1 /*
   2  * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang;
  27 
  28 import java.security.*;
  29 import java.io.FileDescriptor;
  30 import java.io.File;
  31 import java.io.FilePermission;
  32 import java.util.PropertyPermission;
  33 import java.lang.RuntimePermission;
  34 import java.net.SocketPermission;
  35 import java.net.NetPermission;
  36 import java.util.Hashtable;
  37 import java.net.InetAddress;
  38 import java.lang.reflect.*;
  39 import java.net.URL;
  40 
  41 import sun.reflect.CallerSensitive;
  42 import sun.security.util.SecurityConstants;
  43 
  44 /**
  45  * The security manager is a class that allows
  46  * applications to implement a security policy. It allows an
  47  * application to determine, before performing a possibly unsafe or
  48  * sensitive operation, what the operation is and whether
  49  * it is being attempted in a security context that allows the
  50  * operation to be performed. The
  51  * application can allow or disallow the operation.
  52  * <p>
  53  * The <code>SecurityManager</code> class contains many methods with
  54  * names that begin with the word <code>check</code>. These methods
  55  * are called by various methods in the Java libraries before those
  56  * methods perform certain potentially sensitive operations. The
  57  * invocation of such a <code>check</code> method typically looks like this:
  58  * <blockquote><pre>
  59  *     SecurityManager security = System.getSecurityManager();
  60  *     if (security != null) {
  61  *         security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
  62  *     }
  63  * </pre></blockquote>
  64  * <p>
  65  * The security manager is thereby given an opportunity to prevent
  66  * completion of the operation by throwing an exception. A security
  67  * manager routine simply returns if the operation is permitted, but
  68  * throws a <code>SecurityException</code> if the operation is not
  69  * permitted.
  70  * <p>
  71  * The current security manager is set by the
  72  * <code>setSecurityManager</code> method in class
  73  * <code>System</code>. The current security manager is obtained
  74  * by the <code>getSecurityManager</code> method.
  75  * <p>
  76  * The special method
  77  * {@link SecurityManager#checkPermission(java.security.Permission)}
  78  * determines whether an access request indicated by a specified
  79  * permission should be granted or denied. The
  80  * default implementation calls
  81  *
  82  * <pre>
  83  *   AccessController.checkPermission(perm);
  84  * </pre>
  85  *
  86  * <p>
  87  * If a requested access is allowed,
  88  * <code>checkPermission</code> returns quietly. If denied, a
  89  * <code>SecurityException</code> is thrown.
  90  * <p>
  91  * As of Java 2 SDK v1.2, the default implementation of each of the other
  92  * <code>check</code> methods in <code>SecurityManager</code> is to
  93  * call the <code>SecurityManager checkPermission</code> method
  94  * to determine if the calling thread has permission to perform the requested
  95  * operation.
  96  * <p>
  97  * Note that the <code>checkPermission</code> method with
  98  * just a single permission argument always performs security checks
  99  * within the context of the currently executing thread.
 100  * Sometimes a security check that should be made within a given context
 101  * will actually need to be done from within a
 102  * <i>different</i> context (for example, from within a worker thread).
 103  * The {@link SecurityManager#getSecurityContext getSecurityContext} method
 104  * and the {@link SecurityManager#checkPermission(java.security.Permission,
 105  * java.lang.Object) checkPermission}
 106  * method that includes a context argument are provided
 107  * for this situation. The
 108  * <code>getSecurityContext</code> method returns a "snapshot"
 109  * of the current calling context. (The default implementation
 110  * returns an AccessControlContext object.) A sample call is
 111  * the following:
 112  *
 113  * <pre>
 114  *   Object context = null;
 115  *   SecurityManager sm = System.getSecurityManager();
 116  *   if (sm != null) context = sm.getSecurityContext();
 117  * </pre>
 118  *
 119  * <p>
 120  * The <code>checkPermission</code> method
 121  * that takes a context object in addition to a permission
 122  * makes access decisions based on that context,
 123  * rather than on that of the current execution thread.
 124  * Code within a different context can thus call that method,
 125  * passing the permission and the
 126  * previously-saved context object. A sample call, using the
 127  * SecurityManager <code>sm</code> obtained as in the previous example,
 128  * is the following:
 129  *
 130  * <pre>
 131  *   if (sm != null) sm.checkPermission(permission, context);
 132  * </pre>
 133  *
 134  * <p>Permissions fall into these categories: File, Socket, Net,
 135  * Security, Runtime, Property, AWT, Reflect, and Serializable.
 136  * The classes managing these various
 137  * permission categories are <code>java.io.FilePermission</code>,
 138  * <code>java.net.SocketPermission</code>,
 139  * <code>java.net.NetPermission</code>,
 140  * <code>java.security.SecurityPermission</code>,
 141  * <code>java.lang.RuntimePermission</code>,
 142  * <code>java.util.PropertyPermission</code>,
 143  * <code>java.awt.AWTPermission</code>,
 144  * <code>java.lang.reflect.ReflectPermission</code>, and
 145  * <code>java.io.SerializablePermission</code>.
 146  *
 147  * <p>All but the first two (FilePermission and SocketPermission) are
 148  * subclasses of <code>java.security.BasicPermission</code>, which itself
 149  * is an abstract subclass of the
 150  * top-level class for permissions, which is
 151  * <code>java.security.Permission</code>. BasicPermission defines the
 152  * functionality needed for all permissions that contain a name
 153  * that follows the hierarchical property naming convention
 154  * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
 155  * An asterisk
 156  * may appear at the end of the name, following a ".", or by itself, to
 157  * signify a wildcard match. For example: "a.*" or "*" is valid,
 158  * "*a" or "a*b" is not valid.
 159  *
 160  * <p>FilePermission and SocketPermission are subclasses of the
 161  * top-level class for permissions
 162  * (<code>java.security.Permission</code>). Classes like these
 163  * that have a more complicated name syntax than that used by
 164  * BasicPermission subclass directly from Permission rather than from
 165  * BasicPermission. For example,
 166  * for a <code>java.io.FilePermission</code> object, the permission name is
 167  * the path name of a file (or directory).
 168  *
 169  * <p>Some of the permission classes have an "actions" list that tells
 170  * the actions that are permitted for the object.  For example,
 171  * for a <code>java.io.FilePermission</code> object, the actions list
 172  * (such as "read, write") specifies which actions are granted for the
 173  * specified file (or for files in the specified directory).
 174  *
 175  * <p>Other permission classes are for "named" permissions -
 176  * ones that contain a name but no actions list; you either have the
 177  * named permission or you don't.
 178  *
 179  * <p>Note: There is also a <code>java.security.AllPermission</code>
 180  * permission that implies all permissions. It exists to simplify the work
 181  * of system administrators who might need to perform multiple
 182  * tasks that require all (or numerous) permissions.
 183  * <p>
 184  * See <a href ="../../../technotes/guides/security/permissions.html">
 185  * Permissions in the JDK</a> for permission-related information.
 186  * This document includes, for example, a table listing the various SecurityManager
 187  * <code>check</code> methods and the permission(s) the default
 188  * implementation of each such method requires.
 189  * It also contains a table of all the version 1.2 methods
 190  * that require permissions, and for each such method tells
 191  * which permission it requires.
 192  * <p>
 193  * For more information about <code>SecurityManager</code> changes made in
 194  * the JDK and advice regarding porting of 1.1-style security managers,
 195  * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
 196  *
 197  * @author  Arthur van Hoff
 198  * @author  Roland Schemers
 199  *
 200  * @see     java.lang.ClassLoader
 201  * @see     java.lang.SecurityException
 202  * @see     java.lang.System#getSecurityManager() getSecurityManager
 203  * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
 204  *  setSecurityManager
 205  * @see     java.security.AccessController AccessController
 206  * @see     java.security.AccessControlContext AccessControlContext
 207  * @see     java.security.AccessControlException AccessControlException
 208  * @see     java.security.Permission
 209  * @see     java.security.BasicPermission
 210  * @see     java.io.FilePermission
 211  * @see     java.net.SocketPermission
 212  * @see     java.util.PropertyPermission
 213  * @see     java.lang.RuntimePermission
 214  * @see     java.awt.AWTPermission
 215  * @see     java.security.Policy Policy
 216  * @see     java.security.SecurityPermission SecurityPermission
 217  * @see     java.security.ProtectionDomain
 218  *
 219  * @since   1.0
 220  */
 221 public
 222 class SecurityManager {
 223 
 224     /**
 225      * This field is <code>true</code> if there is a security check in
 226      * progress; <code>false</code> otherwise.
