author | alanb |
Fri, 07 Apr 2017 08:05:54 +0000 | |
changeset 44545 | 83b611b88ac8 |
parent 43712 | 5dfd0950317c |
child 45004 | ea3137042a61 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
2 |
* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.lang; |
|
27 |
||
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
28 |
import java.lang.RuntimePermission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
29 |
import java.lang.module.ModuleDescriptor; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
30 |
import java.lang.module.ModuleDescriptor.Exports; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
31 |
import java.lang.module.ModuleDescriptor.Opens; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
32 |
import java.lang.reflect.Member; |
2 | 33 |
import java.io.FileDescriptor; |
34 |
import java.io.File; |
|
35 |
import java.io.FilePermission; |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
36 |
import java.net.InetAddress; |
2 | 37 |
import java.net.SocketPermission; |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
38 |
import java.security.AccessControlContext; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
39 |
import java.security.AccessController; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
40 |
import java.security.Permission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
41 |
import java.security.PrivilegedAction; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
42 |
import java.security.Security; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
43 |
import java.security.SecurityPermission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
44 |
import java.util.HashSet; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
45 |
import java.util.Objects; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
46 |
import java.util.PropertyPermission; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
47 |
import java.util.Set; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
48 |
import java.util.stream.Collectors; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
49 |
import java.util.stream.Stream; |
2 | 50 |
|
37363
329dba26ffd2
8137058: Clear out all non-Critical APIs from sun.reflect
chegar
parents:
31180
diff
changeset
|
51 |
import jdk.internal.reflect.CallerSensitive; |
2 | 52 |
import sun.security.util.SecurityConstants; |
53 |
||
54 |
/** |
|
55 |
* The security manager is a class that allows |
|
56 |
* applications to implement a security policy. It allows an |
|
57 |
* application to determine, before performing a possibly unsafe or |
|
58 |
* sensitive operation, what the operation is and whether |
|
59 |
* it is being attempted in a security context that allows the |
|
60 |
* operation to be performed. The |
|
61 |
* application can allow or disallow the operation. |
|
62 |
* <p> |
|
63 |
* The <code>SecurityManager</code> class contains many methods with |
|
64 |
* names that begin with the word <code>check</code>. These methods |
|
65 |
* are called by various methods in the Java libraries before those |
|
66 |
* methods perform certain potentially sensitive operations. The |
|
67 |
* invocation of such a <code>check</code> method typically looks like this: |
|
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
68 |
* <blockquote><pre> |
2 | 69 |
* SecurityManager security = System.getSecurityManager(); |
70 |
* if (security != null) { |
|
71 |
* security.check<i>XXX</i>(argument, . . . ); |
|
72 |
* } |
|
73 |
* </pre></blockquote> |
|
74 |
* <p> |
|
75 |
* The security manager is thereby given an opportunity to prevent |
|
76 |
* completion of the operation by throwing an exception. A security |
|
77 |
* manager routine simply returns if the operation is permitted, but |
|
78 |
* throws a <code>SecurityException</code> if the operation is not |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
79 |
* permitted. |
2 | 80 |
* <p> |
81 |
* The current security manager is set by the |
|
82 |
* <code>setSecurityManager</code> method in class |
|
83 |
* <code>System</code>. The current security manager is obtained |
|
84 |
* by the <code>getSecurityManager</code> method. |
|
85 |
* <p> |
|
86 |
* The special method |
|
87 |
* {@link SecurityManager#checkPermission(java.security.Permission)} |
|
88 |
* determines whether an access request indicated by a specified |
|
89 |
* permission should be granted or denied. The |
|
90 |
* default implementation calls |
|
91 |
* |
|
92 |
* <pre> |
|
93 |
* AccessController.checkPermission(perm); |
|
94 |
* </pre> |
|
95 |
* |
|
96 |
* <p> |
|
97 |
* If a requested access is allowed, |
|
98 |
* <code>checkPermission</code> returns quietly. If denied, a |
