1 /* 2 * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.io.FileDescriptor; 30 import java.io.File; 31 import java.io.FilePermission; 32 import java.awt.AWTPermission; 33 import java.util.PropertyPermission; 34 import java.lang.RuntimePermission; 35 import java.net.SocketPermission; 36 import java.net.NetPermission; 37 import java.util.Hashtable; 38 import java.net.InetAddress; 39 import java.lang.reflect.Member; 40 import java.lang.reflect.*; 41 import java.net.URL; 42 43 import sun.security.util.SecurityConstants; 44 45 /** 46 * The security manager is a class that allows 47 * applications to implement a security policy. It allows an 48 * application to determine, before performing a possibly unsafe or 49 * sensitive operation, what the operation is and whether 50 * it is being attempted in a security context that allows the 51 * operation to be performed. The 52 * application can allow or disallow the operation. 53 * <p> 54 * The <code>SecurityManager</code> class contains many methods with 55 * names that begin with the word <code>check</code>. These methods 56 * are called by various methods in the Java libraries before those 57 * methods perform certain potentially sensitive operations. The 58 * invocation of such a <code>check</code> method typically looks like this: 59 * <p><blockquote><pre> 60 * SecurityManager security = System.getSecurityManager(); 61 * if (security != null) { 62 * security.check<i>XXX</i>(argument, . . . ); 63 * } 64 * </pre></blockquote> 65 * <p> 66 * The security manager is thereby given an opportunity to prevent 67 * completion of the operation by throwing an exception. A security 68 * manager routine simply returns if the operation is permitted, but 69 * throws a <code>SecurityException</code> if the operation is not 70 * permitted. The only exception to this convention is 71 * <code>checkTopLevelWindow</code>, which returns a 72 * <code>boolean</code> value. 73 * <p> 74 * The current security manager is set by the 75 * <code>setSecurityManager</code> method in class 76 * <code>System</code>. The current security manager is obtained 77 * by the <code>getSecurityManager</code> method. 78 * <p> 79 * The special method 80 * {@link SecurityManager#checkPermission(java.security.Permission)} 81 * determines whether an access request indicated by a specified 82 * permission should be granted or denied. The 83 * default implementation calls 84 * 85 * <pre> 86 * AccessController.checkPermission(perm); 87 * </pre> 88 * 89 * <p> 90 * If a requested access is allowed, 91 * <code>checkPermission</code> returns quietly. If denied, a 92 * <code>SecurityException</code> is thrown. 93 * <p> 94 * As of Java 2 SDK v1.2, the default implementation of each of the other 95 * <code>check</code> methods in <code>SecurityManager</code> is to 96 * call the <code>SecurityManager checkPermission</code> method 97 * to determine if the calling thread has permission to perform the requested 98 * operation. 99 * <p> 100 * Note that the <code>checkPermission</code> method with 101 * just a single permission argument always performs security checks 102 * within the context of the currently executing thread. 103 * Sometimes a security check that should be made within a given context 104 * will actually need to be done from within a 105 * <i>different</i> context (for example, from within a worker thread). 106 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 107 * and the {@link SecurityManager#checkPermission(java.security.Permission, 108 * java.lang.Object) checkPermission} 109 * method that includes a context argument are provided 110 * for this situation. The 111 * <code>getSecurityContext</code> method returns a "snapshot" 112 * of the current calling context. (The default implementation 113 * returns an AccessControlContext object.) A sample call is 114 * the following: 115 * 116 * <pre> 117 * Object context = null; 118 * SecurityManager sm = System.getSecurityManager(); 119 * if (sm != null) context = sm.getSecurityContext(); 120 * </pre> 121 * 122 * <p> 123 * The <code>checkPermission</code> method 124 * that takes a context object in addition to a permission 125 * makes access decisions based on that context, 126 * rather than on that of the current execution thread. 127 * Code within a different context can thus call that method, 128 * passing the permission and the 129 * previously-saved context object. A sample call, using the 130 * SecurityManager <code>sm</code> obtained as in the previous example, 131 * is the following: 132 * 133 * <pre> 134 * if (sm != null) sm.checkPermission(permission, context); 135 * </pre> 136 * 137 * <p>Permissions fall into these categories: File, Socket, Net, 138 * Security, Runtime, Property, AWT, Reflect, and Serializable. 139 * The classes managing these various 140 * permission categories are <code>java.io.FilePermission</code>, 141 * <code>java.net.SocketPermission</code>, 142 * <code>java.net.NetPermission</code>, 143 * <code>java.security.SecurityPermission</code>, 144 * <code>java.lang.RuntimePermission</code>, 145 * <code>java.util.PropertyPermission</code>, 146 * <code>java.awt.AWTPermission</code>, 147 * <code>java.lang.reflect.ReflectPermission</code>, and 148 * <code>java.io.SerializablePermission</code>. 149 * 150 * <p>All but the first two (FilePermission and SocketPermission) are 151 * subclasses of <code>java.security.BasicPermission</code>, which itself 152 * is an abstract subclass of the 153 * top-level class for permissions, which is 154 * <code>java.security.Permission</code>. BasicPermission defines the 155 * functionality needed for all permissions that contain a name 156 * that follows the hierarchical property naming convention 157 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 158 * An asterisk 159 * may appear at the end of the name, following a ".", or by itself, to 160 * signify a wildcard match. For example: "a.*" or "*" is valid, 161 * "*a" or "a*b" is not valid. 162 * 163 * <p>FilePermission and SocketPermission are subclasses of the 164 * top-level class for permissions 165 * (<code>java.security.Permission</code>). Classes like these 166 * that have a more complicated name syntax than that used by 167 * BasicPermission subclass directly from Permission rather than from 168 * BasicPermission. For example, 169 * for a <code>java.io.FilePermission</code> object, the permission name is 170 * the path name of a file (or directory). 171 * 172 * <p>Some of the permission classes have an "actions" list that tells 173 * the actions that are permitted for the object. For example, 174 * for a <code>java.io.FilePermission</code> object, the actions list 175 * (such as "read, write") specifies which actions are granted for the 176 * specified file (or for files in the specified directory). 177 * 178 * <p>Other permission classes are for "named" permissions - 179 * ones that contain a name but no actions list; you either have the 180 * named permission or you don't. 181 * 182 * <p>Note: There is also a <code>java.security.AllPermission</code> 183 * permission that implies all permissions. It exists to simplify the work 184 * of system administrators who might need to perform multiple 185 * tasks that require all (or numerous) permissions. 186 * <p> 187 * See <a href ="../../../technotes/guides/security/permissions.html"> 188 * Permissions in the JDK</a> for permission-related information. 189 * This document includes, for example, a table listing the various SecurityManager 190 * <code>check</code> methods and the permission(s) the default 191 * implementation of each such method requires. 192 * It also contains a table of all the version 1.2 methods 193 * that require permissions, and for each such method tells 194 * which permission it requires. 195 * <p> 196 * For more information about <code>SecurityManager</code> changes made in 197 * the JDK and advice regarding porting of 1.1-style security managers, 198 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>. 