 227      *
 228      * @deprecated This type of security checking is not recommended.
 229      *  It is recommended that the <code>checkPermission</code>
 230      *  call be used instead.
 231      */
 232     @Deprecated
 233     protected boolean inCheck;
 234 
 235     /*
 236      * Have we been initialized. Effective against finalizer attacks.
 237      */
 238     private boolean initialized = false;
 239 
 240 
 241     /**
 242      * returns true if the current context has been granted AllPermission
 243      */
 244     private boolean hasAllPermission() {
 245         try {
 246             checkPermission(SecurityConstants.ALL_PERMISSION);
 247             return true;
 248         } catch (SecurityException se) {
 249             return false;
 250         }
 251     }
 252 
 253     /**
 254      * Tests if there is a security check in progress.
 255      *
 256      * @return the value of the <code>inCheck</code> field. This field
 257      *          should contain <code>true</code> if a security check is
 258      *          in progress,
 259      *          <code>false</code> otherwise.
 260      * @see     java.lang.SecurityManager#inCheck
 261      * @deprecated This type of security checking is not recommended.
 262      *  It is recommended that the <code>checkPermission</code>
 263      *  call be used instead.
 264      */
 265     @Deprecated
 266     public boolean getInCheck() {
 267         return inCheck;
 268     }
 269 
 270     /**
 271      * Constructs a new <code>SecurityManager</code>.
 272      *
 273      * <p> If there is a security manager already installed, this method first
 274      * calls the security manager's <code>checkPermission</code> method
 275      * with the <code>RuntimePermission("createSecurityManager")</code>
 276      * permission to ensure the calling thread has permission to create a new
 277      * security manager.
 278      * This may result in throwing a <code>SecurityException</code>.
 279      *
 280      * @exception  java.lang.SecurityException if a security manager already
 281      *             exists and its <code>checkPermission</code> method
 282      *             doesn't allow creation of a new security manager.
 283      * @see        java.lang.System#getSecurityManager()
 284      * @see        #checkPermission(java.security.Permission) checkPermission
 285      * @see java.lang.RuntimePermission
 286      */
 287     public SecurityManager() {
 288         synchronized(SecurityManager.class) {
 289             SecurityManager sm = System.getSecurityManager();
 290             if (sm != null) {
 291                 // ask the currently installed security manager if we
 292                 // can create a new one.
 293                 sm.checkPermission(new RuntimePermission
 294                                    ("createSecurityManager"));
 295             }
 296             initialized = true;
 297         }
 298     }
 299 
 300     /**
 301      * Returns the current execution stack as an array of classes.
 302      * <p>
 303      * The length of the array is the number of methods on the execution
 304      * stack. The element at index <code>0</code> is the class of the
 305      * currently executing method, the element at index <code>1</code> is
 306      * the class of that method's caller, and so on.
 307      *
 308      * @return  the execution stack.
 309      */
 310     protected native Class<?>[] getClassContext();
 311 
 312     /**
 313      * Returns the class loader of the most recently executing method from
 314      * a class defined using a non-system class loader. A non-system
 315      * class loader is defined as being a class loader that is not equal to
 316      * the system class loader (as returned
 317      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 318      * <p>
 319      * This method will return
 320      * <code>null</code> in the following three cases:
 321      * <ol>
 322      *   <li>All methods on the execution stack are from classes
 323      *   defined using the system class loader or one of its ancestors.
 324      *
 325      *   <li>All methods on the execution stack up to the first
 326      *   "privileged" caller
 327      *   (see {@link java.security.AccessController#doPrivileged})
 328      *   are from classes
 329      *   defined using the system class loader or one of its ancestors.
 330      *
 331      *   <li> A call to <code>checkPermission</code> with
 332      *   <code>java.security.AllPermission</code> does not
 333      *   result in a SecurityException.
 334      *
 335      * </ol>
 336      *
 337      * @return  the class loader of the most recent occurrence on the stack
 338      *          of a method from a class defined using a non-system class
 339      *          loader.
 340      *
 341      * @deprecated This type of security checking is not recommended.
 342      *  It is recommended that the <code>checkPermission</code>
 343      *  call be used instead.
 344      *
 345      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 346      * @see  #checkPermission(java.security.Permission) checkPermission
 347      */
 348     @Deprecated
 349     protected ClassLoader currentClassLoader() {
 350         ClassLoader cl = currentClassLoader0();
 351         if ((cl != null) && hasAllPermission())
 352             cl = null;
 353         return cl;
 354     }
 355 
 356     private native ClassLoader currentClassLoader0();
 357 
 358     /**
 359      * Returns the class of the most recently executing method from
 360      * a class defined using a non-system class loader. A non-system
 361      * class loader is defined as being a class loader that is not equal to
 362      * the system class loader (as returned
 363      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 364      * <p>
 365      * This method will return
 366      * <code>null</code> in the following three cases:
 367      * <ol>
 368      *   <li>All methods on the execution stack are from classes
 369      *   defined using the system class loader or one of its ancestors.
 370      *
 371      *   <li>All methods on the execution stack up to the first
 372      *   "privileged" caller
 373      *   (see {@link java.security.AccessController#doPrivileged})
 374      *   are from classes
 375      *   defined using the system class loader or one of its ancestors.
 376      *
 377      *   <li> A call to <code>checkPermission</code> with
 378      *   <code>java.security.AllPermission</code> does not
 379      *   result in a SecurityException.
 380      *
 381      * </ol>
 382      *
 383      * @return  the class  of the most recent occurrence on the stack
 384      *          of a method from a class defined using a non-system class
 385      *          loader.
 386      *
 387      * @deprecated This type of security checking is not recommended.
 388      *  It is recommended that the <code>checkPermission</code>
 389      *  call be used instead.
 390      *
 391      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 392      * @see  #checkPermission(java.security.Permission) checkPermission
 393      */
 394     @Deprecated
 395     protected Class<?> currentLoadedClass() {
 396         Class<?> c = currentLoadedClass0();
 397         if ((c != null) && hasAllPermission())
 398             c = null;
 399         return c;
 400     }
 401 
 402     /**
 403      * Returns the stack depth of the specified class.
 404      *
 405      * @param   name   the fully qualified name of the class to search for.
 406      * @return  the depth on the stack frame of the first occurrence of a
 407      *          method from a class with the specified name;
 408      *          <code>-1</code> if such a frame cannot be found.
 409      * @deprecated This type of security checking is not recommended.
 410      *  It is recommended that the <code>checkPermission</code>
 411      *  call be used instead.
 412      *
 413      */
 414     @Deprecated
 415     protected native int classDepth(String name);
 416 
 417     /**
 418      * Returns the stack depth of the most recently executing method
 419      * from a class defined using a non-system class loader.  A non-system
 420      * class loader is defined as being a class loader that is not equal to
 421      * the system class loader (as returned
 422      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 423      * <p>
 424      * This method will return
 425      * -1 in the following three cases:
 426      * <ol>
 427      *   <li>All methods on the execution stack are from classes
 428      *   defined using the system class loader or one of its ancestors.
 429      *
 430      *   <li>All methods on the execution stack up to the first
 431      *   "privileged" caller
 432      *   (see {@link java.security.AccessController#doPrivileged})
 433      *   are from classes
 434      *   defined using the system class loader or one of its ancestors.
 435      *
 436      *   <li> A call to <code>checkPermission</code> with
 437      *   <code>java.security.AllPermission</code> does not
 438      *   result in a SecurityException.
 439      *
 440      * </ol>
 441      *
 442      * @return the depth on the stack frame of the most recent occurrence of
 443      *          a method from a class defined using a non-system class loader.
 444      *
 445      * @deprecated This type of security checking is not recommended.
