1 /*
   2  * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang;
  27 
  28 import java.security.*;
  29 import java.io.FileDescriptor;
  30 import java.io.File;
  31 import java.io.FilePermission;
  32 import java.awt.AWTPermission;
  33 import java.util.PropertyPermission;
  34 import java.lang.RuntimePermission;
  35 import java.net.SocketPermission;
  36 import java.net.NetPermission;
  37 import java.util.Hashtable;
  38 import java.net.InetAddress;
  39 import java.lang.reflect.Member;
  40 import java.lang.reflect.*;
  41 import java.net.URL;
  42 
  43 import sun.security.util.SecurityConstants;
  44 
  45 /**
  46  * The security manager is a class that allows
  47  * applications to implement a security policy. It allows an
  48  * application to determine, before performing a possibly unsafe or
  49  * sensitive operation, what the operation is and whether
  50  * it is being attempted in a security context that allows the
  51  * operation to be performed. The
  52  * application can allow or disallow the operation.
  53  * <p>
  54  * The <code>SecurityManager</code> class contains many methods with
  55  * names that begin with the word <code>check</code>. These methods
  56  * are called by various methods in the Java libraries before those
  57  * methods perform certain potentially sensitive operations. The
  58  * invocation of such a <code>check</code> method typically looks like this:
  59  * <p><blockquote><pre>
  60  *     SecurityManager security = System.getSecurityManager();
  61  *     if (security != null) {
  62  *         security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
  63  *     }
  64  * </pre></blockquote>
  65  * <p>
  66  * The security manager is thereby given an opportunity to prevent
  67  * completion of the operation by throwing an exception. A security
  68  * manager routine simply returns if the operation is permitted, but
  69  * throws a <code>SecurityException</code> if the operation is not
  70  * permitted. The only exception to this convention is
  71  * <code>checkTopLevelWindow</code>, which returns a
  72  * <code>boolean</code> value.
  73  * <p>
  74  * The current security manager is set by the
  75  * <code>setSecurityManager</code> method in class
  76  * <code>System</code>. The current security manager is obtained
  77  * by the <code>getSecurityManager</code> method.
  78  * <p>
  79  * The special method
  80  * {@link SecurityManager#checkPermission(java.security.Permission)}
  81  * determines whether an access request indicated by a specified
  82  * permission should be granted or denied. The
  83  * default implementation calls
  84  *
  85  * <pre>
  86  *   AccessController.checkPermission(perm);
  87  * </pre>
  88  *
  89  * <p>
  90  * If a requested access is allowed,
  91  * <code>checkPermission</code> returns quietly. If denied, a
  92  * <code>SecurityException</code> is thrown.
  93  * <p>
  94  * As of Java 2 SDK v1.2, the default implementation of each of the other
  95  * <code>check</code> methods in <code>SecurityManager</code> is to
  96  * call the <code>SecurityManager checkPermission</code> method
  97  * to determine if the calling thread has permission to perform the requested
  98  * operation.
  99  * <p>
 100  * Note that the <code>checkPermission</code> method with
 101  * just a single permission argument always performs security checks
 102  * within the context of the currently executing thread.
 103  * Sometimes a security check that should be made within a given context
 104  * will actually need to be done from within a
 105  * <i>different</i> context (for example, from within a worker thread).
 106  * The {@link SecurityManager#getSecurityContext getSecurityContext} method
 107  * and the {@link SecurityManager#checkPermission(java.security.Permission,
 108  * java.lang.Object) checkPermission}
 109  * method that includes a context argument are provided
 110  * for this situation. The
 111  * <code>getSecurityContext</code> method returns a "snapshot"
 112  * of the current calling context. (The default implementation
 113  * returns an AccessControlContext object.) A sample call is
 114  * the following:
 115  *
 116  * <pre>
 117  *   Object context = null;
 118  *   SecurityManager sm = System.getSecurityManager();
 119  *   if (sm != null) context = sm.getSecurityContext();
 120  * </pre>
 121  *
 122  * <p>
 123  * The <code>checkPermission</code> method
 124  * that takes a context object in addition to a permission
 125  * makes access decisions based on that context,
 126  * rather than on that of the current execution thread.
 127  * Code within a different context can thus call that method,
 128  * passing the permission and the
 129  * previously-saved context object. A sample call, using the
 130  * SecurityManager <code>sm</code> obtained as in the previous example,
 131  * is the following:
 132  *
 133  * <pre>
 134  *   if (sm != null) sm.checkPermission(permission, context);
 135  * </pre>
 136  *
 137  * <p>Permissions fall into these categories: File, Socket, Net,
 138  * Security, Runtime, Property, AWT, Reflect, and Serializable.
 139  * The classes managing these various
 140  * permission categories are <code>java.io.FilePermission</code>,
 141  * <code>java.net.SocketPermission</code>,
 142  * <code>java.net.NetPermission</code>,
 143  * <code>java.security.SecurityPermission</code>,
 144  * <code>java.lang.RuntimePermission</code>,
 145  * <code>java.util.PropertyPermission</code>,
 146  * <code>java.awt.AWTPermission</code>,
 147  * <code>java.lang.reflect.ReflectPermission</code>, and
 148  * <code>java.io.SerializablePermission</code>.
 149  *
 150  * <p>All but the first two (FilePermission and SocketPermission) are
 151  * subclasses of <code>java.security.BasicPermission</code>, which itself
 152  * is an abstract subclass of the
 153  * top-level class for permissions, which is
 154  * <code>java.security.Permission</code>. BasicPermission defines the
 155  * functionality needed for all permissions that contain a name
 156  * that follows the hierarchical property naming convention
 157  * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
 158  * An asterisk
 159  * may appear at the end of the name, following a ".", or by itself, to
 160  * signify a wildcard match. For example: "a.*" or "*" is valid,
 161  * "*a" or "a*b" is not valid.
 162  *
 163  * <p>FilePermission and SocketPermission are subclasses of the
 164  * top-level class for permissions
 165  * (<code>java.security.Permission</code>). Classes like these
 166  * that have a more complicated name syntax than that used by
 167  * BasicPermission subclass directly from Permission rather than from
 168  * BasicPermission. For example,
 169  * for a <code>java.io.FilePermission</code> object, the permission name is
 170  * the path name of a file (or directory).
 171  *
 172  * <p>Some of the permission classes have an "actions" list that tells
 173  * the actions that are permitted for the object.  For example,
 174  * for a <code>java.io.FilePermission</code> object, the actions list
 175  * (such as "read, write") specifies which actions are granted for the
 176  * specified file (or for files in the specified directory).
 177  *
 178  * <p>Other permission classes are for "named" permissions -
 179  * ones that contain a name but no actions list; you either have the
 180  * named permission or you don't.
 181  *
 182  * <p>Note: There is also a <code>java.security.AllPermission</code>
 183  * permission that implies all permissions. It exists to simplify the work
 184  * of system administrators who might need to perform multiple
 185  * tasks that require all (or numerous) permissions.
 186  * <p>
 187  * See <a href ="../../../technotes/guides/security/permissions.html">
 188  * Permissions in the JDK</a> for permission-related information.
 189  * This document includes, for example, a table listing the various SecurityManager
 190  * <code>check</code> methods and the permission(s) the default
 191  * implementation of each such method requires.
 192  * It also contains a table of all the version 1.2 methods
 193  * that require permissions, and for each such method tells
 194  * which permission it requires.
 195  * <p>
 196  * For more information about <code>SecurityManager</code> changes made in
 197  * the JDK and advice regarding porting of 1.1-style security managers,
 198  * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
 199  *
 200  * @author  Arthur van Hoff
 201  * @author  Roland Schemers
 202  *
 203  * @see     java.lang.ClassLoader
 204  * @see     java.lang.SecurityException
 205  * @see     java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
 206  *  checkTopLevelWindow
 207  * @see     java.lang.System#getSecurityManager() getSecurityManager
 208  * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
 209  *  setSecurityManager
 210  * @see     java.security.AccessController AccessController
 211  * @see     java.security.AccessControlContext AccessControlContext
 212  * @see     java.security.AccessControlException AccessControlException
 213  * @see     java.security.Permission
 214  * @see     java.security.BasicPermission
 215  * @see     java.io.FilePermission
 216  * @see     java.net.SocketPermission
 217  * @see     java.util.PropertyPermission
 218  * @see     java.lang.RuntimePermission
 219  * @see     java.awt.AWTPermission
 220  * @see     java.security.Policy Policy
 221  * @see     java.security.SecurityPermission SecurityPermission
 222  * @see     java.security.ProtectionDomain
 223  *
 224  * @since   JDK1.0
 225  */
 226 public
 227 class SecurityManager {
 228 
 229     /**
 230      * This field is <code>true</code> if there is a security check in
 231      * progress; <code>false</code> otherwise.
