1 /*
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.util;
27
28 import java.io.Serializable;
29 import java.io.IOException;
30 import java.security.*;
31 import java.util.Map;
32 import java.util.HashMap;
33 import java.util.Enumeration;
34 import java.util.Hashtable;
35 import java.util.Collections;
36 import java.io.ObjectStreamField;
37 import java.io.ObjectOutputStream;
38 import java.io.ObjectInputStream;
39 import java.io.IOException;
40 import sun.security.util.SecurityConstants;
41
42 /**
43 * This class is for property permissions.
44 *
45 * <P>
46 * The name is the name of the property ("java.home",
47 * "os.name", etc). The naming
48 * convention follows the hierarchical property naming convention.
49 * Also, an asterisk
50 * may appear at the end of the name, following a ".", or by itself, to
51 * signify a wildcard match. For example: "java.*" and "*" signify a wildcard
52 * match, while "*java" and "a*b" do not.
53 * <P>
54 * The actions to be granted are passed to the constructor in a string containing
55 * a list of one or more comma-separated keywords. The possible keywords are
56 * "read" and "write". Their meaning is defined as follows:
57 *
58 * <DL>
59 * <DT> read
60 * <DD> read permission. Allows <code>System.getProperty</code> to
61 * be called.
62 * <DT> write
63 * <DD> write permission. Allows <code>System.setProperty</code> to
64 * be called.
65 * </DL>
66 * <P>
67 * The actions string is converted to lowercase before processing.
68 * <P>
69 * Care should be taken before granting code permission to access
70 * certain system properties. For example, granting permission to
71 * access the "java.home" system property gives potentially malevolent
72 * code sensitive information about the system environment (the Java
73 * installation directory). Also, granting permission to access
74 * the "user.name" and "user.home" system properties gives potentially
75 * malevolent code sensitive information about the user environment
76 * (the user's account name and home directory).
77 *
78 * @see java.security.BasicPermission
79 * @see java.security.Permission
80 * @see java.security.Permissions
81 * @see java.security.PermissionCollection
82 * @see java.lang.SecurityManager
83 *
84 *
85 * @author Roland Schemers
86 * @since 1.2
87 *
88 * @serial exclude
89 */
90
91 public final class PropertyPermission extends BasicPermission {
92
93 /**
94 * Read action.
95 */
96 private final static int READ = 0x1;
97
98 /**
99 * Write action.
100 */
101 private final static int WRITE = 0x2;
102 /**
103 * All actions (read,write);
104 */
105 private final static int ALL = READ|WRITE;
106 /**
107 * No actions.
108 */
109 private final static int NONE = 0x0;
110
111 /**
112 * The actions mask.
113 *
114 */
115 private transient int mask;
116
117 /**
118 * The actions string.
119 *
120 * @serial
121 */
122 private String actions; // Left null as long as possible, then
123 // created and re-used in the getAction function.
124
125 /**
126 * initialize a PropertyPermission object. Common to all constructors.
127 * Also called during de-serialization.
128 *
129 * @param mask the actions mask to use.
130 *
131 */
132 private void init(int mask) {
133 if ((mask & ALL) != mask)
134 throw new IllegalArgumentException("invalid actions mask");
135
136 if (mask == NONE)
137 throw new IllegalArgumentException("invalid actions mask");
138
139 if (getName() == null)
140 throw new NullPointerException("name can't be null");
141
142 this.mask = mask;
143 }
144
145 /**
146 * Creates a new PropertyPermission object with the specified name.
147 * The name is the name of the system property, and
148 * <i>actions</i> contains a comma-separated list of the
149 * desired actions granted on the property. Possible actions are
150 * "read" and "write".
151 *
152 * @param name the name of the PropertyPermission.
153 * @param actions the actions string.
154 *
155 * @throws NullPointerException if <code>name</code> is <code>null</code>.
156 * @throws IllegalArgumentException if <code>name</code> is empty or if
157 * <code>actions</code> is invalid.
158 */
159 public PropertyPermission(String name, String actions) {
160 super(name,actions);
161 init(getMask(actions));
162 }
163
164 /**
165 * Checks if this PropertyPermission object "implies" the specified
166 * permission.
167 * <P>
168 * More specifically, this method returns true if:
169 * <ul>
170 * <li> <i>p</i> is an instanceof PropertyPermission,
171 * <li> <i>p</i>'s actions are a subset of this
172 * object's actions, and
173 * <li> <i>p</i>'s name is implied by this object's
174 * name. For example, "java.*" implies "java.home".
175 * </ul>
176 * @param p the permission to check against.