 446      *  It is recommended that the <code>checkPermission</code>
 447      *  call be used instead.
 448      *
 449      * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 450      * @see   #checkPermission(java.security.Permission) checkPermission
 451      */
 452     @Deprecated
 453     protected int classLoaderDepth() {
 454         int depth = classLoaderDepth0();
 455         if (depth != -1) {
 456             if (hasAllPermission())
 457                 depth = -1;
 458             else
 459                 depth--; // make sure we don't include ourself
 460         }
 461         return depth;
 462     }
 463 
 464     private native int classLoaderDepth0();
 465 
 466     /**
 467      * Tests if a method from a class with the specified
 468      *         name is on the execution stack.
 469      *
 470      * @param  name   the fully qualified name of the class.
 471      * @return <code>true</code> if a method from a class with the specified
 472      *         name is on the execution stack; <code>false</code> otherwise.
 473      * @deprecated This type of security checking is not recommended.
 474      *  It is recommended that the <code>checkPermission</code>
 475      *  call be used instead.
 476      */
 477     @Deprecated
 478     protected boolean inClass(String name) {
 479         return classDepth(name) >= 0;
 480     }
 481 
 482     /**
 483      * Basically, tests if a method from a class defined using a
 484      *          class loader is on the execution stack.
 485      *
 486      * @return  <code>true</code> if a call to <code>currentClassLoader</code>
 487      *          has a non-null return value.
 488      *
 489      * @deprecated This type of security checking is not recommended.
 490      *  It is recommended that the <code>checkPermission</code>
 491      *  call be used instead.
 492      * @see        #currentClassLoader() currentClassLoader
 493      */
 494     @Deprecated
 495     protected boolean inClassLoader() {
 496         return currentClassLoader() != null;
 497     }
 498 
 499     /**
 500      * Creates an object that encapsulates the current execution
 501      * environment. The result of this method is used, for example, by the
 502      * three-argument <code>checkConnect</code> method and by the
 503      * two-argument <code>checkRead</code> method.
 504      * These methods are needed because a trusted method may be called
 505      * on to read a file or open a socket on behalf of another method.
 506      * The trusted method needs to determine if the other (possibly
 507      * untrusted) method would be allowed to perform the operation on its
 508      * own.
 509      * <p> The default implementation of this method is to return
 510      * an <code>AccessControlContext</code> object.
 511      *
 512      * @return  an implementation-dependent object that encapsulates
 513      *          sufficient information about the current execution environment
 514      *          to perform some security checks later.
 515      * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int,
 516      *   java.lang.Object) checkConnect
 517      * @see     java.lang.SecurityManager#checkRead(java.lang.String,
 518      *   java.lang.Object) checkRead
 519      * @see     java.security.AccessControlContext AccessControlContext
 520      */
 521     public Object getSecurityContext() {
 522         return AccessController.getContext();
 523     }
 524 
 525     /**
 526      * Throws a <code>SecurityException</code> if the requested
 527      * access, specified by the given permission, is not permitted based
 528      * on the security policy currently in effect.
 529      * <p>
 530      * This method calls <code>AccessController.checkPermission</code>
 531      * with the given permission.
 532      *
 533      * @param     perm   the requested permission.
 534      * @exception SecurityException if access is not permitted based on
 535      *            the current security policy.
 536      * @exception NullPointerException if the permission argument is
 537      *            <code>null</code>.
 538      * @since     1.2
 539      */
 540     public void checkPermission(Permission perm) {
 541         java.security.AccessController.checkPermission(perm);
 542     }
 543 
 544     /**
 545      * Throws a <code>SecurityException</code> if the
 546      * specified security context is denied access to the resource
 547      * specified by the given permission.
 548      * The context must be a security
 549      * context returned by a previous call to
 550      * <code>getSecurityContext</code> and the access control
 551      * decision is based upon the configured security policy for
 552      * that security context.
 553      * <p>
 554      * If <code>context</code> is an instance of
 555      * <code>AccessControlContext</code> then the
 556      * <code>AccessControlContext.checkPermission</code> method is
 557      * invoked with the specified permission.
 558      * <p>
 559      * If <code>context</code> is not an instance of
 560      * <code>AccessControlContext</code> then a
 561      * <code>SecurityException</code> is thrown.
 562      *
 563      * @param      perm      the specified permission
 564      * @param      context   a system-dependent security context.
 565      * @exception  SecurityException  if the specified security context
 566      *             is not an instance of <code>AccessControlContext</code>
 567      *             (e.g., is <code>null</code>), or is denied access to the
 568      *             resource specified by the given permission.
 569      * @exception  NullPointerException if the permission argument is
 570      *             <code>null</code>.
 571      * @see        java.lang.SecurityManager#getSecurityContext()
 572      * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
 573      * @since      1.2
 574      */
 575     public void checkPermission(Permission perm, Object context) {
 576         if (context instanceof AccessControlContext) {
 577             ((AccessControlContext)context).checkPermission(perm);
 578         } else {
 579             throw new SecurityException();
 580         }
 581     }
 582 
 583     /**
 584      * Throws a <code>SecurityException</code> if the
 585      * calling thread is not allowed to create a new class loader.
 586      * <p>
 587      * This method calls <code>checkPermission</code> with the
 588      * <code>RuntimePermission("createClassLoader")</code>
 589      * permission.
 590      * <p>
 591      * If you override this method, then you should make a call to
 592      * <code>super.checkCreateClassLoader</code>
 593      * at the point the overridden method would normally throw an
 594      * exception.
 595      *
 596      * @exception SecurityException if the calling thread does not
 597      *             have permission
 598      *             to create a new class loader.
 599      * @see        java.lang.ClassLoader#ClassLoader()
 600      * @see        #checkPermission(java.security.Permission) checkPermission
 601      */
 602     public void checkCreateClassLoader() {
 603         checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
 604     }
 605 
 606     /**
 607      * reference to the root thread group, used for the checkAccess
 608      * methods.
 609      */
 610 
 611     private static ThreadGroup rootGroup = getRootGroup();
 612 
 613     private static ThreadGroup getRootGroup() {
 614         ThreadGroup root =  Thread.currentThread().getThreadGroup();
 615         while (root.getParent() != null) {
 616             root = root.getParent();
 617         }
 618         return root;
 619     }
 620 
 621     /**
 622      * Throws a <code>SecurityException</code> if the
 623      * calling thread is not allowed to modify the thread argument.
 624      * <p>
 625      * This method is invoked for the current security manager by the
 626      * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
 627      * <code>setPriority</code>, <code>setName</code>, and
 628      * <code>setDaemon</code> methods of class <code>Thread</code>.
 629      * <p>
 630      * If the thread argument is a system thread (belongs to
 631      * the thread group with a <code>null</code> parent) then
 632      * this method calls <code>checkPermission</code> with the
 633      * <code>RuntimePermission("modifyThread")</code> permission.
 634      * If the thread argument is <i>not</i> a system thread,
 635      * this method just returns silently.
 636      * <p>
 637      * Applications that want a stricter policy should override this
 638      * method. If this method is overridden, the method that overrides
 639      * it should additionally check to see if the calling thread has the
 640      * <code>RuntimePermission("modifyThread")</code> permission, and
 641      * if so, return silently. This is to ensure that code granted
 642      * that permission (such as the JDK itself) is allowed to
 643      * manipulate any thread.
 644      * <p>
 645      * If this method is overridden, then
 646      * <code>super.checkAccess</code> should
 647      * be called by the first statement in the overridden method, or the
 648      * equivalent security check should be placed in the overridden method.
 649      *
 650      * @param      t   the thread to be checked.
 651      * @exception  SecurityException  if the calling thread does not have
 652      *             permission to modify the thread.
 653      * @exception  NullPointerException if the thread argument is
 654      *             <code>null</code>.