199 * 200 * @author Arthur van Hoff 201 * @author Roland Schemers 202 * 203 * @see java.lang.ClassLoader 204 * @see java.lang.SecurityException 205 * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object) 206 * checkTopLevelWindow 207 * @see java.lang.System#getSecurityManager() getSecurityManager 208 * @see java.lang.System#setSecurityManager(java.lang.SecurityManager) 209 * setSecurityManager 210 * @see java.security.AccessController AccessController 211 * @see java.security.AccessControlContext AccessControlContext 212 * @see java.security.AccessControlException AccessControlException 213 * @see java.security.Permission 214 * @see java.security.BasicPermission 215 * @see java.io.FilePermission 216 * @see java.net.SocketPermission 217 * @see java.util.PropertyPermission 218 * @see java.lang.RuntimePermission 219 * @see java.awt.AWTPermission 220 * @see java.security.Policy Policy 221 * @see java.security.SecurityPermission SecurityPermission 222 * @see java.security.ProtectionDomain 223 * 224 * @since JDK1.0 225 */ 226 public 227 class SecurityManager { 228 229 /** 230 * This field is <code>true</code> if there is a security check in 231 * progress; <code>false</code> otherwise. 232 * 233 * @deprecated This type of security checking is not recommended. 234 * It is recommended that the <code>checkPermission</code> 235 * call be used instead. 236 */ 237 @Deprecated 238 protected boolean inCheck; 239 240 /* 241 * Have we been initialized. Effective against finalizer attacks. 242 */ 243 private boolean initialized = false; 244 245 246 /** 247 * returns true if the current context has been granted AllPermission 248 */ 249 private boolean hasAllPermission() 250 { 251 try { 252 checkPermission(SecurityConstants.ALL_PERMISSION); 253 return true; 254 } catch (SecurityException se) { 255 return false; 256 } 257 } 258 259 /** 260 * Tests if there is a security check in progress. 261 * 262 * @return the value of the <code>inCheck</code> field. This field 263 * should contain <code>true</code> if a security check is 264 * in progress, 265 * <code>false</code> otherwise. 266 * @see java.lang.SecurityManager#inCheck 267 * @deprecated This type of security checking is not recommended. 268 * It is recommended that the <code>checkPermission</code> 269 * call be used instead. 270 */ 271 @Deprecated 272 public boolean getInCheck() { 273 return inCheck; 274 } 275 276 /** 277 * Constructs a new <code>SecurityManager</code>. 278 * 279 * <p> If there is a security manager already installed, this method first 280 * calls the security manager's <code>checkPermission</code> method 281 * with the <code>RuntimePermission("createSecurityManager")</code> 282 * permission to ensure the calling thread has permission to create a new 283 * security manager. 284 * This may result in throwing a <code>SecurityException</code>. 285 * 286 * @exception java.lang.SecurityException if a security manager already 287 * exists and its <code>checkPermission</code> method 288 * doesn't allow creation of a new security manager. 289 * @see java.lang.System#getSecurityManager() 290 * @see #checkPermission(java.security.Permission) checkPermission 291 * @see java.lang.RuntimePermission 292 */ 293 public SecurityManager() { 294 synchronized(SecurityManager.class) { 295 SecurityManager sm = System.getSecurityManager(); 296 if (sm != null) { 297 // ask the currently installed security manager if we 298 // can create a new one. 299 sm.checkPermission(new RuntimePermission 300 ("createSecurityManager")); 301 } 302 initialized = true; 303 } 304 } 305 306 /** 307 * Returns the current execution stack as an array of classes. 308 * <p> 309 * The length of the array is the number of methods on the execution 310 * stack. The element at index <code>0</code> is the class of the 311 * currently executing method, the element at index <code>1</code> is 312 * the class of that method's caller, and so on. 313 * 314 * @return the execution stack. 315 */ 316 protected native Class[] getClassContext(); 317 318 /** 319 * Returns the class loader of the most recently executing method from 320 * a class defined using a non-system class loader. A non-system 321 * class loader is defined as being a class loader that is not equal to 322 * the system class loader (as returned 323 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 324 * <p> 325 * This method will return 326 * <code>null</code> in the following three cases:<p> 327 * <ol> 328 * <li>All methods on the execution stack are from classes 329 * defined using the system class loader or one of its ancestors. 330 * 331 * <li>All methods on the execution stack up to the first 332 * "privileged" caller 333 * (see {@link java.security.AccessController#doPrivileged}) 334 * are from classes 335 * defined using the system class loader or one of its ancestors. 336 * 337 * <li> A call to <code>checkPermission</code> with 338 * <code>java.security.AllPermission</code> does not 339 * result in a SecurityException. 340 * 341 * </ol> 342 * 343 * @return the class loader of the most recent occurrence on the stack 344 * of a method from a class defined using a non-system class 345 * loader. 346 * 347 * @deprecated This type of security checking is not recommended. 348 * It is recommended that the <code>checkPermission</code> 349 * call be used instead. 350 * 351 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 352 * @see #checkPermission(java.security.Permission) checkPermission 353 */ 354 @Deprecated 355 protected ClassLoader currentClassLoader() 356 { 357 ClassLoader cl = currentClassLoader0(); 358 if ((cl != null) && hasAllPermission()) 359 cl = null; 360 return cl; 361 } 362 363 private native ClassLoader currentClassLoader0(); 364 365 /** 366 * Returns the class of the most recently executing method from 367 * a class defined using a non-system class loader. A non-system 368 * class loader is defined as being a class loader that is not equal to 369 * the system class loader (as returned 370 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 371 * <p> 372 * This method will return 373 * <code>null</code> in the following three cases:<p> 374 * <ol> 375 * <li>All methods on the execution stack are from classes 376 * defined using the system class loader or one of its ancestors. 377 * 378 * <li>All methods on the execution stack up to the first 379 * "privileged" caller 380 * (see {@link java.security.AccessController#doPrivileged}) 381 * are from classes 382 * defined using the system class loader or one of its ancestors. 383 * 384 * <li> A call to <code>checkPermission</code> with 385 * <code>java.security.AllPermission</code> does not 386 * result in a SecurityException. 387 * 388 * </ol> 389 * 390 * @return the class of the most recent occurrence on the stack 391 * of a method from a class defined using a non-system class 392 * loader. 393 * 394 * @deprecated This type of security checking is not recommended. 395 * It is recommended that the <code>checkPermission</code> 396 * call be used instead. 397 * 398 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 399 * @see #checkPermission(java.security.Permission) checkPermission 400 */ 401 @Deprecated 402 protected Class<?> currentLoadedClass() { 403 Class<?> c = currentLoadedClass0(); 404 if ((c != null) && hasAllPermission()) 405 c = null; 406 return c; 407 } 408 409 /** 410 * Returns the stack depth of the specified class. 411 * 412 * @param name the fully qualified name of the class to search for. 413 * @return the depth on the stack frame of the first occurrence of a 414 * method from a class with the specified name; 415 * <code>-1</code> if such a frame cannot be found. 416 * @deprecated This type of security checking is not recommended. 417 * It is recommended that the <code>checkPermission</code> 418 * call be used instead. 419 * 420 */ 421 @Deprecated 422 protected native int classDepth(String name); 423 424 /** 425 * Returns the stack depth of the most recently executing method 426 * from a class defined using a non-system class loader. A non-system 427 * class loader is defined as being a class loader that is not equal to 428 * the system class loader (as returned 429 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 430 * <p> 431 * This method will return 432 * -1 in the following three cases:<p> 433 * <ol> 434 * <li>All methods on the execution stack are from classes 435 * defined using the system class loader or one of its ancestors. 436 * 437 * <li>All methods on the execution stack up to the first 438 * "privileged" caller 439 * (see {@link java.security.AccessController#doPrivileged}) 440 * are from classes 441 * defined using the system class loader or one of its ancestors. 442 * 443 * <li> A call to <code>checkPermission</code> with 444 * <code>java.security.AllPermission</code> does not 445 * result in a SecurityException. 