/*

 * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package java.lang;

import java.security.*;

import java.io.FileDescriptor;

import java.io.File;

import java.io.FilePermission;

import java.util.PropertyPermission;

import java.lang.RuntimePermission;

import java.net.SocketPermission;

import java.net.NetPermission;

import java.util.Hashtable;

import java.net.InetAddress;

import java.lang.reflect.*;

import java.net.URL;

import sun.reflect.CallerSensitive;

import sun.security.util.SecurityConstants;

/**

 * The security manager is a class that allows

 * applications to implement a security policy. It allows an

 * application to determine, before performing a possibly unsafe or

 * sensitive operation, what the operation is and whether

 * it is being attempted in a security context that allows the

 * operation to be performed. The

 * application can allow or disallow the operation.

 * <p>

 * The <code>SecurityManager</code> class contains many methods with

 * names that begin with the word <code>check</code>. These methods

 * are called by various methods in the Java libraries before those

 * methods perform certain potentially sensitive operations. The

 * invocation of such a <code>check</code> method typically looks like this:

 * <blockquote><pre>

 *     SecurityManager security = System.getSecurityManager();

 *     if (security != null) {

 *         security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);

 *     }

 * </pre></blockquote>

 * <p>

 * The security manager is thereby given an opportunity to prevent

 * completion of the operation by throwing an exception. A security

 * manager routine simply returns if the operation is permitted, but

 * throws a <code>SecurityException</code> if the operation is not

 * permitted.

 * <p>

 * The current security manager is set by the

 * <code>setSecurityManager</code> method in class

 * <code>System</code>. The current security manager is obtained

 * by the <code>getSecurityManager</code> method.

 * <p>

 * The special method

 * {@link SecurityManager#checkPermission(java.security.Permission)}

 * determines whether an access request indicated by a specified

 * permission should be granted or denied. The

 * default implementation calls

 *

 * <pre>

 *   AccessController.checkPermission(perm);

 * </pre>

 *

 * <p>

 * If a requested access is allowed,

 * <code>checkPermission</code> returns quietly. If denied, a

 * <code>SecurityException</code> is thrown.

 * <p>

 * As of Java 2 SDK v1.2, the default implementation of each of the other

 * <code>check</code> methods in <code>SecurityManager</code> is to

 * call the <code>SecurityManager checkPermission</code> method

 * to determine if the calling thread has permission to perform the requested

 * operation.

 * <p>

 * Note that the <code>checkPermission</code> method with

 * just a single permission argument always performs security checks

 * within the context of the currently executing thread.

 * Sometimes a security check that should be made within a given context

 * will actually need to be done from within a

 * <i>different</i> context (for example, from within a worker thread).

 * The {@link SecurityManager#getSecurityContext getSecurityContext} method

 * and the {@link SecurityManager#checkPermission(java.security.Permission,

 * java.lang.Object) checkPermission}

 * method that includes a context argument are provided

 * for this situation. The

 * <code>getSecurityContext</code> method returns a "snapshot"

 * of the current calling context. (The default implementation

 * returns an AccessControlContext object.) A sample call is

 * the following:

 *

 * <pre>

 *   Object context = null;

 *   SecurityManager sm = System.getSecurityManager();

 *   if (sm != null) context = sm.getSecurityContext();

 * </pre>

 *

 * <p>

 * The <code>checkPermission</code> method

 * that takes a context object in addition to a permission

 * makes access decisions based on that context,

 * rather than on that of the current execution thread.

 * Code within a different context can thus call that method,

 * passing the permission and the

 * previously-saved context object. A sample call, using the

 * SecurityManager <code>sm</code> obtained as in the previous example,

 * is the following:

 *

 * <pre>

 *   if (sm != null) sm.checkPermission(permission, context);

 * </pre>

 *

 * <p>Permissions fall into these categories: File, Socket, Net,

 * Security, Runtime, Property, AWT, Reflect, and Serializable.