 655      * @see        java.lang.Thread#resume() resume
 656      * @see        java.lang.Thread#setDaemon(boolean) setDaemon
 657      * @see        java.lang.Thread#setName(java.lang.String) setName
 658      * @see        java.lang.Thread#setPriority(int) setPriority
 659      * @see        java.lang.Thread#stop() stop
 660      * @see        java.lang.Thread#suspend() suspend
 661      * @see        #checkPermission(java.security.Permission) checkPermission
 662      */
 663     public void checkAccess(Thread t) {
 664         if (t == null) {
 665             throw new NullPointerException("thread can't be null");
 666         }
 667         if (t.getThreadGroup() == rootGroup) {
 668             checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
 669         } else {
 670             // just return
 671         }
 672     }
 673     /**
 674      * Throws a <code>SecurityException</code> if the
 675      * calling thread is not allowed to modify the thread group argument.
 676      * <p>
 677      * This method is invoked for the current security manager when a
 678      * new child thread or child thread group is created, and by the
 679      * <code>setDaemon</code>, <code>setMaxPriority</code>,
 680      * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
 681      * <code>destroy</code> methods of class <code>ThreadGroup</code>.
 682      * <p>
 683      * If the thread group argument is the system thread group (
 684      * has a <code>null</code> parent) then
 685      * this method calls <code>checkPermission</code> with the
 686      * <code>RuntimePermission("modifyThreadGroup")</code> permission.
 687      * If the thread group argument is <i>not</i> the system thread group,
 688      * this method just returns silently.
 689      * <p>
 690      * Applications that want a stricter policy should override this
 691      * method. If this method is overridden, the method that overrides
 692      * it should additionally check to see if the calling thread has the
 693      * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
 694      * if so, return silently. This is to ensure that code granted
 695      * that permission (such as the JDK itself) is allowed to
 696      * manipulate any thread.
 697      * <p>
 698      * If this method is overridden, then
 699      * <code>super.checkAccess</code> should
 700      * be called by the first statement in the overridden method, or the
 701      * equivalent security check should be placed in the overridden method.
 702      *
 703      * @param      g   the thread group to be checked.
 704      * @exception  SecurityException  if the calling thread does not have
 705      *             permission to modify the thread group.
 706      * @exception  NullPointerException if the thread group argument is
 707      *             <code>null</code>.
 708      * @see        java.lang.ThreadGroup#destroy() destroy
 709      * @see        java.lang.ThreadGroup#resume() resume
 710      * @see        java.lang.ThreadGroup#setDaemon(boolean) setDaemon
 711      * @see        java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
 712      * @see        java.lang.ThreadGroup#stop() stop
 713      * @see        java.lang.ThreadGroup#suspend() suspend
 714      * @see        #checkPermission(java.security.Permission) checkPermission
 715      */
 716     public void checkAccess(ThreadGroup g) {
 717         if (g == null) {
 718             throw new NullPointerException("thread group can't be null");
 719         }
 720         if (g == rootGroup) {
 721             checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 722         } else {
 723             // just return
 724         }
 725     }
 726 
 727     /**
 728      * Throws a <code>SecurityException</code> if the
 729      * calling thread is not allowed to cause the Java Virtual Machine to
 730      * halt with the specified status code.
 731      * <p>
 732      * This method is invoked for the current security manager by the
 733      * <code>exit</code> method of class <code>Runtime</code>. A status
 734      * of <code>0</code> indicates success; other values indicate various
 735      * errors.
 736      * <p>
 737      * This method calls <code>checkPermission</code> with the
 738      * <code>RuntimePermission("exitVM."+status)</code> permission.
 739      * <p>
 740      * If you override this method, then you should make a call to
 741      * <code>super.checkExit</code>
 742      * at the point the overridden method would normally throw an
 743      * exception.
 744      *
 745      * @param      status   the exit status.
 746      * @exception SecurityException if the calling thread does not have
 747      *              permission to halt the Java Virtual Machine with
 748      *              the specified status.
 749      * @see        java.lang.Runtime#exit(int) exit
 750      * @see        #checkPermission(java.security.Permission) checkPermission
 751      */
 752     public void checkExit(int status) {
 753         checkPermission(new RuntimePermission("exitVM."+status));
 754     }
 755 
 756     /**
 757      * Throws a <code>SecurityException</code> if the
 758      * calling thread is not allowed to create a subprocess.
 759      * <p>
 760      * This method is invoked for the current security manager by the
 761      * <code>exec</code> methods of class <code>Runtime</code>.
 762      * <p>
 763      * This method calls <code>checkPermission</code> with the
 764      * <code>FilePermission(cmd,"execute")</code> permission
 765      * if cmd is an absolute path, otherwise it calls
 766      * <code>checkPermission</code> with
 767      * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;","execute")</code>.
 768      * <p>
 769      * If you override this method, then you should make a call to
 770      * <code>super.checkExec</code>
 771      * at the point the overridden method would normally throw an
 772      * exception.
 773      *
 774      * @param      cmd   the specified system command.
 775      * @exception  SecurityException if the calling thread does not have
 776      *             permission to create a subprocess.
 777      * @exception  NullPointerException if the <code>cmd</code> argument is
 778      *             <code>null</code>.
 779      * @see     java.lang.Runtime#exec(java.lang.String)
 780      * @see     java.lang.Runtime#exec(java.lang.String, java.lang.String[])
 781      * @see     java.lang.Runtime#exec(java.lang.String[])
 782      * @see     java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
 783      * @see     #checkPermission(java.security.Permission) checkPermission
 784      */
 785     public void checkExec(String cmd) {
 786         File f = new File(cmd);
 787         if (f.isAbsolute()) {
 788             checkPermission(new FilePermission(cmd,
 789                 SecurityConstants.FILE_EXECUTE_ACTION));
 790         } else {
 791             checkPermission(new FilePermission("<<ALL FILES>>",
 792                 SecurityConstants.FILE_EXECUTE_ACTION));
 793         }
 794     }
 795 
 796     /**
 797      * Throws a <code>SecurityException</code> if the
 798      * calling thread is not allowed to dynamic link the library code
 799      * specified by the string argument file. The argument is either a
 800      * simple library name or a complete filename.
 801      * <p>
 802      * This method is invoked for the current security manager by
 803      * methods <code>load</code> and <code>loadLibrary</code> of class
 804      * <code>Runtime</code>.
 805      * <p>
 806      * This method calls <code>checkPermission</code> with the
 807      * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
 808      * <p>
 809      * If you override this method, then you should make a call to
 810      * <code>super.checkLink</code>
 811      * at the point the overridden method would normally throw an
 812      * exception.
 813      *
 814      * @param      lib   the name of the library.
 815      * @exception  SecurityException if the calling thread does not have
 816      *             permission to dynamically link the library.
 817      * @exception  NullPointerException if the <code>lib</code> argument is
 818      *             <code>null</code>.
 819      * @see        java.lang.Runtime#load(java.lang.String)
 820      * @see        java.lang.Runtime#loadLibrary(java.lang.String)
 821      * @see        #checkPermission(java.security.Permission) checkPermission
 822      */
 823     public void checkLink(String lib) {
 824         if (lib == null) {
 825             throw new NullPointerException("library can't be null");
 826         }
 827         checkPermission(new RuntimePermission("loadLibrary."+lib));
 828     }
 829 
 830     /**
 831      * Throws a <code>SecurityException</code> if the
 832      * calling thread is not allowed to read from the specified file
 833      * descriptor.
 834      * <p>
 835      * This method calls <code>checkPermission</code> with the
 836      * <code>RuntimePermission("readFileDescriptor")</code>
 837      * permission.
 838      * <p>
 839      * If you override this method, then you should make a call to
 840      * <code>super.checkRead</code>
 841      * at the point the overridden method would normally throw an
 842      * exception.
 843      *
 844      * @param      fd   the system-dependent file descriptor.
 845      * @exception  SecurityException  if the calling thread does not have
 846      *             permission to access the specified file descriptor.
 847      * @exception  NullPointerException if the file descriptor argument is
 848      *             <code>null</code>.
 849      * @see        java.io.FileDescriptor
 850      * @see        #checkPermission(java.security.Permission) checkPermission
 851      */
 852     public void checkRead(FileDescriptor fd) {
 853         if (fd == null) {
 854             throw new NullPointerException("file descriptor can't be null");
 855         }
 856         checkPermission(new RuntimePermission("readFileDescriptor"));
 857     }
 858 
 859     /**
 860      * Throws a <code>SecurityException</code> if the
 861      * calling thread is not allowed to read the file specified by the
 862      * string argument.