446 * 447 * </ol> 448 * 449 * @return the depth on the stack frame of the most recent occurrence of 450 * a method from a class defined using a non-system class loader. 451 * 452 * @deprecated This type of security checking is not recommended. 453 * It is recommended that the <code>checkPermission</code> 454 * call be used instead. 455 * 456 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 457 * @see #checkPermission(java.security.Permission) checkPermission 458 */ 459 @Deprecated 460 protected int classLoaderDepth() 461 { 462 int depth = classLoaderDepth0(); 463 if (depth != -1) { 464 if (hasAllPermission()) 465 depth = -1; 466 else 467 depth--; // make sure we don't include ourself 468 } 469 return depth; 470 } 471 472 private native int classLoaderDepth0(); 473 474 /** 475 * Tests if a method from a class with the specified 476 * name is on the execution stack. 477 * 478 * @param name the fully qualified name of the class. 479 * @return <code>true</code> if a method from a class with the specified 480 * name is on the execution stack; <code>false</code> otherwise. 481 * @deprecated This type of security checking is not recommended. 482 * It is recommended that the <code>checkPermission</code> 483 * call be used instead. 484 */ 485 @Deprecated 486 protected boolean inClass(String name) { 487 return classDepth(name) >= 0; 488 } 489 490 /** 491 * Basically, tests if a method from a class defined using a 492 * class loader is on the execution stack. 493 * 494 * @return <code>true</code> if a call to <code>currentClassLoader</code> 495 * has a non-null return value. 496 * 497 * @deprecated This type of security checking is not recommended. 498 * It is recommended that the <code>checkPermission</code> 499 * call be used instead. 500 * @see #currentClassLoader() currentClassLoader 501 */ 502 @Deprecated 503 protected boolean inClassLoader() { 504 return currentClassLoader() != null; 505 } 506 507 /** 508 * Creates an object that encapsulates the current execution 509 * environment. The result of this method is used, for example, by the 510 * three-argument <code>checkConnect</code> method and by the 511 * two-argument <code>checkRead</code> method. 512 * These methods are needed because a trusted method may be called 513 * on to read a file or open a socket on behalf of another method. 514 * The trusted method needs to determine if the other (possibly 515 * untrusted) method would be allowed to perform the operation on its 516 * own. 517 * <p> The default implementation of this method is to return 518 * an <code>AccessControlContext</code> object. 519 * 520 * @return an implementation-dependent object that encapsulates 521 * sufficient information about the current execution environment 522 * to perform some security checks later. 523 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, 524 * java.lang.Object) checkConnect 525 * @see java.lang.SecurityManager#checkRead(java.lang.String, 526 * java.lang.Object) checkRead 527 * @see java.security.AccessControlContext AccessControlContext 528 */ 529 public Object getSecurityContext() { 530 return AccessController.getContext(); 531 } 532 533 /** 534 * Throws a <code>SecurityException</code> if the requested 535 * access, specified by the given permission, is not permitted based 536 * on the security policy currently in effect. 537 * <p> 538 * This method calls <code>AccessController.checkPermission</code> 539 * with the given permission. 540 * 541 * @param perm the requested permission. 542 * @exception SecurityException if access is not permitted based on 543 * the current security policy. 544 * @exception NullPointerException if the permission argument is 545 * <code>null</code>. 546 * @since 1.2 547 */ 548 public void checkPermission(Permission perm) { 549 java.security.AccessController.checkPermission(perm); 550 } 551 552 /** 553 * Throws a <code>SecurityException</code> if the 554 * specified security context is denied access to the resource 555 * specified by the given permission. 556 * The context must be a security 557 * context returned by a previous call to 558 * <code>getSecurityContext</code> and the access control 559 * decision is based upon the configured security policy for 560 * that security context. 561 * <p> 562 * If <code>context</code> is an instance of 563 * <code>AccessControlContext</code> then the 564 * <code>AccessControlContext.checkPermission</code> method is 565 * invoked with the specified permission. 566 * <p> 567 * If <code>context</code> is not an instance of 568 * <code>AccessControlContext</code> then a 569 * <code>SecurityException</code> is thrown. 570 * 571 * @param perm the specified permission 572 * @param context a system-dependent security context. 573 * @exception SecurityException if the specified security context 574 * is not an instance of <code>AccessControlContext</code> 575 * (e.g., is <code>null</code>), or is denied access to the 576 * resource specified by the given permission. 577 * @exception NullPointerException if the permission argument is 578 * <code>null</code>. 579 * @see java.lang.SecurityManager#getSecurityContext() 580 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 581 * @since 1.2 582 */ 583 public void checkPermission(Permission perm, Object context) { 584 if (context instanceof AccessControlContext) { 585 ((AccessControlContext)context).checkPermission(perm); 586 } else { 587 throw new SecurityException(); 588 } 589 } 590 591 /** 592 * Throws a <code>SecurityException</code> if the 593 * calling thread is not allowed to create a new class loader. 594 * <p> 595 * This method calls <code>checkPermission</code> with the 596 * <code>RuntimePermission("createClassLoader")</code> 597 * permission. 598 * <p> 599 * If you override this method, then you should make a call to 600 * <code>super.checkCreateClassLoader</code> 601 * at the point the overridden method would normally throw an 602 * exception. 603 * 604 * @exception SecurityException if the calling thread does not 605 * have permission 606 * to create a new class loader. 607 * @see java.lang.ClassLoader#ClassLoader() 608 * @see #checkPermission(java.security.Permission) checkPermission 609 */ 610 public void checkCreateClassLoader() { 611 checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); 612 } 613 614 /** 615 * reference to the root thread group, used for the checkAccess 616 * methods. 617 */ 618 619 private static ThreadGroup rootGroup = getRootGroup(); 620 621 private static ThreadGroup getRootGroup() { 622 ThreadGroup root = Thread.currentThread().getThreadGroup(); 623 while (root.getParent() != null) { 624 root = root.getParent(); 625 } 626 return root; 627 } 628 629 /** 630 * Throws a <code>SecurityException</code> if the 631 * calling thread is not allowed to modify the thread argument. 632 * <p> 633 * This method is invoked for the current security manager by the 634 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 635 * <code>setPriority</code>, <code>setName</code>, and 636 * <code>setDaemon</code> methods of class <code>Thread</code>. 637 * <p> 638 * If the thread argument is a system thread (belongs to 639 * the thread group with a <code>null</code> parent) then 640 * this method calls <code>checkPermission</code> with the 641 * <code>RuntimePermission("modifyThread")</code> permission. 642 * If the thread argument is <i>not</i> a system thread, 643 * this method just returns silently. 644 * <p> 645 * Applications that want a stricter policy should override this 646 * method. If this method is overridden, the method that overrides 647 * it should additionally check to see if the calling thread has the 648 * <code>RuntimePermission("modifyThread")</code> permission, and 649 * if so, return silently. This is to ensure that code granted 650 * that permission (such as the JDK itself) is allowed to 651 * manipulate any thread. 652 * <p> 653 * If this method is overridden, then 654 * <code>super.checkAccess</code> should 655 * be called by the first statement in the overridden method, or the 656 * equivalent security check should be placed in the overridden method. 657 * 658 * @param t the thread to be checked. 659 * @exception SecurityException if the calling thread does not have 660 * permission to modify the thread. 661 * @exception NullPointerException if the thread argument is 662 * <code>null</code>. 