|
99 |
* <code>SecurityException</code> is thrown. |
|
100 |
* <p> |
|
101 |
* As of Java 2 SDK v1.2, the default implementation of each of the other |
|
102 |
* <code>check</code> methods in <code>SecurityManager</code> is to |
|
103 |
* call the <code>SecurityManager checkPermission</code> method |
|
104 |
* to determine if the calling thread has permission to perform the requested |
|
105 |
* operation. |
|
106 |
* <p> |
|
107 |
* Note that the <code>checkPermission</code> method with |
|
108 |
* just a single permission argument always performs security checks |
|
109 |
* within the context of the currently executing thread. |
|
110 |
* Sometimes a security check that should be made within a given context |
|
111 |
* will actually need to be done from within a |
|
112 |
* <i>different</i> context (for example, from within a worker thread). |
|
113 |
* The {@link SecurityManager#getSecurityContext getSecurityContext} method |
|
114 |
* and the {@link SecurityManager#checkPermission(java.security.Permission, |
|
115 |
* java.lang.Object) checkPermission} |
|
116 |
* method that includes a context argument are provided |
|
117 |
* for this situation. The |
|
118 |
* <code>getSecurityContext</code> method returns a "snapshot" |
|
119 |
* of the current calling context. (The default implementation |
|
120 |
* returns an AccessControlContext object.) A sample call is |
|
121 |
* the following: |
|
122 |
* |
|
123 |
* <pre> |
|
124 |
* Object context = null; |
|
125 |
* SecurityManager sm = System.getSecurityManager(); |
|
126 |
* if (sm != null) context = sm.getSecurityContext(); |
|
127 |
* </pre> |
|
128 |
* |
|
129 |
* <p> |
|
130 |
* The <code>checkPermission</code> method |
|
131 |
* that takes a context object in addition to a permission |
|
132 |
* makes access decisions based on that context, |
|
133 |
* rather than on that of the current execution thread. |
|
134 |
* Code within a different context can thus call that method, |
|
135 |
* passing the permission and the |
|
136 |
* previously-saved context object. A sample call, using the |
|
137 |
* SecurityManager <code>sm</code> obtained as in the previous example, |
|
138 |
* is the following: |
|
139 |
* |
|
140 |
* <pre> |
|
141 |
* if (sm != null) sm.checkPermission(permission, context); |
|
142 |
* </pre> |
|
143 |
* |
|
144 |
* <p>Permissions fall into these categories: File, Socket, Net, |
|
145 |
* Security, Runtime, Property, AWT, Reflect, and Serializable. |
|
146 |
* The classes managing these various |
|
147 |
* permission categories are <code>java.io.FilePermission</code>, |
|
148 |
* <code>java.net.SocketPermission</code>, |
|
149 |
* <code>java.net.NetPermission</code>, |
|
150 |
* <code>java.security.SecurityPermission</code>, |
|
151 |
* <code>java.lang.RuntimePermission</code>, |
|
152 |
* <code>java.util.PropertyPermission</code>, |
|
153 |
* <code>java.awt.AWTPermission</code>, |
|
154 |
* <code>java.lang.reflect.ReflectPermission</code>, and |
|
155 |
* <code>java.io.SerializablePermission</code>. |
|
156 |
* |
|
157 |
* <p>All but the first two (FilePermission and SocketPermission) are |
|
158 |
* subclasses of <code>java.security.BasicPermission</code>, which itself |
|
159 |
* is an abstract subclass of the |
|
160 |
* top-level class for permissions, which is |
|
161 |
* <code>java.security.Permission</code>. BasicPermission defines the |
|
162 |
* functionality needed for all permissions that contain a name |
|
163 |
* that follows the hierarchical property naming convention |
|
164 |
* (for example, "exitVM", "setFactory", "queuePrintJob", etc). |
|
165 |
* An asterisk |
|
166 |
* may appear at the end of the name, following a ".", or by itself, to |
|
167 |
* signify a wildcard match. For example: "a.*" or "*" is valid, |
|
168 |
* "*a" or "a*b" is not valid. |
|
169 |
* |
|
170 |
* <p>FilePermission and SocketPermission are subclasses of the |
|
171 |
* top-level class for permissions |
|
172 |
* (<code>java.security.Permission</code>). Classes like these |
|
173 |
* that have a more complicated name syntax than that used by |
|
174 |
* BasicPermission subclass directly from Permission rather than from |
|
175 |
* BasicPermission. For example, |
|
176 |
* for a <code>java.io.FilePermission</code> object, the permission name is |
|
177 |
* the path name of a file (or directory). |
|
178 |
* |
|
179 |
* <p>Some of the permission classes have an "actions" list that tells |
|
180 |
* the actions that are permitted for the object. For example, |
|
181 |
* for a <code>java.io.FilePermission</code> object, the actions list |
|
182 |
