1 /* 2 * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.io.FileDescriptor; 30 import java.io.File; 31 import java.io.FilePermission; 32 import java.util.PropertyPermission; 33 import java.lang.RuntimePermission; 34 import java.net.SocketPermission; 35 import java.net.NetPermission; 36 import java.util.Hashtable; 37 import java.net.InetAddress; 38 import java.lang.reflect.*; 39 import java.net.URL; 40 41 import sun.reflect.CallerSensitive; 42 import sun.security.util.SecurityConstants; 43 44 /** 45 * The security manager is a class that allows 46 * applications to implement a security policy. It allows an 47 * application to determine, before performing a possibly unsafe or 48 * sensitive operation, what the operation is and whether 49 * it is being attempted in a security context that allows the 50 * operation to be performed. The 51 * application can allow or disallow the operation. 52 * <p> 53 * The <code>SecurityManager</code> class contains many methods with 54 * names that begin with the word <code>check</code>. These methods 55 * are called by various methods in the Java libraries before those 56 * methods perform certain potentially sensitive operations. The 57 * invocation of such a <code>check</code> method typically looks like this: 58 * <blockquote><pre> 59 * SecurityManager security = System.getSecurityManager(); 60 * if (security != null) { 61 * security.check<i>XXX</i>(argument, . . . ); 62 * } 63 * </pre></blockquote> 64 * <p> 65 * The security manager is thereby given an opportunity to prevent 66 * completion of the operation by throwing an exception. A security 67 * manager routine simply returns if the operation is permitted, but 68 * throws a <code>SecurityException</code> if the operation is not 69 * permitted. 70 * <p> 71 * The current security manager is set by the 72 * <code>setSecurityManager</code> method in class 73 * <code>System</code>. The current security manager is obtained 74 * by the <code>getSecurityManager</code> method. 75 * <p> 76 * The special method 77 * {@link SecurityManager#checkPermission(java.security.Permission)} 78 * determines whether an access request indicated by a specified 79 * permission should be granted or denied. The 80 * default implementation calls 81 * 82 * <pre> 83 * AccessController.checkPermission(perm); 84 * </pre> 85 * 86 * <p> 87 * If a requested access is allowed, 88 * <code>checkPermission</code> returns quietly. If denied, a 89 * <code>SecurityException</code> is thrown. 90 * <p> 91 * As of Java 2 SDK v1.2, the default implementation of each of the other 92 * <code>check</code> methods in <code>SecurityManager</code> is to 93 * call the <code>SecurityManager checkPermission</code> method 94 * to determine if the calling thread has permission to perform the requested 95 * operation. 96 * <p> 97 * Note that the <code>checkPermission</code> method with 98 * just a single permission argument always performs security checks 99 * within the context of the currently executing thread. 100 * Sometimes a security check that should be made within a given context 101 * will actually need to be done from within a 102 * <i>different</i> context (for example, from within a worker thread). 103 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 104 * and the {@link SecurityManager#checkPermission(java.security.Permission, 105 * java.lang.Object) checkPermission} 106 * method that includes a context argument are provided 107 * for this situation. The 108 * <code>getSecurityContext</code> method returns a "snapshot" 109 * of the current calling context. (The default implementation 110 * returns an AccessControlContext object.) A sample call is 111 * the following: 112 * 113 * <pre> 114 * Object context = null; 115 * SecurityManager sm = System.getSecurityManager(); 116 * if (sm != null) context = sm.getSecurityContext(); 117 * </pre> 118 * 119 * <p> 120 * The <code>checkPermission</code> method 121 * that takes a context object in addition to a permission 122 * makes access decisions based on that context, 123 * rather than on that of the current execution thread. 124 * Code within a different context can thus call that method, 125 * passing the permission and the 126 * previously-saved context object. A sample call, using the 127 * SecurityManager <code>sm</code> obtained as in the previous example, 128 * is the following: 129 * 130 * <pre> 131 * if (sm != null) sm.checkPermission(permission, context); 132 * </pre> 133 * 134 * <p>Permissions fall into these categories: File, Socket, Net, 135 * Security, Runtime, Property, AWT, Reflect, and Serializable. 136 * The classes managing these various 137 * permission categories are <code>java.io.FilePermission</code>, 138 * <code>java.net.SocketPermission</code>, 139 * <code>java.net.NetPermission</code>, 140 * <code>java.security.SecurityPermission</code>, 141 * <code>java.lang.RuntimePermission</code>, 142 * <code>java.util.PropertyPermission</code>, 143 * <code>java.awt.AWTPermission</code>, 144 * <code>java.lang.reflect.ReflectPermission</code>, and 145 * <code>java.io.SerializablePermission</code>. 146 * 147 * <p>All but the first two (FilePermission and SocketPermission) are 148 * subclasses of <code>java.security.BasicPermission</code>, which itself 149 * is an abstract subclass of the 150 * top-level class for permissions, which is 151 * <code>java.security.Permission</code>. BasicPermission defines the 152 * functionality needed for all permissions that contain a name 153 * that follows the hierarchical property naming convention 154 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 155 * An asterisk 156 * may appear at the end of the name, following a ".", or by itself, to 157 * signify a wildcard match. For example: "a.*" or "*" is valid, 158 * "*a" or "a*b" is not valid. 159 * 160 * <p>FilePermission and SocketPermission are subclasses of the 161 * top-level class for permissions 162 * (<code>java.security.Permission</code>). Classes like these 163 * that have a more complicated name syntax than that used by 164 * BasicPermission subclass directly from Permission rather than from 165 * BasicPermission. For example, 166 * for a <code>java.io.FilePermission</code> object, the permission name is 167 * the path name of a file (or directory). 168 * 169 * <p>Some of the permission classes have an "actions" list that tells 170 * the actions that are permitted for the object. For example, 171 * for a <code>java.io.FilePermission</code> object, the actions list 172 * (such as "read, write") specifies which actions are granted for the 173 * specified file (or for files in the specified directory). 174 * 175 * <p>Other permission classes are for "named" permissions - 176 * ones that contain a name but no actions list; you either have the 177 * named permission or you don't. 178 * 179 * <p>Note: There is also a <code>java.security.AllPermission</code> 180 * permission that implies all permissions. It exists to simplify the work 181 * of system administrators who might need to perform multiple 182 * tasks that require all (or numerous) permissions. 183 * <p> 184 * See <a href ="../../../technotes/guides/security/permissions.html"> 185 * Permissions in the JDK</a> for permission-related information. 186 * This document includes, for example, a table listing the various SecurityManager 187 * <code>check</code> methods and the permission(s) the default 188 * implementation of each such method requires. 189 * It also contains a table of all the version 1.2 methods 190 * that require permissions, and for each such method tells 191 * which permission it requires. 192 * <p> 193 * For more information about <code>SecurityManager</code> changes made in 194 * the JDK and advice regarding porting of 1.1-style security managers, 195 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>. 