author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 58288 | 48e480e56aad |
permissions | -rw-r--r-- |
2 | 1 |
/* |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
2 |
* Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.lang; |
|
27 |
||
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
28 |
import java.lang.module.ModuleDescriptor; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
29 |
import java.lang.module.ModuleDescriptor.Exports; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
30 |
import java.lang.module.ModuleDescriptor.Opens; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
31 |
import java.lang.reflect.Member; |
2 | 32 |
import java.io.FileDescriptor; |
33 |
import java.io.File; |
|
34 |
import java.io.FilePermission; |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
35 |
import java.net.InetAddress; |
2 | 36 |
import java.net.SocketPermission; |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
37 |
import java.security.AccessControlContext; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
38 |
import java.security.AccessController; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
39 |
import java.security.Permission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
40 |
import java.security.PrivilegedAction; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
41 |
import java.security.Security; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
42 |
import java.security.SecurityPermission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
43 |
import java.util.HashSet; |
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
44 |
import java.util.Map; |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
45 |
import java.util.Objects; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
46 |
import java.util.PropertyPermission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
47 |
import java.util.Set; |
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
48 |
import java.util.concurrent.ConcurrentHashMap; |
2 | 49 |
|
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
50 |
import jdk.internal.module.ModuleLoaderMap; |
37363
329dba26ffd2
8137058: Clear out all non-Critical APIs from sun.reflect
chegar
parents:
31180
diff
changeset
|
51 |
import jdk.internal.reflect.CallerSensitive; |
2 | 52 |
import sun.security.util.SecurityConstants; |
53 |
||
54 |
/** |
|
55 |
* The security manager is a class that allows |
|
56 |
* applications to implement a security policy. It allows an |
|
57 |
* application to determine, before performing a possibly unsafe or |
|
58 |
* sensitive operation, what the operation is and whether |
|
59 |
* it is being attempted in a security context that allows the |
|
60 |
* operation to be performed. The |
|
61 |
* application can allow or disallow the operation. |
|
62 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
63 |
* The {@code SecurityManager} class contains many methods with |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
64 |
* names that begin with the word {@code check}. These methods |
2 | 65 |
* are called by various methods in the Java libraries before those |
66 |
* methods perform certain potentially sensitive operations. The |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
67 |
* invocation of such a {@code check} method typically looks like this: |
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
68 |
* <blockquote><pre> |
2 | 69 |
* SecurityManager security = System.getSecurityManager(); |
70 |
* if (security != null) { |
|
71 |
* security.check<i>XXX</i>(argument, . . . ); |
|
72 |
* } |
|
73 |
* </pre></blockquote> |
|
74 |
* <p> |
|
75 |
* The security manager is thereby given an opportunity to prevent |
|
76 |
* completion of the operation by throwing an exception. A security |
|
77 |
* manager routine simply returns if the operation is permitted, but |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
78 |
* throws a {@code SecurityException} if the operation is not |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
79 |
* permitted. |
2 | 80 |
* <p> |
52084
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
81 |
* Environments using a security manager will typically set the security |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
82 |
* manager at startup. In the JDK implementation, this is done by setting |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
83 |
* the system property {@code java.security.manager} on the command line to |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
84 |
* the class name of the security manager. It can also be set to the empty |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
85 |
* String ("") or the special token "{@code default}" to use the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
86 |
* default {@code java.lang.SecurityManager}. If a class name is specified, |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
87 |
* it must be {@code java.lang.SecurityManager} or a public subclass and have |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
88 |
* a public no-arg constructor. The class is loaded by the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
89 |
* {@linkplain ClassLoader#getSystemClassLoader() built-in system class loader} |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
90 |
* if it is not {@code java.lang.SecurityManager}. If the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
91 |
* {@code java.security.manager} system property is not set, the default value |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
92 |
* is {@code null}, which means a security manager will not be set at startup. |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
93 |
* <p> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
94 |
* The Java run-time may also allow, but is not required to allow, the security |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
95 |
* manager to be set dynamically by invoking the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
96 |
* {@link System#setSecurityManager(SecurityManager) setSecurityManager} method. |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
97 |
* In the JDK implementation, if the Java virtual machine is started with |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
98 |
* the {@code java.security.manager} system property set to the special token |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
99 |
* "{@code disallow}" then a security manager will not be set at startup and |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
100 |
* cannot be set dynamically (the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
101 |
* {@link System#setSecurityManager(SecurityManager) setSecurityManager} |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
102 |
* method will throw an {@code UnsupportedOperationException}). If the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
103 |
* {@code java.security.manager} system property is not set or is set to the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
104 |
* special token "{@code allow}", then a security manager will not be set at |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
105 |
* startup but can be set dynamically. Finally, if the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
106 |
* {@code java.security.manager} system property is set to the class name of |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
107 |
* the security manager, or to the empty String ("") or the special token |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
108 |
* "{@code default}", then a security manager is set at startup (as described |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
109 |
* previously) and can also be subsequently replaced (or disabled) dynamically |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
110 |
* (subject to the policy of the currently installed security manager). The |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
111 |
* following table illustrates the behavior of the JDK implementation for the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
112 |
* different settings of the {@code java.security.manager} system property: |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
113 |
* <table class="striped"> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
114 |
* <caption style="display:none">property value, |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
115 |
* the SecurityManager set at startup, |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
116 |
* can dynamically set a SecurityManager |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
117 |
* </caption> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
118 |
* <thead> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
119 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
120 |
* <th scope="col">Property Value</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
121 |
* <th scope="col">The SecurityManager set at startup</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
122 |
* <th scope="col">System.setSecurityManager run-time behavior</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
123 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
124 |
* </thead> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
125 |
* <tbody> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
126 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
127 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
128 |
* <th scope="row">null</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
129 |
* <td>None</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
130 |
* <td>Success or throws {@code SecurityException} if not permitted by |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
131 |
* the currently installed security manager</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
132 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
133 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
134 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
135 |
* <th scope="row">empty String ("")</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
136 |
* <td>{@code java.lang.SecurityManager}</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
137 |
* <td>Success or throws {@code SecurityException} if not permitted by |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
138 |
* the currently installed security manager</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
139 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
140 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
141 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
142 |
* <th scope="row">"default"</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
143 |
* <td>{@code java.lang.SecurityManager}</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
144 |
* <td>Success or throws {@code SecurityException} if not permitted by |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
145 |
* the currently installed security manager</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
146 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
147 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
148 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
149 |
* <th scope="row">"disallow"</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
150 |
* <td>None</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
151 |
* <td>Always throws {@code UnsupportedOperationException}</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
152 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
153 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
154 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
155 |