 863      * <p>
 864      * This method calls <code>checkPermission</code> with the
 865      * <code>FilePermission(file,"read")</code> permission.
 866      * <p>
 867      * If you override this method, then you should make a call to
 868      * <code>super.checkRead</code>
 869      * at the point the overridden method would normally throw an
 870      * exception.
 871      *
 872      * @param      file   the system-dependent file name.
 873      * @exception  SecurityException if the calling thread does not have
 874      *             permission to access the specified file.
 875      * @exception  NullPointerException if the <code>file</code> argument is
 876      *             <code>null</code>.
 877      * @see        #checkPermission(java.security.Permission) checkPermission
 878      */
 879     public void checkRead(String file) {
 880         checkPermission(new FilePermission(file,
 881             SecurityConstants.FILE_READ_ACTION));
 882     }
 883 
 884     /**
 885      * Throws a <code>SecurityException</code> if the
 886      * specified security context is not allowed to read the file
 887      * specified by the string argument. The context must be a security
 888      * context returned by a previous call to
 889      * <code>getSecurityContext</code>.
 890      * <p> If <code>context</code> is an instance of
 891      * <code>AccessControlContext</code> then the
 892      * <code>AccessControlContext.checkPermission</code> method will
 893      * be invoked with the <code>FilePermission(file,"read")</code> permission.
 894      * <p> If <code>context</code> is not an instance of
 895      * <code>AccessControlContext</code> then a
 896      * <code>SecurityException</code> is thrown.
 897      * <p>
 898      * If you override this method, then you should make a call to
 899      * <code>super.checkRead</code>
 900      * at the point the overridden method would normally throw an
 901      * exception.
 902      *
 903      * @param      file      the system-dependent filename.
 904      * @param      context   a system-dependent security context.
 905      * @exception  SecurityException  if the specified security context
 906      *             is not an instance of <code>AccessControlContext</code>
 907      *             (e.g., is <code>null</code>), or does not have permission
 908      *             to read the specified file.
 909      * @exception  NullPointerException if the <code>file</code> argument is
 910      *             <code>null</code>.
 911      * @see        java.lang.SecurityManager#getSecurityContext()
 912      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
 913      */
 914     public void checkRead(String file, Object context) {
 915         checkPermission(
 916             new FilePermission(file, SecurityConstants.FILE_READ_ACTION),
 917             context);
 918     }
 919 
 920     /**
 921      * Throws a <code>SecurityException</code> if the
 922      * calling thread is not allowed to write to the specified file
 923      * descriptor.
 924      * <p>
 925      * This method calls <code>checkPermission</code> with the
 926      * <code>RuntimePermission("writeFileDescriptor")</code>
 927      * permission.
 928      * <p>
 929      * If you override this method, then you should make a call to
 930      * <code>super.checkWrite</code>
 931      * at the point the overridden method would normally throw an
 932      * exception.
 933      *
 934      * @param      fd   the system-dependent file descriptor.
 935      * @exception SecurityException  if the calling thread does not have
 936      *             permission to access the specified file descriptor.
 937      * @exception  NullPointerException if the file descriptor argument is
 938      *             <code>null</code>.
 939      * @see        java.io.FileDescriptor
 940      * @see        #checkPermission(java.security.Permission) checkPermission
 941      */
 942     public void checkWrite(FileDescriptor fd) {
 943         if (fd == null) {
 944             throw new NullPointerException("file descriptor can't be null");
 945         }
 946         checkPermission(new RuntimePermission("writeFileDescriptor"));
 947 
 948     }
 949 
 950     /**
 951      * Throws a <code>SecurityException</code> if the
 952      * calling thread is not allowed to write to the file specified by
 953      * the string argument.
 954      * <p>
 955      * This method calls <code>checkPermission</code> with the
 956      * <code>FilePermission(file,"write")</code> permission.
 957      * <p>
 958      * If you override this method, then you should make a call to
 959      * <code>super.checkWrite</code>
 960      * at the point the overridden method would normally throw an
 961      * exception.
 962      *
 963      * @param      file   the system-dependent filename.
 964      * @exception  SecurityException  if the calling thread does not
 965      *             have permission to access the specified file.
 966      * @exception  NullPointerException if the <code>file</code> argument is
 967      *             <code>null</code>.
 968      * @see        #checkPermission(java.security.Permission) checkPermission
 969      */
 970     public void checkWrite(String file) {
 971         checkPermission(new FilePermission(file,
 972             SecurityConstants.FILE_WRITE_ACTION));
 973     }
 974 
 975     /**
 976      * Throws a <code>SecurityException</code> if the
 977      * calling thread is not allowed to delete the specified file.
 978      * <p>
 979      * This method is invoked for the current security manager by the
 980      * <code>delete</code> method of class <code>File</code>.
 981      * <p>
 982      * This method calls <code>checkPermission</code> with the
 983      * <code>FilePermission(file,"delete")</code> permission.
 984      * <p>
 985      * If you override this method, then you should make a call to
 986      * <code>super.checkDelete</code>
 987      * at the point the overridden method would normally throw an
 988      * exception.
 989      *
 990      * @param      file   the system-dependent filename.
 991      * @exception  SecurityException if the calling thread does not
 992      *             have permission to delete the file.
 993      * @exception  NullPointerException if the <code>file</code> argument is
 994      *             <code>null</code>.
 995      * @see        java.io.File#delete()
 996      * @see        #checkPermission(java.security.Permission) checkPermission
 997      */
 998     public void checkDelete(String file) {
 999         checkPermission(new FilePermission(file,
1000             SecurityConstants.FILE_DELETE_ACTION));
1001     }
1002 
1003     /**
1004      * Throws a <code>SecurityException</code> if the
1005      * calling thread is not allowed to open a socket connection to the
1006      * specified host and port number.
1007      * <p>
1008      * A port number of <code>-1</code> indicates that the calling
1009      * method is attempting to determine the IP address of the specified
1010      * host name.
1011      * <p>
1012      * This method calls <code>checkPermission</code> with the
1013      * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1014      * the port is not equal to -1. If the port is equal to -1, then
1015      * it calls <code>checkPermission</code> with the
1016      * <code>SocketPermission(host,"resolve")</code> permission.
1017      * <p>
1018      * If you override this method, then you should make a call to
1019      * <code>super.checkConnect</code>
1020      * at the point the overridden method would normally throw an
1021      * exception.
1022      *
1023      * @param      host   the host name port to connect to.
1024      * @param      port   the protocol port to connect to.
1025      * @exception  SecurityException  if the calling thread does not have
1026      *             permission to open a socket connection to the specified
1027      *               <code>host</code> and <code>port</code>.
1028      * @exception  NullPointerException if the <code>host</code> argument is
1029      *             <code>null</code>.
1030      * @see        #checkPermission(java.security.Permission) checkPermission
1031      */
1032     public void checkConnect(String host, int port) {
1033         if (host == null) {
1034             throw new NullPointerException("host can't be null");
1035         }
1036         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1037             host = "[" + host + "]";
1038         }
1039         if (port == -1) {
1040             checkPermission(new SocketPermission(host,
1041                 SecurityConstants.SOCKET_RESOLVE_ACTION));
1042         } else {
1043             checkPermission(new SocketPermission(host+":"+port,
1044                 SecurityConstants.SOCKET_CONNECT_ACTION));
1045         }
1046     }
1047 
1048     /**
1049      * Throws a <code>SecurityException</code> if the
1050      * specified security context is not allowed to open a socket
1051      * connection to the specified host and port number.
1052      * <p>
1053      * A port number of <code>-1</code> indicates that the calling
1054      * method is attempting to determine the IP address of the specified
1055      * host name.
1056      * <p> If <code>context</code> is not an instance of
1057      * <code>AccessControlContext</code> then a
1058      * <code>SecurityException</code> is thrown.
1059      * <p>
1060      * Otherwise, the port number is checked. If it is not equal
1061      * to -1, the <code>context</code>'s <code>checkPermission</code>
1062      * method is called with a
1063      * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1064      * If the port is equal to -1, then
1065      * the <code>context</code>'s <code>checkPermission</code> method
1066      * is called with a
1067      * <code>SocketPermission(host,"resolve")</code> permission.