196 * 197 * @author Arthur van Hoff 198 * @author Roland Schemers 199 * 200 * @see java.lang.ClassLoader 201 * @see java.lang.SecurityException 202 * @see java.lang.System#getSecurityManager() getSecurityManager 203 * @see java.lang.System#setSecurityManager(java.lang.SecurityManager) 204 * setSecurityManager 205 * @see java.security.AccessController AccessController 206 * @see java.security.AccessControlContext AccessControlContext 207 * @see java.security.AccessControlException AccessControlException 208 * @see java.security.Permission 209 * @see java.security.BasicPermission 210 * @see java.io.FilePermission 211 * @see java.net.SocketPermission 212 * @see java.util.PropertyPermission 213 * @see java.lang.RuntimePermission 214 * @see java.awt.AWTPermission 215 * @see java.security.Policy Policy 216 * @see java.security.SecurityPermission SecurityPermission 217 * @see java.security.ProtectionDomain 218 * 219 * @since JDK1.0 220 */ 221 public 222 class SecurityManager { 223 224 /** 225 * This field is <code>true</code> if there is a security check in 226 * progress; <code>false</code> otherwise. 227 * 228 * @deprecated This type of security checking is not recommended. 229 * It is recommended that the <code>checkPermission</code> 230 * call be used instead. 231 */ 232 @Deprecated 233 protected boolean inCheck; 234 235 /* 236 * Have we been initialized. Effective against finalizer attacks. 237 */ 238 private boolean initialized = false; 239 240 241 /** 242 * returns true if the current context has been granted AllPermission 243 */ 244 private boolean hasAllPermission() { 245 try { 246 checkPermission(SecurityConstants.ALL_PERMISSION); 247 return true; 248 } catch (SecurityException se) { 249 return false; 250 } 251 } 252 253 /** 254 * Tests if there is a security check in progress. 255 * 256 * @return the value of the <code>inCheck</code> field. This field 257 * should contain <code>true</code> if a security check is 258 * in progress, 259 * <code>false</code> otherwise. 260 * @see java.lang.SecurityManager#inCheck 261 * @deprecated This type of security checking is not recommended. 262 * It is recommended that the <code>checkPermission</code> 263 * call be used instead. 264 */ 265 @Deprecated 266 public boolean getInCheck() { 267 return inCheck; 268 } 269 270 /** 271 * Constructs a new <code>SecurityManager</code>. 272 * 273 * <p> If there is a security manager already installed, this method first 274 * calls the security manager's <code>checkPermission</code> method 275 * with the <code>RuntimePermission("createSecurityManager")</code> 276 * permission to ensure the calling thread has permission to create a new 277 * security manager. 278 * This may result in throwing a <code>SecurityException</code>. 279 * 280 * @exception java.lang.SecurityException if a security manager already 281 * exists and its <code>checkPermission</code> method 282 * doesn't allow creation of a new security manager. 283 * @see java.lang.System#getSecurityManager() 284 * @see #checkPermission(java.security.Permission) checkPermission 285 * @see java.lang.RuntimePermission 286 */ 287 public SecurityManager() { 288 synchronized(SecurityManager.class) { 289 SecurityManager sm = System.getSecurityManager(); 290 if (sm != null) { 291 // ask the currently installed security manager if we 292 // can create a new one. 293 sm.checkPermission(new RuntimePermission 294 ("createSecurityManager")); 295 } 296 initialized = true; 297 } 298 } 299 300 /** 301 * Returns the current execution stack as an array of classes. 302 * <p> 303 * The length of the array is the number of methods on the execution 304 * stack. The element at index <code>0</code> is the class of the 305 * currently executing method, the element at index <code>1</code> is 306 * the class of that method's caller, and so on. 307 * 308 * @return the execution stack. 309 */ 310 protected native Class<?>[] getClassContext(); 311 312 /** 313 * Returns the class loader of the most recently executing method from 314 * a class defined using a non-system class loader. A non-system 315 * class loader is defined as being a class loader that is not equal to 316 * the system class loader (as returned 317 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 318 * <p> 319 * This method will return 320 * <code>null</code> in the following three cases: 321 * <ol> 322 * <li>All methods on the execution stack are from classes 323 * defined using the system class loader or one of its ancestors. 324 * 325 * <li>All methods on the execution stack up to the first 326 * "privileged" caller 327 * (see {@link java.security.AccessController#doPrivileged}) 328 * are from classes 329 * defined using the system class loader or one of its ancestors. 330 * 331 * <li> A call to <code>checkPermission</code> with 332 * <code>java.security.AllPermission</code> does not 333 * result in a SecurityException. 334 * 335 * </ol> 336 * 337 * @return the class loader of the most recent occurrence on the stack 338 * of a method from a class defined using a non-system class 339 * loader. 340 * 341 * @deprecated This type of security checking is not recommended. 342 * It is recommended that the <code>checkPermission</code> 343 * call be used instead. 344 * 345 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 346 * @see #checkPermission(java.security.Permission) checkPermission 347 */ 348 @Deprecated 349 protected ClassLoader currentClassLoader() { 350 ClassLoader cl = currentClassLoader0(); 351 if ((cl != null) && hasAllPermission()) 352 cl = null; 353 return cl; 354 } 355 356 private native ClassLoader currentClassLoader0(); 357 358 /** 359 * Returns the class of the most recently executing method from 360 * a class defined using a non-system class loader. A non-system 361 * class loader is defined as being a class loader that is not equal to 362 * the system class loader (as returned 363 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 364 * <p> 365 * This method will return 366 * <code>null</code> in the following three cases: 367 * <ol> 368 * <li>All methods on the execution stack are from classes 369 * defined using the system class loader or one of its ancestors. 370 * 371 * <li>All methods on the execution stack up to the first 372 * "privileged" caller 373 * (see {@link java.security.AccessController#doPrivileged}) 374 * are from classes 375 * defined using the system class loader or one of its ancestors. 376 * 377 * <li> A call to <code>checkPermission</code> with 378 * <code>java.security.AllPermission</code> does not 379 * result in a SecurityException. 380 * 381 * </ol> 382 * 383 * @return the class of the most recent occurrence on the stack 384 * of a method from a class defined using a non-system class 385 * loader. 386 * 387 * @deprecated This type of security checking is not recommended. 388 * It is recommended that the <code>checkPermission</code> 389 * call be used instead. 390 * 391 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 392 * @see #checkPermission(java.security.Permission) checkPermission 393 */ 394 @Deprecated 395 protected Class<?> currentLoadedClass() { 396 Class<?> c = currentLoadedClass0(); 397 if ((c != null) && hasAllPermission()) 398 c = null; 399 return c; 400 } 401 402 /** 403 * Returns the stack depth of the specified class. 404 * 405 * @param name the fully qualified name of the class to search for. 406 * @return the depth on the stack frame of the first occurrence of a 407 * method from a class with the specified name; 408 * <code>-1</code> if such a frame cannot be found. 409 * @deprecated This type of security checking is not recommended. 410 * It is recommended that the <code>checkPermission</code> 411 * call be used instead. 412 * 413 */ 414 @Deprecated 415 protected native int classDepth(String name); 416 417 /** 418 * Returns the stack depth of the most recently executing method 419 * from a class defined using a non-system class loader. A non-system 420 * class loader is defined as being a class loader that is not equal to 421 * the system class loader (as returned 422 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 423 * <p> 424 * This method will return 425 * -1 in the following three cases: 426 * <ol> 427 * <li>All methods on the execution stack are from classes 428 * defined using the system class loader or one of its ancestors. 429 * 430 * <li>All methods on the execution stack up to the first 431 * "privileged" caller 432 * (see {@link java.security.AccessController#doPrivileged}) 433 * are from classes 434 * defined using the system class loader or one of its ancestors. 435 * 436 * <li> A call to <code>checkPermission</code> with 437 * <code>java.security.AllPermission</code> does not 438 * result in a SecurityException. 