* <th scope="row">"allow"</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
156 |
* <td>None</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
157 |
* <td>Success or throws {@code SecurityException} if not permitted by |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
158 |
* the currently installed security manager</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
159 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
160 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
161 |
* <tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
162 |
* <th scope="row">a class name</th> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
163 |
* <td>the named class</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
164 |
* <td>Success or throws {@code SecurityException} if not permitted by |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
165 |
* the currently installed security manager</td> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
166 |
* </tr> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
167 |
* |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
168 |
* </tbody> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
169 |
* </table> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
170 |
* <p> A future release of the JDK may change the default value of the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
171 |
* {@code java.security.manager} system property to "{@code disallow}". |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
172 |
* <p> |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
173 |
* The current security manager is returned by the |
ec4f2762b234
8191053: Provide a mechanism to make system's security manager immutable
mullan
parents:
49520
diff
changeset
|
174 |
* {@link System#getSecurityManager() getSecurityManager} method. |
2 | 175 |
* <p> |
176 |
* The special method |
|
177 |
* {@link SecurityManager#checkPermission(java.security.Permission)} |
|
178 |
* determines whether an access request indicated by a specified |
|
179 |
* permission should be granted or denied. The |
|
180 |
* default implementation calls |
|
181 |
* |
|
182 |
* <pre> |
|
183 |
* AccessController.checkPermission(perm); |
|
184 |
* </pre> |
|
185 |
* |
|
186 |
* <p> |
|
187 |
* If a requested access is allowed, |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
188 |
* {@code checkPermission} returns quietly. If denied, a |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
189 |
* {@code SecurityException} is thrown. |
2 | 190 |
* <p> |
48027
ddbcfca4d51d
8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
mullan
parents:
47216
diff
changeset
|
191 |
* The default implementation of each of the other |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
192 |
* {@code check} methods in {@code SecurityManager} is to |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
193 |
* call the {@code SecurityManager checkPermission} method |
2 | 194 |
* to determine if the calling thread has permission to perform the requested |
195 |
* operation. |
|
196 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
197 |
* Note that the {@code checkPermission} method with |
2 | 198 |
* just a single permission argument always performs security checks |
199 |
* within the context of the currently executing thread. |
|
200 |
* Sometimes a security check that should be made within a given context |
|
201 |
* will actually need to be done from within a |
|
202 |
* <i>different</i> context (for example, from within a worker thread). |
|
203 |
* The {@link SecurityManager#getSecurityContext getSecurityContext} method |
|
204 |
* and the {@link SecurityManager#checkPermission(java.security.Permission, |
|
205 |
* java.lang.Object) checkPermission} |
|
206 |
* method that includes a context argument are provided |
|
207 |
* for this situation. The |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
208 |
* {@code getSecurityContext} method returns a "snapshot" |
2 | 209 |
* of the current calling context. (The default implementation |
210 |
* returns an AccessControlContext object.) A sample call is |
|
211 |
* the following: |
|
212 |
* |
|
213 |
* <pre> |
|
214 |
* Object context = null; |
|
215 |
* SecurityManager sm = System.getSecurityManager(); |
|
216 |
* if (sm != null) context = sm.getSecurityContext(); |
|
217 |
* </pre> |
|
218 |
* |
|
219 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
220 |
* The {@code checkPermission} method |
2 | 221 |
* that takes a context object in addition to a permission |
222 |
* makes access decisions based on that context, |
|
223 |
* rather than on that of the current execution thread. |
|
224 |
* Code within a different context can thus call that method, |
|
225 |
* passing the permission and the |
|
226 |
* previously-saved context object. A sample call, using the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
227 |
* SecurityManager {@code sm} obtained as in the previous example, |
2 | 228 |
* is the following: |
229 |
* |
|
230 |
* <pre> |
|
231 |
* if (sm != null) sm.checkPermission(permission, context); |
|
232 |
* </pre> |
|
233 |
* |
|
234 |
* <p>Permissions fall into these categories: File, Socket, Net, |
|
235 |
* Security, Runtime, Property, AWT, Reflect, and Serializable. |
|
236 |
* The classes managing these various |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
237 |
* permission categories are {@code java.io.FilePermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
238 |
* {@code java.net.SocketPermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
239 |
* {@code java.net.NetPermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
240 |
* {@code java.security.SecurityPermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
241 |
* {@code java.lang.RuntimePermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
242 |
* {@code java.util.PropertyPermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
243 |
* {@code java.awt.AWTPermission}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
244 |
* {@code java.lang.reflect.ReflectPermission}, and |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
245 |
* {@code java.io.SerializablePermission}. |
2 | 246 |
* |
247 |
* <p>All but the first two (FilePermission and SocketPermission) are |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
248 |
* subclasses of {@code java.security.BasicPermission}, which itself |
2 | 249 |
* is an abstract subclass of the |
250 |
* top-level class for permissions, which is |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
251 |
* {@code java.security.Permission}. BasicPermission defines the |
2 | 252 |
* functionality needed for all permissions that contain a name |
253 |
* that follows the hierarchical property naming convention |
|
254 |
* (for example, "exitVM", "setFactory", "queuePrintJob", etc). |
|
255 |
* An asterisk |
|
256 |
* may appear at the end of the name, following a ".", or by itself, to |
|
257 |
* signify a wildcard match. For example: "a.*" or "*" is valid, |
|
258 |
* "*a" or "a*b" is not valid. |
|
259 |
* |
|
260 |
* <p>FilePermission and SocketPermission are subclasses of the |
|
261 |
* top-level class for permissions |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
262 |
* ({@code java.security.Permission}). Classes like these |
2 | 263 |
* that have a more complicated name syntax than that used by |
264 |
* BasicPermission subclass directly from Permission rather than from |
|
265 |
* BasicPermission. For example, |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
266 |
* for a {@code java.io.FilePermission} object, the permission name is |
2 | 267 |
* the path name of a file (or directory). |
268 |
* |
|
269 |
* <p>Some of the permission classes have an "actions" list that tells |
|
270 |
* the actions that are permitted for the object. For example, |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
271 |
* for a {@code java.io.FilePermission} object, the actions list |
2 | 272 |
* (such as "read, write") specifies which actions are granted for the |
273 |
* specified file (or for files in the specified directory). |
|
274 |
* |
|
275 |
* <p>Other permission classes are for "named" permissions - |
|
276 |
* ones that contain a name but no actions list; you either have the |
|
277 |
* named permission or you don't. |
|
278 |
* |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
279 |
* <p>Note: There is also a {@code java.security.AllPermission} |
2 | 280 |
* permission that implies all permissions. It exists to simplify the work |
281 |
* of system administrators who might need to perform multiple |
|
282 |
* tasks that require all (or numerous) permissions. |
|
283 |
* <p> |
|
45665 | 284 |
* See {@extLink security_guide_permissions |
285 |
* Permissions in the Java Development Kit (JDK)} |
|
286 |
* for permission-related information. |
|
48027
ddbcfca4d51d
8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
mullan
parents:
47216
diff
changeset
|
287 |
* This document includes a table listing the various SecurityManager |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
288 |
* {@code check} methods and the permission(s) the default |
2 | 289 |
* implementation of each such method requires. |
48027
ddbcfca4d51d
8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
mullan
parents:
47216
diff
changeset
|
290 |
* It also contains a table of the methods |
2 | 291 |
* that require permissions, and for each such method tells |
292 |
* which permission it requires. |
|
293 |
* |
|
294 |
* @author Arthur van Hoff |
|
295 |
* @author Roland Schemers |
|
296 |
* |
|
297 |
* @see java.lang.ClassLoader |
|
298 |
* @see java.lang.SecurityException |
|
299 |
* @see java.lang.System#getSecurityManager() getSecurityManager |
|
300 |
* @see java.lang.System#setSecurityManager(java.lang.SecurityManager) |
|
301 |
* setSecurityManager |
|
302 |
* @see java.security.AccessController AccessController |
|
303 |
* @see java.security.AccessControlContext AccessControlContext |
|
304 |
* @see java.security.AccessControlException AccessControlException |
|
305 |
* @see java.security.Permission |
|
306 |
* @see java.security.BasicPermission |
|
307 |
* @see java.io.FilePermission |
|
308 |
* @see java.net.SocketPermission |
|
309 |
* @see java.util.PropertyPermission |
|
310 |
* @see java.lang.RuntimePermission |
|
311 |
* @see java.security.Policy Policy |
|
312 |
* @see java.security.SecurityPermission SecurityPermission |
|
313 |
* @see java.security.ProtectionDomain |
|
314 |
* |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
315 |
* @since 1.0 |
2 | 316 |
*/ |
48027
ddbcfca4d51d
8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
mullan
parents:
47216
diff
changeset
|
317 |
public class SecurityManager { |
2 | 318 |
|
319 |
/* |
|
320 |
* Have we been initialized. Effective against finalizer attacks. |
|
321 |
*/ |
|
322 |
private boolean initialized = false; |
|
323 |
||
324 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
325 |
* Constructs a new {@code SecurityManager}. |
2 | 326 |
* |
327 |
* <p> If there is a security manager already installed, this method first |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
328 |
* calls the security manager's {@code checkPermission} method |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
329 |
* with the {@code RuntimePermission("createSecurityManager")} |
2 | 330 |
* permission to ensure the calling thread has permission to create a new |
331 |
* security manager. |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
332 |
* This may result in throwing a {@code SecurityException}. |
2 | 333 |
* |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
334 |
* @throws java.lang.SecurityException if a security manager already |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