 * The classes managing these various

 * permission categories are <code>java.io.FilePermission</code>,

 * <code>java.net.SocketPermission</code>,

 * <code>java.net.NetPermission</code>,

 * <code>java.security.SecurityPermission</code>,

 * <code>java.lang.RuntimePermission</code>,

 * <code>java.util.PropertyPermission</code>,

 * <code>java.awt.AWTPermission</code>,

 * <code>java.lang.reflect.ReflectPermission</code>, and

 * <code>java.io.SerializablePermission</code>.

 *

 * <p>All but the first two (FilePermission and SocketPermission) are

 * subclasses of <code>java.security.BasicPermission</code>, which itself

 * is an abstract subclass of the

 * top-level class for permissions, which is

 * <code>java.security.Permission</code>. BasicPermission defines the

 * functionality needed for all permissions that contain a name

 * that follows the hierarchical property naming convention

 * (for example, "exitVM", "setFactory", "queuePrintJob", etc).

 * An asterisk

 * may appear at the end of the name, following a ".", or by itself, to

 * signify a wildcard match. For example: "a.*" or "*" is valid,

 * "*a" or "a*b" is not valid.

 *

 * <p>FilePermission and SocketPermission are subclasses of the

 * top-level class for permissions

 * (<code>java.security.Permission</code>). Classes like these

 * that have a more complicated name syntax than that used by

 * BasicPermission subclass directly from Permission rather than from

 * BasicPermission. For example,

 * for a <code>java.io.FilePermission</code> object, the permission name is

 * the path name of a file (or directory).

 *

 * <p>Some of the permission classes have an "actions" list that tells

 * the actions that are permitted for the object.  For example,

 * for a <code>java.io.FilePermission</code> object, the actions list

 * (such as "read, write") specifies which actions are granted for the

 * specified file (or for files in the specified directory).

 *

 * <p>Other permission classes are for "named" permissions -

 * ones that contain a name but no actions list; you either have the

 * named permission or you don't.

 *

 * <p>Note: There is also a <code>java.security.AllPermission</code>

 * permission that implies all permissions. It exists to simplify the work

 * of system administrators who might need to perform multiple

 * tasks that require all (or numerous) permissions.

 * <p>

 * See <a href ="../../../technotes/guides/security/permissions.html">

 * Permissions in the JDK</a> for permission-related information.

 * This document includes, for example, a table listing the various SecurityManager

 * <code>check</code> methods and the permission(s) the default

 * implementation of each such method requires.

 * It also contains a table of all the version 1.2 methods

 * that require permissions, and for each such method tells

 * which permission it requires.

 * <p>

 * For more information about <code>SecurityManager</code> changes made in

 * the JDK and advice regarding porting of 1.1-style security managers,

 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.

 *

 * @author  Arthur van Hoff

 * @author  Roland Schemers

 *

 * @see     java.lang.ClassLoader

 * @see     java.lang.SecurityException

 * @see     java.lang.System#getSecurityManager() getSecurityManager

 * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)

 *  setSecurityManager

 * @see     java.security.AccessController AccessController

 * @see     java.security.AccessControlContext AccessControlContext

 * @see     java.security.AccessControlException AccessControlException

 * @see     java.security.Permission

 * @see     java.security.BasicPermission

 * @see     java.io.FilePermission

 * @see     java.net.SocketPermission

 * @see     java.util.PropertyPermission

 * @see     java.lang.RuntimePermission

 * @see     java.awt.AWTPermission

 * @see     java.security.Policy Policy

 * @see     java.security.SecurityPermission SecurityPermission

 * @see     java.security.ProtectionDomain

 *

 * @since   1.0

 */

public

class SecurityManager {

    /**

     * This field is <code>true</code> if there is a security check in

     * progress; <code>false</code> otherwise.

