1 /*
2 * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.applet;
27
28 import java.io.File;
29 import java.io.FilePermission;
30 import java.io.IOException;
31 import java.io.FileDescriptor;
32 import java.net.URL;
33 import java.net.URLClassLoader;
34 import java.net.InetAddress;
35 import java.net.UnknownHostException;
36 import java.net.SocketPermission;
37 import java.util.Enumeration;
38 import java.util.Iterator;
39 import java.util.HashSet;
40 import java.util.StringTokenizer;
41 import java.security.*;
42 import java.lang.reflect.*;
43 import sun.awt.AWTSecurityManager;
44 import sun.awt.AppContext;
45 import sun.awt.AWTPermissions;
46 import sun.security.util.SecurityConstants;
47
48
49 /**
50 * This class defines an applet security policy
51 *
52 */
53 public
54 class AppletSecurity extends AWTSecurityManager {
55
56 //URLClassLoader.acc
57 private static Field facc = null;
58
59 //AccessControlContext.context;
60 private static Field fcontext = null;
61
62 static {
63 try {
64 facc = URLClassLoader.class.getDeclaredField("acc");
65 facc.setAccessible(true);
66 fcontext = AccessControlContext.class.getDeclaredField("context");
67 fcontext.setAccessible(true);
68 } catch (NoSuchFieldException e) {
69 throw new UnsupportedOperationException(e);
70 }
71 }
72
73
74 /**
75 * Construct and initialize.
76 */
77 public AppletSecurity() {
78 reset();
79 }
80
81 // Cache to store known restricted packages
82 private HashSet<String> restrictedPackages = new HashSet<>();
83
84 /**
85 * Reset from Properties
86 */
87 public void reset()
88 {
89 // Clear cache
90 restrictedPackages.clear();
91
92 AccessController.doPrivileged(new PrivilegedAction<Object>() {
93 public Object run()
94 {
95 // Enumerate system properties
96 Enumeration<?> e = System.getProperties().propertyNames();
97
98 while (e.hasMoreElements())
99 {
100 String name = (String) e.nextElement();
101
102 if (name != null && name.startsWith("package.restrict.access."))
103 {
104 String value = System.getProperty(name);
105
106 if (value != null && value.equalsIgnoreCase("true"))
107 {
108 String pkg = name.substring(24);
109
110 // Cache restricted packages
111 restrictedPackages.add(pkg);
112 }
113 }
114 }
115 return null;
116 }
117 });
118 }
119
120 /**
121 * get the current (first) instance of an AppletClassLoader on the stack.
122 */
123 @SuppressWarnings("deprecation")
124 private AppletClassLoader currentAppletClassLoader()
125 {
126 // try currentClassLoader first
127 ClassLoader loader = currentClassLoader();
128
129 if ((loader == null) || (loader instanceof AppletClassLoader))
130 return (AppletClassLoader)loader;
131
132 // if that fails, get all the classes on the stack and check them.
133 Class<?>[] context = getClassContext();
134 for (int i = 0; i < context.length; i++) {
135 loader = context[i].getClassLoader();
136 if (loader instanceof AppletClassLoader)
137 return (AppletClassLoader)loader;
138 }
139
140 /*
141 * fix bug # 6433620 the logic here is : try to find URLClassLoader from
142 * class context, check its AccessControlContext to see if
143 * AppletClassLoader is in stack when it's created. for this kind of
144 * URLClassLoader, return the AppContext associated with the
145 * AppletClassLoader.
146 */
147 for (int i = 0; i < context.length; i++) {
148 final ClassLoader currentLoader = context[i].getClassLoader();
149
150 if (currentLoader instanceof URLClassLoader) {
151 loader = AccessController.doPrivileged(
152 new PrivilegedAction<ClassLoader>() {
153 public ClassLoader run() {
154
155 AccessControlContext acc = null;
156 ProtectionDomain[] pds = null;
157
158 try {
159 acc = (AccessControlContext) facc.get(currentLoader);
160 if (acc == null) {
161 return null;
162 }
163
164 pds = (ProtectionDomain[]) fcontext.get(acc);
165 if (pds == null) {
166 return null;
167 }
168 } catch (Exception e) {
169 throw new UnsupportedOperationException(e);
170 }
171
172 for (int i=0; i<pds.length; i++) {
173 ClassLoader cl = pds[i].getClassLoader();
174
175 if (cl instanceof AppletClassLoader) {
176 return cl;
177 }
178 }
179
180 return null;
181 }
182 });
183
184 if (loader != null) {
185 return (AppletClassLoader) loader;
186 }
187 }
188 }
189
190 // if that fails, try the context class loader
191 loader = Thread.currentThread().getContextClassLoader();
192 if (loader instanceof AppletClassLoader)
193 return (AppletClassLoader)loader;
194
195 // no AppletClassLoaders on the stack
196 return (AppletClassLoader)null;
197 }
198
199 /**
200 * Returns true if this threadgroup is in the applet's own thread
201 * group. This will return false if there is no current class
202 * loader.
203 */
204 protected boolean inThreadGroup(ThreadGroup g) {
205 if (currentAppletClassLoader() == null)
206 return false;
207 else
208 return getThreadGroup().parentOf(g);
209 }
210
211 /**
212 * Returns true of the threadgroup of thread is in the applet's
213 * own threadgroup.
