1 /* 2 * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.io.FileDescriptor; 30 import java.io.File; 31 import java.io.FilePermission; 32 import java.awt.AWTPermission; 33 import java.util.PropertyPermission; 34 import java.lang.RuntimePermission; 35 import java.net.SocketPermission; 36 import java.net.NetPermission; 37 import java.util.Hashtable; 38 import java.net.InetAddress; 39 import java.lang.reflect.*; 40 import java.net.URL; 41 42 import sun.reflect.CallerSensitive; 43 import sun.security.util.SecurityConstants; 44 45 /** 46 * The security manager is a class that allows 47 * applications to implement a security policy. It allows an 48 * application to determine, before performing a possibly unsafe or 49 * sensitive operation, what the operation is and whether 50 * it is being attempted in a security context that allows the 51 * operation to be performed. The 52 * application can allow or disallow the operation. 53 * <p> 54 * The <code>SecurityManager</code> class contains many methods with 55 * names that begin with the word <code>check</code>. These methods 56 * are called by various methods in the Java libraries before those 57 * methods perform certain potentially sensitive operations. The 58 * invocation of such a <code>check</code> method typically looks like this: 59 * <p><blockquote><pre> 60 * SecurityManager security = System.getSecurityManager(); 61 * if (security != null) { 62 * security.check<i>XXX</i>(argument, . . . ); 63 * } 64 * </pre></blockquote> 65 * <p> 66 * The security manager is thereby given an opportunity to prevent 67 * completion of the operation by throwing an exception. A security 68 * manager routine simply returns if the operation is permitted, but 69 * throws a <code>SecurityException</code> if the operation is not 70 * permitted. The only exception to this convention is 71 * <code>checkTopLevelWindow</code>, which returns a 72 * <code>boolean</code> value. 73 * <p> 74 * The current security manager is set by the 75 * <code>setSecurityManager</code> method in class 76 * <code>System</code>. The current security manager is obtained 77 * by the <code>getSecurityManager</code> method. 78 * <p> 79 * The special method 80 * {@link SecurityManager#checkPermission(java.security.Permission)} 81 * determines whether an access request indicated by a specified 82 * permission should be granted or denied. The 83 * default implementation calls 84 * 85 * <pre> 86 * AccessController.checkPermission(perm); 87 * </pre> 88 * 89 * <p> 90 * If a requested access is allowed, 91 * <code>checkPermission</code> returns quietly. If denied, a 92 * <code>SecurityException</code> is thrown. 93 * <p> 94 * As of Java 2 SDK v1.2, the default implementation of each of the other 95 * <code>check</code> methods in <code>SecurityManager</code> is to 96 * call the <code>SecurityManager checkPermission</code> method 97 * to determine if the calling thread has permission to perform the requested 98 * operation. 99 * <p> 100 * Note that the <code>checkPermission</code> method with 101 * just a single permission argument always performs security checks 102 * within the context of the currently executing thread. 103 * Sometimes a security check that should be made within a given context 104 * will actually need to be done from within a 105 * <i>different</i> context (for example, from within a worker thread). 106 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 107 * and the {@link SecurityManager#checkPermission(java.security.Permission, 108 * java.lang.Object) checkPermission} 109 * method that includes a context argument are provided 110 * for this situation. The 111 * <code>getSecurityContext</code> method returns a "snapshot" 112 * of the current calling context. (The default implementation 113 * returns an AccessControlContext object.) A sample call is 114 * the following: 115 * 116 * <pre> 117 * Object context = null; 118 * SecurityManager sm = System.getSecurityManager(); 119 * if (sm != null) context = sm.getSecurityContext(); 120 * </pre> 121 * 122 * <p> 123 * The <code>checkPermission</code> method 124 * that takes a context object in addition to a permission 125 * makes access decisions based on that context, 126 * rather than on that of the current execution thread. 127 * Code within a different context can thus call that method, 128 * passing the permission and the 129 * previously-saved context object. A sample call, using the 130 * SecurityManager <code>sm</code> obtained as in the previous example, 131 * is the following: 132 * 133 * <pre> 134 * if (sm != null) sm.checkPermission(permission, context); 135 * </pre> 136 * 137 * <p>Permissions fall into these categories: File, Socket, Net, 138 * Security, Runtime, Property, AWT, Reflect, and Serializable. 139 * The classes managing these various 140 * permission categories are <code>java.io.FilePermission</code>, 141 * <code>java.net.SocketPermission</code>, 142 * <code>java.net.NetPermission</code>, 143 * <code>java.security.SecurityPermission</code>, 144 * <code>java.lang.RuntimePermission</code>, 145 * <code>java.util.PropertyPermission</code>, 146 * <code>java.awt.AWTPermission</code>, 147 * <code>java.lang.reflect.ReflectPermission</code>, and 148 * <code>java.io.SerializablePermission</code>. 149 * 150 * <p>All but the first two (FilePermission and SocketPermission) are 151 * subclasses of <code>java.security.BasicPermission</code>, which itself 152 * is an abstract subclass of the 153 * top-level class for permissions, which is 154 * <code>java.security.Permission</code>. BasicPermission defines the 155 * functionality needed for all permissions that contain a name 156 * that follows the hierarchical property naming convention 157 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 158 * An asterisk 159 * may appear at the end of the name, following a ".", or by itself, to 160 * signify a wildcard match. For example: "a.*" or "*" is valid, 161 * "*a" or "a*b" is not valid. 162 * 163 * <p>FilePermission and SocketPermission are subclasses of the 164 * top-level class for permissions 165 * (<code>java.security.Permission</code>). Classes like these 166 * that have a more complicated name syntax than that used by 167 * BasicPermission subclass directly from Permission rather than from 168 * BasicPermission. For example, 169 * for a <code>java.io.FilePermission</code> object, the permission name is 170 * the path name of a file (or directory). 171 * 172 * <p>Some of the permission classes have an "actions" list that tells 173 * the actions that are permitted for the object. For example, 174 * for a <code>java.io.FilePermission</code> object, the actions list 175 * (such as "read, write") specifies which actions are granted for the 176 * specified file (or for files in the specified directory). 177 * 178 * <p>Other permission classes are for "named" permissions - 179 * ones that contain a name but no actions list; you either have the 180 * named permission or you don't. 181 * 182 * <p>Note: There is also a <code>java.security.AllPermission</code> 183 * permission that implies all permissions. It exists to simplify the work 184 * of system administrators who might need to perform multiple 185 * tasks that require all (or numerous) permissions. 186 * <p> 187 * See <a href ="../../../technotes/guides/security/permissions.html"> 188 * Permissions in the JDK</a> for permission-related information. 189 * This document includes, for example, a table listing the various SecurityManager 190 * <code>check</code> methods and the permission(s) the default 191 * implementation of each such method requires. 192 * It also contains a table of all the version 1.2 methods 193 * that require permissions, and for each such method tells 194 * which permission it requires. 195 * <p> 196 * For more information about <code>SecurityManager</code> changes made in 197 * the JDK and advice regarding porting of 1.1-style security managers, 198 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>. 199 * 200 * @author Arthur van Hoff 201 * @author Roland Schemers 202 * 203 * @see java.lang.ClassLoader 204 * @see java.lang.SecurityException 205 * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object) 206 * checkTopLevelWindow 207 * @see java.lang.System#getSecurityManager() getSecurityManager 208 * @see java.lang.System#setSecurityManager(java.lang.SecurityManager) 209 * setSecurityManager 210 * @see java.security.AccessController AccessController 211 * @see java.security.AccessControlContext AccessControlContext 212 * @see java.security.AccessControlException AccessControlException 213 * @see java.security.Permission 214 * @see java.security.BasicPermission 215 * @see java.io.FilePermission 216 * @see java.net.SocketPermission 217 * @see java.util.PropertyPermission 218 * @see java.lang.RuntimePermission 219 * @see java.awt.AWTPermission 220 * @see java.security.Policy Policy 221 * @see java.security.SecurityPermission SecurityPermission 222 * @see java.security.ProtectionDomain 223 * 224 * @since JDK1.0 225 */ 226 public 227 class SecurityManager { 228 229 /** 230 * This field is <code>true</code> if there is a security check in 231 * progress; <code>false</code> otherwise. 