335 |
* exists and its {@code checkPermission} method |
2 | 336 |
* doesn't allow creation of a new security manager. |
337 |
* @see java.lang.System#getSecurityManager() |
|
338 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
339 |
* @see java.lang.RuntimePermission |
|
340 |
*/ |
|
341 |
public SecurityManager() { |
|
342 |
synchronized(SecurityManager.class) { |
|
343 |
SecurityManager sm = System.getSecurityManager(); |
|
344 |
if (sm != null) { |
|
345 |
// ask the currently installed security manager if we |
|
346 |
// can create a new one. |
|
347 |
sm.checkPermission(new RuntimePermission |
|
348 |
("createSecurityManager")); |
|
349 |
} |
|
350 |
initialized = true; |
|
351 |
} |
|
352 |
} |
|
353 |
||
354 |
/** |
|
355 |
* Returns the current execution stack as an array of classes. |
|
356 |
* <p> |
|
357 |
* The length of the array is the number of methods on the execution |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
358 |
* stack. The element at index {@code 0} is the class of the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
359 |
* currently executing method, the element at index {@code 1} is |
2 | 360 |
* the class of that method's caller, and so on. |
361 |
* |
|
362 |
* @return the execution stack. |
|
363 |
*/ |
|
22116
49bb2cb8cb51
8027063: SecurityManger.getClassContext returns a raw type
darcy
parents:
22060
diff
changeset
|
364 |
protected native Class<?>[] getClassContext(); |
2 | 365 |
|
366 |
/** |
|
367 |
* Creates an object that encapsulates the current execution |
|
368 |
* environment. The result of this method is used, for example, by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
369 |
* three-argument {@code checkConnect} method and by the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
370 |
* two-argument {@code checkRead} method. |
2 | 371 |
* These methods are needed because a trusted method may be called |
372 |
* on to read a file or open a socket on behalf of another method. |
|
373 |
* The trusted method needs to determine if the other (possibly |
|
374 |
* untrusted) method would be allowed to perform the operation on its |
|
375 |
* own. |
|
376 |
* <p> The default implementation of this method is to return |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
377 |
* an {@code AccessControlContext} object. |
2 | 378 |
* |
379 |
* @return an implementation-dependent object that encapsulates |
|
380 |
* sufficient information about the current execution environment |
|
381 |
* to perform some security checks later. |
|
382 |
* @see java.lang.SecurityManager#checkConnect(java.lang.String, int, |
|
383 |
* java.lang.Object) checkConnect |
|
384 |
* @see java.lang.SecurityManager#checkRead(java.lang.String, |
|
385 |
* java.lang.Object) checkRead |
|
386 |
* @see java.security.AccessControlContext AccessControlContext |
|
387 |
*/ |
|
388 |
public Object getSecurityContext() { |
|
389 |
return AccessController.getContext(); |
|
390 |
} |
|
391 |
||
392 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
393 |
* Throws a {@code SecurityException} if the requested |
2 | 394 |
* access, specified by the given permission, is not permitted based |
395 |
* on the security policy currently in effect. |
|
396 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
397 |
* This method calls {@code AccessController.checkPermission} |
2 | 398 |
* with the given permission. |
399 |
* |
|
400 |
* @param perm the requested permission. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
401 |
* @throws SecurityException if access is not permitted based on |
2 | 402 |
* the current security policy. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
403 |
* @throws NullPointerException if the permission argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
404 |
* {@code null}. |
2 | 405 |
* @since 1.2 |
406 |
*/ |
|
407 |
public void checkPermission(Permission perm) { |
|
408 |
java.security.AccessController.checkPermission(perm); |
|
409 |
} |
|
410 |
||
411 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
412 |
* Throws a {@code SecurityException} if the |
2 | 413 |
* specified security context is denied access to the resource |
414 |
* specified by the given permission. |
|
415 |
* The context must be a security |
|
416 |
* context returned by a previous call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
417 |
* {@code getSecurityContext} and the access control |
2 | 418 |
* decision is based upon the configured security policy for |
419 |
* that security context. |
|
420 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
421 |
* If {@code context} is an instance of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
422 |
* {@code AccessControlContext} then the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
423 |
* {@code AccessControlContext.checkPermission} method is |
2 | 424 |
* invoked with the specified permission. |
425 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
426 |
* If {@code context} is not an instance of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
427 |
* {@code AccessControlContext} then a |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
428 |
* {@code SecurityException} is thrown. |
2 | 429 |
* |
430 |
* @param perm the specified permission |
|
431 |
* @param context a system-dependent security context. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
432 |
* @throws SecurityException if the specified security context |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
433 |
* is not an instance of {@code AccessControlContext} |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
434 |
* (e.g., is {@code null}), or is denied access to the |
2 | 435 |
* resource specified by the given permission. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
436 |
* @throws NullPointerException if the permission argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
437 |
* {@code null}. |
2 | 438 |
* @see java.lang.SecurityManager#getSecurityContext() |
439 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
440 |
* @since 1.2 |
|
441 |
*/ |
|
442 |
public void checkPermission(Permission perm, Object context) { |
|
443 |
if (context instanceof AccessControlContext) { |
|
444 |
((AccessControlContext)context).checkPermission(perm); |
|
445 |
} else { |
|
446 |
throw new SecurityException(); |
|
447 |
} |
|
448 |
} |
|
449 |
||
450 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
451 |
* Throws a {@code SecurityException} if the |
2 | 452 |
* calling thread is not allowed to create a new class loader. |
453 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
454 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
455 |
* {@code RuntimePermission("createClassLoader")} |
2 | 456 |
* permission. |
457 |
* <p> |
|
458 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
459 |
* {@code super.checkCreateClassLoader} |
2 | 460 |
* at the point the overridden method would normally throw an |
461 |
* exception. |
|
462 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
463 |
* @throws SecurityException if the calling thread does not |
2 | 464 |
* have permission |
465 |
* to create a new class loader. |
|
466 |
* @see java.lang.ClassLoader#ClassLoader() |
|
467 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
468 |
*/ |
|
469 |
public void checkCreateClassLoader() { |
|
470 |
checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); |
|
471 |
} |
|
472 |
||
473 |
/** |
|
474 |
* reference to the root thread group, used for the checkAccess |
|
475 |
* methods. |
|
476 |
*/ |
|
477 |
||
478 |
private static ThreadGroup rootGroup = getRootGroup(); |
|
479 |
||
480 |
private static ThreadGroup getRootGroup() { |
|
481 |
ThreadGroup root = Thread.currentThread().getThreadGroup(); |
|
482 |
while (root.getParent() != null) { |
|
483 |
root = root.getParent(); |
|
484 |
} |
|
485 |
return root; |
|
486 |
} |
|
487 |
||
488 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
489 |
* Throws a {@code SecurityException} if the |
2 | 490 |
* calling thread is not allowed to modify the thread argument. |
491 |
* <p> |
|
492 |
* This method is invoked for the current security manager by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
493 |
* {@code stop}, {@code suspend}, {@code resume}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
494 |
* {@code setPriority}, {@code setName}, and |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
495 |
* {@code setDaemon} methods of class {@code Thread}. |
2 | 496 |
* <p> |
497 |
* If the thread argument is a system thread (belongs to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
498 |
* the thread group with a {@code null} parent) then |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
499 |
* this method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
500 |
* {@code RuntimePermission("modifyThread")} permission. |
2 | 501 |
* If the thread argument is <i>not</i> a system thread, |
502 |
* this method just returns silently. |
|
503 |
* <p> |
|
504 |
* Applications that want a stricter policy should override this |
|
505 |
* method. If this method is overridden, the method that overrides |
|
506 |
* it should additionally check to see if the calling thread has the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
507 |
* {@code RuntimePermission("modifyThread")} permission, and |
2 | 508 |
* if so, return silently. This is to ensure that code granted |
509 |
* that permission (such as the JDK itself) is allowed to |
|
510 |
* manipulate any thread. |
|
511 |
* <p> |
|
512 |
* If this method is overridden, then |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
513 |
* {@code super.checkAccess} should |
2 | 514 |
* be called by the first statement in the overridden method, or the |
515 |
* equivalent security check should be placed in the overridden method. |
|
516 |
* |
|
517 |
* @param t the thread to be checked. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
518 |
* @throws SecurityException if the calling thread does not have |
2 | 519 |
* permission to modify the thread. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
520 |
* @throws NullPointerException if the thread argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
521 |
* {@code null}. |
2 | 522 |
* @see java.lang.Thread#resume() resume |
523 |
* @see java.lang.Thread#setDaemon(boolean) setDaemon |
|
524 |
* @see java.lang.Thread#setName(java.lang.String) setName |
|
525 |
* @see java.lang.Thread#setPriority(int) setPriority |
|
526 |
* @see java.lang.Thread#stop() stop |
|
527 |
* @see java.lang.Thread#suspend() suspend |
|
528 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
529 |
*/ |
|
530 |
public void checkAccess(Thread t) { |
|
531 |
if (t == null) { |
|
532 |
throw new NullPointerException("thread can't be null"); |
|
533 |
} |
|
534 |
if (t.getThreadGroup() == rootGroup) { |
|
535 |
checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); |
|
536 |
} else { |
|
537 |
// just return |
|
538 |
} |
|
539 |
} |
|
540 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
541 |
* Throws a {@code SecurityException} if the |
2 | 542 |
* calling thread is not allowed to modify the thread group argument. |
543 |
* <p> |
|
544 |
* This method is invoked for the current security manager when a |
|
545 |
* new child thread or child thread group is created, and by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
546 |
* {@code setDaemon}, {@code setMaxPriority}, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
547 |
* {@code stop}, {@code suspend}, {@code resume}, and |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
548 |
* {@code destroy} methods of class {@code ThreadGroup}. |
2 | 549 |
* <p> |