439 * 440 * </ol> 441 * 442 * @return the depth on the stack frame of the most recent occurrence of 443 * a method from a class defined using a non-system class loader. 444 * 445 * @deprecated This type of security checking is not recommended. 446 * It is recommended that the <code>checkPermission</code> 447 * call be used instead. 448 * 449 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 450 * @see #checkPermission(java.security.Permission) checkPermission 451 */ 452 @Deprecated 453 protected int classLoaderDepth() { 454 int depth = classLoaderDepth0(); 455 if (depth != -1) { 456 if (hasAllPermission()) 457 depth = -1; 458 else 459 depth--; // make sure we don't include ourself 460 } 461 return depth; 462 } 463 464 private native int classLoaderDepth0(); 465 466 /** 467 * Tests if a method from a class with the specified 468 * name is on the execution stack. 469 * 470 * @param name the fully qualified name of the class. 471 * @return <code>true</code> if a method from a class with the specified 472 * name is on the execution stack; <code>false</code> otherwise. 473 * @deprecated This type of security checking is not recommended. 474 * It is recommended that the <code>checkPermission</code> 475 * call be used instead. 476 */ 477 @Deprecated 478 protected boolean inClass(String name) { 479 return classDepth(name) >= 0; 480 } 481 482 /** 483 * Basically, tests if a method from a class defined using a 484 * class loader is on the execution stack. 485 * 486 * @return <code>true</code> if a call to <code>currentClassLoader</code> 487 * has a non-null return value. 488 * 489 * @deprecated This type of security checking is not recommended. 490 * It is recommended that the <code>checkPermission</code> 491 * call be used instead. 492 * @see #currentClassLoader() currentClassLoader 493 */ 494 @Deprecated 495 protected boolean inClassLoader() { 496 return currentClassLoader() != null; 497 } 498 499 /** 500 * Creates an object that encapsulates the current execution 501 * environment. The result of this method is used, for example, by the 502 * three-argument <code>checkConnect</code> method and by the 503 * two-argument <code>checkRead</code> method. 504 * These methods are needed because a trusted method may be called 505 * on to read a file or open a socket on behalf of another method. 506 * The trusted method needs to determine if the other (possibly 507 * untrusted) method would be allowed to perform the operation on its 508 * own. 509 * <p> The default implementation of this method is to return 510 * an <code>AccessControlContext</code> object. 511 * 512 * @return an implementation-dependent object that encapsulates 513 * sufficient information about the current execution environment 514 * to perform some security checks later. 515 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, 516 * java.lang.Object) checkConnect 517 * @see java.lang.SecurityManager#checkRead(java.lang.String, 518 * java.lang.Object) checkRead 519 * @see java.security.AccessControlContext AccessControlContext 520 */ 521 public Object getSecurityContext() { 522 return AccessController.getContext(); 523 } 524 525 /** 526 * Throws a <code>SecurityException</code> if the requested 527 * access, specified by the given permission, is not permitted based 528 * on the security policy currently in effect. 529 * <p> 530 * This method calls <code>AccessController.checkPermission</code> 531 * with the given permission. 532 * 533 * @param perm the requested permission. 534 * @exception SecurityException if access is not permitted based on 535 * the current security policy. 536 * @exception NullPointerException if the permission argument is 537 * <code>null</code>. 538 * @since 1.2 539 */ 540 public void checkPermission(Permission perm) { 541 java.security.AccessController.checkPermission(perm); 542 } 543 544 /** 545 * Throws a <code>SecurityException</code> if the 546 * specified security context is denied access to the resource 547 * specified by the given permission. 548 * The context must be a security 549 * context returned by a previous call to 550 * <code>getSecurityContext</code> and the access control 551 * decision is based upon the configured security policy for 552 * that security context. 553 * <p> 554 * If <code>context</code> is an instance of 555 * <code>AccessControlContext</code> then the 556 * <code>AccessControlContext.checkPermission</code> method is 557 * invoked with the specified permission. 558 * <p> 559 * If <code>context</code> is not an instance of 560 * <code>AccessControlContext</code> then a 561 * <code>SecurityException</code> is thrown. 562 * 563 * @param perm the specified permission 564 * @param context a system-dependent security context. 565 * @exception SecurityException if the specified security context 566 * is not an instance of <code>AccessControlContext</code> 567 * (e.g., is <code>null</code>), or is denied access to the 568 * resource specified by the given permission. 569 * @exception NullPointerException if the permission argument is 570 * <code>null</code>. 571 * @see java.lang.SecurityManager#getSecurityContext() 572 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 573 * @since 1.2 574 */ 575 public void checkPermission(Permission perm, Object context) { 576 if (context instanceof AccessControlContext) { 577 ((AccessControlContext)context).checkPermission(perm); 578 } else { 579 throw new SecurityException(); 580 } 581 } 582 583 /** 584 * Throws a <code>SecurityException</code> if the 585 * calling thread is not allowed to create a new class loader. 586 * <p> 587 * This method calls <code>checkPermission</code> with the 588 * <code>RuntimePermission("createClassLoader")</code> 589 * permission. 590 * <p> 591 * If you override this method, then you should make a call to 592 * <code>super.checkCreateClassLoader</code> 593 * at the point the overridden method would normally throw an 594 * exception. 595 * 596 * @exception SecurityException if the calling thread does not 597 * have permission 598 * to create a new class loader. 599 * @see java.lang.ClassLoader#ClassLoader() 600 * @see #checkPermission(java.security.Permission) checkPermission 601 */ 602 public void checkCreateClassLoader() { 603 checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); 604 } 605 606 /** 607 * reference to the root thread group, used for the checkAccess 608 * methods. 609 */ 610 611 private static ThreadGroup rootGroup = getRootGroup(); 612 613 private static ThreadGroup getRootGroup() { 614 ThreadGroup root = Thread.currentThread().getThreadGroup(); 615 while (root.getParent() != null) { 616 root = root.getParent(); 617 } 618 return root; 619 } 620 621 /** 622 * Throws a <code>SecurityException</code> if the 623 * calling thread is not allowed to modify the thread argument. 624 * <p> 625 * This method is invoked for the current security manager by the 626 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 627 * <code>setPriority</code>, <code>setName</code>, and 628 * <code>setDaemon</code> methods of class <code>Thread</code>. 629 * <p> 630 * If the thread argument is a system thread (belongs to 631 * the thread group with a <code>null</code> parent) then 632 * this method calls <code>checkPermission</code> with the 633 * <code>RuntimePermission("modifyThread")</code> permission. 634 * If the thread argument is <i>not</i> a system thread, 635 * this method just returns silently. 636 * <p> 637 * Applications that want a stricter policy should override this 638 * method. If this method is overridden, the method that overrides 639 * it should additionally check to see if the calling thread has the 640 * <code>RuntimePermission("modifyThread")</code> permission, and 641 * if so, return silently. This is to ensure that code granted 642 * that permission (such as the JDK itself) is allowed to 643 * manipulate any thread. 644 * <p> 645 * If this method is overridden, then 646 * <code>super.checkAccess</code> should 647 * be called by the first statement in the overridden method, or the 648 * equivalent security check should be placed in the overridden method. 649 * 650 * @param t the thread to be checked. 651 * @exception SecurityException if the calling thread does not have 652 * permission to modify the thread. 