 232      *
 233      * @deprecated This type of security checking is not recommended.
 234      *  It is recommended that the <code>checkPermission</code>
 235      *  call be used instead.
 236      */
 237     @Deprecated
 238     protected boolean inCheck;
 239 
 240     /*
 241      * Have we been initialized. Effective against finalizer attacks.
 242      */
 243     private boolean initialized = false;
 244 
 245 
 246     /**
 247      * returns true if the current context has been granted AllPermission
 248      */
 249     private boolean hasAllPermission()
 250     {
 251         try {
 252             checkPermission(SecurityConstants.ALL_PERMISSION);
 253             return true;
 254         } catch (SecurityException se) {
 255             return false;
 256         }
 257     }
 258 
 259     /**
 260      * Tests if there is a security check in progress.
 261      *
 262      * @return the value of the <code>inCheck</code> field. This field
 263      *          should contain <code>true</code> if a security check is
 264      *          in progress,
 265      *          <code>false</code> otherwise.
 266      * @see     java.lang.SecurityManager#inCheck
 267      * @deprecated This type of security checking is not recommended.
 268      *  It is recommended that the <code>checkPermission</code>
 269      *  call be used instead.
 270      */
 271     @Deprecated
 272     public boolean getInCheck() {
 273         return inCheck;
 274     }
 275 
 276     /**
 277      * Constructs a new <code>SecurityManager</code>.
 278      *
 279      * <p> If there is a security manager already installed, this method first
 280      * calls the security manager's <code>checkPermission</code> method
 281      * with the <code>RuntimePermission("createSecurityManager")</code>
 282      * permission to ensure the calling thread has permission to create a new
 283      * security manager.
 284      * This may result in throwing a <code>SecurityException</code>.
 285      *
 286      * @exception  java.lang.SecurityException if a security manager already
 287      *             exists and its <code>checkPermission</code> method
 288      *             doesn't allow creation of a new security manager.
 289      * @see        java.lang.System#getSecurityManager()
 290      * @see        #checkPermission(java.security.Permission) checkPermission
 291      * @see java.lang.RuntimePermission
 292      */
 293     public SecurityManager() {
 294         synchronized(SecurityManager.class) {
 295             SecurityManager sm = System.getSecurityManager();
 296             if (sm != null) {
 297                 // ask the currently installed security manager if we
 298                 // can create a new one.
 299                 sm.checkPermission(new RuntimePermission
 300                                    ("createSecurityManager"));
 301             }
 302             initialized = true;
 303         }
 304     }
 305 
 306     /**
 307      * Returns the current execution stack as an array of classes.
 308      * <p>
 309      * The length of the array is the number of methods on the execution
 310      * stack. The element at index <code>0</code> is the class of the
 311      * currently executing method, the element at index <code>1</code> is
 312      * the class of that method's caller, and so on.
 313      *
 314      * @return  the execution stack.
 315      */
 316     protected native Class[] getClassContext();
 317 
 318     /**
 319      * Returns the class loader of the most recently executing method from
 320      * a class defined using a non-system class loader. A non-system
 321      * class loader is defined as being a class loader that is not equal to
 322      * the system class loader (as returned
 323      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 324      * <p>
 325      * This method will return
 326      * <code>null</code> in the following three cases:<p>
 327      * <ol>
 328      *   <li>All methods on the execution stack are from classes
 329      *   defined using the system class loader or one of its ancestors.
 330      *
 331      *   <li>All methods on the execution stack up to the first
 332      *   "privileged" caller
 333      *   (see {@link java.security.AccessController#doPrivileged})
 334      *   are from classes
 335      *   defined using the system class loader or one of its ancestors.
 336      *
 337      *   <li> A call to <code>checkPermission</code> with
 338      *   <code>java.security.AllPermission</code> does not
 339      *   result in a SecurityException.
 340      *
 341      * </ol>
 342      *
 343      * @return  the class loader of the most recent occurrence on the stack
 344      *          of a method from a class defined using a non-system class
 345      *          loader.
 346      *
 347      * @deprecated This type of security checking is not recommended.
 348      *  It is recommended that the <code>checkPermission</code>
 349      *  call be used instead.
 350      *
 351      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 352      * @see  #checkPermission(java.security.Permission) checkPermission
 353      */
 354     @Deprecated
 355     protected ClassLoader currentClassLoader()
 356     {
 357         ClassLoader cl = currentClassLoader0();
 358         if ((cl != null) && hasAllPermission())
 359             cl = null;
 360         return cl;
 361     }
 362 
 363     private native ClassLoader currentClassLoader0();
 364 
 365     /**
 366      * Returns the class of the most recently executing method from
 367      * a class defined using a non-system class loader. A non-system
 368      * class loader is defined as being a class loader that is not equal to
 369      * the system class loader (as returned
 370      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 371      * <p>
 372      * This method will return
 373      * <code>null</code> in the following three cases:<p>
 374      * <ol>
 375      *   <li>All methods on the execution stack are from classes
 376      *   defined using the system class loader or one of its ancestors.
 377      *
 378      *   <li>All methods on the execution stack up to the first
 379      *   "privileged" caller
 380      *   (see {@link java.security.AccessController#doPrivileged})
 381      *   are from classes
 382      *   defined using the system class loader or one of its ancestors.
 383      *
 384      *   <li> A call to <code>checkPermission</code> with
 385      *   <code>java.security.AllPermission</code> does not
 386      *   result in a SecurityException.
 387      *
 388      * </ol>
 389      *
 390      * @return  the class  of the most recent occurrence on the stack
 391      *          of a method from a class defined using a non-system class
 392      *          loader.
 393      *
 394      * @deprecated This type of security checking is not recommended.
 395      *  It is recommended that the <code>checkPermission</code>
 396      *  call be used instead.
 397      *
 398      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 399      * @see  #checkPermission(java.security.Permission) checkPermission
 400      */
 401     @Deprecated
 402     protected Class<?> currentLoadedClass() {
 403         Class<?> c = currentLoadedClass0();
 404         if ((c != null) && hasAllPermission())
 405             c = null;
 406         return c;
 407     }
 408 
 409     /**
 410      * Returns the stack depth of the specified class.
 411      *
 412      * @param   name   the fully qualified name of the class to search for.
 413      * @return  the depth on the stack frame of the first occurrence of a
 414      *          method from a class with the specified name;
 415      *          <code>-1</code> if such a frame cannot be found.
 416      * @deprecated This type of security checking is not recommended.
 417      *  It is recommended that the <code>checkPermission</code>
 418      *  call be used instead.
 419      *
 420      */
 421     @Deprecated
 422     protected native int classDepth(String name);
 423 
 424     /**
 425      * Returns the stack depth of the most recently executing method
 426      * from a class defined using a non-system class loader.  A non-system
 427      * class loader is defined as being a class loader that is not equal to
 428      * the system class loader (as returned
 429      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
 430      * <p>
 431      * This method will return
 432      * -1 in the following three cases:<p>
 433      * <ol>
 434      *   <li>All methods on the execution stack are from classes
 435      *   defined using the system class loader or one of its ancestors.
 436      *
 437      *   <li>All methods on the execution stack up to the first
 438      *   "privileged" caller
 439      *   (see {@link java.security.AccessController#doPrivileged})
 440      *   are from classes
 441      *   defined using the system class loader or one of its ancestors.
 442      *
 443      *   <li> A call to <code>checkPermission</code> with
 444      *   <code>java.security.AllPermission</code> does not
 445      *   result in a SecurityException.