232 * 233 * @deprecated This type of security checking is not recommended. 234 * It is recommended that the <code>checkPermission</code> 235 * call be used instead. 236 */ 237 @Deprecated 238 protected boolean inCheck; 239 240 /* 241 * Have we been initialized. Effective against finalizer attacks. 242 */ 243 private boolean initialized = false; 244 245 246 /** 247 * returns true if the current context has been granted AllPermission 248 */ 249 private boolean hasAllPermission() 250 { 251 try { 252 checkPermission(SecurityConstants.ALL_PERMISSION); 253 return true; 254 } catch (SecurityException se) { 255 return false; 256 } 257 } 258 259 /** 260 * Tests if there is a security check in progress. 261 * 262 * @return the value of the <code>inCheck</code> field. This field 263 * should contain <code>true</code> if a security check is 264 * in progress, 265 * <code>false</code> otherwise. 266 * @see java.lang.SecurityManager#inCheck 267 * @deprecated This type of security checking is not recommended. 268 * It is recommended that the <code>checkPermission</code> 269 * call be used instead. 270 */ 271 @Deprecated 272 public boolean getInCheck() { 273 return inCheck; 274 } 275 276 /** 277 * Constructs a new <code>SecurityManager</code>. 278 * 279 * <p> If there is a security manager already installed, this method first 280 * calls the security manager's <code>checkPermission</code> method 281 * with the <code>RuntimePermission("createSecurityManager")</code> 282 * permission to ensure the calling thread has permission to create a new 283 * security manager. 284 * This may result in throwing a <code>SecurityException</code>. 285 * 286 * @exception java.lang.SecurityException if a security manager already 287 * exists and its <code>checkPermission</code> method 288 * doesn't allow creation of a new security manager. 289 * @see java.lang.System#getSecurityManager() 290 * @see #checkPermission(java.security.Permission) checkPermission 291 * @see java.lang.RuntimePermission 292 */ 293 public SecurityManager() { 294 synchronized(SecurityManager.class) { 295 SecurityManager sm = System.getSecurityManager(); 296 if (sm != null) { 297 // ask the currently installed security manager if we 298 // can create a new one. 299 sm.checkPermission(new RuntimePermission 300 ("createSecurityManager")); 301 } 302 initialized = true; 303 } 304 } 305 306 /** 307 * Returns the current execution stack as an array of classes. 308 * <p> 309 * The length of the array is the number of methods on the execution 310 * stack. The element at index <code>0</code> is the class of the 311 * currently executing method, the element at index <code>1</code> is 312 * the class of that method's caller, and so on. 313 * 314 * @return the execution stack. 315 */ 316 protected native Class[] getClassContext(); 317 318 /** 319 * Returns the class loader of the most recently executing method from 320 * a class defined using a non-system class loader. A non-system 321 * class loader is defined as being a class loader that is not equal to 322 * the system class loader (as returned 323 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 324 * <p> 325 * This method will return 326 * <code>null</code> in the following three cases:<p> 327 * <ol> 328 * <li>All methods on the execution stack are from classes 329 * defined using the system class loader or one of its ancestors. 330 * 331 * <li>All methods on the execution stack up to the first 332 * "privileged" caller 333 * (see {@link java.security.AccessController#doPrivileged}) 334 * are from classes 335 * defined using the system class loader or one of its ancestors. 336 * 337 * <li> A call to <code>checkPermission</code> with 338 * <code>java.security.AllPermission</code> does not 339 * result in a SecurityException. 340 * 341 * </ol> 342 * 343 * @return the class loader of the most recent occurrence on the stack 344 * of a method from a class defined using a non-system class 345 * loader. 346 * 347 * @deprecated This type of security checking is not recommended. 348 * It is recommended that the <code>checkPermission</code> 349 * call be used instead. 350 * 351 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 352 * @see #checkPermission(java.security.Permission) checkPermission 353 */ 354 @Deprecated 355 protected ClassLoader currentClassLoader() 356 { 357 ClassLoader cl = currentClassLoader0(); 358 if ((cl != null) && hasAllPermission()) 359 cl = null; 360 return cl; 361 } 362 363 private native ClassLoader currentClassLoader0(); 364 365 /** 366 * Returns the class of the most recently executing method from 367 * a class defined using a non-system class loader. A non-system 368 * class loader is defined as being a class loader that is not equal to 369 * the system class loader (as returned 370 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 371 * <p> 372 * This method will return 373 * <code>null</code> in the following three cases:<p> 374 * <ol> 375 * <li>All methods on the execution stack are from classes 376 * defined using the system class loader or one of its ancestors. 377 * 378 * <li>All methods on the execution stack up to the first 379 * "privileged" caller 380 * (see {@link java.security.AccessController#doPrivileged}) 381 * are from classes 382 * defined using the system class loader or one of its ancestors. 383 * 384 * <li> A call to <code>checkPermission</code> with 385 * <code>java.security.AllPermission</code> does not 386 * result in a SecurityException. 387 * 388 * </ol> 389 * 390 * @return the class of the most recent occurrence on the stack 391 * of a method from a class defined using a non-system class 392 * loader. 393 * 394 * @deprecated This type of security checking is not recommended. 395 * It is recommended that the <code>checkPermission</code> 396 * call be used instead. 397 * 398 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 399 * @see #checkPermission(java.security.Permission) checkPermission 400 */ 401 @Deprecated 402 protected Class<?> currentLoadedClass() { 403 Class<?> c = currentLoadedClass0(); 404 if ((c != null) && hasAllPermission()) 405 c = null; 406 return c; 407 } 408 409 /** 410 * Returns the stack depth of the specified class. 411 * 412 * @param name the fully qualified name of the class to search for. 413 * @return the depth on the stack frame of the first occurrence of a 414 * method from a class with the specified name; 415 * <code>-1</code> if such a frame cannot be found. 416 * @deprecated This type of security checking is not recommended. 417 * It is recommended that the <code>checkPermission</code> 418 * call be used instead. 419 * 420 */ 421 @Deprecated 422 protected native int classDepth(String name); 423 424 /** 425 * Returns the stack depth of the most recently executing method 426 * from a class defined using a non-system class loader. A non-system 427 * class loader is defined as being a class loader that is not equal to 428 * the system class loader (as returned 429 * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. 430 * <p> 431 * This method will return 432 * -1 in the following three cases:<p> 433 * <ol> 434 * <li>All methods on the execution stack are from classes 435 * defined using the system class loader or one of its ancestors. 436 * 437 * <li>All methods on the execution stack up to the first 438 * "privileged" caller 439 * (see {@link java.security.AccessController#doPrivileged}) 440 * are from classes 441 * defined using the system class loader or one of its ancestors. 442 * 443 * <li> A call to <code>checkPermission</code> with 444 * <code>java.security.AllPermission</code> does not 445 * result in a SecurityException. 446 * 447 * </ol> 448 * 449 * @return the depth on the stack frame of the most recent occurrence of 450 * a method from a class defined using a non-system class loader. 451 * 452 * @deprecated This type of security checking is not recommended. 453 * It is recommended that the <code>checkPermission</code> 454 * call be used instead. 455 * 456 * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader 457 * @see #checkPermission(java.security.Permission) checkPermission 458 */ 459 @Deprecated 460 protected int classLoaderDepth() 461 { 462 int depth = classLoaderDepth0(); 463 if (depth != -1) { 464 if (hasAllPermission()) 465 depth = -1; 466 else 467 depth--; // make sure we don't include ourself 468 } 469 return depth; 470 } 471 472 private native int classLoaderDepth0(); 473 474 /** 475 * Tests if a method from a class with the specified 476 * name is on the execution stack. 