     *

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     */

    @Deprecated

    protected boolean inCheck;

    /*

     * Have we been initialized. Effective against finalizer attacks.

     */

    private boolean initialized = false;

    /**

     * returns true if the current context has been granted AllPermission

     */

    private boolean hasAllPermission() {

        try {

            checkPermission(SecurityConstants.ALL_PERMISSION);

            return true;

        } catch (SecurityException se) {

            return false;

        }

    }

    /**

     * Tests if there is a security check in progress.

     *

     * @return the value of the <code>inCheck</code> field. This field

     *          should contain <code>true</code> if a security check is

     *          in progress,

     *          <code>false</code> otherwise.

     * @see     java.lang.SecurityManager#inCheck

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     */

    @Deprecated

    public boolean getInCheck() {

        return inCheck;

    }

    /**

     * Constructs a new <code>SecurityManager</code>.

     *

     * <p> If there is a security manager already installed, this method first

     * calls the security manager's <code>checkPermission</code> method

     * with the <code>RuntimePermission("createSecurityManager")</code>

     * permission to ensure the calling thread has permission to create a new

     * security manager.

     * This may result in throwing a <code>SecurityException</code>.

     *

     * @exception  java.lang.SecurityException if a security manager already

     *             exists and its <code>checkPermission</code> method

     *             doesn't allow creation of a new security manager.

     * @see        java.lang.System#getSecurityManager()

     * @see        #checkPermission(java.security.Permission) checkPermission

     * @see java.lang.RuntimePermission

     */

    public SecurityManager() {

        synchronized(SecurityManager.class) {

            SecurityManager sm = System.getSecurityManager();

            if (sm != null) {

                // ask the currently installed security manager if we

                // can create a new one.

                sm.checkPermission(new RuntimePermission

                                   ("createSecurityManager"));

            }

            initialized = true;

        }

    }

    /**

     * Returns the current execution stack as an array of classes.

     * <p>

     * The length of the array is the number of methods on the execution

     * stack. The element at index <code>0</code> is the class of the

     * currently executing method, the element at index <code>1</code> is

     * the class of that method's caller, and so on.

     *

     * @return  the execution stack.

     */

    protected native Class<?>[] getClassContext();

    /**

     * Returns the class loader of the most recently executing method from

     * a class defined using a non-system class loader. A non-system

     * class loader is defined as being a class loader that is not equal to

     * the system class loader (as returned

     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.

     * <p>

     * This method will return

     * <code>null</code> in the following three cases:

     * <ol>

     *   <li>All methods on the execution stack are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li>All methods on the execution stack up to the first

     *   "privileged" caller

     *   (see {@link java.security.AccessController#doPrivileged})

     *   are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li> A call to <code>checkPermission</code> with

     *   <code>java.security.AllPermission</code> does not

     *   result in a SecurityException.

     *

     * </ol>

     *

     * @return  the class loader of the most recent occurrence on the stack

     *          of a method from a class defined using a non-system class

     *          loader.

     *

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     *

     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader

     * @see  #checkPermission(java.security.Permission) checkPermission

     */

    @Deprecated

    protected ClassLoader currentClassLoader() {

        ClassLoader cl = currentClassLoader0();

        if ((cl != null) && hasAllPermission())

            cl = null;

        return cl;

    }

    private native ClassLoader currentClassLoader0();

    /**

     * Returns the class of the most recently executing method from

     * a class defined using a non-system class loader. A non-system

     * class loader is defined as being a class loader that is not equal to

     * the system class loader (as returned

     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.

     * <p>

     * This method will return

     * <code>null</code> in the following three cases:

     * <ol>

     *   <li>All methods on the execution stack are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li>All methods on the execution stack up to the first

     *   "privileged" caller

     *   (see {@link java.security.AccessController#doPrivileged})

     *   are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li> A call to <code>checkPermission</code> with

     *   <code>java.security.AllPermission</code> does not

     *   result in a SecurityException.