 446      *
 447      * </ol>
 448      *
 449      * @return the depth on the stack frame of the most recent occurrence of
 450      *          a method from a class defined using a non-system class loader.
 451      *
 452      * @deprecated This type of security checking is not recommended.
 453      *  It is recommended that the <code>checkPermission</code>
 454      *  call be used instead.
 455      *
 456      * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
 457      * @see   #checkPermission(java.security.Permission) checkPermission
 458      */
 459     @Deprecated
 460     protected int classLoaderDepth()
 461     {
 462         int depth = classLoaderDepth0();
 463         if (depth != -1) {
 464             if (hasAllPermission())
 465                 depth = -1;
 466             else
 467                 depth--; // make sure we don't include ourself
 468         }
 469         return depth;
 470     }
 471 
 472     private native int classLoaderDepth0();
 473 
 474     /**
 475      * Tests if a method from a class with the specified
 476      *         name is on the execution stack.
 477      *
 478      * @param  name   the fully qualified name of the class.
 479      * @return <code>true</code> if a method from a class with the specified
 480      *         name is on the execution stack; <code>false</code> otherwise.
 481      * @deprecated This type of security checking is not recommended.
 482      *  It is recommended that the <code>checkPermission</code>
 483      *  call be used instead.
 484      */
 485     @Deprecated
 486     protected boolean inClass(String name) {
 487         return classDepth(name) >= 0;
 488     }
 489 
 490     /**
 491      * Basically, tests if a method from a class defined using a
 492      *          class loader is on the execution stack.
 493      *
 494      * @return  <code>true</code> if a call to <code>currentClassLoader</code>
 495      *          has a non-null return value.
 496      *
 497      * @deprecated This type of security checking is not recommended.
 498      *  It is recommended that the <code>checkPermission</code>
 499      *  call be used instead.
 500      * @see        #currentClassLoader() currentClassLoader
 501      */
 502     @Deprecated
 503     protected boolean inClassLoader() {
 504         return currentClassLoader() != null;
 505     }
 506 
 507     /**
 508      * Creates an object that encapsulates the current execution
 509      * environment. The result of this method is used, for example, by the
 510      * three-argument <code>checkConnect</code> method and by the
 511      * two-argument <code>checkRead</code> method.
 512      * These methods are needed because a trusted method may be called
 513      * on to read a file or open a socket on behalf of another method.
 514      * The trusted method needs to determine if the other (possibly
 515      * untrusted) method would be allowed to perform the operation on its
 516      * own.
 517      * <p> The default implementation of this method is to return
 518      * an <code>AccessControlContext</code> object.
 519      *
 520      * @return  an implementation-dependent object that encapsulates
 521      *          sufficient information about the current execution environment
 522      *          to perform some security checks later.
 523      * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int,
 524      *   java.lang.Object) checkConnect
 525      * @see     java.lang.SecurityManager#checkRead(java.lang.String,
 526      *   java.lang.Object) checkRead
 527      * @see     java.security.AccessControlContext AccessControlContext
 528      */
 529     public Object getSecurityContext() {
 530         return AccessController.getContext();
 531     }
 532 
 533     /**
 534      * Throws a <code>SecurityException</code> if the requested
 535      * access, specified by the given permission, is not permitted based
 536      * on the security policy currently in effect.
 537      * <p>
 538      * This method calls <code>AccessController.checkPermission</code>
 539      * with the given permission.
 540      *
 541      * @param     perm   the requested permission.
 542      * @exception SecurityException if access is not permitted based on
 543      *            the current security policy.
 544      * @exception NullPointerException if the permission argument is
 545      *            <code>null</code>.
 546      * @since     1.2
 547      */
 548     public void checkPermission(Permission perm) {
 549         java.security.AccessController.checkPermission(perm);
 550     }
 551 
 552     /**
 553      * Throws a <code>SecurityException</code> if the
 554      * specified security context is denied access to the resource
 555      * specified by the given permission.
 556      * The context must be a security
 557      * context returned by a previous call to
 558      * <code>getSecurityContext</code> and the access control
 559      * decision is based upon the configured security policy for
 560      * that security context.
 561      * <p>
 562      * If <code>context</code> is an instance of
 563      * <code>AccessControlContext</code> then the
 564      * <code>AccessControlContext.checkPermission</code> method is
 565      * invoked with the specified permission.
 566      * <p>
 567      * If <code>context</code> is not an instance of
 568      * <code>AccessControlContext</code> then a
 569      * <code>SecurityException</code> is thrown.
 570      *
 571      * @param      perm      the specified permission
 572      * @param      context   a system-dependent security context.
 573      * @exception  SecurityException  if the specified security context
 574      *             is not an instance of <code>AccessControlContext</code>
 575      *             (e.g., is <code>null</code>), or is denied access to the
 576      *             resource specified by the given permission.
 577      * @exception  NullPointerException if the permission argument is
 578      *             <code>null</code>.
 579      * @see        java.lang.SecurityManager#getSecurityContext()
 580      * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
 581      * @since      1.2
 582      */
 583     public void checkPermission(Permission perm, Object context) {
 584         if (context instanceof AccessControlContext) {
 585             ((AccessControlContext)context).checkPermission(perm);
 586         } else {
 587             throw new SecurityException();
 588         }
 589     }
 590 
 591     /**
 592      * Throws a <code>SecurityException</code> if the
 593      * calling thread is not allowed to create a new class loader.
 594      * <p>
 595      * This method calls <code>checkPermission</code> with the
 596      * <code>RuntimePermission("createClassLoader")</code>
 597      * permission.
 598      * <p>
 599      * If you override this method, then you should make a call to
 600      * <code>super.checkCreateClassLoader</code>
 601      * at the point the overridden method would normally throw an
 602      * exception.
 603      *
 604      * @exception SecurityException if the calling thread does not
 605      *             have permission
 606      *             to create a new class loader.
 607      * @see        java.lang.ClassLoader#ClassLoader()
 608      * @see        #checkPermission(java.security.Permission) checkPermission
 609      */
 610     public void checkCreateClassLoader() {
 611         checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
 612     }
 613 
 614     /**
 615      * reference to the root thread group, used for the checkAccess
 616      * methods.
 617      */
 618 
 619     private static ThreadGroup rootGroup = getRootGroup();
 620 
 621     private static ThreadGroup getRootGroup() {
 622         ThreadGroup root =  Thread.currentThread().getThreadGroup();
 623         while (root.getParent() != null) {
 624             root = root.getParent();
 625         }
 626         return root;
 627     }
 628 
 629     /**
 630      * Throws a <code>SecurityException</code> if the
 631      * calling thread is not allowed to modify the thread argument.
 632      * <p>
 633      * This method is invoked for the current security manager by the
 634      * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
 635      * <code>setPriority</code>, <code>setName</code>, and
 636      * <code>setDaemon</code> methods of class <code>Thread</code>.
 637      * <p>
 638      * If the thread argument is a system thread (belongs to
 639      * the thread group with a <code>null</code> parent) then
 640      * this method calls <code>checkPermission</code> with the
 641      * <code>RuntimePermission("modifyThread")</code> permission.
 642      * If the thread argument is <i>not</i> a system thread,
 643      * this method just returns silently.
 644      * <p>
 645      * Applications that want a stricter policy should override this
 646      * method. If this method is overridden, the method that overrides
 647      * it should additionally check to see if the calling thread has the
 648      * <code>RuntimePermission("modifyThread")</code> permission, and
 649      * if so, return silently. This is to ensure that code granted
 650      * that permission (such as the JDK itself) is allowed to
 651      * manipulate any thread.
 652      * <p>
 653      * If this method is overridden, then
 654      * <code>super.checkAccess</code> should
 655      * be called by the first statement in the overridden method, or the
 656      * equivalent security check should be placed in the overridden method.
 657      *
 658      * @param      t   the thread to be checked.
 659      * @exception  SecurityException  if the calling thread does not have
 660      *             permission to modify the thread.
 661      * @exception  NullPointerException if the thread argument is
 662      *             <code>null</code>.