477 * 478 * @param name the fully qualified name of the class. 479 * @return <code>true</code> if a method from a class with the specified 480 * name is on the execution stack; <code>false</code> otherwise. 481 * @deprecated This type of security checking is not recommended. 482 * It is recommended that the <code>checkPermission</code> 483 * call be used instead. 484 */ 485 @Deprecated 486 protected boolean inClass(String name) { 487 return classDepth(name) >= 0; 488 } 489 490 /** 491 * Basically, tests if a method from a class defined using a 492 * class loader is on the execution stack. 493 * 494 * @return <code>true</code> if a call to <code>currentClassLoader</code> 495 * has a non-null return value. 496 * 497 * @deprecated This type of security checking is not recommended. 498 * It is recommended that the <code>checkPermission</code> 499 * call be used instead. 500 * @see #currentClassLoader() currentClassLoader 501 */ 502 @Deprecated 503 protected boolean inClassLoader() { 504 return currentClassLoader() != null; 505 } 506 507 /** 508 * Creates an object that encapsulates the current execution 509 * environment. The result of this method is used, for example, by the 510 * three-argument <code>checkConnect</code> method and by the 511 * two-argument <code>checkRead</code> method. 512 * These methods are needed because a trusted method may be called 513 * on to read a file or open a socket on behalf of another method. 514 * The trusted method needs to determine if the other (possibly 515 * untrusted) method would be allowed to perform the operation on its 516 * own. 517 * <p> The default implementation of this method is to return 518 * an <code>AccessControlContext</code> object. 519 * 520 * @return an implementation-dependent object that encapsulates 521 * sufficient information about the current execution environment 522 * to perform some security checks later. 523 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, 524 * java.lang.Object) checkConnect 525 * @see java.lang.SecurityManager#checkRead(java.lang.String, 526 * java.lang.Object) checkRead 527 * @see java.security.AccessControlContext AccessControlContext 528 */ 529 public Object getSecurityContext() { 530 return AccessController.getContext(); 531 } 532 533 /** 534 * Throws a <code>SecurityException</code> if the requested 535 * access, specified by the given permission, is not permitted based 536 * on the security policy currently in effect. 537 * <p> 538 * This method calls <code>AccessController.checkPermission</code> 539 * with the given permission. 540 * 541 * @param perm the requested permission. 542 * @exception SecurityException if access is not permitted based on 543 * the current security policy. 544 * @exception NullPointerException if the permission argument is 545 * <code>null</code>. 546 * @since 1.2 547 */ 548 public void checkPermission(Permission perm) { 549 java.security.AccessController.checkPermission(perm); 550 } 551 552 /** 553 * Throws a <code>SecurityException</code> if the 554 * specified security context is denied access to the resource 555 * specified by the given permission. 556 * The context must be a security 557 * context returned by a previous call to 558 * <code>getSecurityContext</code> and the access control 559 * decision is based upon the configured security policy for 560 * that security context. 561 * <p> 562 * If <code>context</code> is an instance of 563 * <code>AccessControlContext</code> then the 564 * <code>AccessControlContext.checkPermission</code> method is 565 * invoked with the specified permission. 566 * <p> 567 * If <code>context</code> is not an instance of 568 * <code>AccessControlContext</code> then a 569 * <code>SecurityException</code> is thrown. 570 * 571 * @param perm the specified permission 572 * @param context a system-dependent security context. 573 * @exception SecurityException if the specified security context 574 * is not an instance of <code>AccessControlContext</code> 575 * (e.g., is <code>null</code>), or is denied access to the 576 * resource specified by the given permission. 577 * @exception NullPointerException if the permission argument is 578 * <code>null</code>. 579 * @see java.lang.SecurityManager#getSecurityContext() 580 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 581 * @since 1.2 582 */ 583 public void checkPermission(Permission perm, Object context) { 584 if (context instanceof AccessControlContext) { 585 ((AccessControlContext)context).checkPermission(perm); 586 } else { 587 throw new SecurityException(); 588 } 589 } 590 591 /** 592 * Throws a <code>SecurityException</code> if the 593 * calling thread is not allowed to create a new class loader. 594 * <p> 595 * This method calls <code>checkPermission</code> with the 596 * <code>RuntimePermission("createClassLoader")</code> 597 * permission. 598 * <p> 599 * If you override this method, then you should make a call to 600 * <code>super.checkCreateClassLoader</code> 601 * at the point the overridden method would normally throw an 602 * exception. 603 * 604 * @exception SecurityException if the calling thread does not 605 * have permission 606 * to create a new class loader. 607 * @see java.lang.ClassLoader#ClassLoader() 608 * @see #checkPermission(java.security.Permission) checkPermission 609 */ 610 public void checkCreateClassLoader() { 611 checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); 612 } 613 614 /** 615 * reference to the root thread group, used for the checkAccess 616 * methods. 617 */ 618 619 private static ThreadGroup rootGroup = getRootGroup(); 620 621 private static ThreadGroup getRootGroup() { 622 ThreadGroup root = Thread.currentThread().getThreadGroup(); 623 while (root.getParent() != null) { 624 root = root.getParent(); 625 } 626 return root; 627 } 628 629 /** 630 * Throws a <code>SecurityException</code> if the 631 * calling thread is not allowed to modify the thread argument. 632 * <p> 633 * This method is invoked for the current security manager by the 634 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 635 * <code>setPriority</code>, <code>setName</code>, and 636 * <code>setDaemon</code> methods of class <code>Thread</code>. 637 * <p> 638 * If the thread argument is a system thread (belongs to 639 * the thread group with a <code>null</code> parent) then 640 * this method calls <code>checkPermission</code> with the 641 * <code>RuntimePermission("modifyThread")</code> permission. 642 * If the thread argument is <i>not</i> a system thread, 643 * this method just returns silently. 644 * <p> 645 * Applications that want a stricter policy should override this 646 * method. If this method is overridden, the method that overrides 647 * it should additionally check to see if the calling thread has the 648 * <code>RuntimePermission("modifyThread")</code> permission, and 649 * if so, return silently. This is to ensure that code granted 650 * that permission (such as the JDK itself) is allowed to 651 * manipulate any thread. 652 * <p> 653 * If this method is overridden, then 654 * <code>super.checkAccess</code> should 655 * be called by the first statement in the overridden method, or the 656 * equivalent security check should be placed in the overridden method. 657 * 658 * @param t the thread to be checked. 659 * @exception SecurityException if the calling thread does not have 660 * permission to modify the thread. 661 * @exception NullPointerException if the thread argument is 662 * <code>null</code>. 663 * @see java.lang.Thread#resume() resume 664 * @see java.lang.Thread#setDaemon(boolean) setDaemon 665 * @see java.lang.Thread#setName(java.lang.String) setName 666 * @see java.lang.Thread#setPriority(int) setPriority 667 * @see java.lang.Thread#stop() stop 668 * @see java.lang.Thread#suspend() suspend 669 * @see #checkPermission(java.security.Permission) checkPermission 670 */ 671 public void checkAccess(Thread t) { 672 if (t == null) { 673 throw new NullPointerException("thread can't be null"); 674 } 675 if (t.getThreadGroup() == rootGroup) { 676 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); 677 } else { 678 // just return 679 } 680 } 681 /** 682 * Throws a <code>SecurityException</code> if the 683 * calling thread is not allowed to modify the thread group argument. 684 * <p> 685 * This method is invoked for the current security manager when a 686 * new child thread or child thread group is created, and by the 687 * <code>setDaemon</code>, <code>setMaxPriority</code>, 688 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 689 * <code>destroy</code> methods of class <code>ThreadGroup</code>. 