* (such as "read, write") specifies which actions are granted for the |
|
183 |
* specified file (or for files in the specified directory). |
|
184 |
* |
|
185 |
* <p>Other permission classes are for "named" permissions - |
|
186 |
* ones that contain a name but no actions list; you either have the |
|
187 |
* named permission or you don't. |
|
188 |
* |
|
189 |
* <p>Note: There is also a <code>java.security.AllPermission</code> |
|
190 |
* permission that implies all permissions. It exists to simplify the work |
|
191 |
* of system administrators who might need to perform multiple |
|
192 |
* tasks that require all (or numerous) permissions. |
|
193 |
* <p> |
|
194 |
* See <a href ="../../../technotes/guides/security/permissions.html"> |
|
195 |
* Permissions in the JDK</a> for permission-related information. |
|
196 |
* This document includes, for example, a table listing the various SecurityManager |
|
197 |
* <code>check</code> methods and the permission(s) the default |
|
198 |
* implementation of each such method requires. |
|
199 |
* It also contains a table of all the version 1.2 methods |
|
200 |
* that require permissions, and for each such method tells |
|
201 |
* which permission it requires. |
|
202 |
* <p> |
|
203 |
* For more information about <code>SecurityManager</code> changes made in |
|
204 |
* the JDK and advice regarding porting of 1.1-style security managers, |
|
205 |
* see the <a href="../../../technotes/guides/security/index.html">security documentation</a>. |
|
206 |
* |
|
207 |
* @author Arthur van Hoff |
|
208 |
* @author Roland Schemers |
|
209 |
* |
|
210 |
* @see java.lang.ClassLoader |
|
211 |
* @see java.lang.SecurityException |
|
212 |
* @see java.lang.System#getSecurityManager() getSecurityManager |
|
213 |
* @see java.lang.System#setSecurityManager(java.lang.SecurityManager) |
|
214 |
* setSecurityManager |
|
215 |
* @see java.security.AccessController AccessController |
|
216 |
* @see java.security.AccessControlContext AccessControlContext |
|
217 |
* @see java.security.AccessControlException AccessControlException |
|
218 |
* @see java.security.Permission |
|
219 |
* @see java.security.BasicPermission |
|
220 |
* @see java.io.FilePermission |
|
221 |
* @see java.net.SocketPermission |
|
222 |
* @see java.util.PropertyPermission |
|
223 |
* @see java.lang.RuntimePermission |
|
224 |
* @see java.awt.AWTPermission |
|
225 |
* @see java.security.Policy Policy |
|
226 |
* @see java.security.SecurityPermission SecurityPermission |
|
227 |
* @see java.security.ProtectionDomain |
|
228 |
* |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
229 |
* @since 1.0 |
2 | 230 |
*/ |
231 |
public |
|
232 |
class SecurityManager { |
|
233 |
||
234 |
/** |
|
235 |
* This field is <code>true</code> if there is a security check in |
|
236 |
* progress; <code>false</code> otherwise. |
|
237 |
* |
|
238 |
* @deprecated This type of security checking is not recommended. |
|
239 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
240 |
* call be used instead. This field is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
241 |
* future version of Java SE. |
2 | 242 |
*/ |
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
243 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 244 |
protected boolean inCheck; |
245 |
||
246 |
/* |
|
247 |
* Have we been initialized. Effective against finalizer attacks. |
|
248 |
*/ |
|
249 |
private boolean initialized = false; |
|
250 |
||
251 |
||
252 |
/** |
|
253 |
* returns true if the current context has been granted AllPermission |
|
254 |
*/ |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
255 |
private boolean hasAllPermission() { |
2 | 256 |
try { |
257 |
checkPermission(SecurityConstants.ALL_PERMISSION); |
|
258 |
return true; |
|
259 |
} catch (SecurityException se) { |
|
260 |
return false; |
|
261 |
} |
|
262 |
} |
|
263 |
||
264 |
/** |
|
265 |
* Tests if there is a security check in progress. |
|
266 |
* |
|
267 |
* @return the value of the <code>inCheck</code> field. This field |
|
268 |
* should contain <code>true</code> if a security check is |
|
269 |
* in progress, |
|
270 |
* <code>false</code> otherwise. |
|
271 |
* @see java.lang.SecurityManager#inCheck |
|
272 |
* @deprecated This type of security checking is not recommended. |
|
273 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
274 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
275 |
* future version of Java SE. |
2 | 276 |
*/ |
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
277 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 278 |
public boolean getInCheck() { |
279 |
return inCheck; |
|
280 |
} |
|
281 |
||
282 |