 663      * @see        java.lang.Thread#resume() resume
 664      * @see        java.lang.Thread#setDaemon(boolean) setDaemon
 665      * @see        java.lang.Thread#setName(java.lang.String) setName
 666      * @see        java.lang.Thread#setPriority(int) setPriority
 667      * @see        java.lang.Thread#stop() stop
 668      * @see        java.lang.Thread#suspend() suspend
 669      * @see        #checkPermission(java.security.Permission) checkPermission
 670      */
 671     public void checkAccess(Thread t) {
 672         if (t == null) {
 673             throw new NullPointerException("thread can't be null");
 674         }
 675         if (t.getThreadGroup() == rootGroup) {
 676             checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
 677         } else {
 678             // just return
 679         }
 680     }
 681     /**
 682      * Throws a <code>SecurityException</code> if the
 683      * calling thread is not allowed to modify the thread group argument.
 684      * <p>
 685      * This method is invoked for the current security manager when a
 686      * new child thread or child thread group is created, and by the
 687      * <code>setDaemon</code>, <code>setMaxPriority</code>,
 688      * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
 689      * <code>destroy</code> methods of class <code>ThreadGroup</code>.
 690      * <p>
 691      * If the thread group argument is the system thread group (
 692      * has a <code>null</code> parent) then
 693      * this method calls <code>checkPermission</code> with the
 694      * <code>RuntimePermission("modifyThreadGroup")</code> permission.
 695      * If the thread group argument is <i>not</i> the system thread group,
 696      * this method just returns silently.
 697      * <p>
 698      * Applications that want a stricter policy should override this
 699      * method. If this method is overridden, the method that overrides
 700      * it should additionally check to see if the calling thread has the
 701      * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
 702      * if so, return silently. This is to ensure that code granted
 703      * that permission (such as the JDK itself) is allowed to
 704      * manipulate any thread.
 705      * <p>
 706      * If this method is overridden, then
 707      * <code>super.checkAccess</code> should
 708      * be called by the first statement in the overridden method, or the
 709      * equivalent security check should be placed in the overridden method.
 710      *
 711      * @param      g   the thread group to be checked.
 712      * @exception  SecurityException  if the calling thread does not have
 713      *             permission to modify the thread group.
 714      * @exception  NullPointerException if the thread group argument is
 715      *             <code>null</code>.
 716      * @see        java.lang.ThreadGroup#destroy() destroy
 717      * @see        java.lang.ThreadGroup#resume() resume
 718      * @see        java.lang.ThreadGroup#setDaemon(boolean) setDaemon
 719      * @see        java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
 720      * @see        java.lang.ThreadGroup#stop() stop
 721      * @see        java.lang.ThreadGroup#suspend() suspend
 722      * @see        #checkPermission(java.security.Permission) checkPermission
 723      */
 724     public void checkAccess(ThreadGroup g) {
 725         if (g == null) {
 726             throw new NullPointerException("thread group can't be null");
 727         }
 728         if (g == rootGroup) {
 729             checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
 730         } else {
 731             // just return
 732         }
 733     }
 734 
 735     /**
 736      * Throws a <code>SecurityException</code> if the
 737      * calling thread is not allowed to cause the Java Virtual Machine to
 738      * halt with the specified status code.
 739      * <p>
 740      * This method is invoked for the current security manager by the
 741      * <code>exit</code> method of class <code>Runtime</code>. A status
 742      * of <code>0</code> indicates success; other values indicate various
 743      * errors.
 744      * <p>
 745      * This method calls <code>checkPermission</code> with the
 746      * <code>RuntimePermission("exitVM."+status)</code> permission.
 747      * <p>
 748      * If you override this method, then you should make a call to
 749      * <code>super.checkExit</code>
 750      * at the point the overridden method would normally throw an
 751      * exception.
 752      *
 753      * @param      status   the exit status.
 754      * @exception SecurityException if the calling thread does not have
 755      *              permission to halt the Java Virtual Machine with
 756      *              the specified status.
 757      * @see        java.lang.Runtime#exit(int) exit
 758      * @see        #checkPermission(java.security.Permission) checkPermission
 759      */
 760     public void checkExit(int status) {
 761         checkPermission(new RuntimePermission("exitVM."+status));
 762     }
 763 
 764     /**
 765      * Throws a <code>SecurityException</code> if the
 766      * calling thread is not allowed to create a subprocess.
 767      * <p>
 768      * This method is invoked for the current security manager by the
 769      * <code>exec</code> methods of class <code>Runtime</code>.
 770      * <p>
 771      * This method calls <code>checkPermission</code> with the
 772      * <code>FilePermission(cmd,"execute")</code> permission
 773      * if cmd is an absolute path, otherwise it calls
 774      * <code>checkPermission</code> with
 775      * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;","execute")</code>.
 776      * <p>
 777      * If you override this method, then you should make a call to
 778      * <code>super.checkExec</code>
 779      * at the point the overridden method would normally throw an
 780      * exception.
 781      *
 782      * @param      cmd   the specified system command.
 783      * @exception  SecurityException if the calling thread does not have
 784      *             permission to create a subprocess.
 785      * @exception  NullPointerException if the <code>cmd</code> argument is
 786      *             <code>null</code>.
 787      * @see     java.lang.Runtime#exec(java.lang.String)
 788      * @see     java.lang.Runtime#exec(java.lang.String, java.lang.String[])
 789      * @see     java.lang.Runtime#exec(java.lang.String[])
 790      * @see     java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
 791      * @see     #checkPermission(java.security.Permission) checkPermission
 792      */
 793     public void checkExec(String cmd) {
 794         File f = new File(cmd);
 795         if (f.isAbsolute()) {
 796             checkPermission(new FilePermission(cmd,
 797                 SecurityConstants.FILE_EXECUTE_ACTION));
 798         } else {
 799             checkPermission(new FilePermission("<<ALL FILES>>",
 800                 SecurityConstants.FILE_EXECUTE_ACTION));
 801         }
 802     }
 803 
 804     /**
 805      * Throws a <code>SecurityException</code> if the
 806      * calling thread is not allowed to dynamic link the library code
 807      * specified by the string argument file. The argument is either a
 808      * simple library name or a complete filename.
 809      * <p>
 810      * This method is invoked for the current security manager by
 811      * methods <code>load</code> and <code>loadLibrary</code> of class
 812      * <code>Runtime</code>.
 813      * <p>
 814      * This method calls <code>checkPermission</code> with the
 815      * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
 816      * <p>
 817      * If you override this method, then you should make a call to
 818      * <code>super.checkLink</code>
 819      * at the point the overridden method would normally throw an
 820      * exception.
 821      *
 822      * @param      lib   the name of the library.
 823      * @exception  SecurityException if the calling thread does not have
 824      *             permission to dynamically link the library.
 825      * @exception  NullPointerException if the <code>lib</code> argument is
 826      *             <code>null</code>.
 827      * @see        java.lang.Runtime#load(java.lang.String)
 828      * @see        java.lang.Runtime#loadLibrary(java.lang.String)
 829      * @see        #checkPermission(java.security.Permission) checkPermission
 830      */
 831     public void checkLink(String lib) {
 832         if (lib == null) {
 833             throw new NullPointerException("library can't be null");
 834         }
 835         checkPermission(new RuntimePermission("loadLibrary."+lib));
 836     }
 837 
 838     /**
 839      * Throws a <code>SecurityException</code> if the
 840      * calling thread is not allowed to read from the specified file
 841      * descriptor.
 842      * <p>
 843      * This method calls <code>checkPermission</code> with the
 844      * <code>RuntimePermission("readFileDescriptor")</code>
 845      * permission.
 846      * <p>
 847      * If you override this method, then you should make a call to
 848      * <code>super.checkRead</code>
 849      * at the point the overridden method would normally throw an
 850      * exception.
 851      *
 852      * @param      fd   the system-dependent file descriptor.
 853      * @exception  SecurityException  if the calling thread does not have
 854      *             permission to access the specified file descriptor.
 855      * @exception  NullPointerException if the file descriptor argument is
 856      *             <code>null</code>.
 857      * @see        java.io.FileDescriptor
 858      * @see        #checkPermission(java.security.Permission) checkPermission
 859      */
 860     public void checkRead(FileDescriptor fd) {
 861         if (fd == null) {
 862             throw new NullPointerException("file descriptor can't be null");
 863         }
 864         checkPermission(new RuntimePermission("readFileDescriptor"));
 865     }
 866 
 867     /**
 868      * Throws a <code>SecurityException</code> if the
 869      * calling thread is not allowed to read the file specified by the
 870      * string argument.