690 * <p> 691 * If the thread group argument is the system thread group ( 692 * has a <code>null</code> parent) then 693 * this method calls <code>checkPermission</code> with the 694 * <code>RuntimePermission("modifyThreadGroup")</code> permission. 695 * If the thread group argument is <i>not</i> the system thread group, 696 * this method just returns silently. 697 * <p> 698 * Applications that want a stricter policy should override this 699 * method. If this method is overridden, the method that overrides 700 * it should additionally check to see if the calling thread has the 701 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and 702 * if so, return silently. This is to ensure that code granted 703 * that permission (such as the JDK itself) is allowed to 704 * manipulate any thread. 705 * <p> 706 * If this method is overridden, then 707 * <code>super.checkAccess</code> should 708 * be called by the first statement in the overridden method, or the 709 * equivalent security check should be placed in the overridden method. 710 * 711 * @param g the thread group to be checked. 712 * @exception SecurityException if the calling thread does not have 713 * permission to modify the thread group. 714 * @exception NullPointerException if the thread group argument is 715 * <code>null</code>. 716 * @see java.lang.ThreadGroup#destroy() destroy 717 * @see java.lang.ThreadGroup#resume() resume 718 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon 719 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority 720 * @see java.lang.ThreadGroup#stop() stop 721 * @see java.lang.ThreadGroup#suspend() suspend 722 * @see #checkPermission(java.security.Permission) checkPermission 723 */ 724 public void checkAccess(ThreadGroup g) { 725 if (g == null) { 726 throw new NullPointerException("thread group can't be null"); 727 } 728 if (g == rootGroup) { 729 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); 730 } else { 731 // just return 732 } 733 } 734 735 /** 736 * Throws a <code>SecurityException</code> if the 737 * calling thread is not allowed to cause the Java Virtual Machine to 738 * halt with the specified status code. 739 * <p> 740 * This method is invoked for the current security manager by the 741 * <code>exit</code> method of class <code>Runtime</code>. A status 742 * of <code>0</code> indicates success; other values indicate various 743 * errors. 744 * <p> 745 * This method calls <code>checkPermission</code> with the 746 * <code>RuntimePermission("exitVM."+status)</code> permission. 747 * <p> 748 * If you override this method, then you should make a call to 749 * <code>super.checkExit</code> 750 * at the point the overridden method would normally throw an 751 * exception. 752 * 753 * @param status the exit status. 754 * @exception SecurityException if the calling thread does not have 755 * permission to halt the Java Virtual Machine with 756 * the specified status. 757 * @see java.lang.Runtime#exit(int) exit 758 * @see #checkPermission(java.security.Permission) checkPermission 759 */ 760 public void checkExit(int status) { 761 checkPermission(new RuntimePermission("exitVM."+status)); 762 } 763 764 /** 765 * Throws a <code>SecurityException</code> if the 766 * calling thread is not allowed to create a subprocess. 767 * <p> 768 * This method is invoked for the current security manager by the 769 * <code>exec</code> methods of class <code>Runtime</code>. 770 * <p> 771 * This method calls <code>checkPermission</code> with the 772 * <code>FilePermission(cmd,"execute")</code> permission 773 * if cmd is an absolute path, otherwise it calls 774 * <code>checkPermission</code> with 775 * <code>FilePermission("<<ALL FILES>>","execute")</code>. 776 * <p> 777 * If you override this method, then you should make a call to 778 * <code>super.checkExec</code> 779 * at the point the overridden method would normally throw an 780 * exception. 781 * 782 * @param cmd the specified system command. 783 * @exception SecurityException if the calling thread does not have 784 * permission to create a subprocess. 785 * @exception NullPointerException if the <code>cmd</code> argument is 786 * <code>null</code>. 787 * @see java.lang.Runtime#exec(java.lang.String) 788 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) 789 * @see java.lang.Runtime#exec(java.lang.String[]) 790 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) 791 * @see #checkPermission(java.security.Permission) checkPermission 792 */ 793 public void checkExec(String cmd) { 794 File f = new File(cmd); 795 if (f.isAbsolute()) { 796 checkPermission(new FilePermission(cmd, 797 SecurityConstants.FILE_EXECUTE_ACTION)); 798 } else { 799 checkPermission(new FilePermission("<<ALL FILES>>", 800 SecurityConstants.FILE_EXECUTE_ACTION)); 801 } 802 } 803 804 /** 805 * Throws a <code>SecurityException</code> if the 806 * calling thread is not allowed to dynamic link the library code 807 * specified by the string argument file. The argument is either a 808 * simple library name or a complete filename. 809 * <p> 810 * This method is invoked for the current security manager by 811 * methods <code>load</code> and <code>loadLibrary</code> of class 812 * <code>Runtime</code>. 813 * <p> 814 * This method calls <code>checkPermission</code> with the 815 * <code>RuntimePermission("loadLibrary."+lib)</code> permission. 816 * <p> 817 * If you override this method, then you should make a call to 818 * <code>super.checkLink</code> 819 * at the point the overridden method would normally throw an 820 * exception. 821 * 822 * @param lib the name of the library. 823 * @exception SecurityException if the calling thread does not have 824 * permission to dynamically link the library. 825 * @exception NullPointerException if the <code>lib</code> argument is 826 * <code>null</code>. 827 * @see java.lang.Runtime#load(java.lang.String) 828 * @see java.lang.Runtime#loadLibrary(java.lang.String) 829 * @see #checkPermission(java.security.Permission) checkPermission 830 */ 831 public void checkLink(String lib) { 832 if (lib == null) { 833 throw new NullPointerException("library can't be null"); 834 } 835 checkPermission(new RuntimePermission("loadLibrary."+lib)); 836 } 837 838 /** 839 * Throws a <code>SecurityException</code> if the 840 * calling thread is not allowed to read from the specified file 841 * descriptor. 842 * <p> 843 * This method calls <code>checkPermission</code> with the 844 * <code>RuntimePermission("readFileDescriptor")</code> 845 * permission. 846 * <p> 847 * If you override this method, then you should make a call to 848 * <code>super.checkRead</code> 849 * at the point the overridden method would normally throw an 850 * exception. 851 * 852 * @param fd the system-dependent file descriptor. 853 * @exception SecurityException if the calling thread does not have 854 * permission to access the specified file descriptor. 855 * @exception NullPointerException if the file descriptor argument is 856 * <code>null</code>. 857 * @see java.io.FileDescriptor 858 * @see #checkPermission(java.security.Permission) checkPermission 859 */ 860 public void checkRead(FileDescriptor fd) { 861 if (fd == null) { 862 throw new NullPointerException("file descriptor can't be null"); 863 } 864 checkPermission(new RuntimePermission("readFileDescriptor")); 865 } 866 867 /** 868 * Throws a <code>SecurityException</code> if the 869 * calling thread is not allowed to read the file specified by the 870 * string argument. 871 * <p> 872 * This method calls <code>checkPermission</code> with the 873 * <code>FilePermission(file,"read")</code> permission. 874 * <p> 875 * If you override this method, then you should make a call to 876 * <code>super.checkRead</code> 877 * at the point the overridden method would normally throw an 878 * exception. 879 * 880 * @param file the system-dependent file name. 881 * @exception SecurityException if the calling thread does not have 882 * permission to access the specified file. 883 * @exception NullPointerException if the <code>file</code> argument is 884 * <code>null</code>. 885 * @see #checkPermission(java.security.Permission) checkPermission 886 */ 887 public void checkRead(String file) { 888 checkPermission(new FilePermission(file, 889 SecurityConstants.FILE_READ_ACTION)); 890 } 891 892 /** 893 * Throws a <code>SecurityException</code> if the 894 * specified security context is not allowed to read the file 895 * specified by the string argument. The context must be a security 896 * context returned by a previous call to 897 * <code>getSecurityContext</code>. 898 * <p> If <code>context</code> is an instance of 899 * <code>AccessControlContext</code> then the 900 * <code>AccessControlContext.checkPermission</code> method will 901 * be invoked with the <code>FilePermission(file,"read")</code> permission. 