550 |
* If the thread group argument is the system thread group ( |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
551 |
* has a {@code null} parent) then |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
552 |
* this method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
553 |
* {@code RuntimePermission("modifyThreadGroup")} permission. |
2 | 554 |
* If the thread group argument is <i>not</i> the system thread group, |
555 |
* this method just returns silently. |
|
556 |
* <p> |
|
557 |
* Applications that want a stricter policy should override this |
|
558 |
* method. If this method is overridden, the method that overrides |
|
559 |
* it should additionally check to see if the calling thread has the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
560 |
* {@code RuntimePermission("modifyThreadGroup")} permission, and |
2 | 561 |
* if so, return silently. This is to ensure that code granted |
562 |
* that permission (such as the JDK itself) is allowed to |
|
563 |
* manipulate any thread. |
|
564 |
* <p> |
|
565 |
* If this method is overridden, then |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
566 |
* {@code super.checkAccess} should |
2 | 567 |
* be called by the first statement in the overridden method, or the |
568 |
* equivalent security check should be placed in the overridden method. |
|
569 |
* |
|
570 |
* @param g the thread group to be checked. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
571 |
* @throws SecurityException if the calling thread does not have |
2 | 572 |
* permission to modify the thread group. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
573 |
* @throws NullPointerException if the thread group argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
574 |
* {@code null}. |
2 | 575 |
* @see java.lang.ThreadGroup#destroy() destroy |
576 |
* @see java.lang.ThreadGroup#resume() resume |
|
577 |
* @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon |
|
578 |
* @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority |
|
579 |
* @see java.lang.ThreadGroup#stop() stop |
|
580 |
* @see java.lang.ThreadGroup#suspend() suspend |
|
581 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
582 |
*/ |
|
583 |
public void checkAccess(ThreadGroup g) { |
|
584 |
if (g == null) { |
|
585 |
throw new NullPointerException("thread group can't be null"); |
|
586 |
} |
|
587 |
if (g == rootGroup) { |
|
588 |
checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); |
|
589 |
} else { |
|
590 |
// just return |
|
591 |
} |
|
592 |
} |
|
593 |
||
594 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
595 |
* Throws a {@code SecurityException} if the |
2 | 596 |
* calling thread is not allowed to cause the Java Virtual Machine to |
597 |
* halt with the specified status code. |
|
598 |
* <p> |
|
599 |
* This method is invoked for the current security manager by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
600 |
* {@code exit} method of class {@code Runtime}. A status |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
601 |
* of {@code 0} indicates success; other values indicate various |
2 | 602 |
* errors. |
603 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
604 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
605 |
* {@code RuntimePermission("exitVM."+status)} permission. |
2 | 606 |
* <p> |
607 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
608 |
* {@code super.checkExit} |
2 | 609 |
* at the point the overridden method would normally throw an |
610 |
* exception. |
|
611 |
* |
|
612 |
* @param status the exit status. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
613 |
* @throws SecurityException if the calling thread does not have |
2 | 614 |
* permission to halt the Java Virtual Machine with |
615 |
* the specified status. |
|
616 |
* @see java.lang.Runtime#exit(int) exit |
|
617 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
618 |
*/ |
|
619 |
public void checkExit(int status) { |
|
620 |
checkPermission(new RuntimePermission("exitVM."+status)); |
|
621 |
} |
|
622 |
||
623 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
624 |
* Throws a {@code SecurityException} if the |
2 | 625 |
* calling thread is not allowed to create a subprocess. |
626 |
* <p> |
|
627 |
* This method is invoked for the current security manager by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
628 |
* {@code exec} methods of class {@code Runtime}. |
2 | 629 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
630 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
631 |
* {@code FilePermission(cmd,"execute")} permission |
2 | 632 |
* if cmd is an absolute path, otherwise it calls |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
633 |
* {@code checkPermission} with |
2 | 634 |
* <code>FilePermission("<<ALL FILES>>","execute")</code>. |
635 |
* <p> |
|
636 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
637 |
* {@code super.checkExec} |
2 | 638 |
* at the point the overridden method would normally throw an |
639 |
* exception. |
|
640 |
* |
|
641 |
* @param cmd the specified system command. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
642 |
* @throws SecurityException if the calling thread does not have |
2 | 643 |
* permission to create a subprocess. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
644 |
* @throws NullPointerException if the {@code cmd} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
645 |
* {@code null}. |
2 | 646 |
* @see java.lang.Runtime#exec(java.lang.String) |
647 |
* @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) |
|
648 |
* @see java.lang.Runtime#exec(java.lang.String[]) |
|
649 |
* @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) |
|
650 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
651 |
*/ |
|
652 |
public void checkExec(String cmd) { |
|
653 |
File f = new File(cmd); |
|
654 |
if (f.isAbsolute()) { |
|
655 |
checkPermission(new FilePermission(cmd, |
|
656 |
SecurityConstants.FILE_EXECUTE_ACTION)); |
|
657 |
} else { |
|
658 |
checkPermission(new FilePermission("<<ALL FILES>>", |
|
659 |
SecurityConstants.FILE_EXECUTE_ACTION)); |
|
660 |
} |
|
661 |
} |
|
662 |
||
663 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
664 |
* Throws a {@code SecurityException} if the |
2 | 665 |
* calling thread is not allowed to dynamic link the library code |
666 |
* specified by the string argument file. The argument is either a |
|
667 |
* simple library name or a complete filename. |
|
668 |
* <p> |
|
669 |
* This method is invoked for the current security manager by |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
670 |
* methods {@code load} and {@code loadLibrary} of class |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
671 |
* {@code Runtime}. |
2 | 672 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
673 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
674 |
* {@code RuntimePermission("loadLibrary."+lib)} permission. |
2 | 675 |
* <p> |
676 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
677 |
* {@code super.checkLink} |
2 | 678 |
* at the point the overridden method would normally throw an |
679 |
* exception. |
|
680 |
* |
|
681 |
* @param lib the name of the library. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
682 |
* @throws SecurityException if the calling thread does not have |
2 | 683 |
* permission to dynamically link the library. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
684 |
* @throws NullPointerException if the {@code lib} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
685 |
* {@code null}. |
2 | 686 |
* @see java.lang.Runtime#load(java.lang.String) |
687 |
* @see java.lang.Runtime#loadLibrary(java.lang.String) |
|
688 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
689 |
*/ |
|
690 |
public void checkLink(String lib) { |
|
691 |
if (lib == null) { |
|
692 |
throw new NullPointerException("library can't be null"); |
|
693 |
} |
|
694 |
checkPermission(new RuntimePermission("loadLibrary."+lib)); |
|
695 |
} |
|
696 |
||
697 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
698 |
* Throws a {@code SecurityException} if the |
2 | 699 |
* calling thread is not allowed to read from the specified file |
700 |
* descriptor. |
|
701 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
702 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
703 |
* {@code RuntimePermission("readFileDescriptor")} |
2 | 704 |
* permission. |
705 |
* <p> |
|
706 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
707 |
* {@code super.checkRead} |
2 | 708 |
* at the point the overridden method would normally throw an |
709 |
* exception. |
|
710 |
* |
|
711 |
* @param fd the system-dependent file descriptor. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
712 |
* @throws SecurityException if the calling thread does not have |
2 | 713 |
* permission to access the specified file descriptor. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
714 |
* @throws NullPointerException if the file descriptor argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
715 |
* {@code null}. |
2 | 716 |
* @see java.io.FileDescriptor |
717 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
718 |
*/ |
|
719 |
public void checkRead(FileDescriptor fd) { |
|
720 |
if (fd == null) { |
|
721 |
throw new NullPointerException("file descriptor can't be null"); |
|
722 |
} |
|
723 |
checkPermission(new RuntimePermission("readFileDescriptor")); |
|
724 |
} |
|
725 |
||
726 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
727 |
* Throws a {@code SecurityException} if the |
2 | 728 |
* calling thread is not allowed to read the file specified by the |
729 |
* string argument. |
|
730 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
731 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
732 |
* {@code FilePermission(file,"read")} permission. |
2 | 733 |
* <p> |
734 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
735 |
* {@code super.checkRead} |
2 | 736 |
* at the point the overridden method would normally throw an |
737 |
* exception. |
|
738 |
* |
|
739 |
* @param file the system-dependent file name. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
740 |
* @throws SecurityException if the calling thread does not have |
2 | 741 |
* permission to access the specified file. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
742 |
* @throws NullPointerException if the {@code file} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
743 |
* {@code null}. |
2 | 744 |
* @see #checkPermission(java.security.Permission) checkPermission |
745 |
*/ |
|
746 |
public void checkRead(String file) { |
|
747 |
checkPermission(new FilePermission(file, |
|
748 |
SecurityConstants.FILE_READ_ACTION)); |
|
749 |
} |
|
750 |
||
751 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
752 |
* Throws a {@code SecurityException} if the |
2 | 753 |
* specified security context is not allowed to read the file |
754 |
* specified by the string argument. The context must be a security |
|
755 |
* context returned by a previous call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
756 |
* {@code getSecurityContext}. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
757 |
* <p> If {@code context} is an instance of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
758 |
* {@code AccessControlContext} then the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
759 |
* {@code AccessControlContext.checkPermission} method will |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
760 |
* be invoked with the {@code FilePermission(file,"read")} permission. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
761 |
* <p> If {@code context} is not an instance of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
762 |
