * @see #checkPermission(java.security.Permission) checkPermission 1444 */ 1445 public void checkPackageAccess(String pkg) { 1446 if (pkg == null) { 1447 throw new NullPointerException("package name can't be null"); 1448 } 1449 1450 String[] restrictedPkgs; 1451 synchronized (packageAccessLock) { 1452 /* 1453 * Do we need to update our property array? 1454 */ 1455 if (!packageAccessValid) { 1456 String tmpPropertyStr = 1457 AccessController.doPrivileged( 1458 new PrivilegedAction<>() { 1459 public String run() { 1460 return Security.getProperty("package.access"); 1461 } 1462 } 1463 ); 1464 packageAccess = getPackages(tmpPropertyStr); 1465 packageAccessValid = true; 1466 } 1467 1468 // Using a snapshot of packageAccess -- don't care if static field 1469 // changes afterwards; array contents won't change. 1470 restrictedPkgs = packageAccess; 1471 } 1472 1473 /* 1474 * Traverse the list of packages, check for any matches. 1475 */ 1476 final int plen = pkg.length(); 1477 for (String restrictedPkg : restrictedPkgs) { 1478 final int rlast = restrictedPkg.length() - 1; 1479 1480 // Optimizations: 1481 // 1482 // If rlast >= plen then restrictedPkg is longer than pkg by at 1483 // least one char. This means pkg cannot start with restrictedPkg, 1484 // since restrictedPkg will be longer than pkg. 1485 // 1486 // Similarly if rlast != plen, then pkg + "." cannot be the same 1487 // as restrictedPkg, since pkg + "." will have a different length 1488 // than restrictedPkg. 1489 // 1490 if (rlast < plen && pkg.startsWith(restrictedPkg) || 1491 // The following test is equivalent to 1492 // restrictedPkg.equals(pkg + ".") but is noticeably more 1493 // efficient: 1494 rlast == plen && restrictedPkg.startsWith(pkg) && 1495 restrictedPkg.charAt(rlast) == '.') 1496 { 1497 checkPermission( 1498 new RuntimePermission("accessClassInPackage." + pkg)); 1499 break; // No need to continue; only need to check this once 1500 } 1501 } 1502 } 1503 1504 /** 1505 * Throws a <code>SecurityException</code> if the 1506 * calling thread is not allowed to define classes in the package 1507 * specified by the argument. 1508 * <p> 1509 * This method is used by the <code>loadClass</code> method of some 1510 * class loaders. 1511 * <p> 1512 * This method first gets a list of restricted packages by 1513 * obtaining a comma-separated list from a call to 1514 * <code>java.security.Security.getProperty("package.definition")</code>, 1515 * and checks to see if <code>pkg</code> starts with or equals 1516 * any of the restricted packages. If it does, then 1517 * <code>checkPermission</code> gets called with the 1518 * <code>RuntimePermission("defineClassInPackage."+pkg)</code> 1519 * permission. 1520 * <p> 1521 * If this method is overridden, then 1522 * <code>super.checkPackageDefinition</code> should be called 1523 * as the first line in the overridden method. 1524 * 1525 * @param pkg the package name. 1526 * @exception SecurityException if the calling thread does not have 1527 * permission to define classes in the specified package. 1528 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1529 * @see java.security.Security#getProperty getProperty 1530 * @see #checkPermission(java.security.Permission) checkPermission 1531 */ 1532 public void checkPackageDefinition(String pkg) { 1533 if (pkg == null) { 1534 throw new NullPointerException("package name can't be null"); 1535 } 1536 1537 String[] pkgs; 1538 synchronized (packageDefinitionLock) { 1539 /* 1540 * Do we need to update our property array? 1541 */ 1542 if (!packageDefinitionValid) { 1543 String tmpPropertyStr = 1544 AccessController.doPrivileged( 1545 new PrivilegedAction<>() { 1546 public String run() { 1547 return java.security.Security.getProperty( 1548 "package.definition"); 1549 } 1550 } 1551 ); 1552 packageDefinition = getPackages(tmpPropertyStr); 1553 packageDefinitionValid = true; 1554 } 1555 // Using a snapshot of packageDefinition -- don't care if static 1556 // field changes afterwards; array contents won't change. 1557 pkgs = packageDefinition; 1558 } 1559 1560 /* 1561 * Traverse the list of packages, check for any matches. 1562 */ 1563 for (String restrictedPkg : pkgs) { 1564 if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) { 1565 checkPermission( 1566 new RuntimePermission("defineClassInPackage." + pkg)); 1567 break; // No need to continue; only need to check this once 1568 } 1569 } 1570 } 1571 1572 /** 1573 * Throws a <code>SecurityException</code> if the 1574 * calling thread is not allowed to set the socket factory used by 1575 * <code>ServerSocket</code> or <code>Socket</code>, or the stream 1576 * handler factory used by <code>URL</code>. 1577 * <p> 1578 * This method calls <code>checkPermission</code> with the 1579 * <code>RuntimePermission("setFactory")</code> permission. 1580 * <p> 1581 * If you override this method, then you should make a call to 1582 * <code>super.checkSetFactory</code> 1583 * at the point the overridden method would normally throw an 1584 * exception. 