902 * <p> If <code>context</code> is not an instance of 903 * <code>AccessControlContext</code> then a 904 * <code>SecurityException</code> is thrown. 905 * <p> 906 * If you override this method, then you should make a call to 907 * <code>super.checkRead</code> 908 * at the point the overridden method would normally throw an 909 * exception. 910 * 911 * @param file the system-dependent filename. 912 * @param context a system-dependent security context. 913 * @exception SecurityException if the specified security context 914 * is not an instance of <code>AccessControlContext</code> 915 * (e.g., is <code>null</code>), or does not have permission 916 * to read the specified file. 917 * @exception NullPointerException if the <code>file</code> argument is 918 * <code>null</code>. 919 * @see java.lang.SecurityManager#getSecurityContext() 920 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 921 */ 922 public void checkRead(String file, Object context) { 923 checkPermission( 924 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), 925 context); 926 } 927 928 /** 929 * Throws a <code>SecurityException</code> if the 930 * calling thread is not allowed to write to the specified file 931 * descriptor. 932 * <p> 933 * This method calls <code>checkPermission</code> with the 934 * <code>RuntimePermission("writeFileDescriptor")</code> 935 * permission. 936 * <p> 937 * If you override this method, then you should make a call to 938 * <code>super.checkWrite</code> 939 * at the point the overridden method would normally throw an 940 * exception. 941 * 942 * @param fd the system-dependent file descriptor. 943 * @exception SecurityException if the calling thread does not have 944 * permission to access the specified file descriptor. 945 * @exception NullPointerException if the file descriptor argument is 946 * <code>null</code>. 947 * @see java.io.FileDescriptor 948 * @see #checkPermission(java.security.Permission) checkPermission 949 */ 950 public void checkWrite(FileDescriptor fd) { 951 if (fd == null) { 952 throw new NullPointerException("file descriptor can't be null"); 953 } 954 checkPermission(new RuntimePermission("writeFileDescriptor")); 955 956 } 957 958 /** 959 * Throws a <code>SecurityException</code> if the 960 * calling thread is not allowed to write to the file specified by 961 * the string argument. 962 * <p> 963 * This method calls <code>checkPermission</code> with the 964 * <code>FilePermission(file,"write")</code> permission. 965 * <p> 966 * If you override this method, then you should make a call to 967 * <code>super.checkWrite</code> 968 * at the point the overridden method would normally throw an 969 * exception. 970 * 971 * @param file the system-dependent filename. 972 * @exception SecurityException if the calling thread does not 973 * have permission to access the specified file. 974 * @exception NullPointerException if the <code>file</code> argument is 975 * <code>null</code>. 976 * @see #checkPermission(java.security.Permission) checkPermission 977 */ 978 public void checkWrite(String file) { 979 checkPermission(new FilePermission(file, 980 SecurityConstants.FILE_WRITE_ACTION)); 981 } 982 983 /** 984 * Throws a <code>SecurityException</code> if the 985 * calling thread is not allowed to delete the specified file. 986 * <p> 987 * This method is invoked for the current security manager by the 988 * <code>delete</code> method of class <code>File</code>. 989 * <p> 990 * This method calls <code>checkPermission</code> with the 991 * <code>FilePermission(file,"delete")</code> permission. 992 * <p> 993 * If you override this method, then you should make a call to 994 * <code>super.checkDelete</code> 995 * at the point the overridden method would normally throw an 996 * exception. 997 * 998 * @param file the system-dependent filename. 999 * @exception SecurityException if the calling thread does not 1000 * have permission to delete the file. 1001 * @exception NullPointerException if the <code>file</code> argument is 1002 * <code>null</code>. 1003 * @see java.io.File#delete() 1004 * @see #checkPermission(java.security.Permission) checkPermission 1005 */ 1006 public void checkDelete(String file) { 1007 checkPermission(new FilePermission(file, 1008 SecurityConstants.FILE_DELETE_ACTION)); 1009 } 1010 1011 /** 1012 * Throws a <code>SecurityException</code> if the 1013 * calling thread is not allowed to open a socket connection to the 1014 * specified host and port number. 1015 * <p> 1016 * A port number of <code>-1</code> indicates that the calling 1017 * method is attempting to determine the IP address of the specified 1018 * host name. 1019 * <p> 1020 * This method calls <code>checkPermission</code> with the 1021 * <code>SocketPermission(host+":"+port,"connect")</code> permission if 1022 * the port is not equal to -1. If the port is equal to -1, then 1023 * it calls <code>checkPermission</code> with the 1024 * <code>SocketPermission(host,"resolve")</code> permission. 1025 * <p> 1026 * If you override this method, then you should make a call to 1027 * <code>super.checkConnect</code> 1028 * at the point the overridden method would normally throw an 1029 * exception. 1030 * 1031 * @param host the host name port to connect to. 1032 * @param port the protocol port to connect to. 1033 * @exception SecurityException if the calling thread does not have 1034 * permission to open a socket connection to the specified 1035 * <code>host</code> and <code>port</code>. 1036 * @exception NullPointerException if the <code>host</code> argument is 1037 * <code>null</code>. 1038 * @see #checkPermission(java.security.Permission) checkPermission 1039 */ 1040 public void checkConnect(String host, int port) { 1041 if (host == null) { 1042 throw new NullPointerException("host can't be null"); 1043 } 1044 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1045 host = "[" + host + "]"; 1046 } 1047 if (port == -1) { 1048 checkPermission(new SocketPermission(host, 1049 SecurityConstants.SOCKET_RESOLVE_ACTION)); 1050 } else { 1051 checkPermission(new SocketPermission(host+":"+port, 1052 SecurityConstants.SOCKET_CONNECT_ACTION)); 1053 } 1054 } 1055 1056 /** 1057 * Throws a <code>SecurityException</code> if the 1058 * specified security context is not allowed to open a socket 1059 * connection to the specified host and port number. 1060 * <p> 1061 * A port number of <code>-1</code> indicates that the calling 1062 * method is attempting to determine the IP address of the specified 1063 * host name. 1064 * <p> If <code>context</code> is not an instance of 1065 * <code>AccessControlContext</code> then a 1066 * <code>SecurityException</code> is thrown. 1067 * <p> 1068 * Otherwise, the port number is checked. If it is not equal 1069 * to -1, the <code>context</code>'s <code>checkPermission</code> 1070 * method is called with a 1071 * <code>SocketPermission(host+":"+port,"connect")</code> permission. 1072 * If the port is equal to -1, then 1073 * the <code>context</code>'s <code>checkPermission</code> method 1074 * is called with a 1075 * <code>SocketPermission(host,"resolve")</code> permission. 1076 * <p> 1077 * If you override this method, then you should make a call to 1078 * <code>super.checkConnect</code> 1079 * at the point the overridden method would normally throw an 1080 * exception. 1081 * 1082 * @param host the host name port to connect to. 1083 * @param port the protocol port to connect to. 1084 * @param context a system-dependent security context. 1085 * @exception SecurityException if the specified security context 1086 * is not an instance of <code>AccessControlContext</code> 1087 * (e.g., is <code>null</code>), or does not have permission 1088 * to open a socket connection to the specified 1089 * <code>host</code> and <code>port</code>. 1090 * @exception NullPointerException if the <code>host</code> argument is 1091 * <code>null</code>. 1092 * @see java.lang.SecurityManager#getSecurityContext() 1093 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 1094 */ 1095 public void checkConnect(String host, int port, Object context) { 1096 if (host == null) { 1097 throw new NullPointerException("host can't be null"); 1098 } 1099 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1100 host = "[" + host + "]"; 1101 } 1102 if (port == -1) 1103 checkPermission(new SocketPermission(host, 1104 SecurityConstants.SOCKET_RESOLVE_ACTION), 1105 context); 1106 else 1107 checkPermission(new SocketPermission(host+":"+port, 1108 SecurityConstants.SOCKET_CONNECT_ACTION), 1109 context); 1110 } 1111 1112 /** 1113 * Throws a <code>SecurityException</code> if the 1114 * calling thread is not allowed to wait for a connection request on 1115 * the specified local port number. 