* {@code AccessControlContext} then a |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
763 |
* {@code SecurityException} is thrown. |
2 | 764 |
* <p> |
765 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
766 |
* {@code super.checkRead} |
2 | 767 |
* at the point the overridden method would normally throw an |
768 |
* exception. |
|
769 |
* |
|
770 |
* @param file the system-dependent filename. |
|
771 |
* @param context a system-dependent security context. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
772 |
* @throws SecurityException if the specified security context |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
773 |
* is not an instance of {@code AccessControlContext} |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
774 |
* (e.g., is {@code null}), or does not have permission |
2 | 775 |
* to read the specified file. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
776 |
* @throws NullPointerException if the {@code file} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
777 |
* {@code null}. |
2 | 778 |
* @see java.lang.SecurityManager#getSecurityContext() |
779 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
780 |
*/ |
|
781 |
public void checkRead(String file, Object context) { |
|
782 |
checkPermission( |
|
783 |
new FilePermission(file, SecurityConstants.FILE_READ_ACTION), |
|
784 |
context); |
|
785 |
} |
|
786 |
||
787 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
788 |
* Throws a {@code SecurityException} if the |
2 | 789 |
* calling thread is not allowed to write to the specified file |
790 |
* descriptor. |
|
791 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
792 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
793 |
* {@code RuntimePermission("writeFileDescriptor")} |
2 | 794 |
* permission. |
795 |
* <p> |
|
796 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
797 |
* {@code super.checkWrite} |
2 | 798 |
* at the point the overridden method would normally throw an |
799 |
* exception. |
|
800 |
* |
|
801 |
* @param fd the system-dependent file descriptor. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
802 |
* @throws SecurityException if the calling thread does not have |
2 | 803 |
* permission to access the specified file descriptor. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
804 |
* @throws NullPointerException if the file descriptor argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
805 |
* {@code null}. |
2 | 806 |
* @see java.io.FileDescriptor |
807 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
808 |
*/ |
|
809 |
public void checkWrite(FileDescriptor fd) { |
|
810 |
if (fd == null) { |
|
811 |
throw new NullPointerException("file descriptor can't be null"); |
|
812 |
} |
|
813 |
checkPermission(new RuntimePermission("writeFileDescriptor")); |
|
814 |
||
815 |
} |
|
816 |
||
817 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
818 |
* Throws a {@code SecurityException} if the |
2 | 819 |
* calling thread is not allowed to write to the file specified by |
820 |
* the string argument. |
|
821 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
822 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
823 |
* {@code FilePermission(file,"write")} permission. |
2 | 824 |
* <p> |
825 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
826 |
* {@code super.checkWrite} |
2 | 827 |
* at the point the overridden method would normally throw an |
828 |
* exception. |
|
829 |
* |
|
830 |
* @param file the system-dependent filename. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
831 |
* @throws SecurityException if the calling thread does not |
2 | 832 |
* have permission to access the specified file. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
833 |
* @throws NullPointerException if the {@code file} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
834 |
* {@code null}. |
2 | 835 |
* @see #checkPermission(java.security.Permission) checkPermission |
836 |
*/ |
|
837 |
public void checkWrite(String file) { |
|
838 |
checkPermission(new FilePermission(file, |
|
839 |
SecurityConstants.FILE_WRITE_ACTION)); |
|
840 |
} |
|
841 |
||
842 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
843 |
* Throws a {@code SecurityException} if the |
2 | 844 |
* calling thread is not allowed to delete the specified file. |
845 |
* <p> |
|
846 |
* This method is invoked for the current security manager by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
847 |
* {@code delete} method of class {@code File}. |
2 | 848 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
849 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
850 |
* {@code FilePermission(file,"delete")} permission. |
2 | 851 |
* <p> |
852 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
853 |
* {@code super.checkDelete} |
2 | 854 |
* at the point the overridden method would normally throw an |
855 |
* exception. |
|
856 |
* |
|
857 |
* @param file the system-dependent filename. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
858 |
* @throws SecurityException if the calling thread does not |
2 | 859 |
* have permission to delete the file. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
860 |
* @throws NullPointerException if the {@code file} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
861 |
* {@code null}. |
2 | 862 |
* @see java.io.File#delete() |
863 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
864 |
*/ |
|
865 |
public void checkDelete(String file) { |
|
866 |
checkPermission(new FilePermission(file, |
|
867 |
SecurityConstants.FILE_DELETE_ACTION)); |
|
868 |
} |
|
869 |
||
870 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
871 |
* Throws a {@code SecurityException} if the |
2 | 872 |
* calling thread is not allowed to open a socket connection to the |
873 |
* specified host and port number. |
|
874 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
875 |
* A port number of {@code -1} indicates that the calling |
2 | 876 |
* method is attempting to determine the IP address of the specified |
877 |
* host name. |
|
878 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
879 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
880 |
* {@code SocketPermission(host+":"+port,"connect")} permission if |
2 | 881 |
* the port is not equal to -1. If the port is equal to -1, then |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
882 |
* it calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
883 |
* {@code SocketPermission(host,"resolve")} permission. |
2 | 884 |
* <p> |
885 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
886 |
* {@code super.checkConnect} |
2 | 887 |
* at the point the overridden method would normally throw an |
888 |
* exception. |
|
889 |
* |
|
890 |
* @param host the host name port to connect to. |
|
891 |
* @param port the protocol port to connect to. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
892 |
* @throws SecurityException if the calling thread does not have |
2 | 893 |
* permission to open a socket connection to the specified |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
894 |
* {@code host} and {@code port}. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
895 |
* @throws NullPointerException if the {@code host} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
896 |
* {@code null}. |
2 | 897 |
* @see #checkPermission(java.security.Permission) checkPermission |
898 |
*/ |
|
899 |
public void checkConnect(String host, int port) { |
|
900 |
if (host == null) { |
|
901 |
throw new NullPointerException("host can't be null"); |
|
902 |
} |
|
903 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
904 |
host = "[" + host + "]"; |
|
905 |
} |
|
906 |
if (port == -1) { |
|
907 |
checkPermission(new SocketPermission(host, |
|
908 |
SecurityConstants.SOCKET_RESOLVE_ACTION)); |
|
909 |
} else { |
|
910 |
checkPermission(new SocketPermission(host+":"+port, |
|
911 |
SecurityConstants.SOCKET_CONNECT_ACTION)); |
|
912 |
} |
|
913 |
} |
|
914 |
||
915 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
916 |
* Throws a {@code SecurityException} if the |
2 | 917 |
* specified security context is not allowed to open a socket |
918 |
* connection to the specified host and port number. |
|
919 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
920 |
* A port number of {@code -1} indicates that the calling |
2 | 921 |
* method is attempting to determine the IP address of the specified |
922 |
* host name. |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
923 |
* <p> If {@code context} is not an instance of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
924 |
* {@code AccessControlContext} then a |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
925 |
* {@code SecurityException} is thrown. |
2 | 926 |
* <p> |
927 |
* Otherwise, the port number is checked. If it is not equal |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
928 |
* to -1, the {@code context}'s {@code checkPermission} |
2 | 929 |
* method is called with a |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
930 |
* {@code SocketPermission(host+":"+port,"connect")} permission. |
2 | 931 |
* If the port is equal to -1, then |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
932 |
* the {@code context}'s {@code checkPermission} method |
2 | 933 |
* is called with a |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
934 |
* {@code SocketPermission(host,"resolve")} permission. |
2 | 935 |
* <p> |
936 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
937 |
* {@code super.checkConnect} |
2 | 938 |
* at the point the overridden method would normally throw an |
939 |
* exception. |
|
940 |
* |
|
941 |
* @param host the host name port to connect to. |
|
942 |
* @param port the protocol port to connect to. |
|
943 |
* @param context a system-dependent security context. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
944 |
* @throws SecurityException if the specified security context |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
945 |
* is not an instance of {@code AccessControlContext} |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
946 |
* (e.g., is {@code null}), or does not have permission |
2 | 947 |
* to open a socket connection to the specified |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
948 |
* {@code host} and {@code port}. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
949 |
* @throws NullPointerException if the {@code host} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
950 |
* {@code null}. |
2 | 951 |
* @see java.lang.SecurityManager#getSecurityContext() |
952 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
953 |
*/ |
|
954 |
public void checkConnect(String host, int port, Object context) { |
|
955 |
if (host == null) { |
|
956 |
throw new NullPointerException("host can't be null"); |
|
957 |
} |
|
958 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
959 |
host = "[" + host + "]"; |
|
960 |
} |
|
961 |
if (port == -1) |
|
962 |
checkPermission(new SocketPermission(host, |
|
963 |
SecurityConstants.SOCKET_RESOLVE_ACTION), |
|
964 |
context); |
|
965 |
else |
|
966 |
checkPermission(new SocketPermission(host+":"+port, |
|
967 |
SecurityConstants.SOCKET_CONNECT_ACTION), |
|
968 |
context); |
|
969 |
} |
|
970 |
||
971 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
972 |
* Throws a {@code SecurityException} if the |
2 | 973 |
* calling thread is not allowed to wait for a connection request on |
974 |
* the specified local port number. |
|
975 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
976 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
977 |
* {@code SocketPermission("localhost:"+port,"listen")}. |
2 | 978 |
* <p> |
979 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
980 |