/** |
|
283 |
* Constructs a new <code>SecurityManager</code>. |
|
284 |
* |
|
285 |
* <p> If there is a security manager already installed, this method first |
|
286 |
* calls the security manager's <code>checkPermission</code> method |
|
287 |
* with the <code>RuntimePermission("createSecurityManager")</code> |
|
288 |
* permission to ensure the calling thread has permission to create a new |
|
289 |
* security manager. |
|
290 |
* This may result in throwing a <code>SecurityException</code>. |
|
291 |
* |
|
292 |
* @exception java.lang.SecurityException if a security manager already |
|
293 |
* exists and its <code>checkPermission</code> method |
|
294 |
* doesn't allow creation of a new security manager. |
|
295 |
* @see java.lang.System#getSecurityManager() |
|
296 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
297 |
* @see java.lang.RuntimePermission |
|
298 |
*/ |
|
299 |
public SecurityManager() { |
|
300 |
synchronized(SecurityManager.class) { |
|
301 |
SecurityManager sm = System.getSecurityManager(); |
|
302 |
if (sm != null) { |
|
303 |
// ask the currently installed security manager if we |
|
304 |
// can create a new one. |
|
305 |
sm.checkPermission(new RuntimePermission |
|
306 |
("createSecurityManager")); |
|
307 |
} |
|
308 |
initialized = true; |
|
309 |
} |
|
310 |
} |
|
311 |
||
312 |
/** |
|
313 |
* Returns the current execution stack as an array of classes. |
|
314 |
* <p> |
|
315 |
* The length of the array is the number of methods on the execution |
|
316 |
* stack. The element at index <code>0</code> is the class of the |
|
317 |
* currently executing method, the element at index <code>1</code> is |
|
318 |
* the class of that method's caller, and so on. |
|
319 |
* |
|
320 |
* @return the execution stack. |
|
321 |
*/ |
|
22116
49bb2cb8cb51
8027063: SecurityManger.getClassContext returns a raw type
darcy
parents:
22060
diff
changeset
|
322 |
protected native Class<?>[] getClassContext(); |
2 | 323 |
|
324 |
/** |
|
325 |
* Returns the class loader of the most recently executing method from |
|
326 |
* a class defined using a non-system class loader. A non-system |
|
327 |
* class loader is defined as being a class loader that is not equal to |
|
328 |
* the system class loader (as returned |
|
329 |
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. |
|
330 |
* <p> |
|
331 |
* This method will return |
|
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
332 |
* <code>null</code> in the following three cases: |
2 | 333 |
* <ol> |
334 |
* <li>All methods on the execution stack are from classes |
|
335 |
* defined using the system class loader or one of its ancestors. |
|
336 |
* |
|
337 |
* <li>All methods on the execution stack up to the first |
|
338 |
* "privileged" caller |
|
339 |
* (see {@link java.security.AccessController#doPrivileged}) |
|
340 |
* are from classes |
|
341 |
* defined using the system class loader or one of its ancestors. |
|
342 |
* |
|
343 |
* <li> A call to <code>checkPermission</code> with |
|
344 |
* <code>java.security.AllPermission</code> does not |
|
345 |
* result in a SecurityException. |
|
346 |
* |
|
347 |
* </ol> |
|
348 |
* |
|
349 |
* @return the class loader of the most recent occurrence on the stack |
|
350 |
* of a method from a class defined using a non-system class |
|
351 |
* loader. |
|
352 |
* |
|
353 |
* @deprecated This type of security checking is not recommended. |
|
354 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
355 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
356 |
* future version of Java SE. |
2 | 357 |
* |
358 |
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader |
|
359 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
360 |
*/ |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
361 |
@Deprecated(since="1.2", forRemoval=true) |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
362 |
protected ClassLoader currentClassLoader() { |
2 | 363 |
ClassLoader cl = currentClassLoader0(); |
364 |
if ((cl != null) && hasAllPermission()) |
|
365 |
cl = null; |
|
366 |
return cl; |
|
367 |
} |
|
368 |
||
369 |
private native ClassLoader currentClassLoader0(); |
|
370 |
||
371 |
/** |
|
372 |
* Returns the class of the most recently executing method from |
|
373 |
* a class defined using a non-system class loader. A non-system |
|
374 |
* class loader is defined as being a class loader that is not equal to |
|
375 |
* the system class loader (as returned |
|
376 |
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. |
|
377 |
* <p> |
|
378 |
* This method will return |
|
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
379 |