653 * @exception NullPointerException if the thread argument is 654 * <code>null</code>. 655 * @see java.lang.Thread#resume() resume 656 * @see java.lang.Thread#setDaemon(boolean) setDaemon 657 * @see java.lang.Thread#setName(java.lang.String) setName 658 * @see java.lang.Thread#setPriority(int) setPriority 659 * @see java.lang.Thread#stop() stop 660 * @see java.lang.Thread#suspend() suspend 661 * @see #checkPermission(java.security.Permission) checkPermission 662 */ 663 public void checkAccess(Thread t) { 664 if (t == null) { 665 throw new NullPointerException("thread can't be null"); 666 } 667 if (t.getThreadGroup() == rootGroup) { 668 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); 669 } else { 670 // just return 671 } 672 } 673 /** 674 * Throws a <code>SecurityException</code> if the 675 * calling thread is not allowed to modify the thread group argument. 676 * <p> 677 * This method is invoked for the current security manager when a 678 * new child thread or child thread group is created, and by the 679 * <code>setDaemon</code>, <code>setMaxPriority</code>, 680 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 681 * <code>destroy</code> methods of class <code>ThreadGroup</code>. 682 * <p> 683 * If the thread group argument is the system thread group ( 684 * has a <code>null</code> parent) then 685 * this method calls <code>checkPermission</code> with the 686 * <code>RuntimePermission("modifyThreadGroup")</code> permission. 687 * If the thread group argument is <i>not</i> the system thread group, 688 * this method just returns silently. 689 * <p> 690 * Applications that want a stricter policy should override this 691 * method. If this method is overridden, the method that overrides 692 * it should additionally check to see if the calling thread has the 693 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and 694 * if so, return silently. This is to ensure that code granted 695 * that permission (such as the JDK itself) is allowed to 696 * manipulate any thread. 697 * <p> 698 * If this method is overridden, then 699 * <code>super.checkAccess</code> should 700 * be called by the first statement in the overridden method, or the 701 * equivalent security check should be placed in the overridden method. 702 * 703 * @param g the thread group to be checked. 704 * @exception SecurityException if the calling thread does not have 705 * permission to modify the thread group. 706 * @exception NullPointerException if the thread group argument is 707 * <code>null</code>. 708 * @see java.lang.ThreadGroup#destroy() destroy 709 * @see java.lang.ThreadGroup#resume() resume 710 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon 711 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority 712 * @see java.lang.ThreadGroup#stop() stop 713 * @see java.lang.ThreadGroup#suspend() suspend 714 * @see #checkPermission(java.security.Permission) checkPermission 715 */ 716 public void checkAccess(ThreadGroup g) { 717 if (g == null) { 718 throw new NullPointerException("thread group can't be null"); 719 } 720 if (g == rootGroup) { 721 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 722 } else { 723 // just return 724 } 725 } 726 727 /** 728 * Throws a <code>SecurityException</code> if the 729 * calling thread is not allowed to cause the Java Virtual Machine to 730 * halt with the specified status code. 731 * <p> 732 * This method is invoked for the current security manager by the 733 * <code>exit</code> method of class <code>Runtime</code>. A status 734 * of <code>0</code> indicates success; other values indicate various 735 * errors. 736 * <p> 737 * This method calls <code>checkPermission</code> with the 738 * <code>RuntimePermission("exitVM."+status)</code> permission. 739 * <p> 740 * If you override this method, then you should make a call to 741 * <code>super.checkExit</code> 742 * at the point the overridden method would normally throw an 743 * exception. 744 * 745 * @param status the exit status. 746 * @exception SecurityException if the calling thread does not have 747 * permission to halt the Java Virtual Machine with 748 * the specified status. 749 * @see java.lang.Runtime#exit(int) exit 750 * @see #checkPermission(java.security.Permission) checkPermission 751 */ 752 public void checkExit(int status) { 753 checkPermission(new RuntimePermission("exitVM."+status)); 754 } 755 756 /** 757 * Throws a <code>SecurityException</code> if the 758 * calling thread is not allowed to create a subprocess. 759 * <p> 760 * This method is invoked for the current security manager by the 761 * <code>exec</code> methods of class <code>Runtime</code>. 762 * <p> 763 * This method calls <code>checkPermission</code> with the 764 * <code>FilePermission(cmd,"execute")</code> permission 765 * if cmd is an absolute path, otherwise it calls 766 * <code>checkPermission</code> with 767 * <code>FilePermission("<<ALL FILES>>","execute")</code>. 768 * <p> 769 * If you override this method, then you should make a call to 770 * <code>super.checkExec</code> 771 * at the point the overridden method would normally throw an 772 * exception. 773 * 774 * @param cmd the specified system command. 775 * @exception SecurityException if the calling thread does not have 776 * permission to create a subprocess. 777 * @exception NullPointerException if the <code>cmd</code> argument is 778 * <code>null</code>. 779 * @see java.lang.Runtime#exec(java.lang.String) 780 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) 781 * @see java.lang.Runtime#exec(java.lang.String[]) 782 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) 783 * @see #checkPermission(java.security.Permission) checkPermission 784 */ 785 public void checkExec(String cmd) { 786 File f = new File(cmd); 787 if (f.isAbsolute()) { 788 checkPermission(new FilePermission(cmd, 789 SecurityConstants.FILE_EXECUTE_ACTION)); 790 } else { 791 checkPermission(new FilePermission("<<ALL FILES>>", 792 SecurityConstants.FILE_EXECUTE_ACTION)); 793 } 794 } 795 796 /** 797 * Throws a <code>SecurityException</code> if the 798 * calling thread is not allowed to dynamic link the library code 799 * specified by the string argument file. The argument is either a 800 * simple library name or a complete filename. 801 * <p> 802 * This method is invoked for the current security manager by 803 * methods <code>load</code> and <code>loadLibrary</code> of class 804 * <code>Runtime</code>. 805 * <p> 806 * This method calls <code>checkPermission</code> with the 807 * <code>RuntimePermission("loadLibrary."+lib)</code> permission. 808 * <p> 809 * If you override this method, then you should make a call to 810 * <code>super.checkLink</code> 811 * at the point the overridden method would normally throw an 812 * exception. 813 * 814 * @param lib the name of the library. 815 * @exception SecurityException if the calling thread does not have 816 * permission to dynamically link the library. 817 * @exception NullPointerException if the <code>lib</code> argument is 818 * <code>null</code>. 819 * @see java.lang.Runtime#load(java.lang.String) 820 * @see java.lang.Runtime#loadLibrary(java.lang.String) 821 * @see #checkPermission(java.security.Permission) checkPermission 822 */ 823 public void checkLink(String lib) { 824 if (lib == null) { 825 throw new NullPointerException("library can't be null"); 826 } 827 checkPermission(new RuntimePermission("loadLibrary."+lib)); 828 } 829 830 /** 831 * Throws a <code>SecurityException</code> if the 832 * calling thread is not allowed to read from the specified file 833 * descriptor. 834 * <p> 835 * This method calls <code>checkPermission</code> with the 836 * <code>RuntimePermission("readFileDescriptor")</code> 837 * permission. 838 * <p> 839 * If you override this method, then you should make a call to 840 * <code>super.checkRead</code> 841 * at the point the overridden method would normally throw an 842 * exception. 843 * 844 * @param fd the system-dependent file descriptor. 845 * @exception SecurityException if the calling thread does not have 846 * permission to access the specified file descriptor. 847 * @exception NullPointerException if the file descriptor argument is 848 * <code>null</code>. 