214 */
215 protected boolean inThreadGroup(Thread thread) {
216 return inThreadGroup(thread.getThreadGroup());
217 }
218
219 /**
220 * Applets are not allowed to manipulate threads outside
221 * applet thread groups. However a terminated thread no longer belongs
222 * to any group.
223 */
224 public void checkAccess(Thread t) {
225 /* When multiple applets is reloaded simultaneously, there will be
226 * multiple invocations to this method from plugin's SecurityManager.
227 * This method should not be synchronized to avoid deadlock when
228 * a page with multiple applets is reloaded
229 */
230 if ((t.getState() != Thread.State.TERMINATED) && !inThreadGroup(t)) {
231 checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
232 }
233 }
234
235 private boolean inThreadGroupCheck = false;
236
237 /**
238 * Applets are not allowed to manipulate thread groups outside
239 * applet thread groups.
240 */
241 public synchronized void checkAccess(ThreadGroup g) {
242 if (inThreadGroupCheck) {
243 // if we are in a recursive check, it is because
244 // inThreadGroup is calling appletLoader.getThreadGroup
245 // in that case, only do the super check, as appletLoader
246 // has a begin/endPrivileged
247 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
248 } else {
249 try {
250 inThreadGroupCheck = true;
251 if (!inThreadGroup(g)) {
252 checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
253 }
254 } finally {
255 inThreadGroupCheck = false;
256 }
257 }
258 }
259
260
261 /**
262 * Throws a {@code SecurityException} if the
263 * calling thread is not allowed to access the package specified by
264 * the argument.
265 * <p>
266 * This method is used by the {@code loadClass} method of class
267 * loaders.
268 * <p>
269 * The {@code checkPackageAccess} method for class
270 * {@code SecurityManager} calls
271 * {@code checkPermission} with the
272 * {@code RuntimePermission("accessClassInPackage."+ pkgname)}
273 * permission.
274 *
275 * @param pkgname the package name.
276 * @exception SecurityException if the caller does not have
277 * permission to access the specified package.
278 * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
279 */
280 public void checkPackageAccess(final String pkgname) {
281
282 // first see if the VM-wide policy allows access to this package
283 super.checkPackageAccess(pkgname);
284
285 // now check the list of restricted packages
286 for (Iterator<String> iter = restrictedPackages.iterator(); iter.hasNext();)
287 {
288 String pkg = iter.next();
289
290 // Prevent matching "sun" and "sunir" even if they
291 // starts with similar beginning characters
292 //
293 if (pkgname.equals(pkg) || pkgname.startsWith(pkg + "."))
294 {
295 checkPermission(new java.lang.RuntimePermission
296 ("accessClassInPackage." + pkgname));
297 }
298 }
299 }
300
301 /**
302 * Tests if a client can get access to the AWT event queue.
303 * <p>
304 * This method calls {@code checkPermission} with the
305 * {@code AWTPermission("accessEventQueue")} permission.
306 *
307 * @since 1.1
308 * @exception SecurityException if the caller does not have
309 * permission to access the AWT event queue.
310 */
311 @SuppressWarnings("deprecation")
312 public void checkAwtEventQueueAccess() {
313 AppContext appContext = AppContext.getAppContext();
314 AppletClassLoader appletClassLoader = currentAppletClassLoader();
315
316 if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
317 // If we're about to allow access to the main EventQueue,
318 // and anything untrusted is on the class context stack,
319 // disallow access.
320 super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION);
321 }
322 } // checkAwtEventQueueAccess()
323
324 /**
325 * Returns the thread group of the applet. We consult the classloader
326 * if there is one.
327 */
328 public ThreadGroup getThreadGroup() {
329 /* If any applet code is on the execution stack, we return
330 that applet's ThreadGroup. Otherwise, we use the default
331 behavior. */
332 AppletClassLoader appletLoader = currentAppletClassLoader();
333 ThreadGroup loaderGroup = (appletLoader == null) ? null
334 : appletLoader.getThreadGroup();
335 if (loaderGroup != null) {
336 return loaderGroup;
337 } else {
338 return super.getThreadGroup();
339 }
340 } // getThreadGroup()
341
342 /**
343 * Get the AppContext corresponding to the current context.
344 * The default implementation returns null, but this method
345 * may be overridden by various SecurityManagers
346 * (e.g. AppletSecurity) to index AppContext objects by the
347 * calling context.
348 *
349 * @return the AppContext corresponding to the current context.
350 * @see sun.awt.AppContext
351 * @see java.lang.SecurityManager
352 * @since 1.2.1
353 */
354 public AppContext getAppContext() {
355 AppletClassLoader appletLoader = currentAppletClassLoader();
356
357 if (appletLoader == null) {
358 return null;
359 } else {
360 AppContext context = appletLoader.getAppContext();
361
362 // context == null when some thread in applet thread group
363 // has not been destroyed in AppContext.dispose()
364 if (context == null) {
365 throw new SecurityException("Applet classloader has invalid AppContext");
366 }
367
368 return context;
369 }
370 }
371
372 } // class AppletSecurity