 871      * <p>
 872      * This method calls <code>checkPermission</code> with the
 873      * <code>FilePermission(file,"read")</code> permission.
 874      * <p>
 875      * If you override this method, then you should make a call to
 876      * <code>super.checkRead</code>
 877      * at the point the overridden method would normally throw an
 878      * exception.
 879      *
 880      * @param      file   the system-dependent file name.
 881      * @exception  SecurityException if the calling thread does not have
 882      *             permission to access the specified file.
 883      * @exception  NullPointerException if the <code>file</code> argument is
 884      *             <code>null</code>.
 885      * @see        #checkPermission(java.security.Permission) checkPermission
 886      */
 887     public void checkRead(String file) {
 888         checkPermission(new FilePermission(file,
 889             SecurityConstants.FILE_READ_ACTION));
 890     }
 891 
 892     /**
 893      * Throws a <code>SecurityException</code> if the
 894      * specified security context is not allowed to read the file
 895      * specified by the string argument. The context must be a security
 896      * context returned by a previous call to
 897      * <code>getSecurityContext</code>.
 898      * <p> If <code>context</code> is an instance of
 899      * <code>AccessControlContext</code> then the
 900      * <code>AccessControlContext.checkPermission</code> method will
 901      * be invoked with the <code>FilePermission(file,"read")</code> permission.
 902      * <p> If <code>context</code> is not an instance of
 903      * <code>AccessControlContext</code> then a
 904      * <code>SecurityException</code> is thrown.
 905      * <p>
 906      * If you override this method, then you should make a call to
 907      * <code>super.checkRead</code>
 908      * at the point the overridden method would normally throw an
 909      * exception.
 910      *
 911      * @param      file      the system-dependent filename.
 912      * @param      context   a system-dependent security context.
 913      * @exception  SecurityException  if the specified security context
 914      *             is not an instance of <code>AccessControlContext</code>
 915      *             (e.g., is <code>null</code>), or does not have permission
 916      *             to read the specified file.
 917      * @exception  NullPointerException if the <code>file</code> argument is
 918      *             <code>null</code>.
 919      * @see        java.lang.SecurityManager#getSecurityContext()
 920      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
 921      */
 922     public void checkRead(String file, Object context) {
 923         checkPermission(
 924             new FilePermission(file, SecurityConstants.FILE_READ_ACTION),
 925             context);
 926     }
 927 
 928     /**
 929      * Throws a <code>SecurityException</code> if the
 930      * calling thread is not allowed to write to the specified file
 931      * descriptor.
 932      * <p>
 933      * This method calls <code>checkPermission</code> with the
 934      * <code>RuntimePermission("writeFileDescriptor")</code>
 935      * permission.
 936      * <p>
 937      * If you override this method, then you should make a call to
 938      * <code>super.checkWrite</code>
 939      * at the point the overridden method would normally throw an
 940      * exception.
 941      *
 942      * @param      fd   the system-dependent file descriptor.
 943      * @exception SecurityException  if the calling thread does not have
 944      *             permission to access the specified file descriptor.
 945      * @exception  NullPointerException if the file descriptor argument is
 946      *             <code>null</code>.
 947      * @see        java.io.FileDescriptor
 948      * @see        #checkPermission(java.security.Permission) checkPermission
 949      */
 950     public void checkWrite(FileDescriptor fd) {
 951         if (fd == null) {
 952             throw new NullPointerException("file descriptor can't be null");
 953         }
 954         checkPermission(new RuntimePermission("writeFileDescriptor"));
 955 
 956     }
 957 
 958     /**
 959      * Throws a <code>SecurityException</code> if the
 960      * calling thread is not allowed to write to the file specified by
 961      * the string argument.
 962      * <p>
 963      * This method calls <code>checkPermission</code> with the
 964      * <code>FilePermission(file,"write")</code> permission.
 965      * <p>
 966      * If you override this method, then you should make a call to
 967      * <code>super.checkWrite</code>
 968      * at the point the overridden method would normally throw an
 969      * exception.
 970      *
 971      * @param      file   the system-dependent filename.
 972      * @exception  SecurityException  if the calling thread does not
 973      *             have permission to access the specified file.
 974      * @exception  NullPointerException if the <code>file</code> argument is
 975      *             <code>null</code>.
 976      * @see        #checkPermission(java.security.Permission) checkPermission
 977      */
 978     public void checkWrite(String file) {
 979         checkPermission(new FilePermission(file,
 980             SecurityConstants.FILE_WRITE_ACTION));
 981     }
 982 
 983     /**
 984      * Throws a <code>SecurityException</code> if the
 985      * calling thread is not allowed to delete the specified file.
 986      * <p>
 987      * This method is invoked for the current security manager by the
 988      * <code>delete</code> method of class <code>File</code>.
 989      * <p>
 990      * This method calls <code>checkPermission</code> with the
 991      * <code>FilePermission(file,"delete")</code> permission.
 992      * <p>
 993      * If you override this method, then you should make a call to
 994      * <code>super.checkDelete</code>
 995      * at the point the overridden method would normally throw an
 996      * exception.
 997      *
 998      * @param      file   the system-dependent filename.
 999      * @exception  SecurityException if the calling thread does not
1000      *             have permission to delete the file.
1001      * @exception  NullPointerException if the <code>file</code> argument is
1002      *             <code>null</code>.
1003      * @see        java.io.File#delete()
1004      * @see        #checkPermission(java.security.Permission) checkPermission
1005      */
1006     public void checkDelete(String file) {
1007         checkPermission(new FilePermission(file,
1008             SecurityConstants.FILE_DELETE_ACTION));
1009     }
1010 
1011     /**
1012      * Throws a <code>SecurityException</code> if the
1013      * calling thread is not allowed to open a socket connection to the
1014      * specified host and port number.
1015      * <p>
1016      * A port number of <code>-1</code> indicates that the calling
1017      * method is attempting to determine the IP address of the specified
1018      * host name.
1019      * <p>
1020      * This method calls <code>checkPermission</code> with the
1021      * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1022      * the port is not equal to -1. If the port is equal to -1, then
1023      * it calls <code>checkPermission</code> with the
1024      * <code>SocketPermission(host,"resolve")</code> permission.
1025      * <p>
1026      * If you override this method, then you should make a call to
1027      * <code>super.checkConnect</code>
1028      * at the point the overridden method would normally throw an
1029      * exception.
1030      *
1031      * @param      host   the host name port to connect to.
1032      * @param      port   the protocol port to connect to.
1033      * @exception  SecurityException  if the calling thread does not have
1034      *             permission to open a socket connection to the specified
1035      *               <code>host</code> and <code>port</code>.
1036      * @exception  NullPointerException if the <code>host</code> argument is
1037      *             <code>null</code>.
1038      * @see        #checkPermission(java.security.Permission) checkPermission
1039      */
1040     public void checkConnect(String host, int port) {
1041         if (host == null) {
1042             throw new NullPointerException("host can't be null");
1043         }
1044         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1045             host = "[" + host + "]";
1046         }
1047         if (port == -1) {
1048             checkPermission(new SocketPermission(host,
1049                 SecurityConstants.SOCKET_RESOLVE_ACTION));
1050         } else {
1051             checkPermission(new SocketPermission(host+":"+port,
1052                 SecurityConstants.SOCKET_CONNECT_ACTION));
1053         }
1054     }
1055 
1056     /**
1057      * Throws a <code>SecurityException</code> if the
1058      * specified security context is not allowed to open a socket
1059      * connection to the specified host and port number.
1060      * <p>
1061      * A port number of <code>-1</code> indicates that the calling
1062      * method is attempting to determine the IP address of the specified
1063      * host name.
1064      * <p> If <code>context</code> is not an instance of
1065      * <code>AccessControlContext</code> then a
1066      * <code>SecurityException</code> is thrown.