1068      * <p>
1069      * If you override this method, then you should make a call to
1070      * <code>super.checkConnect</code>
1071      * at the point the overridden method would normally throw an
1072      * exception.
1073      *
1074      * @param      host      the host name port to connect to.
1075      * @param      port      the protocol port to connect to.
1076      * @param      context   a system-dependent security context.
1077      * @exception  SecurityException if the specified security context
1078      *             is not an instance of <code>AccessControlContext</code>
1079      *             (e.g., is <code>null</code>), or does not have permission
1080      *             to open a socket connection to the specified
1081      *             <code>host</code> and <code>port</code>.
1082      * @exception  NullPointerException if the <code>host</code> argument is
1083      *             <code>null</code>.
1084      * @see        java.lang.SecurityManager#getSecurityContext()
1085      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
1086      */
1087     public void checkConnect(String host, int port, Object context) {
1088         if (host == null) {
1089             throw new NullPointerException("host can't be null");
1090         }
1091         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1092             host = "[" + host + "]";
1093         }
1094         if (port == -1)
1095             checkPermission(new SocketPermission(host,
1096                 SecurityConstants.SOCKET_RESOLVE_ACTION),
1097                 context);
1098         else
1099             checkPermission(new SocketPermission(host+":"+port,
1100                 SecurityConstants.SOCKET_CONNECT_ACTION),
1101                 context);
1102     }
1103 
1104     /**
1105      * Throws a <code>SecurityException</code> if the
1106      * calling thread is not allowed to wait for a connection request on
1107      * the specified local port number.
1108      * <p>
1109      * This method calls <code>checkPermission</code> with the
1110      * <code>SocketPermission("localhost:"+port,"listen")</code>.
1111      * <p>
1112      * If you override this method, then you should make a call to
1113      * <code>super.checkListen</code>
1114      * at the point the overridden method would normally throw an
1115      * exception.
1116      *
1117      * @param      port   the local port.
1118      * @exception  SecurityException  if the calling thread does not have
1119      *             permission to listen on the specified port.
1120      * @see        #checkPermission(java.security.Permission) checkPermission
1121      */
1122     public void checkListen(int port) {
1123         checkPermission(new SocketPermission("localhost:"+port,
1124             SecurityConstants.SOCKET_LISTEN_ACTION));
1125     }
1126 
1127     /**
1128      * Throws a <code>SecurityException</code> if the
1129      * calling thread is not permitted to accept a socket connection from
1130      * the specified host and port number.
1131      * <p>
1132      * This method is invoked for the current security manager by the
1133      * <code>accept</code> method of class <code>ServerSocket</code>.
1134      * <p>
1135      * This method calls <code>checkPermission</code> with the
1136      * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1137      * <p>
1138      * If you override this method, then you should make a call to
1139      * <code>super.checkAccept</code>
1140      * at the point the overridden method would normally throw an
1141      * exception.
1142      *
1143      * @param      host   the host name of the socket connection.
1144      * @param      port   the port number of the socket connection.
1145      * @exception  SecurityException  if the calling thread does not have
1146      *             permission to accept the connection.
1147      * @exception  NullPointerException if the <code>host</code> argument is
1148      *             <code>null</code>.
1149      * @see        java.net.ServerSocket#accept()
1150      * @see        #checkPermission(java.security.Permission) checkPermission
1151      */
1152     public void checkAccept(String host, int port) {
1153         if (host == null) {
1154             throw new NullPointerException("host can't be null");
1155         }
1156         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1157             host = "[" + host + "]";
1158         }
1159         checkPermission(new SocketPermission(host+":"+port,
1160             SecurityConstants.SOCKET_ACCEPT_ACTION));
1161     }
1162 
1163     /**
1164      * Throws a <code>SecurityException</code> if the
1165      * calling thread is not allowed to use
1166      * (join/leave/send/receive) IP multicast.
1167      * <p>
1168      * This method calls <code>checkPermission</code> with the
1169      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1170      * "accept,connect")</code> permission.
1171      * <p>
1172      * If you override this method, then you should make a call to
1173      * <code>super.checkMulticast</code>
1174      * at the point the overridden method would normally throw an
1175      * exception.
1176      *
1177      * @param      maddr  Internet group address to be used.
1178      * @exception  SecurityException  if the calling thread is not allowed to
1179      *  use (join/leave/send/receive) IP multicast.
1180      * @exception  NullPointerException if the address argument is
1181      *             <code>null</code>.
1182      * @since      1.1
1183      * @see        #checkPermission(java.security.Permission) checkPermission
1184      */
1185     public void checkMulticast(InetAddress maddr) {
1186         String host = maddr.getHostAddress();
1187         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1188             host = "[" + host + "]";
1189         }
1190         checkPermission(new SocketPermission(host,
1191             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1192     }
1193 
1194     /**
1195      * Throws a <code>SecurityException</code> if the
1196      * calling thread is not allowed to use
1197      * (join/leave/send/receive) IP multicast.
1198      * <p>
1199      * This method calls <code>checkPermission</code> with the
1200      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1201      * "accept,connect")</code> permission.
1202      * <p>
1203      * If you override this method, then you should make a call to
1204      * <code>super.checkMulticast</code>
1205      * at the point the overridden method would normally throw an
1206      * exception.
1207      *
1208      * @param      maddr  Internet group address to be used.
1209      * @param      ttl        value in use, if it is multicast send.
1210      * Note: this particular implementation does not use the ttl
1211      * parameter.
1212      * @exception  SecurityException  if the calling thread is not allowed to
1213      *  use (join/leave/send/receive) IP multicast.
1214      * @exception  NullPointerException if the address argument is
1215      *             <code>null</code>.
1216      * @since      1.1
1217      * @deprecated Use #checkPermission(java.security.Permission) instead
1218      * @see        #checkPermission(java.security.Permission) checkPermission
1219      */
1220     @Deprecated
1221     public void checkMulticast(InetAddress maddr, byte ttl) {
1222         String host = maddr.getHostAddress();
1223         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1224             host = "[" + host + "]";
1225         }
1226         checkPermission(new SocketPermission(host,
1227             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1228     }
1229 
1230     /**
1231      * Throws a <code>SecurityException</code> if the
1232      * calling thread is not allowed to access or modify the system
1233      * properties.
1234      * <p>
1235      * This method is used by the <code>getProperties</code> and
1236      * <code>setProperties</code> methods of class <code>System</code>.
1237      * <p>
1238      * This method calls <code>checkPermission</code> with the
1239      * <code>PropertyPermission("*", "read,write")</code> permission.
1240      * <p>
1241      * If you override this method, then you should make a call to
1242      * <code>super.checkPropertiesAccess</code>
1243      * at the point the overridden method would normally throw an
1244      * exception.
1245      *
1246      * @exception  SecurityException  if the calling thread does not have
1247      *             permission to access or modify the system properties.
1248      * @see        java.lang.System#getProperties()
1249      * @see        java.lang.System#setProperties(java.util.Properties)
1250      * @see        #checkPermission(java.security.Permission) checkPermission
1251      */
1252     public void checkPropertiesAccess() {
1253         checkPermission(new PropertyPermission("*",
1254             SecurityConstants.PROPERTY_RW_ACTION));
1255     }
1256 
1257     /**
1258      * Throws a <code>SecurityException</code> if the
1259      * calling thread is not allowed to access the system property with
1260      * the specified <code>key</code> name.
1261      * <p>
1262      * This method is used by the <code>getProperty</code> method of
1263      * class <code>System</code>.
1264      * <p>
1265      * This method calls <code>checkPermission</code> with the
1266      * <code>PropertyPermission(key, "read")</code> permission.
1267      * <p>
1268      * If you override this method, then you should make a call to
1269      * <code>super.checkPropertyAccess</code>
1270      * at the point the overridden method would normally throw an
1271      * exception.
1272      *
1273      * @param      key   a system property key.
1274      *
1275      * @exception  SecurityException  if the calling thread does not have
1276      *             permission to access the specified system property.