849 * @see java.io.FileDescriptor 850 * @see #checkPermission(java.security.Permission) checkPermission 851 */ 852 public void checkRead(FileDescriptor fd) { 853 if (fd == null) { 854 throw new NullPointerException("file descriptor can't be null"); 855 } 856 checkPermission(new RuntimePermission("readFileDescriptor")); 857 } 858 859 /** 860 * Throws a <code>SecurityException</code> if the 861 * calling thread is not allowed to read the file specified by the 862 * string argument. 863 * <p> 864 * This method calls <code>checkPermission</code> with the 865 * <code>FilePermission(file,"read")</code> permission. 866 * <p> 867 * If you override this method, then you should make a call to 868 * <code>super.checkRead</code> 869 * at the point the overridden method would normally throw an 870 * exception. 871 * 872 * @param file the system-dependent file name. 873 * @exception SecurityException if the calling thread does not have 874 * permission to access the specified file. 875 * @exception NullPointerException if the <code>file</code> argument is 876 * <code>null</code>. 877 * @see #checkPermission(java.security.Permission) checkPermission 878 */ 879 public void checkRead(String file) { 880 checkPermission(new FilePermission(file, 881 SecurityConstants.FILE_READ_ACTION)); 882 } 883 884 /** 885 * Throws a <code>SecurityException</code> if the 886 * specified security context is not allowed to read the file 887 * specified by the string argument. The context must be a security 888 * context returned by a previous call to 889 * <code>getSecurityContext</code>. 890 * <p> If <code>context</code> is an instance of 891 * <code>AccessControlContext</code> then the 892 * <code>AccessControlContext.checkPermission</code> method will 893 * be invoked with the <code>FilePermission(file,"read")</code> permission. 894 * <p> If <code>context</code> is not an instance of 895 * <code>AccessControlContext</code> then a 896 * <code>SecurityException</code> is thrown. 897 * <p> 898 * If you override this method, then you should make a call to 899 * <code>super.checkRead</code> 900 * at the point the overridden method would normally throw an 901 * exception. 902 * 903 * @param file the system-dependent filename. 904 * @param context a system-dependent security context. 905 * @exception SecurityException if the specified security context 906 * is not an instance of <code>AccessControlContext</code> 907 * (e.g., is <code>null</code>), or does not have permission 908 * to read the specified file. 909 * @exception NullPointerException if the <code>file</code> argument is 910 * <code>null</code>. 911 * @see java.lang.SecurityManager#getSecurityContext() 912 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 913 */ 914 public void checkRead(String file, Object context) { 915 checkPermission( 916 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), 917 context); 918 } 919 920 /** 921 * Throws a <code>SecurityException</code> if the 922 * calling thread is not allowed to write to the specified file 923 * descriptor. 924 * <p> 925 * This method calls <code>checkPermission</code> with the 926 * <code>RuntimePermission("writeFileDescriptor")</code> 927 * permission. 928 * <p> 929 * If you override this method, then you should make a call to 930 * <code>super.checkWrite</code> 931 * at the point the overridden method would normally throw an 932 * exception. 933 * 934 * @param fd the system-dependent file descriptor. 935 * @exception SecurityException if the calling thread does not have 936 * permission to access the specified file descriptor. 937 * @exception NullPointerException if the file descriptor argument is 938 * <code>null</code>. 939 * @see java.io.FileDescriptor 940 * @see #checkPermission(java.security.Permission) checkPermission 941 */ 942 public void checkWrite(FileDescriptor fd) { 943 if (fd == null) { 944 throw new NullPointerException("file descriptor can't be null"); 945 } 946 checkPermission(new RuntimePermission("writeFileDescriptor")); 947 948 } 949 950 /** 951 * Throws a <code>SecurityException</code> if the 952 * calling thread is not allowed to write to the file specified by 953 * the string argument. 954 * <p> 955 * This method calls <code>checkPermission</code> with the 956 * <code>FilePermission(file,"write")</code> permission. 957 * <p> 958 * If you override this method, then you should make a call to 959 * <code>super.checkWrite</code> 960 * at the point the overridden method would normally throw an 961 * exception. 962 * 963 * @param file the system-dependent filename. 964 * @exception SecurityException if the calling thread does not 965 * have permission to access the specified file. 966 * @exception NullPointerException if the <code>file</code> argument is 967 * <code>null</code>. 968 * @see #checkPermission(java.security.Permission) checkPermission 969 */ 970 public void checkWrite(String file) { 971 checkPermission(new FilePermission(file, 972 SecurityConstants.FILE_WRITE_ACTION)); 973 } 974 975 /** 976 * Throws a <code>SecurityException</code> if the 977 * calling thread is not allowed to delete the specified file. 978 * <p> 979 * This method is invoked for the current security manager by the 980 * <code>delete</code> method of class <code>File</code>. 981 * <p> 982 * This method calls <code>checkPermission</code> with the 983 * <code>FilePermission(file,"delete")</code> permission. 984 * <p> 985 * If you override this method, then you should make a call to 986 * <code>super.checkDelete</code> 987 * at the point the overridden method would normally throw an 988 * exception. 989 * 990 * @param file the system-dependent filename. 991 * @exception SecurityException if the calling thread does not 992 * have permission to delete the file. 993 * @exception NullPointerException if the <code>file</code> argument is 994 * <code>null</code>. 995 * @see java.io.File#delete() 996 * @see #checkPermission(java.security.Permission) checkPermission 997 */ 998 public void checkDelete(String file) { 999 checkPermission(new FilePermission(file, 1000 SecurityConstants.FILE_DELETE_ACTION)); 1001 } 1002 1003 /** 1004 * Throws a <code>SecurityException</code> if the 1005 * calling thread is not allowed to open a socket connection to the 1006 * specified host and port number. 1007 * <p> 1008 * A port number of <code>-1</code> indicates that the calling 1009 * method is attempting to determine the IP address of the specified 1010 * host name. 1011 * <p> 1012 * This method calls <code>checkPermission</code> with the 1013 * <code>SocketPermission(host+":"+port,"connect")</code> permission if 1014 * the port is not equal to -1. If the port is equal to -1, then 1015 * it calls <code>checkPermission</code> with the 1016 * <code>SocketPermission(host,"resolve")</code> permission. 1017 * <p> 1018 * If you override this method, then you should make a call to 1019 * <code>super.checkConnect</code> 1020 * at the point the overridden method would normally throw an 1021 * exception. 1022 * 1023 * @param host the host name port to connect to. 1024 * @param port the protocol port to connect to. 1025 * @exception SecurityException if the calling thread does not have 1026 * permission to open a socket connection to the specified 1027 * <code>host</code> and <code>port</code>. 1028 * @exception NullPointerException if the <code>host</code> argument is 1029 * <code>null</code>. 1030 * @see #checkPermission(java.security.Permission) checkPermission 1031 */ 1032 public void checkConnect(String host, int port) { 1033 if (host == null) { 1034 throw new NullPointerException("host can't be null"); 1035 } 1036 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1037 host = "[" + host + "]"; 1038 } 1039 if (port == -1) { 1040 checkPermission(new SocketPermission(host, 1041 SecurityConstants.SOCKET_RESOLVE_ACTION)); 1042 } else { 1043 checkPermission(new SocketPermission(host+":"+port, 1044 SecurityConstants.SOCKET_CONNECT_ACTION)); 1045 } 1046 } 1047 1048 /** 1049 * Throws a <code>SecurityException</code> if the 1050 * specified security context is not allowed to open a socket 1051 * connection to the specified host and port number. 1052 * <p> 1053 * A port number of <code>-1</code> indicates that the calling 1054 * method is attempting to determine the IP address of the specified 1055 * host name. 1056 * <p> If <code>context</code> is not an instance of 1057 * <code>AccessControlContext</code> then a 1058 * <code>SecurityException</code> is thrown. 