663 * @see java.lang.Thread#resume() resume 664 * @see java.lang.Thread#setDaemon(boolean) setDaemon 665 * @see java.lang.Thread#setName(java.lang.String) setName 666 * @see java.lang.Thread#setPriority(int) setPriority 667 * @see java.lang.Thread#stop() stop 668 * @see java.lang.Thread#suspend() suspend 669 * @see #checkPermission(java.security.Permission) checkPermission 670 */ 671 public void checkAccess(Thread t) { 672 if (t == null) { 673 throw new NullPointerException("thread can't be null"); 674 } 675 if (t.getThreadGroup() == rootGroup) { 676 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); 677 } else { 678 // just return 679 } 680 } 681 /** 682 * Throws a <code>SecurityException</code> if the 683 * calling thread is not allowed to modify the thread group argument. 684 * <p> 685 * This method is invoked for the current security manager when a 686 * new child thread or child thread group is created, and by the 687 * <code>setDaemon</code>, <code>setMaxPriority</code>, 688 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 689 * <code>destroy</code> methods of class <code>ThreadGroup</code>. 690 * <p> 691 * If the thread group argument is the system thread group ( 692 * has a <code>null</code> parent) then 693 * this method calls <code>checkPermission</code> with the 694 * <code>RuntimePermission("modifyThreadGroup")</code> permission. 695 * If the thread group argument is <i>not</i> the system thread group, 696 * this method just returns silently. 697 * <p> 698 * Applications that want a stricter policy should override this 699 * method. If this method is overridden, the method that overrides 700 * it should additionally check to see if the calling thread has the 701 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and 702 * if so, return silently. This is to ensure that code granted 703 * that permission (such as the JDK itself) is allowed to 704 * manipulate any thread. 705 * <p> 706 * If this method is overridden, then 707 * <code>super.checkAccess</code> should 708 * be called by the first statement in the overridden method, or the 709 * equivalent security check should be placed in the overridden method. 710 * 711 * @param g the thread group to be checked. 712 * @exception SecurityException if the calling thread does not have 713 * permission to modify the thread group. 714 * @exception NullPointerException if the thread group argument is 715 * <code>null</code>. 716 * @see java.lang.ThreadGroup#destroy() destroy 717 * @see java.lang.ThreadGroup#resume() resume 718 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon 719 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority 720 * @see java.lang.ThreadGroup#stop() stop 721 * @see java.lang.ThreadGroup#suspend() suspend 722 * @see #checkPermission(java.security.Permission) checkPermission 723 */ 724 public void checkAccess(ThreadGroup g) { 725 if (g == null) { 726 throw new NullPointerException("thread group can't be null"); 727 } 728 if (g == rootGroup) { 729 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 730 } else { 731 // just return 732 } 733 } 734 735 /** 736 * Throws a <code>SecurityException</code> if the 737 * calling thread is not allowed to cause the Java Virtual Machine to 738 * halt with the specified status code. 739 * <p> 740 * This method is invoked for the current security manager by the 741 * <code>exit</code> method of class <code>Runtime</code>. A status 742 * of <code>0</code> indicates success; other values indicate various 743 * errors. 744 * <p> 745 * This method calls <code>checkPermission</code> with the 746 * <code>RuntimePermission("exitVM."+status)</code> permission. 747 * <p> 748 * If you override this method, then you should make a call to 749 * <code>super.checkExit</code> 750 * at the point the overridden method would normally throw an 751 * exception. 752 * 753 * @param status the exit status. 754 * @exception SecurityException if the calling thread does not have 755 * permission to halt the Java Virtual Machine with 756 * the specified status. 757 * @see java.lang.Runtime#exit(int) exit 758 * @see #checkPermission(java.security.Permission) checkPermission 759 */ 760 public void checkExit(int status) { 761 checkPermission(new RuntimePermission("exitVM."+status)); 762 } 763 764 /** 765 * Throws a <code>SecurityException</code> if the 766 * calling thread is not allowed to create a subprocess. 767 * <p> 768 * This method is invoked for the current security manager by the 769 * <code>exec</code> methods of class <code>Runtime</code>. 770 * <p> 771 * This method calls <code>checkPermission</code> with the 772 * <code>FilePermission(cmd,"execute")</code> permission 773 * if cmd is an absolute path, otherwise it calls 774 * <code>checkPermission</code> with 775 * <code>FilePermission("<<ALL FILES>>","execute")</code>. 776 * <p> 777 * If you override this method, then you should make a call to 778 * <code>super.checkExec</code> 779 * at the point the overridden method would normally throw an 780 * exception. 781 * 782 * @param cmd the specified system command. 783 * @exception SecurityException if the calling thread does not have 784 * permission to create a subprocess. 785 * @exception NullPointerException if the <code>cmd</code> argument is 786 * <code>null</code>. 787 * @see java.lang.Runtime#exec(java.lang.String) 788 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) 789 * @see java.lang.Runtime#exec(java.lang.String[]) 790 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) 791 * @see #checkPermission(java.security.Permission) checkPermission 792 */ 793 public void checkExec(String cmd) { 794 File f = new File(cmd); 795 if (f.isAbsolute()) { 796 checkPermission(new FilePermission(cmd, 797 SecurityConstants.FILE_EXECUTE_ACTION)); 798 } else { 799 checkPermission(new FilePermission("<<ALL FILES>>", 800 SecurityConstants.FILE_EXECUTE_ACTION)); 801 } 802 } 803 804 /** 805 * Throws a <code>SecurityException</code> if the 806 * calling thread is not allowed to dynamic link the library code 807 * specified by the string argument file. The argument is either a 808 * simple library name or a complete filename. 809 * <p> 810 * This method is invoked for the current security manager by 811 * methods <code>load</code> and <code>loadLibrary</code> of class 812 * <code>Runtime</code>. 813 * <p> 814 * This method calls <code>checkPermission</code> with the 815 * <code>RuntimePermission("loadLibrary."+lib)</code> permission. 816 * <p> 817 * If you override this method, then you should make a call to 818 * <code>super.checkLink</code> 819 * at the point the overridden method would normally throw an 820 * exception. 821 * 822 * @param lib the name of the library. 823 * @exception SecurityException if the calling thread does not have 824 * permission to dynamically link the library. 825 * @exception NullPointerException if the <code>lib</code> argument is 826 * <code>null</code>. 827 * @see java.lang.Runtime#load(java.lang.String) 828 * @see java.lang.Runtime#loadLibrary(java.lang.String) 829 * @see #checkPermission(java.security.Permission) checkPermission 830 */ 831 public void checkLink(String lib) { 832 if (lib == null) { 833 throw new NullPointerException("library can't be null"); 834 } 835 checkPermission(new RuntimePermission("loadLibrary."+lib)); 836 } 837 838 /** 839 * Throws a <code>SecurityException</code> if the 840 * calling thread is not allowed to read from the specified file 841 * descriptor. 842 * <p> 843 * This method calls <code>checkPermission</code> with the 844 * <code>RuntimePermission("readFileDescriptor")</code> 845 * permission. 846 * <p> 847 * If you override this method, then you should make a call to 848 * <code>super.checkRead</code> 849 * at the point the overridden method would normally throw an 850 * exception. 851 * 852 * @param fd the system-dependent file descriptor. 853 * @exception SecurityException if the calling thread does not have 854 * permission to access the specified file descriptor. 855 * @exception NullPointerException if the file descriptor argument is 856 * <code>null</code>. 857 * @see java.io.FileDescriptor 858 * @see #checkPermission(java.security.Permission) checkPermission 859 */ 860 public void checkRead(FileDescriptor fd) { 861 if (fd == null) { 862 throw new NullPointerException("file descriptor can't be null"); 863 } 864 checkPermission(new RuntimePermission("readFileDescriptor")); 865 } 866 867 /** 868 * Throws a <code>SecurityException</code> if the 869 * calling thread is not allowed to read the file specified by the 870 * string argument. 