177 *
178 * @return true if the specified permission is implied by this object,
179 * false if not.
180 */
181 public boolean implies(Permission p) {
182 if (!(p instanceof PropertyPermission))
183 return false;
184
185 PropertyPermission that = (PropertyPermission) p;
186
187 // we get the effective mask. i.e., the "and" of this and that.
188 // They must be equal to that.mask for implies to return true.
189
190 return ((this.mask & that.mask) == that.mask) && super.implies(that);
191 }
192
193 /**
194 * Checks two PropertyPermission objects for equality. Checks that <i>obj</i> is
195 * a PropertyPermission, and has the same name and actions as this object.
196 *
197 * @param obj the object we are testing for equality with this object.
198 * @return true if obj is a PropertyPermission, and has the same name and
199 * actions as this PropertyPermission object.
200 */
201 public boolean equals(Object obj) {
202 if (obj == this)
203 return true;
204
205 if (! (obj instanceof PropertyPermission))
206 return false;
207
208 PropertyPermission that = (PropertyPermission) obj;
209
210 return (this.mask == that.mask) &&
211 (this.getName().equals(that.getName()));
212 }
213
214 /**
215 * Returns the hash code value for this object.
216 * The hash code used is the hash code of this permissions name, that is,
217 * <code>getName().hashCode()</code>, where <code>getName</code> is
218 * from the Permission superclass.
219 *
220 * @return a hash code value for this object.
221 */
222 public int hashCode() {
223 return this.getName().hashCode();
224 }
225
226 /**
227 * Converts an actions String to an actions mask.
228 *
229 * @param actions the action string.
230 * @return the actions mask.
231 */
232 private static int getMask(String actions) {
233
234 int mask = NONE;
235
236 if (actions == null) {
237 return mask;
238 }
239
240 // Use object identity comparison against known-interned strings for
241 // performance benefit (these values are used heavily within the JDK).
242 if (actions == SecurityConstants.PROPERTY_READ_ACTION) {
243 return READ;
244 } if (actions == SecurityConstants.PROPERTY_WRITE_ACTION) {
245 return WRITE;
246 } else if (actions == SecurityConstants.PROPERTY_RW_ACTION) {
247 return READ|WRITE;
248 }
249
250 char[] a = actions.toCharArray();
251
252 int i = a.length - 1;
253 if (i < 0)
254 return mask;
255
256 while (i != -1) {
257 char c;
258
259 // skip whitespace
260 while ((i!=-1) && ((c = a[i]) == ' ' ||
261 c == '\r' ||
262 c == '\n' ||
263 c == '\f' ||
264 c == '\t'))
265 i--;
266
267 // check for the known strings
268 int matchlen;
269
270 if (i >= 3 && (a[i-3] == 'r' || a[i-3] == 'R') &&
271 (a[i-2] == 'e' || a[i-2] == 'E') &&
272 (a[i-1] == 'a' || a[i-1] == 'A') &&
273 (a[i] == 'd' || a[i] == 'D'))
274 {
275 matchlen = 4;
276 mask |= READ;
277
278 } else if (i >= 4 && (a[i-4] == 'w' || a[i-4] == 'W') &&
279 (a[i-3] == 'r' || a[i-3] == 'R') &&
280 (a[i-2] == 'i' || a[i-2] == 'I') &&
281 (a[i-1] == 't' || a[i-1] == 'T') &&
282 (a[i] == 'e' || a[i] == 'E'))
283 {
284 matchlen = 5;
285 mask |= WRITE;
286
287 } else {
288 // parse error
289 throw new IllegalArgumentException(
290 "invalid permission: " + actions);
291 }
292
293 // make sure we didn't just match the tail of a word
294 // like "ackbarfaccept". Also, skip to the comma.
295 boolean seencomma = false;
296 while (i >= matchlen && !seencomma) {
297 switch(a[i-matchlen]) {
298 case ',':
299 seencomma = true;
300 break;
301 case ' ': case '\r': case '\n':
302 case '\f': case '\t':
303 break;
304 default:
305 throw new IllegalArgumentException(
306 "invalid permission: " + actions);
307 }
308 i--;
309 }
310
311 // point i at the location of the comma minus one (or -1).
312 i -= matchlen;
313 }
314
315 return mask;
316 }
317
318
319 /**
320 * Return the canonical string representation of the actions.
321 * Always returns present actions in the following order:
322 * read, write.
323 *
324 * @return the canonical string representation of the actions.