1059 * <p> 1060 * Otherwise, the port number is checked. If it is not equal 1061 * to -1, the <code>context</code>'s <code>checkPermission</code> 1062 * method is called with a 1063 * <code>SocketPermission(host+":"+port,"connect")</code> permission. 1064 * If the port is equal to -1, then 1065 * the <code>context</code>'s <code>checkPermission</code> method 1066 * is called with a 1067 * <code>SocketPermission(host,"resolve")</code> permission. 1068 * <p> 1069 * If you override this method, then you should make a call to 1070 * <code>super.checkConnect</code> 1071 * at the point the overridden method would normally throw an 1072 * exception. 1073 * 1074 * @param host the host name port to connect to. 1075 * @param port the protocol port to connect to. 1076 * @param context a system-dependent security context. 1077 * @exception SecurityException if the specified security context 1078 * is not an instance of <code>AccessControlContext</code> 1079 * (e.g., is <code>null</code>), or does not have permission 1080 * to open a socket connection to the specified 1081 * <code>host</code> and <code>port</code>. 1082 * @exception NullPointerException if the <code>host</code> argument is 1083 * <code>null</code>. 1084 * @see java.lang.SecurityManager#getSecurityContext() 1085 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 1086 */ 1087 public void checkConnect(String host, int port, Object context) { 1088 if (host == null) { 1089 throw new NullPointerException("host can't be null"); 1090 } 1091 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1092 host = "[" + host + "]"; 1093 } 1094 if (port == -1) 1095 checkPermission(new SocketPermission(host, 1096 SecurityConstants.SOCKET_RESOLVE_ACTION), 1097 context); 1098 else 1099 checkPermission(new SocketPermission(host+":"+port, 1100 SecurityConstants.SOCKET_CONNECT_ACTION), 1101 context); 1102 } 1103 1104 /** 1105 * Throws a <code>SecurityException</code> if the 1106 * calling thread is not allowed to wait for a connection request on 1107 * the specified local port number. 1108 * <p> 1109 * This method calls <code>checkPermission</code> with the 1110 * <code>SocketPermission("localhost:"+port,"listen")</code>. 1111 * <p> 1112 * If you override this method, then you should make a call to 1113 * <code>super.checkListen</code> 1114 * at the point the overridden method would normally throw an 1115 * exception. 1116 * 1117 * @param port the local port. 1118 * @exception SecurityException if the calling thread does not have 1119 * permission to listen on the specified port. 1120 * @see #checkPermission(java.security.Permission) checkPermission 1121 */ 1122 public void checkListen(int port) { 1123 checkPermission(new SocketPermission("localhost:"+port, 1124 SecurityConstants.SOCKET_LISTEN_ACTION)); 1125 } 1126 1127 /** 1128 * Throws a <code>SecurityException</code> if the 1129 * calling thread is not permitted to accept a socket connection from 1130 * the specified host and port number. 1131 * <p> 1132 * This method is invoked for the current security manager by the 1133 * <code>accept</code> method of class <code>ServerSocket</code>. 1134 * <p> 1135 * This method calls <code>checkPermission</code> with the 1136 * <code>SocketPermission(host+":"+port,"accept")</code> permission. 1137 * <p> 1138 * If you override this method, then you should make a call to 1139 * <code>super.checkAccept</code> 1140 * at the point the overridden method would normally throw an 1141 * exception. 1142 * 1143 * @param host the host name of the socket connection. 1144 * @param port the port number of the socket connection. 1145 * @exception SecurityException if the calling thread does not have 1146 * permission to accept the connection. 1147 * @exception NullPointerException if the <code>host</code> argument is 1148 * <code>null</code>. 1149 * @see java.net.ServerSocket#accept() 1150 * @see #checkPermission(java.security.Permission) checkPermission 1151 */ 1152 public void checkAccept(String host, int port) { 1153 if (host == null) { 1154 throw new NullPointerException("host can't be null"); 1155 } 1156 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1157 host = "[" + host + "]"; 1158 } 1159 checkPermission(new SocketPermission(host+":"+port, 1160 SecurityConstants.SOCKET_ACCEPT_ACTION)); 1161 } 1162 1163 /** 1164 * Throws a <code>SecurityException</code> if the 1165 * calling thread is not allowed to use 1166 * (join/leave/send/receive) IP multicast. 1167 * <p> 1168 * This method calls <code>checkPermission</code> with the 1169 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1170 * "accept,connect")</code> permission. 1171 * <p> 1172 * If you override this method, then you should make a call to 1173 * <code>super.checkMulticast</code> 1174 * at the point the overridden method would normally throw an 1175 * exception. 1176 * 1177 * @param maddr Internet group address to be used. 1178 * @exception SecurityException if the calling thread is not allowed to 1179 * use (join/leave/send/receive) IP multicast. 1180 * @exception NullPointerException if the address argument is 1181 * <code>null</code>. 1182 * @since JDK1.1 1183 * @see #checkPermission(java.security.Permission) checkPermission 1184 */ 1185 public void checkMulticast(InetAddress maddr) { 1186 String host = maddr.getHostAddress(); 1187 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1188 host = "[" + host + "]"; 1189 } 1190 checkPermission(new SocketPermission(host, 1191 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1192 } 1193 1194 /** 1195 * Throws a <code>SecurityException</code> if the 1196 * calling thread is not allowed to use 1197 * (join/leave/send/receive) IP multicast. 1198 * <p> 1199 * This method calls <code>checkPermission</code> with the 1200 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1201 * "accept,connect")</code> permission. 1202 * <p> 1203 * If you override this method, then you should make a call to 1204 * <code>super.checkMulticast</code> 1205 * at the point the overridden method would normally throw an 1206 * exception. 1207 * 1208 * @param maddr Internet group address to be used. 1209 * @param ttl value in use, if it is multicast send. 1210 * Note: this particular implementation does not use the ttl 1211 * parameter. 1212 * @exception SecurityException if the calling thread is not allowed to 1213 * use (join/leave/send/receive) IP multicast. 1214 * @exception NullPointerException if the address argument is 1215 * <code>null</code>. 1216 * @since JDK1.1 1217 * @deprecated Use #checkPermission(java.security.Permission) instead 1218 * @see #checkPermission(java.security.Permission) checkPermission 1219 */ 1220 @Deprecated 1221 public void checkMulticast(InetAddress maddr, byte ttl) { 1222 String host = maddr.getHostAddress(); 1223 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1224 host = "[" + host + "]"; 1225 } 1226 checkPermission(new SocketPermission(host, 1227 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1228 } 1229 1230 /** 1231 * Throws a <code>SecurityException</code> if the 1232 * calling thread is not allowed to access or modify the system 1233 * properties. 1234 * <p> 1235 * This method is used by the <code>getProperties</code> and 1236 * <code>setProperties</code> methods of class <code>System</code>. 1237 * <p> 1238 * This method calls <code>checkPermission</code> with the 1239 * <code>PropertyPermission("*", "read,write")</code> permission. 1240 * <p> 1241 * If you override this method, then you should make a call to 1242 * <code>super.checkPropertiesAccess</code> 1243 * at the point the overridden method would normally throw an 1244 * exception. 1245 * <p> 1246 * 1247 * @exception SecurityException if the calling thread does not have 1248 * permission to access or modify the system properties. 1249 * @see java.lang.System#getProperties() 1250 * @see java.lang.System#setProperties(java.util.Properties) 1251 * @see #checkPermission(java.security.Permission) checkPermission 1252 */ 1253 public void checkPropertiesAccess() { 1254 checkPermission(new PropertyPermission("*", 1255 SecurityConstants.PROPERTY_RW_ACTION)); 1256 } 1257 1258 /** 1259 * Throws a <code>SecurityException</code> if the 1260 * calling thread is not allowed to access the system property with 1261 * the specified <code>key</code> name. 1262 * <p> 1263 * This method is used by the <code>getProperty</code> method of 1264 * class <code>System</code>. 