1116 * <p> 1117 * If port is not 0, this method calls 1118 * <code>checkPermission</code> with the 1119 * <code>SocketPermission("localhost:"+port,"listen")</code>. 1120 * If port is zero, this method calls <code>checkPermission</code> 1121 * with <code>SocketPermission("localhost:1024-","listen").</code> 1122 * <p> 1123 * If you override this method, then you should make a call to 1124 * <code>super.checkListen</code> 1125 * at the point the overridden method would normally throw an 1126 * exception. 1127 * 1128 * @param port the local port. 1129 * @exception SecurityException if the calling thread does not have 1130 * permission to listen on the specified port. 1131 * @see #checkPermission(java.security.Permission) checkPermission 1132 */ 1133 public void checkListen(int port) { 1134 if (port == 0) { 1135 checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION); 1136 } else { 1137 checkPermission(new SocketPermission("localhost:"+port, 1138 SecurityConstants.SOCKET_LISTEN_ACTION)); 1139 } 1140 } 1141 1142 /** 1143 * Throws a <code>SecurityException</code> if the 1144 * calling thread is not permitted to accept a socket connection from 1145 * the specified host and port number. 1146 * <p> 1147 * This method is invoked for the current security manager by the 1148 * <code>accept</code> method of class <code>ServerSocket</code>. 1149 * <p> 1150 * This method calls <code>checkPermission</code> with the 1151 * <code>SocketPermission(host+":"+port,"accept")</code> permission. 1152 * <p> 1153 * If you override this method, then you should make a call to 1154 * <code>super.checkAccept</code> 1155 * at the point the overridden method would normally throw an 1156 * exception. 1157 * 1158 * @param host the host name of the socket connection. 1159 * @param port the port number of the socket connection. 1160 * @exception SecurityException if the calling thread does not have 1161 * permission to accept the connection. 1162 * @exception NullPointerException if the <code>host</code> argument is 1163 * <code>null</code>. 1164 * @see java.net.ServerSocket#accept() 1165 * @see #checkPermission(java.security.Permission) checkPermission 1166 */ 1167 public void checkAccept(String host, int port) { 1168 if (host == null) { 1169 throw new NullPointerException("host can't be null"); 1170 } 1171 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1172 host = "[" + host + "]"; 1173 } 1174 checkPermission(new SocketPermission(host+":"+port, 1175 SecurityConstants.SOCKET_ACCEPT_ACTION)); 1176 } 1177 1178 /** 1179 * Throws a <code>SecurityException</code> if the 1180 * calling thread is not allowed to use 1181 * (join/leave/send/receive) IP multicast. 1182 * <p> 1183 * This method calls <code>checkPermission</code> with the 1184 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1185 * "accept,connect")</code> permission. 1186 * <p> 1187 * If you override this method, then you should make a call to 1188 * <code>super.checkMulticast</code> 1189 * at the point the overridden method would normally throw an 1190 * exception. 1191 * 1192 * @param maddr Internet group address to be used. 1193 * @exception SecurityException if the calling thread is not allowed to 1194 * use (join/leave/send/receive) IP multicast. 1195 * @exception NullPointerException if the address argument is 1196 * <code>null</code>. 1197 * @since JDK1.1 1198 * @see #checkPermission(java.security.Permission) checkPermission 1199 */ 1200 public void checkMulticast(InetAddress maddr) { 1201 String host = maddr.getHostAddress(); 1202 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1203 host = "[" + host + "]"; 1204 } 1205 checkPermission(new SocketPermission(host, 1206 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1207 } 1208 1209 /** 1210 * Throws a <code>SecurityException</code> if the 1211 * calling thread is not allowed to use 1212 * (join/leave/send/receive) IP multicast. 1213 * <p> 1214 * This method calls <code>checkPermission</code> with the 1215 * <code>java.net.SocketPermission(maddr.getHostAddress(), 1216 * "accept,connect")</code> permission. 1217 * <p> 1218 * If you override this method, then you should make a call to 1219 * <code>super.checkMulticast</code> 1220 * at the point the overridden method would normally throw an 1221 * exception. 1222 * 1223 * @param maddr Internet group address to be used. 1224 * @param ttl value in use, if it is multicast send. 1225 * Note: this particular implementation does not use the ttl 1226 * parameter. 1227 * @exception SecurityException if the calling thread is not allowed to 1228 * use (join/leave/send/receive) IP multicast. 1229 * @exception NullPointerException if the address argument is 1230 * <code>null</code>. 1231 * @since JDK1.1 1232 * @deprecated Use #checkPermission(java.security.Permission) instead 1233 * @see #checkPermission(java.security.Permission) checkPermission 1234 */ 1235 @Deprecated 1236 public void checkMulticast(InetAddress maddr, byte ttl) { 1237 String host = maddr.getHostAddress(); 1238 if (!host.startsWith("[") && host.indexOf(':') != -1) { 1239 host = "[" + host + "]"; 1240 } 1241 checkPermission(new SocketPermission(host, 1242 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); 1243 } 1244 1245 /** 1246 * Throws a <code>SecurityException</code> if the 1247 * calling thread is not allowed to access or modify the system 1248 * properties. 1249 * <p> 1250 * This method is used by the <code>getProperties</code> and 1251 * <code>setProperties</code> methods of class <code>System</code>. 1252 * <p> 1253 * This method calls <code>checkPermission</code> with the 1254 * <code>PropertyPermission("*", "read,write")</code> permission. 1255 * <p> 1256 * If you override this method, then you should make a call to 1257 * <code>super.checkPropertiesAccess</code> 1258 * at the point the overridden method would normally throw an 1259 * exception. 1260 * <p> 1261 * 1262 * @exception SecurityException if the calling thread does not have 1263 * permission to access or modify the system properties. 1264 * @see java.lang.System#getProperties() 1265 * @see java.lang.System#setProperties(java.util.Properties) 1266 * @see #checkPermission(java.security.Permission) checkPermission 1267 */ 1268 public void checkPropertiesAccess() { 1269 checkPermission(new PropertyPermission("*", 1270 SecurityConstants.PROPERTY_RW_ACTION)); 1271 } 1272 1273 /** 1274 * Throws a <code>SecurityException</code> if the 1275 * calling thread is not allowed to access the system property with 1276 * the specified <code>key</code> name. 1277 * <p> 1278 * This method is used by the <code>getProperty</code> method of 1279 * class <code>System</code>. 1280 * <p> 1281 * This method calls <code>checkPermission</code> with the 1282 * <code>PropertyPermission(key, "read")</code> permission. 1283 * <p> 1284 * <p> 1285 * If you override this method, then you should make a call to 1286 * <code>super.checkPropertyAccess</code> 1287 * at the point the overridden method would normally throw an 1288 * exception. 1289 * 1290 * @param key a system property key. 1291 * 1292 * @exception SecurityException if the calling thread does not have 1293 * permission to access the specified system property. 1294 * @exception NullPointerException if the <code>key</code> argument is 1295 * <code>null</code>. 1296 * @exception IllegalArgumentException if <code>key</code> is empty. 1297 * 1298 * @see java.lang.System#getProperty(java.lang.String) 1299 * @see #checkPermission(java.security.Permission) checkPermission 1300 */ 1301 public void checkPropertyAccess(String key) { 1302 checkPermission(new PropertyPermission(key, 1303 SecurityConstants.PROPERTY_READ_ACTION)); 1304 } 1305 1306 /** 1307 * Returns <code>false</code> if the calling 1308 * thread is not trusted to bring up the top-level window indicated 1309 * by the <code>window</code> argument. In this case, the caller can 1310 * still decide to show the window, but the window should include 1311 * some sort of visual warning. If the method returns 1312 * <code>true</code>, then the window can be shown without any 1313 * special restrictions. 1314 * <p> 1315 * See class <code>Window</code> for more information on trusted and 1316 * untrusted windows. 1317 * <p> 1318 * This method calls 1319 * <code>checkPermission</code> with the 1320 * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission, 1321 * and returns <code>true</code> if a SecurityException is not thrown, 1322 * otherwise it returns <code>false</code>. 1323 * In the case of subset Profiles of Java SE that do not include the 1324 * {@code java.awt} package, {@code checkPermission} is instead called 1325 * to check the permission {@code java.security.AllPermission}. 