871 * <p> 872 * This method calls <code>checkPermission</code> with the 873 * <code>FilePermission(file,"read")</code> permission. 874 * <p> 875 * If you override this method, then you should make a call to 876 * <code>super.checkRead</code> 877 * at the point the overridden method would normally throw an 878 * exception. 879 * 880 * @param file the system-dependent file name. 881 * @exception SecurityException if the calling thread does not have 882 * permission to access the specified file. 883 * @exception NullPointerException if the <code>file</code> argument is 884 * <code>null</code>. 885 * @see #checkPermission(java.security.Permission) checkPermission 886 */ 887 public void checkRead(String file) { 888 checkPermission(new FilePermission(file, 889 SecurityConstants.FILE_READ_ACTION)); 890 } 891 892 /** 893 * Throws a <code>SecurityException</code> if the 894 * specified security context is not allowed to read the file 895 * specified by the string argument. The context must be a security 896 * context returned by a previous call to 897 * <code>getSecurityContext</code>. 898 * <p> If <code>context</code> is an instance of 899 * <code>AccessControlContext</code> then the 900 * <code>AccessControlContext.checkPermission</code> method will 901 * be invoked with the <code>FilePermission(file,"read")</code> permission. 902 * <p> If <code>context</code> is not an instance of 903 * <code>AccessControlContext</code> then a 904 * <code>SecurityException</code> is thrown. 905 * <p> 906 * If you override this method, then you should make a call to 907 * <code>super.checkRead</code> 908 * at the point the overridden method would normally throw an 909 * exception. 910 * 911 * @param file the system-dependent filename. 912 * @param context a system-dependent security context. 913 * @exception SecurityException if the specified security context 914 * is not an instance of <code>AccessControlContext</code> 915 * (e.g., is <code>null</code>), or does not have permission 916 * to read the specified file. 917 * @exception NullPointerException if the <code>file</code> argument is 918 * <code>null</code>. 919 * @see java.lang.SecurityManager#getSecurityContext() 920 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 921 */ 922 public void checkRead(String file, Object context) { 923 checkPermission( 924 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), 925 context); 926 } 927 928 /** 929 * Throws a <code>SecurityException</code> if the 930 * calling thread is not allowed to write to the specified file 931 * descriptor. 932 * <p> 933 * This method calls <code>checkPermission</code> with the 934 * <code>RuntimePermission("writeFileDescriptor")</code> 935 * permission. 936 * <p> 937 * If you override this method, then you should make a call to 938 * <code>super.checkWrite</code> 939 * at the point the overridden method would normally throw an 940 * exception. 941 * 942 * @param fd the system-dependent file descriptor. 943 * @exception SecurityException if the calling thread does not have 944 * permission to access the specified file descriptor. 945 * @exception NullPointerException if the file descriptor argument is 946 * <code>null</code>. 947 * @see java.io.FileDescriptor 948 * @see #checkPermission(java.security.Permission) checkPermission 949 */ 950 public void checkWrite(FileDescriptor fd) { 951 if (fd == null) { 952 throw new NullPointerException("file descriptor can't be null"); 953 } 954 checkPermission(new RuntimePermission("writeFileDescriptor")); 955 956 } 957 958 /** 959 * Throws a <code>SecurityException</code> if the 960 * calling thread is not allowed to write to the file specified by 961 * the string argument. 962 * <p> 963 * This method calls <code>checkPermission</code> with the 964 * <code>FilePermission(file,"write")</code> permission. 965 * <p> 966 * If you override this method, then you should make a call to 967 * <code>super.checkWrite</code> 968 * at the point the overridden method would normally throw an 969 * exception. 970 * 971 * @param file the system-dependent filename. 972 * @exception SecurityException if the calling thread does not 973 * have permission to access the specified file. 974 * @exception NullPointerException if the <code>file</code> argument is 975 * <code>null</code>. 976 * @see #checkPermission(java.security.Permission) checkPermission 977 */ 978 public void checkWrite(String file) { 979 checkPermission(new FilePermission(file, 980 SecurityConstants.FILE_WRITE_ACTION)); 981 } 982 983 /** 984 * Throws a <code>SecurityException</code> if the 985 * calling thread is not allowed to delete the specified file. 986 * <p> 987 * This method is invoked for the current security manager by the 988 * <code>delete</code> method of class <code>File</code>. 989 * <p> 990 * This method calls <code>checkPermission</code> with the 991 * <code>FilePermission(file,"delete")</code> permission. 992 * <p> 993 * If you override this method, then you should make a call to 994 * <code>super.checkDelete</code> 995 * at the point the overridden method would normally throw an 996 * exception. 997 * 998 * @param file the system-dependent filename. 999 * @exception SecurityException if the calling thread does not 1000 * have permission to delete the file. 1001 * @exception NullPointerException if the <code>file</code> argument is 1002 * <code>null</code>. 1003 * @see java.io.File#delete() 1004 * @see #checkPermission(java.security.Permission) checkPermission 1005 */ 1006 public void checkDelete(String file) { 1007 checkPermission(new FilePermission(file, 1008 SecurityConstants.FILE_DELETE_ACTION)); 1009 } 1010 1011 /** 1012 * Throws a <code>SecurityException</code> if the 1013 * calling thread is not allowed to open a socket connection to the 1014 * specified host and port number. 1015 * <p> 1016 * A port number of <code>-1</code> indicates that the calling 1017 * method is attempting to determine the IP address of the specified 1018 * host name. 1019 * <p> 1020 * This method calls <code>checkPermission</code> with the 1021 * <code>SocketPermission(host+":"+port,"connect")</code> permission if 1022 * the port is not equal to -1. If the port is equal to -1, then 1023 * it calls <code>checkPermission</code> with the 1024 * <code>SocketPermission(host,"resolve")</code> permission. 1025 * <p> 1026 * If you override this method, then you should make a call to 1027 * <code>super.checkConnect</code> 1028 * at the point the overridden method would normally throw an 1029 * exception. 1030 * 1031 * @param host the host name port to connect to. 1032 * @param port the protocol port to connect to. 1033 * @exception SecurityException if the calling thread does not have 1034 * permission to open a socket connection to the specified 1035 * <code>host</code> and <code>port</code>. 1036 * @exception NullPointerException if the <code>host</code> argument is 1037 * <code>null</code>. 1038 * @see #checkPermission(java.security.Permission) checkPermission 1039 */ 1040 public void checkConnect(String host, int port) { 1041 if (host == null) { 1042 throw new NullPointerException("host can't be null"); 1043 } 1044 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1045 host = "[" + host + "]"; 1046 } 1047 if (port == -1) { 1048 checkPermission(new SocketPermission(host, 1049 SecurityConstants.SOCKET_RESOLVE_ACTION)); 1050 } else { 1051 checkPermission(new SocketPermission(host+":"+port, 1052 SecurityConstants.SOCKET_CONNECT_ACTION)); 1053 } 1054 } 1055 1056 /** 1057 * Throws a <code>SecurityException</code> if the 1058 * specified security context is not allowed to open a socket 1059 * connection to the specified host and port number. 1060 * <p> 1061 * A port number of <code>-1</code> indicates that the calling 1062 * method is attempting to determine the IP address of the specified 1063 * host name. 1064 * <p> If <code>context</code> is not an instance of 1065 * <code>AccessControlContext</code> then a 1066 * <code>SecurityException</code> is thrown. 1067 * <p> 1068 * Otherwise, the port number is checked. If it is not equal 1069 * to -1, the <code>context</code>'s <code>checkPermission</code> 1070 * method is called with a 1071 * <code>SocketPermission(host+":"+port,"connect")</code> permission. 1072 * If the port is equal to -1, then 1073 * the <code>context</code>'s <code>checkPermission</code> method 1074 * is called with a 1075 * <code>SocketPermission(host,"resolve")</code> permission. 