1265 * <p> 1266 * This method calls <code>checkPermission</code> with the 1267 * <code>PropertyPermission(key, "read")</code> permission. 1268 * <p> 1269 * If you override this method, then you should make a call to 1270 * <code>super.checkPropertyAccess</code> 1271 * at the point the overridden method would normally throw an 1272 * exception. 1273 * 1274 * @param key a system property key. 1275 * 1276 * @exception SecurityException if the calling thread does not have 1277 * permission to access the specified system property. 1278 * @exception NullPointerException if the <code>key</code> argument is 1279 * <code>null</code>. 1280 * @exception IllegalArgumentException if <code>key</code> is empty. 1281 * 1282 * @see java.lang.System#getProperty(java.lang.String) 1283 * @see #checkPermission(java.security.Permission) checkPermission 1284 */ 1285 public void checkPropertyAccess(String key) { 1286 checkPermission(new PropertyPermission(key, 1287 SecurityConstants.PROPERTY_READ_ACTION)); 1288 } 1289 1290 /** 1291 * Returns {@code true} if the calling thread has {@code AllPermission}. 1292 * 1293 * @param window not used except to check if it is {@code null}. 1294 * @return {@code true} if the calling thread has {@code AllPermission}. 1295 * @exception NullPointerException if the {@code window} argument is 1296 * {@code null}. 1297 * @deprecated This method was originally used to check if the calling thread 1298 * was trusted to bring up a top-level window. The method has been 1299 * obsoleted and code should instead use {@link #checkPermission} 1300 * to check {@code AWTPermission("showWindowWithoutWarningBanner")}. 1301 * @see #checkPermission(java.security.Permission) checkPermission 1302 */ 1303 @Deprecated 1304 public boolean checkTopLevelWindow(Object window) { 1305 if (window == null) { 1306 throw new NullPointerException("window can't be null"); 1307 } 1308 return hasAllPermission(); 1309 } 1310 1311 /** 1312 * Throws a <code>SecurityException</code> if the 1313 * calling thread is not allowed to initiate a print job request. 1314 * <p> 1315 * This method calls 1316 * <code>checkPermission</code> with the 1317 * <code>RuntimePermission("queuePrintJob")</code> permission. 1318 * <p> 1319 * If you override this method, then you should make a call to 1320 * <code>super.checkPrintJobAccess</code> 1321 * at the point the overridden method would normally throw an 1322 * exception. 1323 * <p> 1324 * 1325 * @exception SecurityException if the calling thread does not have 1326 * permission to initiate a print job request. 1327 * @since JDK1.1 1328 * @see #checkPermission(java.security.Permission) checkPermission 1329 */ 1330 public void checkPrintJobAccess() { 1331 checkPermission(new RuntimePermission("queuePrintJob")); 1332 } 1333 1334 /** 1335 * Throws {@code SecurityException} if the calling thread does 1336 * not have {@code AllPermission}. 1337 * 1338 * @since JDK1.1 1339 * @exception SecurityException if the calling thread does not have 1340 * {@code AllPermission} 1341 * @deprecated This method was originally used to check if the calling 1342 * thread could access the system clipboard. The method has been 1343 * obsoleted and code should instead use {@link #checkPermission} 1344 * to check {@code AWTPermission("accessClipboard")}. 1345 * @see #checkPermission(java.security.Permission) checkPermission 1346 */ 1347 @Deprecated 1348 public void checkSystemClipboardAccess() { 1349 checkPermission(SecurityConstants.ALL_PERMISSION); 1350 } 1351 1352 /** 1353 * Throws {@code SecurityException} if the calling thread does 1354 * not have {@code AllPermission}. 1355 * 1356 * @since JDK1.1 1357 * @exception SecurityException if the calling thread does not have 1358 * {@code AllPermission} 1359 * @deprecated This method was originally used to check if the calling 1360 * thread could access the AWT event queue. The method has been 1361 * obsoleted and code should instead use {@link #checkPermission} 1362 * to check {@code AWTPermission("accessEventQueue")}. 1363 * @see #checkPermission(java.security.Permission) checkPermission 1364 */ 1365 @Deprecated 1366 public void checkAwtEventQueueAccess() { 1367 checkPermission(SecurityConstants.ALL_PERMISSION); 1368 } 1369 1370 /* 1371 * We have an initial invalid bit (initially false) for the class 1372 * variables which tell if the cache is valid. If the underlying 1373 * java.security.Security property changes via setProperty(), the 1374 * Security class uses reflection to change the variable and thus 1375 * invalidate the cache. 1376 * 1377 * Locking is handled by synchronization to the 1378 * packageAccessLock/packageDefinitionLock objects. They are only 1379 * used in this class. 1380 * 1381 * Note that cache invalidation as a result of the property change 1382 * happens without using these locks, so there may be a delay between 1383 * when a thread updates the property and when other threads updates 1384 * the cache. 1385 */ 1386 private static boolean packageAccessValid = false; 1387 private static String[] packageAccess; 1388 private static final Object packageAccessLock = new Object(); 1389 1390 private static boolean packageDefinitionValid = false; 1391 private static String[] packageDefinition; 1392 private static final Object packageDefinitionLock = new Object(); 1393 1394 private static String[] getPackages(String p) { 1395 String packages[] = null; 1396 if (p != null && !p.equals("")) { 1397 java.util.StringTokenizer tok = 1398 new java.util.StringTokenizer(p, ","); 1399 int n = tok.countTokens(); 1400 if (n > 0) { 1401 packages = new String[n]; 1402 int i = 0; 1403 while (tok.hasMoreElements()) { 1404 String s = tok.nextToken().trim(); 1405 packages[i++] = s; 1406 } 1407 } 1408 } 1409 1410 if (packages == null) 1411 packages = new String[0]; 1412 return packages; 1413 } 1414 1415 /** 1416 * Throws a <code>SecurityException</code> if the 1417 * calling thread is not allowed to access the package specified by 1418 * the argument. 1419 * <p> 1420 * This method is used by the <code>loadClass</code> method of class 1421 * loaders. 1422 * <p> 1423 * This method first gets a list of 1424 * restricted packages by obtaining a comma-separated list from 1425 * a call to 1426 * <code>java.security.Security.getProperty("package.access")</code>, 1427 * and checks to see if <code>pkg</code> starts with or equals 1428 * any of the restricted packages. If it does, then 1429 * <code>checkPermission</code> gets called with the 1430 * <code>RuntimePermission("accessClassInPackage."+pkg)</code> 1431 * permission. 1432 * <p> 1433 * If this method is overridden, then 1434 * <code>super.checkPackageAccess</code> should be called 1435 * as the first line in the overridden method. 1436 * 1437 * @param pkg the package name. 1438 * @exception SecurityException if the calling thread does not have 1439 * permission to access the specified package. 1440 * @exception NullPointerException if the package name argument is 1441 * <code>null</code>. 1442 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1443 * loadClass 1444 * @see java.security.Security#getProperty getProperty 1445 * @see #checkPermission(java.security.Permission) checkPermission 1446 */ 1447 public void checkPackageAccess(String pkg) { 1448 if (pkg == null) { 1449 throw new NullPointerException("package name can't be null"); 1450 } 1451 1452 String[] pkgs; 1453 synchronized (packageAccessLock) { 1454 /* 1455 * Do we need to update our property array? 1456 */ 1457 if (!packageAccessValid) { 1458 String tmpPropertyStr = 1459 AccessController.doPrivileged( 1460 new PrivilegedAction<String>() { 1461 public String run() { 1462 return java.security.Security.getProperty( 1463 "package.access"); 1464 } 1465 } 1466 ); 1467 packageAccess = getPackages(tmpPropertyStr); 1468 packageAccessValid = true; 1469 } 1470 1471 // Using a snapshot of packageAccess -- don't care if static field 1472 // changes afterwards; array contents won't change. 1473 pkgs = packageAccess; 1474 } 1475 1476 /* 1477 * Traverse the list of packages, check for any matches. 