1067      * <p>
1068      * Otherwise, the port number is checked. If it is not equal
1069      * to -1, the <code>context</code>'s <code>checkPermission</code>
1070      * method is called with a
1071      * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1072      * If the port is equal to -1, then
1073      * the <code>context</code>'s <code>checkPermission</code> method
1074      * is called with a
1075      * <code>SocketPermission(host,"resolve")</code> permission.
1076      * <p>
1077      * If you override this method, then you should make a call to
1078      * <code>super.checkConnect</code>
1079      * at the point the overridden method would normally throw an
1080      * exception.
1081      *
1082      * @param      host      the host name port to connect to.
1083      * @param      port      the protocol port to connect to.
1084      * @param      context   a system-dependent security context.
1085      * @exception  SecurityException if the specified security context
1086      *             is not an instance of <code>AccessControlContext</code>
1087      *             (e.g., is <code>null</code>), or does not have permission
1088      *             to open a socket connection to the specified
1089      *             <code>host</code> and <code>port</code>.
1090      * @exception  NullPointerException if the <code>host</code> argument is
1091      *             <code>null</code>.
1092      * @see        java.lang.SecurityManager#getSecurityContext()
1093      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
1094      */
1095     public void checkConnect(String host, int port, Object context) {
1096         if (host == null) {
1097             throw new NullPointerException("host can't be null");
1098         }
1099         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1100             host = "[" + host + "]";
1101         }
1102         if (port == -1)
1103             checkPermission(new SocketPermission(host,
1104                 SecurityConstants.SOCKET_RESOLVE_ACTION),
1105                 context);
1106         else
1107             checkPermission(new SocketPermission(host+":"+port,
1108                 SecurityConstants.SOCKET_CONNECT_ACTION),
1109                 context);
1110     }
1111 
1112     /**
1113      * Throws a <code>SecurityException</code> if the
1114      * calling thread is not allowed to wait for a connection request on
1115      * the specified local port number.
1116      * <p>
1117      * If port is not 0, this method calls
1118      * <code>checkPermission</code> with the
1119      * <code>SocketPermission("localhost:"+port,"listen")</code>.
1120      * If port is zero, this method calls <code>checkPermission</code>
1121      * with <code>SocketPermission("localhost:1024-","listen").</code>
1122      * <p>
1123      * If you override this method, then you should make a call to
1124      * <code>super.checkListen</code>
1125      * at the point the overridden method would normally throw an
1126      * exception.
1127      *
1128      * @param      port   the local port.
1129      * @exception  SecurityException  if the calling thread does not have
1130      *             permission to listen on the specified port.
1131      * @see        #checkPermission(java.security.Permission) checkPermission
1132      */
1133     public void checkListen(int port) {
1134         if (port == 0) {
1135             checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
1136         } else {
1137             checkPermission(new SocketPermission("localhost:"+port,
1138                 SecurityConstants.SOCKET_LISTEN_ACTION));
1139         }
1140     }
1141 
1142     /**
1143      * Throws a <code>SecurityException</code> if the
1144      * calling thread is not permitted to accept a socket connection from
1145      * the specified host and port number.
1146      * <p>
1147      * This method is invoked for the current security manager by the
1148      * <code>accept</code> method of class <code>ServerSocket</code>.
1149      * <p>
1150      * This method calls <code>checkPermission</code> with the
1151      * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1152      * <p>
1153      * If you override this method, then you should make a call to
1154      * <code>super.checkAccept</code>
1155      * at the point the overridden method would normally throw an
1156      * exception.
1157      *
1158      * @param      host   the host name of the socket connection.
1159      * @param      port   the port number of the socket connection.
1160      * @exception  SecurityException  if the calling thread does not have
1161      *             permission to accept the connection.
1162      * @exception  NullPointerException if the <code>host</code> argument is
1163      *             <code>null</code>.
1164      * @see        java.net.ServerSocket#accept()
1165      * @see        #checkPermission(java.security.Permission) checkPermission
1166      */
1167     public void checkAccept(String host, int port) {
1168         if (host == null) {
1169             throw new NullPointerException("host can't be null");
1170         }
1171         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1172             host = "[" + host + "]";
1173         }
1174         checkPermission(new SocketPermission(host+":"+port,
1175             SecurityConstants.SOCKET_ACCEPT_ACTION));
1176     }
1177 
1178     /**
1179      * Throws a <code>SecurityException</code> if the
1180      * calling thread is not allowed to use
1181      * (join/leave/send/receive) IP multicast.
1182      * <p>
1183      * This method calls <code>checkPermission</code> with the
1184      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1185      * "accept,connect")</code> permission.
1186      * <p>
1187      * If you override this method, then you should make a call to
1188      * <code>super.checkMulticast</code>
1189      * at the point the overridden method would normally throw an
1190      * exception.
1191      *
1192      * @param      maddr  Internet group address to be used.
1193      * @exception  SecurityException  if the calling thread is not allowed to
1194      *  use (join/leave/send/receive) IP multicast.
1195      * @exception  NullPointerException if the address argument is
1196      *             <code>null</code>.
1197      * @since      JDK1.1
1198      * @see        #checkPermission(java.security.Permission) checkPermission
1199      */
1200     public void checkMulticast(InetAddress maddr) {
1201         String host = maddr.getHostAddress();
1202         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1203             host = "[" + host + "]";
1204         }
1205         checkPermission(new SocketPermission(host,
1206             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1207     }
1208 
1209     /**
1210      * Throws a <code>SecurityException</code> if the
1211      * calling thread is not allowed to use
1212      * (join/leave/send/receive) IP multicast.
1213      * <p>
1214      * This method calls <code>checkPermission</code> with the
1215      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1216      * "accept,connect")</code> permission.
1217      * <p>
1218      * If you override this method, then you should make a call to
1219      * <code>super.checkMulticast</code>
1220      * at the point the overridden method would normally throw an
1221      * exception.
1222      *
1223      * @param      maddr  Internet group address to be used.
1224      * @param      ttl        value in use, if it is multicast send.
1225      * Note: this particular implementation does not use the ttl
1226      * parameter.
1227      * @exception  SecurityException  if the calling thread is not allowed to
1228      *  use (join/leave/send/receive) IP multicast.
1229      * @exception  NullPointerException if the address argument is
1230      *             <code>null</code>.
1231      * @since      JDK1.1
1232      * @deprecated Use #checkPermission(java.security.Permission) instead
1233      * @see        #checkPermission(java.security.Permission) checkPermission
1234      */
1235     @Deprecated
1236     public void checkMulticast(InetAddress maddr, byte ttl) {
1237         String host = maddr.getHostAddress();
1238         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1239             host = "[" + host + "]";
1240         }
1241         checkPermission(new SocketPermission(host,
1242             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1243     }
1244 
1245     /**
1246      * Throws a <code>SecurityException</code> if the
1247      * calling thread is not allowed to access or modify the system
1248      * properties.
1249      * <p>
1250      * This method is used by the <code>getProperties</code> and
1251      * <code>setProperties</code> methods of class <code>System</code>.
1252      * <p>
1253      * This method calls <code>checkPermission</code> with the
1254      * <code>PropertyPermission("*", "read,write")</code> permission.
1255      * <p>
1256      * If you override this method, then you should make a call to
1257      * <code>super.checkPropertiesAccess</code>
1258      * at the point the overridden method would normally throw an
1259      * exception.
1260      * <p>
1261      *
1262      * @exception  SecurityException  if the calling thread does not have
1263      *             permission to access or modify the system properties.
1264      * @see        java.lang.System#getProperties()
1265      * @see        java.lang.System#setProperties(java.util.Properties)
1266      * @see        #checkPermission(java.security.Permission) checkPermission
1267      */
1268     public void checkPropertiesAccess() {
1269         checkPermission(new PropertyPermission("*",
1270             SecurityConstants.PROPERTY_RW_ACTION));
1271     }
1272 
1273     /**
1274      * Throws a <code>SecurityException</code> if the
1275      * calling thread is not allowed to access the system property with
1276      * the specified <code>key</code> name.
1277      * <p>
1278      * This method is used by the <code>getProperty</code> method of
1279      * class <code>System</code>.
1280      * <p>
1281      * This method calls <code>checkPermission</code> with the
1282      * <code>PropertyPermission(key, "read")</code> permission.