1076 * <p> 1077 * If you override this method, then you should make a call to 1078 * <code>super.checkConnect</code> 1079 * at the point the overridden method would normally throw an 1080 * exception. 1081 * 1082 * @param host the host name port to connect to. 1083 * @param port the protocol port to connect to. 1084 * @param context a system-dependent security context. 1085 * @exception SecurityException if the specified security context 1086 * is not an instance of <code>AccessControlContext</code> 1087 * (e.g., is <code>null</code>), or does not have permission 1088 * to open a socket connection to the specified 1089 * <code>host</code> and <code>port</code>. 1090 * @exception NullPointerException if the <code>host</code> argument is 1091 * <code>null</code>. 1092 * @see java.lang.SecurityManager#getSecurityContext() 1093 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 1094 */ 1095 public void checkConnect(String host, int port, Object context) { 1096 if (host == null) { 1097 throw new NullPointerException("host can't be null"); 1098 } 1099 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1100 host = "[" + host + "]"; 1101 } 1102 if (port == -1) 1103 checkPermission(new SocketPermission(host, 1104 SecurityConstants.SOCKET_RESOLVE_ACTION), 1105 context); 1106 else 1107 checkPermission(new SocketPermission(host+":"+port, 1108 SecurityConstants.SOCKET_CONNECT_ACTION), 1109 context); 1110 } 1111 1112 /** 1113 * Throws a <code>SecurityException</code> if the 1114 * calling thread is not allowed to wait for a connection request on 1115 * the specified local port number. 1116 * <p> 1117 * If port is not 0, this method calls 1118 * <code>checkPermission</code> with the 1119 * <code>SocketPermission("localhost:"+port,"listen")</code>. 1120 * If port is zero, this method calls <code>checkPermission</code> 1121 * with <code>SocketPermission("localhost:1024-","listen").</code> 1122 * <p> 1123 * If you override this method, then you should make a call to 1124 * <code>super.checkListen</code> 1125 * at the point the overridden method would normally throw an 1126 * exception. 1127 * 1128 * @param port the local port. 1129 * @exception SecurityException if the calling thread does not have 1130 * permission to listen on the specified port. 1131 * @see #checkPermission(java.security.Permission) checkPermission 1132 */ 1133 public void checkListen(int port) { 1134 if (port == 0) { 1135 checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION); 1136 } else { 1137 checkPermission(new SocketPermission("localhost:"+port, 1138 SecurityConstants.SOCKET_LISTEN_ACTION)); 1139 } 1140 } 1141 1142 /** 1143 * Throws a <code>SecurityException</code> if the 1144 * calling thread is not permitted to accept a socket connection from 1145 * the specified host and port number. 1146 * <p> 1147 * This method is invoked for the current security manager by the 1148 * <code>accept</code> method of class <code>ServerSocket</code>. 1149 * <p> 1150 * This method calls <code>checkPermission</code> with the 1151 * <code>SocketPermission(host+":"+port,"accept")</code> permission. 1152 * <p> 1153 * If you override this method, then you should make a call to 1154 * <code>super.checkAccept</code> 1155 * at the point the overridden method would normally throw an 1156 * exception. 1157 * 1158 * @param host the host name of the socket connection. 1159 * @param port the port number of the socket connection. 1160 * @exception SecurityException if the calling thread does not have 1161 * permission to accept the connection. 1162 * @exception NullPointerException if the <code>host</code> argument is 1163 * <code>null</code>. 1164 * @see java.net.ServerSocket#accept() 1165 * @see #checkPermission(java.security.Permission) checkPermission 1166 */ 1167 public void checkAccept(String host, int port) { 1168 if (host == null) { 1169 throw new NullPointerException("host can't be null"); 1170 } 1171 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1172 host = "[" + host + "]"; 1173 } 1174 checkPermission(new SocketPermission(host+":"+port, 1175 SecurityConstants.SOCKET_ACCEPT_ACTION)); 1176 } 1177 1178 /** 1179 * Throws a <code>SecurityException</code> if the 1180 * calling thread is not allowed to use 1181 * (join/leave/send/receive) IP multicast. 1182 * <p> 1183 * This method calls <code>checkPermission</code> with the 1184 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1185 * "accept,connect")</code> permission. 1186 * <p> 1187 * If you override this method, then you should make a call to 1188 * <code>super.checkMulticast</code> 1189 * at the point the overridden method would normally throw an 1190 * exception. 1191 * 1192 * @param maddr Internet group address to be used. 1193 * @exception SecurityException if the calling thread is not allowed to 1194 * use (join/leave/send/receive) IP multicast. 1195 * @exception NullPointerException if the address argument is 1196 * <code>null</code>. 1197 * @since JDK1.1 1198 * @see #checkPermission(java.security.Permission) checkPermission 1199 */ 1200 public void checkMulticast(InetAddress maddr) { 1201 String host = maddr.getHostAddress(); 1202 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1203 host = "[" + host + "]"; 1204 } 1205 checkPermission(new SocketPermission(host, 1206 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1207 } 1208 1209 /** 1210 * Throws a <code>SecurityException</code> if the 1211 * calling thread is not allowed to use 1212 * (join/leave/send/receive) IP multicast. 1213 * <p> 1214 * This method calls <code>checkPermission</code> with the 1215 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1216 * "accept,connect")</code> permission. 1217 * <p> 1218 * If you override this method, then you should make a call to 1219 * <code>super.checkMulticast</code> 1220 * at the point the overridden method would normally throw an 1221 * exception. 1222 * 1223 * @param maddr Internet group address to be used. 1224 * @param ttl value in use, if it is multicast send. 1225 * Note: this particular implementation does not use the ttl 1226 * parameter. 1227 * @exception SecurityException if the calling thread is not allowed to 1228 * use (join/leave/send/receive) IP multicast. 1229 * @exception NullPointerException if the address argument is 1230 * <code>null</code>. 1231 * @since JDK1.1 1232 * @deprecated Use #checkPermission(java.security.Permission) instead 1233 * @see #checkPermission(java.security.Permission) checkPermission 1234 */ 1235 @Deprecated 1236 public void checkMulticast(InetAddress maddr, byte ttl) { 1237 String host = maddr.getHostAddress(); 1238 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1239 host = "[" + host + "]"; 1240 } 1241 checkPermission(new SocketPermission(host, 1242 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1243 } 1244 1245 /** 1246 * Throws a <code>SecurityException</code> if the 1247 * calling thread is not allowed to access or modify the system 1248 * properties. 1249 * <p> 1250 * This method is used by the <code>getProperties</code> and 1251 * <code>setProperties</code> methods of class <code>System</code>. 1252 * <p> 1253 * This method calls <code>checkPermission</code> with the 1254 * <code>PropertyPermission("*", "read,write")</code> permission. 1255 * <p> 1256 * If you override this method, then you should make a call to 1257 * <code>super.checkPropertiesAccess</code> 1258 * at the point the overridden method would normally throw an 1259 * exception. 1260 * <p> 1261 * 1262 * @exception SecurityException if the calling thread does not have 1263 * permission to access or modify the system properties. 1264 * @see java.lang.System#getProperties() 1265 * @see java.lang.System#setProperties(java.util.Properties) 1266 * @see #checkPermission(java.security.Permission) checkPermission 1267 */ 1268 public void checkPropertiesAccess() { 1269 checkPermission(new PropertyPermission("*", 1270 SecurityConstants.PROPERTY_RW_ACTION)); 1271 } 1272 1273 /** 1274 * Throws a <code>SecurityException</code> if the 1275 * calling thread is not allowed to access the system property with 1276 * the specified <code>key</code> name. 1277 * <p> 1278 * This method is used by the <code>getProperty</code> method of 1279 * class <code>System</code>. 1280 * <p> 1281 * This method calls <code>checkPermission</code> with the 1282 * <code>PropertyPermission(key, "read")</code> permission. 