325 */
326 static String getActions(int mask) {
327 StringBuilder sb = new StringBuilder();
328 boolean comma = false;
329
330 if ((mask & READ) == READ) {
331 comma = true;
332 sb.append("read");
333 }
334
335 if ((mask & WRITE) == WRITE) {
336 if (comma) sb.append(',');
337 else comma = true;
338 sb.append("write");
339 }
340 return sb.toString();
341 }
342
343 /**
344 * Returns the "canonical string representation" of the actions.
345 * That is, this method always returns present actions in the following order:
346 * read, write. For example, if this PropertyPermission object
347 * allows both write and read actions, a call to <code>getActions</code>
348 * will return the string "read,write".
349 *
350 * @return the canonical string representation of the actions.
351 */
352 public String getActions() {
353 if (actions == null)
354 actions = getActions(this.mask);
355
356 return actions;
357 }
358
359 /**
360 * Return the current action mask.
361 * Used by the PropertyPermissionCollection
362 *
363 * @return the actions mask.
364 */
365 int getMask() {
366 return mask;
367 }
368
369 /**
370 * Returns a new PermissionCollection object for storing
371 * PropertyPermission objects.
372 *
373 * @return a new PermissionCollection object suitable for storing
374 * PropertyPermissions.
375 */
376 public PermissionCollection newPermissionCollection() {
377 return new PropertyPermissionCollection();
378 }
379
380
381 private static final long serialVersionUID = 885438825399942851L;
382
383 /**
384 * WriteObject is called to save the state of the PropertyPermission
385 * to a stream. The actions are serialized, and the superclass
386 * takes care of the name.
387 */
388 private synchronized void writeObject(java.io.ObjectOutputStream s)
389 throws IOException
390 {
391 // Write out the actions. The superclass takes care of the name
392 // call getActions to make sure actions field is initialized
393 if (actions == null)
394 getActions();
395 s.defaultWriteObject();
396 }
397
398 /**
399 * readObject is called to restore the state of the PropertyPermission from
400 * a stream.
401 */
402 private synchronized void readObject(java.io.ObjectInputStream s)
403 throws IOException, ClassNotFoundException
404 {
405 // Read in the action, then initialize the rest
406 s.defaultReadObject();
407 init(getMask(actions));
408 }
409 }
410
411 /**
412 * A PropertyPermissionCollection stores a set of PropertyPermission
413 * permissions.
414 *
415 * @see java.security.Permission
416 * @see java.security.Permissions
417 * @see java.security.PermissionCollection
418 *
419 *
420 * @author Roland Schemers
421 *
422 * @serial include
423 */
424 final class PropertyPermissionCollection extends PermissionCollection
425 implements Serializable
426 {
427
428 /**
429 * Key is property name; value is PropertyPermission.
430 * Not serialized; see serialization section at end of class.
431 */
432 private transient Map<String, PropertyPermission> perms;
433
434 /**
435 * Boolean saying if "*" is in the collection.
436 *
437 * @see #serialPersistentFields
438 */
439 // No sync access; OK for this to be stale.
440 private boolean all_allowed;
441
442 /**
443 * Create an empty PropertyPermissionCollection object.
444 */
445 public PropertyPermissionCollection() {
446 perms = new HashMap<>(32); // Capacity for default policy
447 all_allowed = false;
448 }
449
450 /**
451 * Adds a permission to the PropertyPermissions. The key for the hash is
452 * the name.
453 *
454 * @param permission the Permission object to add.
455 *
456 * @exception IllegalArgumentException - if the permission is not a
457 * PropertyPermission
458 *
459 * @exception SecurityException - if this PropertyPermissionCollection
460 * object has been marked readonly
461 */
462 public void add(Permission permission) {
463 if (! (permission instanceof PropertyPermission))
464 throw new IllegalArgumentException("invalid permission: "+
465 permission);
466 if (isReadOnly())
467 throw new SecurityException(
468 "attempt to add a Permission to a readonly PermissionCollection");
469
470 PropertyPermission pp = (PropertyPermission) permission;
471 String propName = pp.getName();
472
473 synchronized (this) {
474 PropertyPermission existing = perms.get(propName);
475
476 if (existing != null) {
477 int oldMask = existing.getMask();
478 int newMask = pp.getMask();
479 if (oldMask != newMask) {
480 int effective = oldMask | newMask;
481 String actions = PropertyPermission.getActions(effective);
482 perms.put(propName, new PropertyPermission(propName, actions));
483 }
484 } else {
485 perms.put(propName, pp);
486 }
487 }
488
489 if (!all_allowed) {
490 if (propName.equals("*"))
491 all_allowed = true;
492 }
493 }
494
495 /**
496 * Check and see if this set of permissions implies the permissions
497 * expressed in "permission".