1478 */ 1479 for (String restrictedPkg : pkgs) { 1480 if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) { 1481 checkPermission( 1482 new RuntimePermission("accessClassInPackage." + pkg)); 1483 break; // No need to continue; only need to check this once 1484 } 1485 } 1486 } 1487 1488 /** 1489 * Throws a <code>SecurityException</code> if the 1490 * calling thread is not allowed to define classes in the package 1491 * specified by the argument. 1492 * <p> 1493 * This method is used by the <code>loadClass</code> method of some 1494 * class loaders. 1495 * <p> 1496 * This method first gets a list of restricted packages by 1497 * obtaining a comma-separated list from a call to 1498 * <code>java.security.Security.getProperty("package.definition")</code>, 1499 * and checks to see if <code>pkg</code> starts with or equals 1500 * any of the restricted packages. If it does, then 1501 * <code>checkPermission</code> gets called with the 1502 * <code>RuntimePermission("defineClassInPackage."+pkg)</code> 1503 * permission. 1504 * <p> 1505 * If this method is overridden, then 1506 * <code>super.checkPackageDefinition</code> should be called 1507 * as the first line in the overridden method. 1508 * 1509 * @param pkg the package name. 1510 * @exception SecurityException if the calling thread does not have 1511 * permission to define classes in the specified package. 1512 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1513 * @see java.security.Security#getProperty getProperty 1514 * @see #checkPermission(java.security.Permission) checkPermission 1515 */ 1516 public void checkPackageDefinition(String pkg) { 1517 if (pkg == null) { 1518 throw new NullPointerException("package name can't be null"); 1519 } 1520 1521 String[] pkgs; 1522 synchronized (packageDefinitionLock) { 1523 /* 1524 * Do we need to update our property array? 1525 */ 1526 if (!packageDefinitionValid) { 1527 String tmpPropertyStr = 1528 AccessController.doPrivileged( 1529 new PrivilegedAction<String>() { 1530 public String run() { 1531 return java.security.Security.getProperty( 1532 "package.definition"); 1533 } 1534 } 1535 ); 1536 packageDefinition = getPackages(tmpPropertyStr); 1537 packageDefinitionValid = true; 1538 } 1539 // Using a snapshot of packageDefinition -- don't care if static 1540 // field changes afterwards; array contents won't change. 1541 pkgs = packageDefinition; 1542 } 1543 1544 /* 1545 * Traverse the list of packages, check for any matches. 1546 */ 1547 for (String restrictedPkg : pkgs) { 1548 if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) { 1549 checkPermission( 1550 new RuntimePermission("defineClassInPackage." + pkg)); 1551 break; // No need to continue; only need to check this once 1552 } 1553 } 1554 } 1555 1556 /** 1557 * Throws a <code>SecurityException</code> if the 1558 * calling thread is not allowed to set the socket factory used by 1559 * <code>ServerSocket</code> or <code>Socket</code>, or the stream 1560 * handler factory used by <code>URL</code>. 1561 * <p> 1562 * This method calls <code>checkPermission</code> with the 1563 * <code>RuntimePermission("setFactory")</code> permission. 1564 * <p> 1565 * If you override this method, then you should make a call to 1566 * <code>super.checkSetFactory</code> 1567 * at the point the overridden method would normally throw an 1568 * exception. 1569 * <p> 1570 * 1571 * @exception SecurityException if the calling thread does not have 1572 * permission to specify a socket factory or a stream 1573 * handler factory. 1574 * 1575 * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory 1576 * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory 1577 * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory 1578 * @see #checkPermission(java.security.Permission) checkPermission 1579 */ 1580 public void checkSetFactory() { 1581 checkPermission(new RuntimePermission("setFactory")); 1582 } 1583 1584 /** 1585 * Throws a <code>SecurityException</code> if the 1586 * calling thread is not allowed to access members. 1587 * <p> 1588 * The default policy is to allow access to PUBLIC members, as well 1589 * as access to classes that have the same class loader as the caller. 1590 * In all other cases, this method calls <code>checkPermission</code> 1591 * with the <code>RuntimePermission("accessDeclaredMembers") 1592 * </code> permission. 1593 * <p> 1594 * If this method is overridden, then a call to 1595 * <code>super.checkMemberAccess</code> cannot be made, 1596 * as the default implementation of <code>checkMemberAccess</code> 1597 * relies on the code being checked being at a stack depth of 1598 * 4. 1599 * 1600 * @param clazz the class that reflection is to be performed on. 1601 * 1602 * @param which type of access, PUBLIC or DECLARED. 1603 * 1604 * @exception SecurityException if the caller does not have 1605 * permission to access members. 1606 * @exception NullPointerException if the <code>clazz</code> argument is 1607 * <code>null</code>. 1608 * 1609 * @deprecated This method relies on the caller being at a stack depth 1610 * of 4 which is error-prone and cannot be enforced by the runtime. 1611 * Users of this method should instead invoke {@link #checkPermission} 1612 * directly. This method will be changed in a future release 1613 * to check the permission {@code java.security.AllPermission}. 1614 * 1615 * @see java.lang.reflect.Member 1616 * @since JDK1.1 1617 * @see #checkPermission(java.security.Permission) checkPermission 1618 */ 1619 @Deprecated 1620 @CallerSensitive 1621 public void checkMemberAccess(Class<?> clazz, int which) { 1622 if (clazz == null) { 1623 throw new NullPointerException("class can't be null"); 1624 } 1625 if (which != Member.PUBLIC) { 1626 Class<?> stack[] = getClassContext(); 1627 /* 1628 * stack depth of 4 should be the caller of one of the 1629 * methods in java.lang.Class that invoke checkMember 1630 * access. The stack should look like: 1631 * 1632 * someCaller [3] 1633 * java.lang.Class.someReflectionAPI [2] 1634 * java.lang.Class.checkMemberAccess [1] 1635 * SecurityManager.checkMemberAccess [0] 1636 * 1637 */ 1638 if ((stack.length<4) || 1639 (stack[3].getClassLoader() != clazz.getClassLoader())) { 1640 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); 1641 } 1642 } 1643 } 1644 1645 /** 1646 * Determines whether the permission with the specified permission target 1647 * name should be granted or denied. 1648 * 1649 * <p> If the requested permission is allowed, this method returns 1650 * quietly. If denied, a SecurityException is raised. 1651 * 1652 * <p> This method creates a <code>SecurityPermission</code> object for 1653 * the given permission target name and calls <code>checkPermission</code> 1654 * with it. 1655 * 1656 * <p> See the documentation for 1657 * <code>{@link java.security.SecurityPermission}</code> for 1658 * a list of possible permission target names. 1659 * 1660 * <p> If you override this method, then you should make a call to 1661 * <code>super.checkSecurityAccess</code> 1662 * at the point the overridden method would normally throw an 1663 * exception. 1664 * 1665 * @param target the target name of the <code>SecurityPermission</code>. 1666 * 1667 * @exception SecurityException if the calling thread does not have 1668 * permission for the requested access. 1669 * @exception NullPointerException if <code>target</code> is null. 1670 * @exception IllegalArgumentException if <code>target</code> is empty. 1671 * 1672 * @since JDK1.1 1673 * @see #checkPermission(java.security.Permission) checkPermission 1674 */ 1675 public void checkSecurityAccess(String target) { 1676 checkPermission(new SecurityPermission(target)); 1677 } 1678 1679 private native Class<?> currentLoadedClass0(); 1680 1681 /** 1682 * Returns the thread group into which to instantiate any new 1683 * thread being created at the time this is being called. 1684 * By default, it returns the thread group of the current 1685 * thread. This should be overridden by a specific security 1686 * manager to return the appropriate thread group. 1687 * 1688 * @return ThreadGroup that new threads are instantiated into 1689 * @since JDK1.1 1690 * @see java.lang.ThreadGroup 1691 */ 1692 public ThreadGroup getThreadGroup() { 1693 return Thread.currentThread().getThreadGroup(); 1694 } 1695 1696 }