1283 * <p> 1284 * <p> 1285 * If you override this method, then you should make a call to 1286 * <code>super.checkPropertyAccess</code> 1287 * at the point the overridden method would normally throw an 1288 * exception. 1289 * 1290 * @param key a system property key. 1291 * 1292 * @exception SecurityException if the calling thread does not have 1293 * permission to access the specified system property. 1294 * @exception NullPointerException if the <code>key</code> argument is 1295 * <code>null</code>. 1296 * @exception IllegalArgumentException if <code>key</code> is empty. 1297 * 1298 * @see java.lang.System#getProperty(java.lang.String) 1299 * @see #checkPermission(java.security.Permission) checkPermission 1300 */ 1301 public void checkPropertyAccess(String key) { 1302 checkPermission(new PropertyPermission(key, 1303 SecurityConstants.PROPERTY_READ_ACTION)); 1304 } 1305 1306 /** 1307 * Returns <code>false</code> if the calling 1308 * thread is not trusted to bring up the top-level window indicated 1309 * by the <code>window</code> argument. In this case, the caller can 1310 * still decide to show the window, but the window should include 1311 * some sort of visual warning. If the method returns 1312 * <code>true</code>, then the window can be shown without any 1313 * special restrictions. 1314 * <p> 1315 * See class <code>Window</code> for more information on trusted and 1316 * untrusted windows. 1317 * <p> 1318 * This method calls 1319 * <code>checkPermission</code> with the 1320 * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission, 1321 * and returns <code>true</code> if a SecurityException is not thrown, 1322 * otherwise it returns <code>false</code>. 1323 * <p> 1324 * If you override this method, then you should make a call to 1325 * <code>super.checkTopLevelWindow</code> 1326 * at the point the overridden method would normally return 1327 * <code>false</code>, and the value of 1328 * <code>super.checkTopLevelWindow</code> should 1329 * be returned. 1330 * 1331 * @param window the new window that is being created. 1332 * @return <code>true</code> if the calling thread is trusted to put up 1333 * top-level windows; <code>false</code> otherwise. 1334 * @exception NullPointerException if the <code>window</code> argument is 1335 * <code>null</code>. 1336 * @see java.awt.Window 1337 * @see #checkPermission(java.security.Permission) checkPermission 1338 */ 1339 public boolean checkTopLevelWindow(Object window) { 1340 if (window == null) { 1341 throw new NullPointerException("window can't be null"); 1342 } 1343 try { 1344 checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION); 1345 return true; 1346 } catch (SecurityException se) { 1347 // just return false 1348 } 1349 return false; 1350 } 1351 1352 /** 1353 * Throws a <code>SecurityException</code> if the 1354 * calling thread is not allowed to initiate a print job request. 1355 * <p> 1356 * This method calls 1357 * <code>checkPermission</code> with the 1358 * <code>RuntimePermission("queuePrintJob")</code> permission. 1359 * <p> 1360 * If you override this method, then you should make a call to 1361 * <code>super.checkPrintJobAccess</code> 1362 * at the point the overridden method would normally throw an 1363 * exception. 1364 * <p> 1365 * 1366 * @exception SecurityException if the calling thread does not have 1367 * permission to initiate a print job request. 1368 * @since JDK1.1 1369 * @see #checkPermission(java.security.Permission) checkPermission 1370 */ 1371 public void checkPrintJobAccess() { 1372 checkPermission(new RuntimePermission("queuePrintJob")); 1373 } 1374 1375 /** 1376 * Throws a <code>SecurityException</code> if the 1377 * calling thread is not allowed to access the system clipboard. 1378 * <p> 1379 * This method calls <code>checkPermission</code> with the 1380 * <code>AWTPermission("accessClipboard")</code> 1381 * permission. 1382 * <p> 1383 * If you override this method, then you should make a call to 1384 * <code>super.checkSystemClipboardAccess</code> 1385 * at the point the overridden method would normally throw an 1386 * exception. 1387 * 1388 * @since JDK1.1 1389 * @exception SecurityException if the calling thread does not have 1390 * permission to access the system clipboard. 1391 * @see #checkPermission(java.security.Permission) checkPermission 1392 */ 1393 public void checkSystemClipboardAccess() { 1394 checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); 1395 } 1396 1397 /** 1398 * Throws a <code>SecurityException</code> if the 1399 * calling thread is not allowed to access the AWT event queue. 1400 * <p> 1401 * This method calls <code>checkPermission</code> with the 1402 * <code>AWTPermission("accessEventQueue")</code> permission. 1403 * <p> 1404 * If you override this method, then you should make a call to 1405 * <code>super.checkAwtEventQueueAccess</code> 1406 * at the point the overridden method would normally throw an 1407 * exception. 1408 * 1409 * @since JDK1.1 1410 * @exception SecurityException if the calling thread does not have 1411 * permission to access the AWT event queue. 1412 * @see #checkPermission(java.security.Permission) checkPermission 1413 */ 1414 public void checkAwtEventQueueAccess() { 1415 checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION); 1416 } 1417 1418 /* 1419 * We have an initial invalid bit (initially false) for the class 1420 * variables which tell if the cache is valid. If the underlying 1421 * java.security.Security property changes via setProperty(), the 1422 * Security class uses reflection to change the variable and thus 1423 * invalidate the cache. 1424 * 1425 * Locking is handled by synchronization to the 1426 * packageAccessLock/packageDefinitionLock objects. They are only 1427 * used in this class. 1428 * 1429 * Note that cache invalidation as a result of the property change 1430 * happens without using these locks, so there may be a delay between 1431 * when a thread updates the property and when other threads updates 1432 * the cache. 1433 */ 1434 private static boolean packageAccessValid = false; 1435 private static String[] packageAccess; 1436 private static final Object packageAccessLock = new Object(); 1437 1438 private static boolean packageDefinitionValid = false; 1439 private static String[] packageDefinition; 1440 private static final Object packageDefinitionLock = new Object(); 1441 1442 private static String[] getPackages(String p) { 1443 String packages[] = null; 1444 if (p != null && !p.equals("")) { 1445 java.util.StringTokenizer tok = 1446 new java.util.StringTokenizer(p, ","); 1447 int n = tok.countTokens(); 1448 if (n > 0) { 1449 packages = new String[n]; 1450 int i = 0; 1451 while (tok.hasMoreElements()) { 1452 String s = tok.nextToken().trim(); 1453 packages[i++] = s; 1454 } 1455 } 1456 } 1457 1458 if (packages == null) 1459 packages = new String[0]; 1460 return packages; 1461 } 1462 1463 /** 1464 * Throws a <code>SecurityException</code> if the 1465 * calling thread is not allowed to access the package specified by 1466 * the argument. 1467 * <p> 1468 * This method is used by the <code>loadClass</code> method of class 1469 * loaders. 1470 * <p> 1471 * This method first gets a list of 1472 * restricted packages by obtaining a comma-separated list from 1473 * a call to 1474 * <code>java.security.Security.getProperty("package.access")</code>, 1475 * and checks to see if <code>pkg</code> starts with or equals 1476 * any of the restricted packages. If it does, then 1477 * <code>checkPermission</code> gets called with the 1478 * <code>RuntimePermission("accessClassInPackage."+pkg)</code> 1479 * permission. 1480 * <p> 1481 * If this method is overridden, then 1482 * <code>super.checkPackageAccess</code> should be called 1483 * as the first line in the overridden method. 1484 * 1485 * @param pkg the package name. 1486 * @exception SecurityException if the calling thread does not have 1487 * permission to access the specified package. 1488 * @exception NullPointerException if the package name argument is 1489 * <code>null</code>. 1490 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1491 * loadClass 1492 * @see java.security.Security#getProperty getProperty 1493 * @see #checkPermission(java.security.Permission) checkPermission 1494 */ 1495 public void checkPackageAccess(String pkg) { 1496 if (pkg == null) { 1497 throw new NullPointerException("package name can't be null"); 1498 } 1499 1500 String[] pkgs; 1501 synchronized (packageAccessLock) { 1502 /* 1503 * Do we need to update our property array? 