1283      * <p>
1284      * <p>
1285      * If you override this method, then you should make a call to
1286      * <code>super.checkPropertyAccess</code>
1287      * at the point the overridden method would normally throw an
1288      * exception.
1289      *
1290      * @param      key   a system property key.
1291      *
1292      * @exception  SecurityException  if the calling thread does not have
1293      *             permission to access the specified system property.
1294      * @exception  NullPointerException if the <code>key</code> argument is
1295      *             <code>null</code>.
1296      * @exception  IllegalArgumentException if <code>key</code> is empty.
1297      *
1298      * @see        java.lang.System#getProperty(java.lang.String)
1299      * @see        #checkPermission(java.security.Permission) checkPermission
1300      */
1301     public void checkPropertyAccess(String key) {
1302         checkPermission(new PropertyPermission(key,
1303             SecurityConstants.PROPERTY_READ_ACTION));
1304     }
1305 
1306     /**
1307      * Returns <code>false</code> if the calling
1308      * thread is not trusted to bring up the top-level window indicated
1309      * by the <code>window</code> argument. In this case, the caller can
1310      * still decide to show the window, but the window should include
1311      * some sort of visual warning. If the method returns
1312      * <code>true</code>, then the window can be shown without any
1313      * special restrictions.
1314      * <p>
1315      * See class <code>Window</code> for more information on trusted and
1316      * untrusted windows.
1317      * <p>
1318      * This method calls
1319      * <code>checkPermission</code> with the
1320      * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1321      * and returns <code>true</code> if a SecurityException is not thrown,
1322      * otherwise it returns <code>false</code>.
1323      * <p>
1324      * If you override this method, then you should make a call to
1325      * <code>super.checkTopLevelWindow</code>
1326      * at the point the overridden method would normally return
1327      * <code>false</code>, and the value of
1328      * <code>super.checkTopLevelWindow</code> should
1329      * be returned.
1330      *
1331      * @param      window   the new window that is being created.
1332      * @return     <code>true</code> if the calling thread is trusted to put up
1333      *             top-level windows; <code>false</code> otherwise.
1334      * @exception  NullPointerException if the <code>window</code> argument is
1335      *             <code>null</code>.
1336      * @see        java.awt.Window
1337      * @see        #checkPermission(java.security.Permission) checkPermission
1338      */
1339     public boolean checkTopLevelWindow(Object window) {
1340         if (window == null) {
1341             throw new NullPointerException("window can't be null");
1342         }
1343         try {
1344             checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
1345             return true;
1346         } catch (SecurityException se) {
1347             // just return false
1348         }
1349         return false;
1350     }
1351 
1352     /**
1353      * Throws a <code>SecurityException</code> if the
1354      * calling thread is not allowed to initiate a print job request.
1355      * <p>
1356      * This method calls
1357      * <code>checkPermission</code> with the
1358      * <code>RuntimePermission("queuePrintJob")</code> permission.
1359      * <p>
1360      * If you override this method, then you should make a call to
1361      * <code>super.checkPrintJobAccess</code>
1362      * at the point the overridden method would normally throw an
1363      * exception.
1364      * <p>
1365      *
1366      * @exception  SecurityException  if the calling thread does not have
1367      *             permission to initiate a print job request.
1368      * @since   JDK1.1
1369      * @see        #checkPermission(java.security.Permission) checkPermission
1370      */
1371     public void checkPrintJobAccess() {
1372         checkPermission(new RuntimePermission("queuePrintJob"));
1373     }
1374 
1375     /**
1376      * Throws a <code>SecurityException</code> if the
1377      * calling thread is not allowed to access the system clipboard.
1378      * <p>
1379      * This method calls <code>checkPermission</code> with the
1380      * <code>AWTPermission("accessClipboard")</code>
1381      * permission.
1382      * <p>
1383      * If you override this method, then you should make a call to
1384      * <code>super.checkSystemClipboardAccess</code>
1385      * at the point the overridden method would normally throw an
1386      * exception.
1387      *
1388      * @since   JDK1.1
1389      * @exception  SecurityException  if the calling thread does not have
1390      *             permission to access the system clipboard.
1391      * @see        #checkPermission(java.security.Permission) checkPermission
1392      */
1393     public void checkSystemClipboardAccess() {
1394         checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
1395     }
1396 
1397     /**
1398      * Throws a <code>SecurityException</code> if the
1399      * calling thread is not allowed to access the AWT event queue.
1400      * <p>
1401      * This method calls <code>checkPermission</code> with the
1402      * <code>AWTPermission("accessEventQueue")</code> permission.
1403      * <p>
1404      * If you override this method, then you should make a call to
1405      * <code>super.checkAwtEventQueueAccess</code>
1406      * at the point the overridden method would normally throw an
1407      * exception.
1408      *
1409      * @since   JDK1.1
1410      * @exception  SecurityException  if the calling thread does not have
1411      *             permission to access the AWT event queue.
1412      * @see        #checkPermission(java.security.Permission) checkPermission
1413      */
1414     public void checkAwtEventQueueAccess() {
1415         checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
1416     }
1417 
1418     /*
1419      * We have an initial invalid bit (initially false) for the class
1420      * variables which tell if the cache is valid.  If the underlying
1421      * java.security.Security property changes via setProperty(), the
1422      * Security class uses reflection to change the variable and thus
1423      * invalidate the cache.
1424      *
1425      * Locking is handled by synchronization to the
1426      * packageAccessLock/packageDefinitionLock objects.  They are only
1427      * used in this class.
1428      *
1429      * Note that cache invalidation as a result of the property change
1430      * happens without using these locks, so there may be a delay between
1431      * when a thread updates the property and when other threads updates
1432      * the cache.
1433      */
1434     private static boolean packageAccessValid = false;
1435     private static String[] packageAccess;
1436     private static final Object packageAccessLock = new Object();
1437 
1438     private static boolean packageDefinitionValid = false;
1439     private static String[] packageDefinition;
1440     private static final Object packageDefinitionLock = new Object();
1441 
1442     private static String[] getPackages(String p) {
1443         String packages[] = null;
1444         if (p != null && !p.equals("")) {
1445             java.util.StringTokenizer tok =
1446                 new java.util.StringTokenizer(p, ",");
1447             int n = tok.countTokens();
1448             if (n > 0) {
1449                 packages = new String[n];
1450                 int i = 0;
1451                 while (tok.hasMoreElements()) {
1452                     String s = tok.nextToken().trim();
1453                     packages[i++] = s;
1454                 }
1455             }
1456         }
1457 
1458         if (packages == null)
1459             packages = new String[0];
1460         return packages;
1461     }
1462 
1463     /**
1464      * Throws a <code>SecurityException</code> if the
1465      * calling thread is not allowed to access the package specified by
1466      * the argument.
1467      * <p>
1468      * This method is used by the <code>loadClass</code> method of class
1469      * loaders.
1470      * <p>
1471      * This method first gets a list of
1472      * restricted packages by obtaining a comma-separated list from
1473      * a call to
1474      * <code>java.security.Security.getProperty("package.access")</code>,
1475      * and checks to see if <code>pkg</code> starts with or equals
1476      * any of the restricted packages. If it does, then
1477      * <code>checkPermission</code> gets called with the
1478      * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1479      * permission.
1480      * <p>
1481      * If this method is overridden, then
1482      * <code>super.checkPackageAccess</code> should be called
1483      * as the first line in the overridden method.
1484      *
1485      * @param      pkg   the package name.
1486      * @exception  SecurityException  if the calling thread does not have
1487      *             permission to access the specified package.
1488      * @exception  NullPointerException if the package name argument is
1489      *             <code>null</code>.
1490      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1491      *  loadClass
1492      * @see        java.security.Security#getProperty getProperty
1493      * @see        #checkPermission(java.security.Permission) checkPermission
1494      */
1495     public void checkPackageAccess(String pkg) {
1496         if (pkg == null) {
1497             throw new NullPointerException("package name can't be null");
1498         }
1499 
1500         String[] pkgs;
1501         synchronized (packageAccessLock) {
1502             /*
1503              * Do we need to update our property array?