* {@code super.checkListen} |
2 | 981 |
* at the point the overridden method would normally throw an |
982 |
* exception. |
|
983 |
* |
|
984 |
* @param port the local port. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
985 |
* @throws SecurityException if the calling thread does not have |
2 | 986 |
* permission to listen on the specified port. |
987 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
988 |
*/ |
|
989 |
public void checkListen(int port) { |
|
22339 | 990 |
checkPermission(new SocketPermission("localhost:"+port, |
991 |
SecurityConstants.SOCKET_LISTEN_ACTION)); |
|
2 | 992 |
} |
993 |
||
994 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
995 |
* Throws a {@code SecurityException} if the |
2 | 996 |
* calling thread is not permitted to accept a socket connection from |
997 |
* the specified host and port number. |
|
998 |
* <p> |
|
999 |
* This method is invoked for the current security manager by the |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1000 |
* {@code accept} method of class {@code ServerSocket}. |
2 | 1001 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1002 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1003 |
* {@code SocketPermission(host+":"+port,"accept")} permission. |
2 | 1004 |
* <p> |
1005 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1006 |
* {@code super.checkAccept} |
2 | 1007 |
* at the point the overridden method would normally throw an |
1008 |
* exception. |
|
1009 |
* |
|
1010 |
* @param host the host name of the socket connection. |
|
1011 |
* @param port the port number of the socket connection. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1012 |
* @throws SecurityException if the calling thread does not have |
2 | 1013 |
* permission to accept the connection. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1014 |
* @throws NullPointerException if the {@code host} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1015 |
* {@code null}. |
2 | 1016 |
* @see java.net.ServerSocket#accept() |
1017 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1018 |
*/ |
|
1019 |
public void checkAccept(String host, int port) { |
|
1020 |
if (host == null) { |
|
1021 |
throw new NullPointerException("host can't be null"); |
|
1022 |
} |
|
1023 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1024 |
host = "[" + host + "]"; |
|
1025 |
} |
|
1026 |
checkPermission(new SocketPermission(host+":"+port, |
|
1027 |
SecurityConstants.SOCKET_ACCEPT_ACTION)); |
|
1028 |
} |
|
1029 |
||
1030 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1031 |
* Throws a {@code SecurityException} if the |
2 | 1032 |
* calling thread is not allowed to use |
1033 |
* (join/leave/send/receive) IP multicast. |
|
1034 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1035 |
* This method calls {@code checkPermission} with the |
2 | 1036 |
* <code>java.net.SocketPermission(maddr.getHostAddress(), |
1037 |
* "accept,connect")</code> permission. |
|
1038 |
* <p> |
|
1039 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1040 |
* {@code super.checkMulticast} |
2 | 1041 |
* at the point the overridden method would normally throw an |
1042 |
* exception. |
|
1043 |
* |
|
1044 |
* @param maddr Internet group address to be used. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1045 |
* @throws SecurityException if the calling thread is not allowed to |
2 | 1046 |
* use (join/leave/send/receive) IP multicast. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1047 |
* @throws NullPointerException if the address argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1048 |
* {@code null}. |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1049 |
* @since 1.1 |
2 | 1050 |
* @see #checkPermission(java.security.Permission) checkPermission |
1051 |
*/ |
|
1052 |
public void checkMulticast(InetAddress maddr) { |
|
1053 |
String host = maddr.getHostAddress(); |
|
1054 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1055 |
host = "[" + host + "]"; |
|
1056 |
} |
|
1057 |
checkPermission(new SocketPermission(host, |
|
1058 |
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
|
1059 |
} |
|
1060 |
||
1061 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1062 |
* Throws a {@code SecurityException} if the |
2 | 1063 |
* calling thread is not allowed to use |
1064 |
* (join/leave/send/receive) IP multicast. |
|
1065 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1066 |
* This method calls {@code checkPermission} with the |
2 | 1067 |
* <code>java.net.SocketPermission(maddr.getHostAddress(), |
1068 |
* "accept,connect")</code> permission. |
|
1069 |
* <p> |
|
1070 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1071 |
* {@code super.checkMulticast} |
2 | 1072 |
* at the point the overridden method would normally throw an |
1073 |
* exception. |
|
1074 |
* |
|
1075 |
* @param maddr Internet group address to be used. |
|
1076 |
* @param ttl value in use, if it is multicast send. |
|
1077 |
* Note: this particular implementation does not use the ttl |
|
1078 |
* parameter. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1079 |
* @throws SecurityException if the calling thread is not allowed to |
2 | 1080 |
* use (join/leave/send/receive) IP multicast. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1081 |
* @throws NullPointerException if the address argument is |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1082 |
* {@code null}. |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1083 |
* @since 1.1 |
2 | 1084 |
* @deprecated Use #checkPermission(java.security.Permission) instead |
1085 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1086 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1087 |
@Deprecated(since="1.4") |
2 | 1088 |
public void checkMulticast(InetAddress maddr, byte ttl) { |
1089 |
String host = maddr.getHostAddress(); |
|
1090 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1091 |
host = "[" + host + "]"; |
|
1092 |
} |
|
1093 |
checkPermission(new SocketPermission(host, |
|
1094 |
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
|
1095 |
} |
|
1096 |
||
1097 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1098 |
* Throws a {@code SecurityException} if the |
2 | 1099 |
* calling thread is not allowed to access or modify the system |
1100 |
* properties. |
|
1101 |
* <p> |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1102 |
* This method is used by the {@code getProperties} and |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1103 |
* {@code setProperties} methods of class {@code System}. |
2 | 1104 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1105 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1106 |
* {@code PropertyPermission("*", "read,write")} permission. |
2 | 1107 |
* <p> |
1108 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1109 |
* {@code super.checkPropertiesAccess} |
2 | 1110 |
* at the point the overridden method would normally throw an |
1111 |
* exception. |
|
1112 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1113 |
* @throws SecurityException if the calling thread does not have |
2 | 1114 |
* permission to access or modify the system properties. |
1115 |
* @see java.lang.System#getProperties() |
|
1116 |
* @see java.lang.System#setProperties(java.util.Properties) |
|
1117 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1118 |
*/ |
|
1119 |
public void checkPropertiesAccess() { |
|
1120 |
checkPermission(new PropertyPermission("*", |
|
1121 |
SecurityConstants.PROPERTY_RW_ACTION)); |
|
1122 |
} |
|
1123 |
||
1124 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1125 |
* Throws a {@code SecurityException} if the |
2 | 1126 |
* calling thread is not allowed to access the system property with |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1127 |
* the specified {@code key} name. |
2 | 1128 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1129 |
* This method is used by the {@code getProperty} method of |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1130 |
* class {@code System}. |
2 | 1131 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1132 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1133 |
* {@code PropertyPermission(key, "read")} permission. |
2 | 1134 |
* <p> |
1135 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1136 |
* {@code super.checkPropertyAccess} |
2 | 1137 |
* at the point the overridden method would normally throw an |
1138 |
* exception. |
|
1139 |
* |
|
1140 |
* @param key a system property key. |
|
1141 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1142 |
* @throws SecurityException if the calling thread does not have |
2 | 1143 |
* permission to access the specified system property. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1144 |
* @throws NullPointerException if the {@code key} argument is |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1145 |
* {@code null}. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1146 |
* @throws IllegalArgumentException if {@code key} is empty. |
2 | 1147 |
* |
1148 |
* @see java.lang.System#getProperty(java.lang.String) |
|
1149 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1150 |
*/ |
|
1151 |
public void checkPropertyAccess(String key) { |
|
1152 |
checkPermission(new PropertyPermission(key, |
|
1153 |
SecurityConstants.PROPERTY_READ_ACTION)); |
|
1154 |
} |
|
1155 |
||
1156 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1157 |
* Throws a {@code SecurityException} if the |
2 | 1158 |
* calling thread is not allowed to initiate a print job request. |
1159 |
* <p> |
|
1160 |
* This method calls |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1161 |
* {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1162 |
* {@code RuntimePermission("queuePrintJob")} permission. |
2 | 1163 |
* <p> |
1164 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1165 |
* {@code super.checkPrintJobAccess} |
2 | 1166 |
* at the point the overridden method would normally throw an |
1167 |
* exception. |
|
1168 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1169 |
* @throws SecurityException if the calling thread does not have |
2 | 1170 |
* permission to initiate a print job request. |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1171 |
* @since 1.1 |
2 | 1172 |
* @see #checkPermission(java.security.Permission) checkPermission |
1173 |
*/ |
|
1174 |
public void checkPrintJobAccess() { |
|
1175 |
checkPermission(new RuntimePermission("queuePrintJob")); |
|
1176 |
} |
|
1177 |
||
1178 |
/* |
|
1179 |
* We have an initial invalid bit (initially false) for the class |
|
1180 |
* variables which tell if the cache is valid. If the underlying |
|
1181 |
* java.security.Security property changes via setProperty(), the |
|
1182 |
* Security class uses reflection to change the variable and thus |
|
1183 |
* invalidate the cache. |
|
1184 |
* |
|
1185 |
* Locking is handled by synchronization to the |
|
1186 |
* packageAccessLock/packageDefinitionLock objects. They are only |
|
1187 |
* used in this class. |
|
1188 |
* |
|
1189 |
* Note that cache invalidation as a result of the property change |
|
1190 |
* happens without using these locks, so there may be a delay between |
|
1191 |
* when a thread updates the property and when other threads updates |
|
1192 |
* the cache. |
|
1193 |
*/ |
|
1194 |
private static boolean packageAccessValid = false; |
|
1195 |
private static String[] packageAccess; |
|
1196 |
private static final Object packageAccessLock = new Object(); |
|
1197 |
||
1198 |
private static boolean packageDefinitionValid = false; |
|
1199 |
private static String[] packageDefinition; |
|
1200 |
private static final Object packageDefinitionLock = new Object(); |
|
1201 |
||
1202 |
private static String[] getPackages(String p) { |