1585 * 1586 * @exception SecurityException if the calling thread does not have 1587 * permission to specify a socket factory or a stream 1588 * handler factory. 1589 * 1590 * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory 1591 * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory 1592 * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory 1593 * @see #checkPermission(java.security.Permission) checkPermission 1594 */ 1595 public void checkSetFactory() { 1596 checkPermission(new RuntimePermission("setFactory")); 1597 } 1598 1599 /** 1600 * Throws a <code>SecurityException</code> if the 1601 * calling thread is not allowed to access members. 1602 * <p> 1603 * The default policy is to allow access to PUBLIC members, as well 1604 * as access to classes that have the same class loader as the caller. 1605 * In all other cases, this method calls <code>checkPermission</code> 1606 * with the <code>RuntimePermission("accessDeclaredMembers") 1607 * </code> permission. 1608 * <p> 1609 * If this method is overridden, then a call to 1610 * <code>super.checkMemberAccess</code> cannot be made, 1611 * as the default implementation of <code>checkMemberAccess</code> 1612 * relies on the code being checked being at a stack depth of 1613 * 4. 1614 * 1615 * @param clazz the class that reflection is to be performed on. 1616 * 1617 * @param which type of access, PUBLIC or DECLARED. 1618 * 1619 * @exception SecurityException if the caller does not have 1620 * permission to access members. 1621 * @exception NullPointerException if the <code>clazz</code> argument is 1622 * <code>null</code>. 1623 * 1624 * @deprecated This method relies on the caller being at a stack depth 1625 * of 4 which is error-prone and cannot be enforced by the runtime. 1626 * Users of this method should instead invoke {@link #checkPermission} 1627 * directly. This method will be changed in a future release 1628 * to check the permission {@code java.security.AllPermission}. 1629 * 1630 * @see java.lang.reflect.Member 1631 * @since 1.1 1632 * @see #checkPermission(java.security.Permission) checkPermission 1633 */ 1634 @Deprecated 1635 @CallerSensitive 1636 public void checkMemberAccess(Class<?> clazz, int which) { 1637 if (clazz == null) { 1638 throw new NullPointerException("class can't be null"); 1639 } 1640 if (which != Member.PUBLIC) { 1641 Class<?> stack[] = getClassContext(); 1642 /* 1643 * stack depth of 4 should be the caller of one of the 1644 * methods in java.lang.Class that invoke checkMember 1645 * access. The stack should look like: 1646 * 1647 * someCaller [3] 1648 * java.lang.Class.someReflectionAPI [2] 1649 * java.lang.Class.checkMemberAccess [1] 1650 * SecurityManager.checkMemberAccess [0] 1651 * 1652 */ 1653 if ((stack.length<4) || 1654 (stack[3].getClassLoader() != clazz.getClassLoader())) { 1655 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); 1656 } 1657 } 1658 } 1659 1660 /** 1661 * Determines whether the permission with the specified permission target 1662 * name should be granted or denied. 1663 * 1664 * <p> If the requested permission is allowed, this method returns 1665 * quietly. If denied, a SecurityException is raised. 1666 * 1667 * <p> This method creates a <code>SecurityPermission</code> object for 1668 * the given permission target name and calls <code>checkPermission</code> 1669 * with it. 1670 * 1671 * <p> See the documentation for 1672 * <code>{@link java.security.SecurityPermission}</code> for 1673 * a list of possible permission target names. 1674 * 1675 * <p> If you override this method, then you should make a call to 1676 * <code>super.checkSecurityAccess</code> 1677 * at the point the overridden method would normally throw an 1678 * exception. 1679 * 1680 * @param target the target name of the <code>SecurityPermission</code>. 1681 * 1682 * @exception SecurityException if the calling thread does not have 1683 * permission for the requested access. 1684 * @exception NullPointerException if <code>target</code> is null. 1685 * @exception IllegalArgumentException if <code>target</code> is empty. 1686 * 1687 * @since 1.1 1688 * @see #checkPermission(java.security.Permission) checkPermission 1689 */ 1690 public void checkSecurityAccess(String target) { 1691 checkPermission(new SecurityPermission(target)); 1692 } 1693 1694 private native Class<?> currentLoadedClass0(); 1695 1696 /** 1697 * Returns the thread group into which to instantiate any new 1698 * thread being created at the time this is being called. 1699 * By default, it returns the thread group of the current 1700 * thread. This should be overridden by a specific security 1701 * manager to return the appropriate thread group. 1702 * 1703 * @return ThreadGroup that new threads are instantiated into 1704 * @since 1.1 1705 * @see java.lang.ThreadGroup 1706 */ 1707 public ThreadGroup getThreadGroup() { 1708 return Thread.currentThread().getThreadGroup(); 1709 } 1710 1711 }