1277      * @exception  NullPointerException if the <code>key</code> argument is
1278      *             <code>null</code>.
1279      * @exception  IllegalArgumentException if <code>key</code> is empty.
1280      *
1281      * @see        java.lang.System#getProperty(java.lang.String)
1282      * @see        #checkPermission(java.security.Permission) checkPermission
1283      */
1284     public void checkPropertyAccess(String key) {
1285         checkPermission(new PropertyPermission(key,
1286             SecurityConstants.PROPERTY_READ_ACTION));
1287     }
1288 
1289     /**
1290      * Returns {@code true} if the calling thread has {@code AllPermission}.
1291      *
1292      * @param      window   not used except to check if it is {@code null}.
1293      * @return     {@code true} if the calling thread has {@code AllPermission}.
1294      * @exception  NullPointerException if the {@code window} argument is
1295      *             {@code null}.
1296      * @deprecated This method was originally used to check if the calling thread
1297      *             was trusted to bring up a top-level window. The method has been
1298      *             obsoleted and code should instead use {@link #checkPermission}
1299      *             to check {@code AWTPermission("showWindowWithoutWarningBanner")}.
1300      * @see        #checkPermission(java.security.Permission) checkPermission
1301      */
1302     @Deprecated
1303     public boolean checkTopLevelWindow(Object window) {
1304         if (window == null) {
1305             throw new NullPointerException("window can't be null");
1306         }
1307         return hasAllPermission();
1308     }
1309 
1310     /**
1311      * Throws a <code>SecurityException</code> if the
1312      * calling thread is not allowed to initiate a print job request.
1313      * <p>
1314      * This method calls
1315      * <code>checkPermission</code> with the
1316      * <code>RuntimePermission("queuePrintJob")</code> permission.
1317      * <p>
1318      * If you override this method, then you should make a call to
1319      * <code>super.checkPrintJobAccess</code>
1320      * at the point the overridden method would normally throw an
1321      * exception.
1322      *
1323      * @exception  SecurityException  if the calling thread does not have
1324      *             permission to initiate a print job request.
1325      * @since   1.1
1326      * @see        #checkPermission(java.security.Permission) checkPermission
1327      */
1328     public void checkPrintJobAccess() {
1329         checkPermission(new RuntimePermission("queuePrintJob"));
1330     }
1331 
1332     /**
1333      * Throws {@code SecurityException} if the calling thread does
1334      * not have {@code AllPermission}.
1335      *
1336      * @since   1.1
1337      * @exception  SecurityException  if the calling thread does not have
1338      *             {@code AllPermission}
1339      * @deprecated This method was originally used to check if the calling
1340      *             thread could access the system clipboard. The method has been
1341      *             obsoleted and code should instead use {@link #checkPermission}
1342      *             to check {@code AWTPermission("accessClipboard")}.
1343      * @see        #checkPermission(java.security.Permission) checkPermission
1344      */
1345     @Deprecated
1346     public void checkSystemClipboardAccess() {
1347         checkPermission(SecurityConstants.ALL_PERMISSION);
1348     }
1349 
1350     /**
1351      * Throws {@code SecurityException} if the calling thread does
1352      * not have {@code AllPermission}.
1353      *
1354      * @since   1.1
1355      * @exception  SecurityException  if the calling thread does not have
1356      *             {@code AllPermission}
1357      * @deprecated This method was originally used to check if the calling
1358      *             thread could access the AWT event queue. The method has been
1359      *             obsoleted and code should instead use {@link #checkPermission}
1360      *             to check {@code AWTPermission("accessEventQueue")}.
1361      * @see        #checkPermission(java.security.Permission) checkPermission
1362      */
1363     @Deprecated
1364     public void checkAwtEventQueueAccess() {
1365         checkPermission(SecurityConstants.ALL_PERMISSION);
1366     }
1367 
1368     /*
1369      * We have an initial invalid bit (initially false) for the class
1370      * variables which tell if the cache is valid.  If the underlying
1371      * java.security.Security property changes via setProperty(), the
1372      * Security class uses reflection to change the variable and thus
1373      * invalidate the cache.
1374      *
1375      * Locking is handled by synchronization to the
1376      * packageAccessLock/packageDefinitionLock objects.  They are only
1377      * used in this class.
1378      *
1379      * Note that cache invalidation as a result of the property change
1380      * happens without using these locks, so there may be a delay between
1381      * when a thread updates the property and when other threads updates
1382      * the cache.
1383      */
1384     private static boolean packageAccessValid = false;
1385     private static String[] packageAccess;
1386     private static final Object packageAccessLock = new Object();
1387 
1388     private static boolean packageDefinitionValid = false;
1389     private static String[] packageDefinition;
1390     private static final Object packageDefinitionLock = new Object();
1391 
1392     private static String[] getPackages(String p) {
1393         String packages[] = null;
1394         if (p != null && !p.equals("")) {
1395             java.util.StringTokenizer tok =
1396                 new java.util.StringTokenizer(p, ",");
1397             int n = tok.countTokens();
1398             if (n > 0) {
1399                 packages = new String[n];
1400                 int i = 0;
1401                 while (tok.hasMoreElements()) {
1402                     String s = tok.nextToken().trim();
1403                     packages[i++] = s;
1404                 }
1405             }
1406         }
1407 
1408         if (packages == null)
1409             packages = new String[0];
1410         return packages;
1411     }
1412 
1413     /**
1414      * Throws a <code>SecurityException</code> if the
1415      * calling thread is not allowed to access the package specified by
1416      * the argument.
1417      * <p>
1418      * This method is used by the <code>loadClass</code> method of class
1419      * loaders.
1420      * <p>
1421      * This method first gets a list of
1422      * restricted packages by obtaining a comma-separated list from
1423      * a call to
1424      * <code>java.security.Security.getProperty("package.access")</code>,
1425      * and checks to see if <code>pkg</code> starts with or equals
1426      * any of the restricted packages. If it does, then
1427      * <code>checkPermission</code> gets called with the
1428      * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1429      * permission.
1430      * <p>
1431      * If this method is overridden, then
1432      * <code>super.checkPackageAccess</code> should be called
1433      * as the first line in the overridden method.
1434      *
1435      * @param      pkg   the package name.
1436      * @exception  SecurityException  if the calling thread does not have
1437      *             permission to access the specified package.
1438      * @exception  NullPointerException if the package name argument is
1439      *             <code>null</code>.
1440      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1441      *  loadClass
1442      * @see        java.security.Security#getProperty getProperty
1443      * @see        #checkPermission(java.security.Permission) checkPermission
1444      */
1445     public void checkPackageAccess(String pkg) {
1446         if (pkg == null) {
1447             throw new NullPointerException("package name can't be null");
1448         }
1449 
1450         String[] restrictedPkgs;
1451         synchronized (packageAccessLock) {
1452             /*
1453              * Do we need to update our property array?
1454              */
1455             if (!packageAccessValid) {
1456                 String tmpPropertyStr =
1457                     AccessController.doPrivileged(
1458                         new PrivilegedAction<>() {
1459                             public String run() {
1460                                 return Security.getProperty("package.access");
1461                             }
1462                         }
1463                     );
1464                 packageAccess = getPackages(tmpPropertyStr);
1465                 packageAccessValid = true;
1466             }
1467 
1468             // Using a snapshot of packageAccess -- don't care if static field
1469             // changes afterwards; array contents won't change.
1470             restrictedPkgs = packageAccess;
1471         }
1472 
1473         /*
1474          * Traverse the list of packages, check for any matches.
1475          */
1476         final int plen = pkg.length();
1477         for (String restrictedPkg : restrictedPkgs) {
1478             final int rlast = restrictedPkg.length() - 1;
1479 
1480             // Optimizations:
1481             //
1482             // If rlast >= plen then restrictedPkg is longer than pkg by at
1483             // least one char. This means pkg cannot start with restrictedPkg,
1484             // since restrictedPkg will be longer than pkg.
1485             //
1486             // Similarly if rlast != plen, then pkg + "." cannot be the same
1487             // as restrictedPkg, since pkg + "." will have a different length
1488             // than restrictedPkg.