|
1203 |
String packages[] = null; |
|
52902
e3398b2e1ab0
8214971: Replace use of string.equals("") with isEmpty()
rriggs
parents:
52084
diff
changeset
|
1204 |
if (p != null && !p.isEmpty()) { |
2 | 1205 |
java.util.StringTokenizer tok = |
1206 |
new java.util.StringTokenizer(p, ","); |
|
1207 |
int n = tok.countTokens(); |
|
1208 |
if (n > 0) { |
|
1209 |
packages = new String[n]; |
|
1210 |
int i = 0; |
|
1211 |
while (tok.hasMoreElements()) { |
|
1212 |
String s = tok.nextToken().trim(); |
|
1213 |
packages[i++] = s; |
|
1214 |
} |
|
1215 |
} |
|
1216 |
} |
|
1217 |
||
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1218 |
if (packages == null) { |
2 | 1219 |
packages = new String[0]; |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1220 |
} |
2 | 1221 |
return packages; |
1222 |
} |
|
1223 |
||
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1224 |
// The non-exported packages in modules defined to the boot or platform |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1225 |
// class loaders. A non-exported package is a package that is not exported |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1226 |
// or is only exported to specific modules. |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1227 |
private static final Map<String, Boolean> nonExportedPkgs = new ConcurrentHashMap<>(); |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1228 |
static { |
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1229 |
addNonExportedPackages(ModuleLayer.boot()); |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1230 |
} |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1231 |
|
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1232 |
/** |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1233 |
* Record the non-exported packages of the modules in the given layer |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1234 |
*/ |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1235 |
static void addNonExportedPackages(ModuleLayer layer) { |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1236 |
Set<String> bootModules = ModuleLoaderMap.bootModules(); |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1237 |
Set<String> platformModules = ModuleLoaderMap.platformModules(); |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1238 |
layer.modules().stream() |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1239 |
.map(Module::getDescriptor) |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1240 |
.filter(md -> bootModules.contains(md.name()) |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1241 |
|| platformModules.contains(md.name())) |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1242 |
.map(SecurityManager::nonExportedPkgs) |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1243 |
.flatMap(Set::stream) |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1244 |
.forEach(pn -> nonExportedPkgs.put(pn, Boolean.TRUE)); |
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1245 |
} |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1246 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1247 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1248 |
/** |
43712
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1249 |
* Called by java.security.Security |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1250 |
*/ |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1251 |
static void invalidatePackageAccessCache() { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1252 |
synchronized (packageAccessLock) { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1253 |
packageAccessValid = false; |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1254 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1255 |
synchronized (packageDefinitionLock) { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1256 |
packageDefinitionValid = false; |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1257 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1258 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1259 |
|
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1260 |
/** |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1261 |
* Returns the non-exported packages of the specified module. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1262 |
*/ |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1263 |
private static Set<String> nonExportedPkgs(ModuleDescriptor md) { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1264 |
// start with all packages in the module |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1265 |
Set<String> pkgs = new HashSet<>(md.packages()); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1266 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1267 |
// remove the non-qualified exported packages |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1268 |
md.exports().stream() |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1269 |
.filter(p -> !p.isQualified()) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1270 |
.map(Exports::source) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1271 |
.forEach(pkgs::remove); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1272 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1273 |
// remove the non-qualified open packages |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1274 |
md.opens().stream() |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1275 |
.filter(p -> !p.isQualified()) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1276 |
.map(Opens::source) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1277 |
.forEach(pkgs::remove); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1278 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1279 |
return pkgs; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1280 |
} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1281 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1282 |
/** |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1283 |
* Throws a {@code SecurityException} if the calling thread is not allowed |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1284 |
* to access the specified package. |
2 | 1285 |
* <p> |
45658
0c39b586b8fa
8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
mullan
parents:
45004
diff
changeset
|
1286 |
* During class loading, this method may be called by the {@code loadClass} |
0c39b586b8fa
8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
mullan
parents:
45004
diff
changeset
|
1287 |
* method of class loaders and by the Java Virtual Machine to ensure that |
0c39b586b8fa
8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
mullan
parents:
45004
diff
changeset
|
1288 |
* the caller is allowed to access the package of the class that is |
0c39b586b8fa
8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
mullan
parents:
45004
diff
changeset
|
1289 |
* being loaded. |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1290 |
* <p> |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1291 |
* This method checks if the specified package starts with or equals |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1292 |
* any of the packages in the {@code package.access} Security Property. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1293 |
* An implementation may also check the package against an additional |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1294 |
* list of restricted packages as noted below. If the package is restricted, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1295 |
* {@link #checkPermission(Permission)} is called with a |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1296 |
* {@code RuntimePermission("accessClassInPackage."+pkg)} permission. |
2 | 1297 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1298 |
* If this method is overridden, then {@code super.checkPackageAccess} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1299 |
* should be called as the first line in the overridden method. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1300 |
* |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1301 |
* @implNote |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1302 |
* This implementation also restricts all non-exported packages of modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1303 |
* loaded by {@linkplain ClassLoader#getPlatformClassLoader |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1304 |
* the platform class loader} or its ancestors. A "non-exported package" |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1305 |
* refers to a package that is not exported to all modules. Specifically, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1306 |
* it refers to a package that either is not exported at all by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1307 |
* containing module or is exported in a qualified fashion by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1308 |
* containing module. |
2 | 1309 |
* |
1310 |
* @param pkg the package name. |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1311 |
* @throws SecurityException if the calling thread does not have |
2 | 1312 |
* permission to access the specified package. |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1313 |
* @throws NullPointerException if the package name argument is |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1314 |
* {@code null}. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1315 |
* @see java.lang.ClassLoader#loadClass(String, boolean) loadClass |
2 | 1316 |
* @see java.security.Security#getProperty getProperty |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1317 |
* @see #checkPermission(Permission) checkPermission |
2 | 1318 |
*/ |
1319 |
public void checkPackageAccess(String pkg) { |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1320 |
Objects.requireNonNull(pkg, "package name can't be null"); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1321 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1322 |
// check if pkg is not exported to all modules |
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1323 |
if (nonExportedPkgs.containsKey(pkg)) { |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1324 |
checkPermission( |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1325 |
new RuntimePermission("accessClassInPackage." + pkg)); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1326 |
return; |
2 | 1327 |
} |
1328 |
||
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1329 |
String[] restrictedPkgs; |
2 | 1330 |
synchronized (packageAccessLock) { |
1331 |
/* |
|
1332 |
* Do we need to update our property array? |
|
1333 |
*/ |
|
1334 |
if (!packageAccessValid) { |
|
1335 |
String tmpPropertyStr = |
|
1336 |
AccessController.doPrivileged( |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
1337 |
new PrivilegedAction<>() { |
2 | 1338 |
public String run() { |
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1339 |
return Security.getProperty("package.access"); |
2 | 1340 |
} |
1341 |
} |
|
1342 |
); |
|
1343 |
packageAccess = getPackages(tmpPropertyStr); |
|
1344 |
packageAccessValid = true; |
|
1345 |
} |
|
1346 |
||
1347 |
// Using a snapshot of packageAccess -- don't care if static field |
|
1348 |
// changes afterwards; array contents won't change. |
|
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1349 |
restrictedPkgs = packageAccess; |
2 | 1350 |
} |
1351 |
||
1352 |
/* |
|
1353 |
* Traverse the list of packages, check for any matches. |
|
1354 |
*/ |
|
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1355 |
final int plen = pkg.length(); |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1356 |