     *

     * </ol>

     *

     * @return  the class  of the most recent occurrence on the stack

     *          of a method from a class defined using a non-system class

     *          loader.

     *

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     *

     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader

     * @see  #checkPermission(java.security.Permission) checkPermission

     */

    @Deprecated

    protected Class<?> currentLoadedClass() {

        Class<?> c = currentLoadedClass0();

        if ((c != null) && hasAllPermission())

            c = null;

        return c;

    }

    /**

     * Returns the stack depth of the specified class.

     *

     * @param   name   the fully qualified name of the class to search for.

     * @return  the depth on the stack frame of the first occurrence of a

     *          method from a class with the specified name;

     *          <code>-1</code> if such a frame cannot be found.

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     *

     */

    @Deprecated

    protected native int classDepth(String name);

    /**

     * Returns the stack depth of the most recently executing method

     * from a class defined using a non-system class loader.  A non-system

     * class loader is defined as being a class loader that is not equal to

     * the system class loader (as returned

     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.

     * <p>

     * This method will return

     * -1 in the following three cases:

     * <ol>

     *   <li>All methods on the execution stack are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li>All methods on the execution stack up to the first

     *   "privileged" caller

     *   (see {@link java.security.AccessController#doPrivileged})

     *   are from classes

     *   defined using the system class loader or one of its ancestors.

     *

     *   <li> A call to <code>checkPermission</code> with

     *   <code>java.security.AllPermission</code> does not

     *   result in a SecurityException.

     *

     * </ol>

     *

     * @return the depth on the stack frame of the most recent occurrence of

     *          a method from a class defined using a non-system class loader.

     *

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     *

     * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader

     * @see   #checkPermission(java.security.Permission) checkPermission

     */

    @Deprecated

    protected int classLoaderDepth() {

        int depth = classLoaderDepth0();

        if (depth != -1) {

            if (hasAllPermission())

                depth = -1;

            else

                depth--; // make sure we don't include ourself

        }

        return depth;

    }

    private native int classLoaderDepth0();

    /**

     * Tests if a method from a class with the specified

     *         name is on the execution stack.

     *

     * @param  name   the fully qualified name of the class.

     * @return <code>true</code> if a method from a class with the specified

     *         name is on the execution stack; <code>false</code> otherwise.

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     */

    @Deprecated

    protected boolean inClass(String name) {

        return classDepth(name) >= 0;

    }

    /**

     * Basically, tests if a method from a class defined using a

     *          class loader is on the execution stack.

     *

     * @return  <code>true</code> if a call to <code>currentClassLoader</code>

     *          has a non-null return value.

     *

     * @deprecated This type of security checking is not recommended.

     *  It is recommended that the <code>checkPermission</code>

     *  call be used instead.

     * @see        #currentClassLoader() currentClassLoader

     */

    @Deprecated

    protected boolean inClassLoader() {

        return currentClassLoader() != null;

    }

    /**

     * Creates an object that encapsulates the current execution

     * environment. The result of this method is used, for example, by the

     * three-argument <code>checkConnect</code> method and by the

     * two-argument <code>checkRead</code> method.

     * These methods are needed because a trusted method may be called

     * on to read a file or open a socket on behalf of another method.

     * The trusted method needs to determine if the other (possibly

     * untrusted) method would be allowed to perform the operation on its

     * own.

     * <p> The default implementation of this method is to return

     * an <code>AccessControlContext</code> object.

     *

     * @return  an implementation-dependent object that encapsulates

     *          sufficient information about the current execution environment

     *          to perform some security checks later.

     * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int,

     *   java.lang.Object) checkConnect

     * @see     java.lang.SecurityManager#checkRead(java.lang.String,

     *   java.lang.Object) checkRead

     * @see     java.security.AccessControlContext AccessControlContext

     */

    public Object getSecurityContext() {

        return AccessController.getContext();

    }

    /**