1326 * <p> 1327 * If you override this method, then you should make a call to 1328 * <code>super.checkTopLevelWindow</code> 1329 * at the point the overridden method would normally return 1330 * <code>false</code>, and the value of 1331 * <code>super.checkTopLevelWindow</code> should 1332 * be returned. 1333 * 1334 * @param window the new window that is being created. 1335 * @return <code>true</code> if the calling thread is trusted to put up 1336 * top-level windows; <code>false</code> otherwise. 1337 * @exception NullPointerException if the <code>window</code> argument is 1338 * <code>null</code>. 1339 * @deprecated The dependency on {@code AWTPermission} creates an 1340 * impediment to future modularization of the Java platform. 1341 * Users of this method should instead invoke 1342 * {@link #checkPermission} directly. 1343 * This method will be changed in a future release to check 1344 * the permission {@code java.security.AllPermission}. 1345 * @see java.awt.Window 1346 * @see #checkPermission(java.security.Permission) checkPermission 1347 */ 1348 @Deprecated 1349 public boolean checkTopLevelWindow(Object window) { 1350 if (window == null) { 1351 throw new NullPointerException("window can't be null"); 1352 } 1353 Permission perm = SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION; 1354 if (perm == null) { 1355 perm = SecurityConstants.ALL_PERMISSION; 1356 } 1357 try { 1358 checkPermission(perm); 1359 return true; 1360 } catch (SecurityException se) { 1361 // just return false 1362 } 1363 return false; 1364 } 1365 1366 /** 1367 * Throws a <code>SecurityException</code> if the 1368 * calling thread is not allowed to initiate a print job request. 1369 * <p> 1370 * This method calls 1371 * <code>checkPermission</code> with the 1372 * <code>RuntimePermission("queuePrintJob")</code> permission. 1373 * <p> 1374 * If you override this method, then you should make a call to 1375 * <code>super.checkPrintJobAccess</code> 1376 * at the point the overridden method would normally throw an 1377 * exception. 1378 * <p> 1379 * 1380 * @exception SecurityException if the calling thread does not have 1381 * permission to initiate a print job request. 1382 * @since JDK1.1 1383 * @see #checkPermission(java.security.Permission) checkPermission 1384 */ 1385 public void checkPrintJobAccess() { 1386 checkPermission(new RuntimePermission("queuePrintJob")); 1387 } 1388 1389 /** 1390 * Throws a <code>SecurityException</code> if the 1391 * calling thread is not allowed to access the system clipboard. 1392 * <p> 1393 * This method calls <code>checkPermission</code> with the 1394 * <code>AWTPermission("accessClipboard")</code> 1395 * permission. 1396 * In the case of subset Profiles of Java SE that do not include the 1397 * {@code java.awt} package, {@code checkPermission} is instead called 1398 * to check the permission {@code java.security.AllPermission}. 1399 * <p> 1400 * If you override this method, then you should make a call to 1401 * <code>super.checkSystemClipboardAccess</code> 1402 * at the point the overridden method would normally throw an 1403 * exception. 1404 * 1405 * @since JDK1.1 1406 * @exception SecurityException if the calling thread does not have 1407 * permission to access the system clipboard. 1408 * @deprecated The dependency on {@code AWTPermission} creates an 1409 * impediment to future modularization of the Java platform. 1410 * Users of this method should instead invoke 1411 * {@link #checkPermission} directly. 1412 * This method will be changed in a future release to check 1413 * the permission {@code java.security.AllPermission}. 1414 * @see #checkPermission(java.security.Permission) checkPermission 1415 */ 1416 @Deprecated 1417 public void checkSystemClipboardAccess() { 1418 Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION; 1419 if (perm == null) { 1420 perm = SecurityConstants.ALL_PERMISSION; 1421 } 1422 checkPermission(perm); 1423 } 1424 1425 /** 1426 * Throws a <code>SecurityException</code> if the 1427 * calling thread is not allowed to access the AWT event queue. 1428 * <p> 1429 * This method calls <code>checkPermission</code> with the 1430 * <code>AWTPermission("accessEventQueue")</code> permission. 1431 * In the case of subset Profiles of Java SE that do not include the 1432 * {@code java.awt} package, {@code checkPermission} is instead called 1433 * to check the permission {@code java.security.AllPermission}. 1434 * 1435 * <p> 1436 * If you override this method, then you should make a call to 1437 * <code>super.checkAwtEventQueueAccess</code> 1438 * at the point the overridden method would normally throw an 1439 * exception. 1440 * 1441 * @since JDK1.1 1442 * @exception SecurityException if the calling thread does not have 1443 * permission to access the AWT event queue. 1444 * @deprecated The dependency on {@code AWTPermission} creates an 1445 * impediment to future modularization of the Java platform. 1446 * Users of this method should instead invoke 1447 * {@link #checkPermission} directly. 1448 * This method will be changed in a future release to check 1449 * the permission {@code java.security.AllPermission}. 1450 * @see #checkPermission(java.security.Permission) checkPermission 1451 */ 1452 @Deprecated 1453 public void checkAwtEventQueueAccess() { 1454 Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION; 1455 if (perm == null) { 1456 perm = SecurityConstants.ALL_PERMISSION; 1457 } 1458 checkPermission(perm); 1459 } 1460 1461 /* 1462 * We have an initial invalid bit (initially false) for the class 1463 * variables which tell if the cache is valid. If the underlying 1464 * java.security.Security property changes via setProperty(), the 1465 * Security class uses reflection to change the variable and thus 1466 * invalidate the cache. 1467 * 1468 * Locking is handled by synchronization to the 1469 * packageAccessLock/packageDefinitionLock objects. They are only 1470 * used in this class. 1471 * 1472 * Note that cache invalidation as a result of the property change 1473 * happens without using these locks, so there may be a delay between 1474 * when a thread updates the property and when other threads updates 1475 * the cache. 1476 */ 1477 private static boolean packageAccessValid = false; 1478 private static String[] packageAccess; 1479 private static final Object packageAccessLock = new Object(); 1480 1481 private static boolean packageDefinitionValid = false; 1482 private static String[] packageDefinition; 1483 private static final Object packageDefinitionLock = new Object(); 1484 1485 private static String[] getPackages(String p) { 1486 String packages[] = null; 1487 if (p != null && !p.equals("")) { 1488 java.util.StringTokenizer tok = 1489 new java.util.StringTokenizer(p, ","); 1490 int n = tok.countTokens(); 1491 if (n > 0) { 1492 packages = new String[n]; 1493 int i = 0; 1494 while (tok.hasMoreElements()) { 1495 String s = tok.nextToken().trim(); 1496 packages[i++] = s; 1497 } 1498 } 1499 } 1500 1501 if (packages == null) 1502 packages = new String[0]; 1503 return packages; 1504 } 1505 1506 /** 1507 * Throws a <code>SecurityException</code> if the 1508 * calling thread is not allowed to access the package specified by 1509 * the argument. 1510 * <p> 1511 * This method is used by the <code>loadClass</code> method of class 1512 * loaders. 1513 * <p> 1514 * This method first gets a list of 1515 * restricted packages by obtaining a comma-separated list from 1516 * a call to 1517 * <code>java.security.Security.getProperty("package.access")</code>, 1518 * and checks to see if <code>pkg</code> starts with or equals 1519 * any of the restricted packages. If it does, then 1520 * <code>checkPermission</code> gets called with the 1521 * <code>RuntimePermission("accessClassInPackage."+pkg)</code> 1522 * permission. 1523 * <p> 1524 * If this method is overridden, then 1525 * <code>super.checkPackageAccess</code> should be called 1526 * as the first line in the overridden method. 1527 * 1528 * @param pkg the package name. 1529 * @exception SecurityException if the calling thread does not have 1530 * permission to access the specified package. 1531 * @exception NullPointerException if the package name argument is 1532 * <code>null</code>. 1533 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1534 * loadClass 1535 * @see java.security.Security#getProperty getProperty 1536 * @see #checkPermission(java.security.Permission) checkPermission 1537 */ 1538 public void checkPackageAccess(String pkg) { 1539 if (pkg == null) { 1540 throw new NullPointerException("package name can't be null"); 1541 } 1542 1543 String[] pkgs; 1544 synchronized (packageAccessLock) { 1545 /* 1546 * Do we need to update our property array? 