1489             //
1490             if (rlast < plen && pkg.startsWith(restrictedPkg) ||
1491                 // The following test is equivalent to
1492                 // restrictedPkg.equals(pkg + ".") but is noticeably more
1493                 // efficient:
1494                 rlast == plen && restrictedPkg.startsWith(pkg) &&
1495                 restrictedPkg.charAt(rlast) == '.')
1496             {
1497                 checkPermission(
1498                     new RuntimePermission("accessClassInPackage." + pkg));
1499                 break;  // No need to continue; only need to check this once
1500             }
1501         }
1502     }
1503 
1504     /**
1505      * Throws a <code>SecurityException</code> if the
1506      * calling thread is not allowed to define classes in the package
1507      * specified by the argument.
1508      * <p>
1509      * This method is used by the <code>loadClass</code> method of some
1510      * class loaders.
1511      * <p>
1512      * This method first gets a list of restricted packages by
1513      * obtaining a comma-separated list from a call to
1514      * <code>java.security.Security.getProperty("package.definition")</code>,
1515      * and checks to see if <code>pkg</code> starts with or equals
1516      * any of the restricted packages. If it does, then
1517      * <code>checkPermission</code> gets called with the
1518      * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1519      * permission.
1520      * <p>
1521      * If this method is overridden, then
1522      * <code>super.checkPackageDefinition</code> should be called
1523      * as the first line in the overridden method.
1524      *
1525      * @param      pkg   the package name.
1526      * @exception  SecurityException  if the calling thread does not have
1527      *             permission to define classes in the specified package.
1528      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1529      * @see        java.security.Security#getProperty getProperty
1530      * @see        #checkPermission(java.security.Permission) checkPermission
1531      */
1532     public void checkPackageDefinition(String pkg) {
1533         if (pkg == null) {
1534             throw new NullPointerException("package name can't be null");
1535         }
1536 
1537         String[] pkgs;
1538         synchronized (packageDefinitionLock) {
1539             /*
1540              * Do we need to update our property array?
1541              */
1542             if (!packageDefinitionValid) {
1543                 String tmpPropertyStr =
1544                     AccessController.doPrivileged(
1545                         new PrivilegedAction<>() {
1546                             public String run() {
1547                                 return java.security.Security.getProperty(
1548                                     "package.definition");
1549                             }
1550                         }
1551                     );
1552                 packageDefinition = getPackages(tmpPropertyStr);
1553                 packageDefinitionValid = true;
1554             }
1555             // Using a snapshot of packageDefinition -- don't care if static
1556             // field changes afterwards; array contents won't change.
1557             pkgs = packageDefinition;
1558         }
1559 
1560         /*
1561          * Traverse the list of packages, check for any matches.
1562          */
1563         for (String restrictedPkg : pkgs) {
1564             if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) {
1565                 checkPermission(
1566                     new RuntimePermission("defineClassInPackage." + pkg));
1567                 break; // No need to continue; only need to check this once
1568             }
1569         }
1570     }
1571 
1572     /**
1573      * Throws a <code>SecurityException</code> if the
1574      * calling thread is not allowed to set the socket factory used by
1575      * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1576      * handler factory used by <code>URL</code>.
1577      * <p>
1578      * This method calls <code>checkPermission</code> with the
1579      * <code>RuntimePermission("setFactory")</code> permission.
1580      * <p>
1581      * If you override this method, then you should make a call to
1582      * <code>super.checkSetFactory</code>
1583      * at the point the overridden method would normally throw an
1584      * exception.
1585      *
1586      * @exception  SecurityException  if the calling thread does not have
1587      *             permission to specify a socket factory or a stream
1588      *             handler factory.
1589      *
1590      * @see        java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1591      * @see        java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1592      * @see        java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1593      * @see        #checkPermission(java.security.Permission) checkPermission
1594      */
1595     public void checkSetFactory() {
1596         checkPermission(new RuntimePermission("setFactory"));
1597     }
1598 
1599     /**
1600      * Throws a <code>SecurityException</code> if the
1601      * calling thread is not allowed to access members.
1602      * <p>
1603      * The default policy is to allow access to PUBLIC members, as well
1604      * as access to classes that have the same class loader as the caller.
1605      * In all other cases, this method calls <code>checkPermission</code>
1606      * with the <code>RuntimePermission("accessDeclaredMembers")
1607      * </code> permission.
1608      * <p>
1609      * If this method is overridden, then a call to
1610      * <code>super.checkMemberAccess</code> cannot be made,
1611      * as the default implementation of <code>checkMemberAccess</code>
1612      * relies on the code being checked being at a stack depth of
1613      * 4.
1614      *
1615      * @param clazz the class that reflection is to be performed on.
1616      *
1617      * @param which type of access, PUBLIC or DECLARED.
1618      *
1619      * @exception  SecurityException if the caller does not have
1620      *             permission to access members.
1621      * @exception  NullPointerException if the <code>clazz</code> argument is
1622      *             <code>null</code>.
1623      *
1624      * @deprecated This method relies on the caller being at a stack depth
1625      *             of 4 which is error-prone and cannot be enforced by the runtime.
1626      *             Users of this method should instead invoke {@link #checkPermission}
1627      *             directly.  This method will be changed in a future release
1628      *             to check the permission {@code java.security.AllPermission}.
1629      *
1630      * @see java.lang.reflect.Member
1631      * @since 1.1
1632      * @see        #checkPermission(java.security.Permission) checkPermission
1633      */
1634     @Deprecated
1635     @CallerSensitive
1636     public void checkMemberAccess(Class<?> clazz, int which) {
1637         if (clazz == null) {
1638             throw new NullPointerException("class can't be null");
1639         }
1640         if (which != Member.PUBLIC) {
1641             Class<?> stack[] = getClassContext();
1642             /*
1643              * stack depth of 4 should be the caller of one of the
1644              * methods in java.lang.Class that invoke checkMember
1645              * access. The stack should look like:
1646              *
1647              * someCaller                        [3]
1648              * java.lang.Class.someReflectionAPI [2]
1649              * java.lang.Class.checkMemberAccess [1]
1650              * SecurityManager.checkMemberAccess [0]
1651              *
1652              */
1653             if ((stack.length<4) ||
1654                 (stack[3].getClassLoader() != clazz.getClassLoader())) {
1655                 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1656             }
1657         }
1658     }
1659 
1660     /**
1661      * Determines whether the permission with the specified permission target
1662      * name should be granted or denied.
1663      *
1664      * <p> If the requested permission is allowed, this method returns
1665      * quietly. If denied, a SecurityException is raised.
1666      *
1667      * <p> This method creates a <code>SecurityPermission</code> object for
1668      * the given permission target name and calls <code>checkPermission</code>
1669      * with it.
1670      *
1671      * <p> See the documentation for
1672      * <code>{@link java.security.SecurityPermission}</code> for
1673      * a list of possible permission target names.
1674      *
1675      * <p> If you override this method, then you should make a call to
1676      * <code>super.checkSecurityAccess</code>
1677      * at the point the overridden method would normally throw an
1678      * exception.
1679      *
1680      * @param target the target name of the <code>SecurityPermission</code>.
1681      *
1682      * @exception SecurityException if the calling thread does not have
1683      * permission for the requested access.
1684      * @exception NullPointerException if <code>target</code> is null.
1685      * @exception IllegalArgumentException if <code>target</code> is empty.
1686      *
1687      * @since   1.1
1688      * @see        #checkPermission(java.security.Permission) checkPermission
1689      */
1690     public void checkSecurityAccess(String target) {
1691         checkPermission(new SecurityPermission(target));
1692     }
1693 
1694     private native Class<?> currentLoadedClass0();
1695 
1696     /**
1697      * Returns the thread group into which to instantiate any new
1698      * thread being created at the time this is being called.
1699      * By default, it returns the thread group of the current
1700      * thread. This should be overridden by a specific security
1701      * manager to return the appropriate thread group.
1702      *
1703      * @return  ThreadGroup that new threads are instantiated into
1704      * @since   1.1
1705      * @see     java.lang.ThreadGroup
1706      */
1707     public ThreadGroup getThreadGroup() {
1708         return Thread.currentThread().getThreadGroup();
1709     }
1710 
1711 }