1504              */
1505             if (!packageAccessValid) {
1506                 String tmpPropertyStr =
1507                     AccessController.doPrivileged(
1508                         new PrivilegedAction<String>() {
1509                             public String run() {
1510                                 return java.security.Security.getProperty(
1511                                     "package.access");
1512                             }
1513                         }
1514                     );
1515                 packageAccess = getPackages(tmpPropertyStr);
1516                 packageAccessValid = true;
1517             }
1518 
1519             // Using a snapshot of packageAccess -- don't care if static field
1520             // changes afterwards; array contents won't change.
1521             pkgs = packageAccess;
1522         }
1523 
1524         /*
1525          * Traverse the list of packages, check for any matches.
1526          */
1527         for (int i = 0; i < pkgs.length; i++) {
1528             if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1529                 checkPermission(
1530                     new RuntimePermission("accessClassInPackage."+pkg));
1531                 break;  // No need to continue; only need to check this once
1532             }
1533         }
1534     }
1535 
1536     /**
1537      * Throws a <code>SecurityException</code> if the
1538      * calling thread is not allowed to define classes in the package
1539      * specified by the argument.
1540      * <p>
1541      * This method is used by the <code>loadClass</code> method of some
1542      * class loaders.
1543      * <p>
1544      * This method first gets a list of restricted packages by
1545      * obtaining a comma-separated list from a call to
1546      * <code>java.security.Security.getProperty("package.definition")</code>,
1547      * and checks to see if <code>pkg</code> starts with or equals
1548      * any of the restricted packages. If it does, then
1549      * <code>checkPermission</code> gets called with the
1550      * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1551      * permission.
1552      * <p>
1553      * If this method is overridden, then
1554      * <code>super.checkPackageDefinition</code> should be called
1555      * as the first line in the overridden method.
1556      *
1557      * @param      pkg   the package name.
1558      * @exception  SecurityException  if the calling thread does not have
1559      *             permission to define classes in the specified package.
1560      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1561      * @see        java.security.Security#getProperty getProperty
1562      * @see        #checkPermission(java.security.Permission) checkPermission
1563      */
1564     public void checkPackageDefinition(String pkg) {
1565         if (pkg == null) {
1566             throw new NullPointerException("package name can't be null");
1567         }
1568 
1569         String[] pkgs;
1570         synchronized (packageDefinitionLock) {
1571             /*
1572              * Do we need to update our property array?
1573              */
1574             if (!packageDefinitionValid) {
1575                 String tmpPropertyStr =
1576                     AccessController.doPrivileged(
1577                         new PrivilegedAction<String>() {
1578                             public String run() {
1579                                 return java.security.Security.getProperty(
1580                                     "package.definition");
1581                             }
1582                         }
1583                     );
1584                 packageDefinition = getPackages(tmpPropertyStr);
1585                 packageDefinitionValid = true;
1586             }
1587             // Using a snapshot of packageDefinition -- don't care if static
1588             // field changes afterwards; array contents won't change.
1589             pkgs = packageDefinition;
1590         }
1591 
1592         /*
1593          * Traverse the list of packages, check for any matches.
1594          */
1595         for (int i = 0; i < pkgs.length; i++) {
1596             if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1597                 checkPermission(
1598                     new RuntimePermission("defineClassInPackage."+pkg));
1599                 break; // No need to continue; only need to check this once
1600             }
1601         }
1602     }
1603 
1604     /**
1605      * Throws a <code>SecurityException</code> if the
1606      * calling thread is not allowed to set the socket factory used by
1607      * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1608      * handler factory used by <code>URL</code>.
1609      * <p>
1610      * This method calls <code>checkPermission</code> with the
1611      * <code>RuntimePermission("setFactory")</code> permission.
1612      * <p>
1613      * If you override this method, then you should make a call to
1614      * <code>super.checkSetFactory</code>
1615      * at the point the overridden method would normally throw an
1616      * exception.
1617      * <p>
1618      *
1619      * @exception  SecurityException  if the calling thread does not have
1620      *             permission to specify a socket factory or a stream
1621      *             handler factory.
1622      *
1623      * @see        java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1624      * @see        java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1625      * @see        java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1626      * @see        #checkPermission(java.security.Permission) checkPermission
1627      */
1628     public void checkSetFactory() {
1629         checkPermission(new RuntimePermission("setFactory"));
1630     }
1631 
1632     /**
1633      * Throws a <code>SecurityException</code> if the
1634      * calling thread is not allowed to access members.
1635      * <p>
1636      * The default policy is to allow access to PUBLIC members, as well
1637      * as access to classes that have the same class loader as the caller.
1638      * In all other cases, this method calls <code>checkPermission</code>
1639      * with the <code>RuntimePermission("accessDeclaredMembers")
1640      * </code> permission.
1641      * <p>
1642      * If this method is overridden, then a call to
1643      * <code>super.checkMemberAccess</code> cannot be made,
1644      * as the default implementation of <code>checkMemberAccess</code>
1645      * relies on the code being checked being at a stack depth of
1646      * 4.
1647      *
1648      * @param clazz the class that reflection is to be performed on.
1649      *
1650      * @param which type of access, PUBLIC or DECLARED.
1651      *
1652      * @exception  SecurityException if the caller does not have
1653      *             permission to access members.
1654      * @exception  NullPointerException if the <code>clazz</code> argument is
1655      *             <code>null</code>.
1656      * @see java.lang.reflect.Member
1657      * @since JDK1.1
1658      * @see        #checkPermission(java.security.Permission) checkPermission
1659      */
1660     public void checkMemberAccess(Class<?> clazz, int which) {
1661         if (clazz == null) {
1662             throw new NullPointerException("class can't be null");
1663         }
1664         if (which != Member.PUBLIC) {
1665             Class stack[] = getClassContext();
1666             /*
1667              * stack depth of 4 should be the caller of one of the
1668              * methods in java.lang.Class that invoke checkMember
1669              * access. The stack should look like:
1670              *
1671              * someCaller                        [3]
1672              * java.lang.Class.someReflectionAPI [2]
1673              * java.lang.Class.checkMemberAccess [1]
1674              * SecurityManager.checkMemberAccess [0]
1675              *
1676              */
1677             if ((stack.length<4) ||
1678                 (stack[3].getClassLoader() != clazz.getClassLoader())) {
1679                 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1680             }
1681         }
1682     }
1683 
1684     /**
1685      * Determines whether the permission with the specified permission target
1686      * name should be granted or denied.
1687      *
1688      * <p> If the requested permission is allowed, this method returns
1689      * quietly. If denied, a SecurityException is raised.
1690      *
1691      * <p> This method creates a <code>SecurityPermission</code> object for
1692      * the given permission target name and calls <code>checkPermission</code>
1693      * with it.
1694      *
1695      * <p> See the documentation for
1696      * <code>{@link java.security.SecurityPermission}</code> for
1697      * a list of possible permission target names.
1698      *
1699      * <p> If you override this method, then you should make a call to
1700      * <code>super.checkSecurityAccess</code>
1701      * at the point the overridden method would normally throw an
1702      * exception.
1703      *
1704      * @param target the target name of the <code>SecurityPermission</code>.
1705      *
1706      * @exception SecurityException if the calling thread does not have
1707      * permission for the requested access.
1708      * @exception NullPointerException if <code>target</code> is null.
1709      * @exception IllegalArgumentException if <code>target</code> is empty.
1710      *
1711      * @since   JDK1.1
1712      * @see        #checkPermission(java.security.Permission) checkPermission
1713      */
1714     public void checkSecurityAccess(String target) {
1715         checkPermission(new SecurityPermission(target));
1716     }
1717 
1718     private native Class<?> currentLoadedClass0();
1719 
1720     /**
1721      * Returns the thread group into which to instantiate any new
1722      * thread being created at the time this is being called.
1723      * By default, it returns the thread group of the current
1724      * thread. This should be overridden by a specific security
1725      * manager to return the appropriate thread group.
1726      *
1727      * @return  ThreadGroup that new threads are instantiated into
1728      * @since   JDK1.1
1729      * @see     java.lang.ThreadGroup
1730      */
1731     public ThreadGroup getThreadGroup() {
1732         return Thread.currentThread().getThreadGroup();
1733     }
1734 
1735 }