for (String restrictedPkg : restrictedPkgs) { |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1357 |
final int rlast = restrictedPkg.length() - 1; |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1358 |
|
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1359 |
// Optimizations: |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1360 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1361 |
// If rlast >= plen then restrictedPkg is longer than pkg by at |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1362 |
// least one char. This means pkg cannot start with restrictedPkg, |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1363 |
// since restrictedPkg will be longer than pkg. |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1364 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1365 |
// Similarly if rlast != plen, then pkg + "." cannot be the same |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1366 |
// as restrictedPkg, since pkg + "." will have a different length |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1367 |
// than restrictedPkg. |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1368 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1369 |
if (rlast < plen && pkg.startsWith(restrictedPkg) || |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1370 |
// The following test is equivalent to |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1371 |
// restrictedPkg.equals(pkg + ".") but is noticeably more |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1372 |
// efficient: |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1373 |
rlast == plen && restrictedPkg.startsWith(pkg) && |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1374 |
restrictedPkg.charAt(rlast) == '.') |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1375 |
{ |
2 | 1376 |
checkPermission( |
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1377 |
new RuntimePermission("accessClassInPackage." + pkg)); |
2 | 1378 |
break; // No need to continue; only need to check this once |
1379 |
} |
|
1380 |
} |
|
1381 |
} |
|
1382 |
||
1383 |
/** |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1384 |
* Throws a {@code SecurityException} if the calling thread is not |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1385 |
* allowed to define classes in the specified package. |
2 | 1386 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1387 |
* This method is called by the {@code loadClass} method of some |
2 | 1388 |
* class loaders. |
1389 |
* <p> |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1390 |
* This method checks if the specified package starts with or equals |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1391 |
* any of the packages in the {@code package.definition} Security |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1392 |
* Property. An implementation may also check the package against an |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1393 |
* additional list of restricted packages as noted below. If the package |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1394 |
* is restricted, {@link #checkPermission(Permission)} is called with a |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1395 |
* {@code RuntimePermission("defineClassInPackage."+pkg)} permission. |
2 | 1396 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1397 |
* If this method is overridden, then {@code super.checkPackageDefinition} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1398 |
* should be called as the first line in the overridden method. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1399 |
* |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1400 |
* @implNote |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1401 |
* This implementation also restricts all non-exported packages of modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1402 |
* loaded by {@linkplain ClassLoader#getPlatformClassLoader |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1403 |
* the platform class loader} or its ancestors. A "non-exported package" |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1404 |
* refers to a package that is not exported to all modules. Specifically, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1405 |
* it refers to a package that either is not exported at all by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1406 |
* containing module or is exported in a qualified fashion by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1407 |
* containing module. |
2 | 1408 |
* |
1409 |
* @param pkg the package name. |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1410 |
* @throws SecurityException if the calling thread does not have |
2 | 1411 |
* permission to define classes in the specified package. |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1412 |
* @throws NullPointerException if the package name argument is |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1413 |
* {@code null}. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1414 |
* @see java.lang.ClassLoader#loadClass(String, boolean) |
2 | 1415 |
* @see java.security.Security#getProperty getProperty |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1416 |
* @see #checkPermission(Permission) checkPermission |
2 | 1417 |
*/ |
1418 |
public void checkPackageDefinition(String pkg) { |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1419 |
Objects.requireNonNull(pkg, "package name can't be null"); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1420 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1421 |
// check if pkg is not exported to all modules |
45004
ea3137042a61
8178380: Module system implementation refresh (5/2017)
alanb
parents:
44545
diff
changeset
|
1422 |
if (nonExportedPkgs.containsKey(pkg)) { |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1423 |
checkPermission( |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1424 |
new RuntimePermission("defineClassInPackage." + pkg)); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1425 |
return; |
2 | 1426 |
} |
1427 |
||
1428 |
String[] pkgs; |
|
1429 |
synchronized (packageDefinitionLock) { |
|
1430 |
/* |
|
1431 |
* Do we need to update our property array? |
|
1432 |
*/ |
|
1433 |
if (!packageDefinitionValid) { |
|
1434 |
String tmpPropertyStr = |
|
1435 |
AccessController.doPrivileged( |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
1436 |
new PrivilegedAction<>() { |
2 | 1437 |
public String run() { |
1438 |
return java.security.Security.getProperty( |
|
1439 |
"package.definition"); |
|
1440 |
} |
|
1441 |
} |
|
1442 |
); |
|
1443 |
packageDefinition = getPackages(tmpPropertyStr); |
|
1444 |
packageDefinitionValid = true; |
|
1445 |
} |
|
1446 |
// Using a snapshot of packageDefinition -- don't care if static |
|
1447 |
// field changes afterwards; array contents won't change. |
|
1448 |
pkgs = packageDefinition; |
|
1449 |
} |
|
1450 |
||
1451 |
/* |
|
1452 |
* Traverse the list of packages, check for any matches. |
|
1453 |
*/ |
|
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1454 |
for (String restrictedPkg : pkgs) { |
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1455 |
if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) { |
2 | 1456 |
checkPermission( |
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1457 |
new RuntimePermission("defineClassInPackage." + pkg)); |
2 | 1458 |
break; // No need to continue; only need to check this once |
1459 |
} |
|
1460 |
} |
|
1461 |
} |
|
1462 |
||
1463 |
/** |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1464 |
* Throws a {@code SecurityException} if the |
2 | 1465 |
* calling thread is not allowed to set the socket factory used by |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1466 |
* {@code ServerSocket} or {@code Socket}, or the stream |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1467 |
* handler factory used by {@code URL}. |
2 | 1468 |
* <p> |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1469 |
* This method calls {@code checkPermission} with the |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1470 |
* {@code RuntimePermission("setFactory")} permission. |
2 | 1471 |
* <p> |
1472 |
* If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1473 |
* {@code super.checkSetFactory} |
2 | 1474 |
* at the point the overridden method would normally throw an |
1475 |
* exception. |
|
1476 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1477 |
* @throws SecurityException if the calling thread does not have |
2 | 1478 |
* permission to specify a socket factory or a stream |
1479 |
* handler factory. |
|
1480 |
* |
|
1481 |
* @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory |
|
1482 |
* @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory |
|
1483 |
* @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory |
|
1484 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1485 |
*/ |
|
1486 |
public void checkSetFactory() { |
|
1487 |
checkPermission(new RuntimePermission("setFactory")); |
|
1488 |
} |
|
1489 |
||
1490 |
/** |
|
1491 |
* Determines whether the permission with the specified permission target |
|
1492 |
* name should be granted or denied. |
|
1493 |
* |
|
1494 |
* <p> If the requested permission is allowed, this method returns |
|
1495 |
* quietly. If denied, a SecurityException is raised. |
|
1496 |
* |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1497 |
* <p> This method creates a {@code SecurityPermission} object for |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1498 |
* the given permission target name and calls {@code checkPermission} |
2 | 1499 |
* with it. |
1500 |
* |
|
1501 |
* <p> See the documentation for |
|
1502 |
* <code>{@link java.security.SecurityPermission}</code> for |
|
1503 |
* a list of possible permission target names. |
|
1504 |
* |
|
1505 |
* <p> If you override this method, then you should make a call to |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1506 |
* {@code super.checkSecurityAccess} |
2 | 1507 |
* at the point the overridden method would normally throw an |
1508 |
* exception. |
|
1509 |
* |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1510 |
* @param target the target name of the {@code SecurityPermission}. |
2 | 1511 |
* |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
52902
diff
changeset
|
1512 |
* @throws SecurityException if the calling thread does not have |
2 | 1513 |
* permission for the requested access. |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1514 |
* @throws NullPointerException if {@code target} is null. |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
58242
diff
changeset
|
1515 |
* @throws IllegalArgumentException if {@code target} is empty. |
2 | 1516 |
* |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1517 |
* @since 1.1 |
2 | 1518 |
* @see #checkPermission(java.security.Permission) checkPermission |
1519 |
*/ |
|
1520 |
public void checkSecurityAccess(String target) { |
|
1521 |
checkPermission(new SecurityPermission(target)); |
|
1522 |
} |
|
1523 |
||
1524 |
/** |
|
1525 |
* Returns the thread group into which to instantiate any new |
|
1526 |
* thread being created at the time this is being called. |
|
1527 |
* By default, it returns the thread group of the current |
|
1528 |
* thread. This should be overridden by a specific security |
|
1529 |
* manager to return the appropriate thread group. |
|
1530 |
* |
|
1531 |
* @return ThreadGroup that new threads are instantiated into |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1532 |
* @since 1.1 |
2 | 1533 |
* @see java.lang.ThreadGroup |
1534 |
*/ |
|
1535 |
public ThreadGroup getThreadGroup() { |
|
1536 |
return Thread.currentThread().getThreadGroup(); |
|
1537 |
} |
|
1538 |
||
1539 |
} |