1547 */ 1548 if (!packageAccessValid) { 1549 String tmpPropertyStr = 1550 AccessController.doPrivileged( 1551 new PrivilegedAction<String>() { 1552 public String run() { 1553 return java.security.Security.getProperty( 1554 "package.access"); 1555 } 1556 } 1557 ); 1558 packageAccess = getPackages(tmpPropertyStr); 1559 packageAccessValid = true; 1560 } 1561 1562 // Using a snapshot of packageAccess -- don't care if static field 1563 // changes afterwards; array contents won't change. 1564 pkgs = packageAccess; 1565 } 1566 1567 /* 1568 * Traverse the list of packages, check for any matches. 1569 */ 1570 for (int i = 0; i < pkgs.length; i++) { 1571 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) { 1572 checkPermission( 1573 new RuntimePermission("accessClassInPackage."+pkg)); 1574 break; // No need to continue; only need to check this once 1575 } 1576 } 1577 } 1578 1579 /** 1580 * Throws a <code>SecurityException</code> if the 1581 * calling thread is not allowed to define classes in the package 1582 * specified by the argument. 1583 * <p> 1584 * This method is used by the <code>loadClass</code> method of some 1585 * class loaders. 1586 * <p> 1587 * This method first gets a list of restricted packages by 1588 * obtaining a comma-separated list from a call to 1589 * <code>java.security.Security.getProperty("package.definition")</code>, 1590 * and checks to see if <code>pkg</code> starts with or equals 1591 * any of the restricted packages. If it does, then 1592 * <code>checkPermission</code> gets called with the 1593 * <code>RuntimePermission("defineClassInPackage."+pkg)</code> 1594 * permission. 1595 * <p> 1596 * If this method is overridden, then 1597 * <code>super.checkPackageDefinition</code> should be called 1598 * as the first line in the overridden method. 1599 * 1600 * @param pkg the package name. 1601 * @exception SecurityException if the calling thread does not have 1602 * permission to define classes in the specified package. 1603 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) 1604 * @see java.security.Security#getProperty getProperty 1605 * @see #checkPermission(java.security.Permission) checkPermission 1606 */ 1607 public void checkPackageDefinition(String pkg) { 1608 if (pkg == null) { 1609 throw new NullPointerException("package name can't be null"); 1610 } 1611 1612 String[] pkgs; 1613 synchronized (packageDefinitionLock) { 1614 /* 1615 * Do we need to update our property array? 1616 */ 1617 if (!packageDefinitionValid) { 1618 String tmpPropertyStr = 1619 AccessController.doPrivileged( 1620 new PrivilegedAction<String>() { 1621 public String run() { 1622 return java.security.Security.getProperty( 1623 "package.definition"); 1624 } 1625 } 1626 ); 1627 packageDefinition = getPackages(tmpPropertyStr); 1628 packageDefinitionValid = true; 1629 } 1630 // Using a snapshot of packageDefinition -- don't care if static 1631 // field changes afterwards; array contents won't change. 1632 pkgs = packageDefinition; 1633 } 1634 1635 /* 1636 * Traverse the list of packages, check for any matches. 1637 */ 1638 for (int i = 0; i < pkgs.length; i++) { 1639 if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) { 1640 checkPermission( 1641 new RuntimePermission("defineClassInPackage."+pkg)); 1642 break; // No need to continue; only need to check this once 1643 } 1644 } 1645 } 1646 1647 /** 1648 * Throws a <code>SecurityException</code> if the 1649 * calling thread is not allowed to set the socket factory used by 1650 * <code>ServerSocket</code> or <code>Socket</code>, or the stream 1651 * handler factory used by <code>URL</code>. 1652 * <p> 1653 * This method calls <code>checkPermission</code> with the 1654 * <code>RuntimePermission("setFactory")</code> permission. 1655 * <p> 1656 * If you override this method, then you should make a call to 1657 * <code>super.checkSetFactory</code> 1658 * at the point the overridden method would normally throw an 1659 * exception. 1660 * <p> 1661 * 1662 * @exception SecurityException if the calling thread does not have 1663 * permission to specify a socket factory or a stream 1664 * handler factory. 1665 * 1666 * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory 1667 * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory 1668 * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory 1669 * @see #checkPermission(java.security.Permission) checkPermission 1670 */ 1671 public void checkSetFactory() { 1672 checkPermission(new RuntimePermission("setFactory")); 1673 } 1674 1675 /** 1676 * Throws a <code>SecurityException</code> if the 1677 * calling thread is not allowed to access members. 1678 * <p> 1679 * The default policy is to allow access to PUBLIC members, as well 1680 * as access to classes that have the same class loader as the caller. 1681 * In all other cases, this method calls <code>checkPermission</code> 1682 * with the <code>RuntimePermission("accessDeclaredMembers") 1683 * </code> permission. 1684 * <p> 1685 * If this method is overridden, then a call to 1686 * <code>super.checkMemberAccess</code> cannot be made, 1687 * as the default implementation of <code>checkMemberAccess</code> 1688 * relies on the code being checked being at a stack depth of 1689 * 4. 1690 * 1691 * @param clazz the class that reflection is to be performed on. 1692 * 1693 * @param which type of access, PUBLIC or DECLARED. 1694 * 1695 * @exception SecurityException if the caller does not have 1696 * permission to access members. 1697 * @exception NullPointerException if the <code>clazz</code> argument is 1698 * <code>null</code>. 1699 * 1700 * @deprecated This method relies on the caller being at a stack depth 1701 * of 4 which is error-prone and cannot be enforced by the runtime. 1702 * Users of this method should instead invoke {@link #checkPermission} 1703 * directly. This method will be changed in a future release 1704 * to check the permission {@code java.security.AllPermission}. 1705 * 1706 * @see java.lang.reflect.Member 1707 * @since JDK1.1 1708 * @see #checkPermission(java.security.Permission) checkPermission 1709 */ 1710 @Deprecated 1711 @CallerSensitive 1712 public void checkMemberAccess(Class<?> clazz, int which) { 1713 if (clazz == null) { 1714 throw new NullPointerException("class can't be null"); 1715 } 1716 if (which != Member.PUBLIC) { 1717 Class stack[] = getClassContext(); 1718 /* 1719 * stack depth of 4 should be the caller of one of the 1720 * methods in java.lang.Class that invoke checkMember 1721 * access. The stack should look like: 1722 * 1723 * someCaller [3] 1724 * java.lang.Class.someReflectionAPI [2] 1725 * java.lang.Class.checkMemberAccess [1] 1726 * SecurityManager.checkMemberAccess [0] 1727 * 1728 */ 1729 if ((stack.length<4) || 1730 (stack[3].getClassLoader() != clazz.getClassLoader())) { 1731 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); 1732 } 1733 } 1734 } 1735 1736 /** 1737 * Determines whether the permission with the specified permission target 1738 * name should be granted or denied. 1739 * 1740 * <p> If the requested permission is allowed, this method returns 1741 * quietly. If denied, a SecurityException is raised. 1742 * 1743 * <p> This method creates a <code>SecurityPermission</code> object for 1744 * the given permission target name and calls <code>checkPermission</code> 1745 * with it. 1746 * 1747 * <p> See the documentation for 1748 * <code>{@link java.security.SecurityPermission}</code> for 1749 * a list of possible permission target names. 1750 * 1751 * <p> If you override this method, then you should make a call to 1752 * <code>super.checkSecurityAccess</code> 1753 * at the point the overridden method would normally throw an 1754 * exception. 1755 * 1756 * @param target the target name of the <code>SecurityPermission</code>. 1757 * 1758 * @exception SecurityException if the calling thread does not have 1759 * permission for the requested access. 1760 * @exception NullPointerException if <code>target</code> is null. 1761 * @exception IllegalArgumentException if <code>target</code> is empty. 1762 * 1763 * @since JDK1.1 1764 * @see #checkPermission(java.security.Permission) checkPermission 1765 */ 1766 public void checkSecurityAccess(String target) { 1767 checkPermission(new SecurityPermission(target)); 1768 } 1769 1770 private native Class<?> currentLoadedClass0(); 1771 1772 /** 1773 * Returns the thread group into which to instantiate any new 1774 * thread being created at the time this is being called. 1775 * By default, it returns the thread group of the current 1776 * thread. This should be overridden by a specific security 1777 * manager to return the appropriate thread group. 1778 * 1779 * @return ThreadGroup that new threads are instantiated into 1780 * @since JDK1.1 1781 * @see java.lang.ThreadGroup 1782 */ 1783 public ThreadGroup getThreadGroup() { 1784 return Thread.currentThread().getThreadGroup(); 1785 } 1786 1787 }