1504 */ 1505 if (!packageAccessValid) { 1506 String tmpPropertyStr = 1507 AccessController.doPrivileged( 1508 new PrivilegedAction<String>() { 1509 public String run() { 1510 return java.security.Security.getProperty( 1511 "package.access"); 1512 } 1513 } 1514 ); 1515 packageAccess = getPackages(tmpPropertyStr); 1516 packageAccessValid = true; 1517 } 1518 1519 // Using a snapshot of packageAccess -- don't care if static field 1520 // changes afterwards; array contents won't change. 1521 pkgs = packageAccess; 1522 } 1523 1524 /* 1525 * Traverse the list of packages, check for any matches. 1526 */ 1527 for (int i = 0; i < pkgs.length; i++) { 1528 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) { 1529 checkPermission( 1530 new RuntimePermission("accessClassInPackage."+pkg)); 1531 break; // No need to continue; only need to check this once 1532 } 1533 } 1534 } 1535 1536 /** 1537 * Throws a <code>SecurityException</code> if the 1538 * calling thread is not allowed to define classes in the package 1539 * specified by the argument. 1540 * <p> 1541 * This method is used by the <code>loadClass</code> method of some 1542 * class loaders. 1543 * <p> 1544 * This method first gets a list of restricted packages by 1545 * obtaining a comma-separated list from a call to 1546 * <code>java.security.Security.getProperty("package.definition")</code>, 1547 * and checks to see if <code>pkg</code> starts with or equals 1548 * any of the restricted packages. If it does, then 1549 * <code>checkPermission</code> gets called with the 1550 * <code>RuntimePermission("defineClassInPackage."+pkg)</code> 1551 * permission. 1552 * <p> 1553 * If this method is overridden, then 1554 * <code>super.checkPackageDefinition</code> should be called 1555 * as the first line in the overridden method. 1556 * 1557 * @param pkg the package name. 1558 * @exception SecurityException if the calling thread does not have 1559 * permission to define classes in the specified package. 1560 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1561 * @see java.security.Security#getProperty getProperty 1562 * @see #checkPermission(java.security.Permission) checkPermission 1563 */ 1564 public void checkPackageDefinition(String pkg) { 1565 if (pkg == null) { 1566 throw new NullPointerException("package name can't be null"); 1567 } 1568 1569 String[] pkgs; 1570 synchronized (packageDefinitionLock) { 1571 /* 1572 * Do we need to update our property array? 1573 */ 1574 if (!packageDefinitionValid) { 1575 String tmpPropertyStr = 1576 AccessController.doPrivileged( 1577 new PrivilegedAction<String>() { 1578 public String run() { 1579 return java.security.Security.getProperty( 1580 "package.definition"); 1581 } 1582 } 1583 ); 1584 packageDefinition = getPackages(tmpPropertyStr); 1585 packageDefinitionValid = true; 1586 } 1587 // Using a snapshot of packageDefinition -- don't care if static 1588 // field changes afterwards; array contents won't change. 1589 pkgs = packageDefinition; 1590 } 1591 1592 /* 1593 * Traverse the list of packages, check for any matches. 1594 */ 1595 for (int i = 0; i < pkgs.length; i++) { 1596 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) { 1597 checkPermission( 1598 new RuntimePermission("defineClassInPackage."+pkg)); 1599 break; // No need to continue; only need to check this once 1600 } 1601 } 1602 } 1603 1604 /** 1605 * Throws a <code>SecurityException</code> if the 1606 * calling thread is not allowed to set the socket factory used by 1607 * <code>ServerSocket</code> or <code>Socket</code>, or the stream 1608 * handler factory used by <code>URL</code>. 1609 * <p> 1610 * This method calls <code>checkPermission</code> with the 1611 * <code>RuntimePermission("setFactory")</code> permission. 1612 * <p> 1613 * If you override this method, then you should make a call to 1614 * <code>super.checkSetFactory</code> 1615 * at the point the overridden method would normally throw an 1616 * exception. 1617 * <p> 1618 * 1619 * @exception SecurityException if the calling thread does not have 1620 * permission to specify a socket factory or a stream 1621 * handler factory. 1622 * 1623 * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory 1624 * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory 1625 * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory 1626 * @see #checkPermission(java.security.Permission) checkPermission 1627 */ 1628 public void checkSetFactory() { 1629 checkPermission(new RuntimePermission("setFactory")); 1630 } 1631 1632 /** 1633 * Throws a <code>SecurityException</code> if the 1634 * calling thread is not allowed to access members. 1635 * <p> 1636 * The default policy is to allow access to PUBLIC members, as well 1637 * as access to classes that have the same class loader as the caller. 1638 * In all other cases, this method calls <code>checkPermission</code> 1639 * with the <code>RuntimePermission("accessDeclaredMembers") 1640 * </code> permission. 1641 * <p> 1642 * If this method is overridden, then a call to 1643 * <code>super.checkMemberAccess</code> cannot be made, 1644 * as the default implementation of <code>checkMemberAccess</code> 1645 * relies on the code being checked being at a stack depth of 1646 * 4. 1647 * 1648 * @param clazz the class that reflection is to be performed on. 1649 * 1650 * @param which type of access, PUBLIC or DECLARED. 1651 * 1652 * @exception SecurityException if the caller does not have 1653 * permission to access members. 1654 * @exception NullPointerException if the <code>clazz</code> argument is 1655 * <code>null</code>. 1656 * @see java.lang.reflect.Member 1657 * @since JDK1.1 1658 * @see #checkPermission(java.security.Permission) checkPermission 1659 */ 1660 public void checkMemberAccess(Class<?> clazz, int which) { 1661 if (clazz == null) { 1662 throw new NullPointerException("class can't be null"); 1663 } 1664 if (which != Member.PUBLIC) { 1665 Class stack[] = getClassContext(); 1666 /* 1667 * stack depth of 4 should be the caller of one of the 1668 * methods in java.lang.Class that invoke checkMember 1669 * access. The stack should look like: 1670 * 1671 * someCaller [3] 1672 * java.lang.Class.someReflectionAPI [2] 1673 * java.lang.Class.checkMemberAccess [1] 1674 * SecurityManager.checkMemberAccess [0] 1675 * 1676 */ 1677 if ((stack.length<4) || 1678 (stack[3].getClassLoader() != clazz.getClassLoader())) { 1679 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); 1680 } 1681 } 1682 } 1683 1684 /** 1685 * Determines whether the permission with the specified permission target 1686 * name should be granted or denied. 1687 * 1688 * <p> If the requested permission is allowed, this method returns 1689 * quietly. If denied, a SecurityException is raised. 1690 * 1691 * <p> This method creates a <code>SecurityPermission</code> object for 1692 * the given permission target name and calls <code>checkPermission</code> 1693 * with it. 1694 * 1695 * <p> See the documentation for 1696 * <code>{@link java.security.SecurityPermission}</code> for 1697 * a list of possible permission target names. 1698 * 1699 * <p> If you override this method, then you should make a call to 1700 * <code>super.checkSecurityAccess</code> 1701 * at the point the overridden method would normally throw an 1702 * exception. 1703 * 1704 * @param target the target name of the <code>SecurityPermission</code>. 1705 * 1706 * @exception SecurityException if the calling thread does not have 1707 * permission for the requested access. 1708 * @exception NullPointerException if <code>target</code> is null. 1709 * @exception IllegalArgumentException if <code>target</code> is empty. 1710 * 1711 * @since JDK1.1 1712 * @see #checkPermission(java.security.Permission) checkPermission 1713 */ 1714 public void checkSecurityAccess(String target) { 1715 checkPermission(new SecurityPermission(target)); 1716 } 1717 1718 private native Class<?> currentLoadedClass0(); 1719 1720 /** 1721 * Returns the thread group into which to instantiate any new 1722 * thread being created at the time this is being called. 1723 * By default, it returns the thread group of the current 1724 * thread. This should be overridden by a specific security 1725 * manager to return the appropriate thread group. 1726 * 1727 * @return ThreadGroup that new threads are instantiated into 1728 * @since JDK1.1 1729 * @see java.lang.ThreadGroup 1730 */ 1731 public ThreadGroup getThreadGroup() { 1732 return Thread.currentThread().getThreadGroup(); 1733 } 1734 1735 }