498 *
499 * @param permission the Permission object to compare
500 *
501 * @return true if "permission" is a proper subset of a permission in
502 * the set, false if not.
503 */
504 public boolean implies(Permission permission) {
505 if (! (permission instanceof PropertyPermission))
506 return false;
507
508 PropertyPermission pp = (PropertyPermission) permission;
509 PropertyPermission x;
510
511 int desired = pp.getMask();
512 int effective = 0;
513
514 // short circuit if the "*" Permission was added
515 if (all_allowed) {
516 synchronized (this) {
517 x = perms.get("*");
518 }
519 if (x != null) {
520 effective |= x.getMask();
521 if ((effective & desired) == desired)
522 return true;
523 }
524 }
525
526 // strategy:
527 // Check for full match first. Then work our way up the
528 // name looking for matches on a.b.*
529
530 String name = pp.getName();
531 //System.out.println("check "+name);
532
533 synchronized (this) {
534 x = perms.get(name);
535 }
536
537 if (x != null) {
538 // we have a direct hit!
539 effective |= x.getMask();
540 if ((effective & desired) == desired)
541 return true;
542 }
543
544 // work our way up the tree...
545 int last, offset;
546
547 offset = name.length()-1;
548
549 while ((last = name.lastIndexOf(".", offset)) != -1) {
550
551 name = name.substring(0, last+1) + "*";
552 //System.out.println("check "+name);
553 synchronized (this) {
554 x = perms.get(name);
555 }
556
557 if (x != null) {
558 effective |= x.getMask();
559 if ((effective & desired) == desired)
560 return true;
561 }
562 offset = last -1;
563 }
564
565 // we don't have to check for "*" as it was already checked
566 // at the top (all_allowed), so we just return false
567 return false;
568 }
569
570 /**
571 * Returns an enumeration of all the PropertyPermission objects in the
572 * container.
573 *
574 * @return an enumeration of all the PropertyPermission objects.
575 */
576 @SuppressWarnings("unchecked")
577 public Enumeration<Permission> elements() {
578 // Convert Iterator of Map values into an Enumeration
579 synchronized (this) {
580 /**
581 * Casting to rawtype since Enumeration<PropertyPermission>
582 * cannot be directly cast to Enumeration<Permission>
583 */
584 return (Enumeration)Collections.enumeration(perms.values());
585 }
586 }
587
588 private static final long serialVersionUID = 7015263904581634791L;
589
590 // Need to maintain serialization interoperability with earlier releases,
591 // which had the serializable field:
592 //
593 // Table of permissions.
594 //
595 // @serial
596 //
597 // private Hashtable permissions;
598 /**
599 * @serialField permissions java.util.Hashtable
600 * A table of the PropertyPermissions.
601 * @serialField all_allowed boolean
602 * boolean saying if "*" is in the collection.
603 */
604 private static final ObjectStreamField[] serialPersistentFields = {
605 new ObjectStreamField("permissions", Hashtable.class),
606 new ObjectStreamField("all_allowed", Boolean.TYPE),
607 };
608
609 /**
610 * @serialData Default fields.
611 */
612 /*
613 * Writes the contents of the perms field out as a Hashtable for
614 * serialization compatibility with earlier releases. all_allowed
615 * unchanged.
616 */
617 private void writeObject(ObjectOutputStream out) throws IOException {
618 // Don't call out.defaultWriteObject()
619
620 // Copy perms into a Hashtable
621 Hashtable<String, Permission> permissions =
622 new Hashtable<>(perms.size()*2);
623 synchronized (this) {
624 permissions.putAll(perms);
625 }
626
627 // Write out serializable fields
628 ObjectOutputStream.PutField pfields = out.putFields();
629 pfields.put("all_allowed", all_allowed);
630 pfields.put("permissions", permissions);
631 out.writeFields();
632 }
633
634 /*
635 * Reads in a Hashtable of PropertyPermissions and saves them in the
636 * perms field. Reads in all_allowed.
637 */
638 private void readObject(ObjectInputStream in)
639 throws IOException, ClassNotFoundException
640 {
641 // Don't call defaultReadObject()
642
643 // Read in serialized fields
644 ObjectInputStream.GetField gfields = in.readFields();
645
646 // Get all_allowed
647 all_allowed = gfields.get("all_allowed", false);
648
649 // Get permissions
650 @SuppressWarnings("unchecked")
651 Hashtable<String, PropertyPermission> permissions =
652 (Hashtable<String, PropertyPermission>)gfields.get("permissions", null);
653 perms = new HashMap<>(permissions.size()*2);
654 perms.putAll(permissions);
655 }
656 }