* <code>null</code> in the following three cases: |
2 | 380 |
* <ol> |
381 |
* <li>All methods on the execution stack are from classes |
|
382 |
* defined using the system class loader or one of its ancestors. |
|
383 |
* |
|
384 |
* <li>All methods on the execution stack up to the first |
|
385 |
* "privileged" caller |
|
386 |
* (see {@link java.security.AccessController#doPrivileged}) |
|
387 |
* are from classes |
|
388 |
* defined using the system class loader or one of its ancestors. |
|
389 |
* |
|
390 |
* <li> A call to <code>checkPermission</code> with |
|
391 |
* <code>java.security.AllPermission</code> does not |
|
392 |
* result in a SecurityException. |
|
393 |
* |
|
394 |
* </ol> |
|
395 |
* |
|
396 |
* @return the class of the most recent occurrence on the stack |
|
397 |
* of a method from a class defined using a non-system class |
|
398 |
* loader. |
|
399 |
* |
|
400 |
* @deprecated This type of security checking is not recommended. |
|
401 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
402 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
403 |
* future version of Java SE. |
2 | 404 |
* |
405 |
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader |
|
406 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
407 |
*/ |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
408 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 409 |
protected Class<?> currentLoadedClass() { |
11117
b6e68b1344d4
7116404: Miscellaneous warnings (java.rmi.**, serialization, some core classes)
alanb
parents:
5506
diff
changeset
|
410 |
Class<?> c = currentLoadedClass0(); |
2 | 411 |
if ((c != null) && hasAllPermission()) |
412 |
c = null; |
|
413 |
return c; |
|
414 |
} |
|
415 |
||
416 |
/** |
|
417 |
* Returns the stack depth of the specified class. |
|
418 |
* |
|
419 |
* @param name the fully qualified name of the class to search for. |
|
420 |
* @return the depth on the stack frame of the first occurrence of a |
|
421 |
* method from a class with the specified name; |
|
422 |
* <code>-1</code> if such a frame cannot be found. |
|
423 |
* @deprecated This type of security checking is not recommended. |
|
424 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
425 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
426 |
* future version of Java SE. |
2 | 427 |
*/ |
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
428 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 429 |
protected native int classDepth(String name); |
430 |
||
431 |
/** |
|
432 |
* Returns the stack depth of the most recently executing method |
|
433 |
* from a class defined using a non-system class loader. A non-system |
|
434 |
* class loader is defined as being a class loader that is not equal to |
|
435 |
* the system class loader (as returned |
|
436 |
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors. |
|
437 |
* <p> |
|
438 |
* This method will return |
|
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
439 |
* -1 in the following three cases: |
2 | 440 |
* <ol> |
441 |
* <li>All methods on the execution stack are from classes |
|
442 |
* defined using the system class loader or one of its ancestors. |
|
443 |
* |
|
444 |
* <li>All methods on the execution stack up to the first |
|
445 |
* "privileged" caller |
|
446 |
* (see {@link java.security.AccessController#doPrivileged}) |
|
447 |
* are from classes |
|
448 |
* defined using the system class loader or one of its ancestors. |
|
449 |
* |
|
450 |
* <li> A call to <code>checkPermission</code> with |
|
451 |
* <code>java.security.AllPermission</code> does not |
|
452 |
* result in a SecurityException. |
|
453 |
* |
|
454 |
* </ol> |
|
455 |
* |
|
456 |
* @return the depth on the stack frame of the most recent occurrence of |
|
457 |
* a method from a class defined using a non-system class loader. |
|
458 |
* |
|
459 |
* @deprecated This type of security checking is not recommended. |
|
460 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
461 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
462 |
* future version of Java SE. |
2 | 463 |
* |
464 |
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader |
|
465 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
466 |
*/ |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
467 |
@Deprecated(since="1.2", forRemoval=true) |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
468 |
protected int classLoaderDepth() { |
2 | 469 |
int depth = classLoaderDepth0(); |
470 |
if (depth != -1) { |
|
471 |
if (hasAllPermission()) |
|
472 |
depth = -1; |
|
473 |
else |
|
474 |
depth--; // make sure we don't include ourself |
|
475 |
} |
|
476 |
return depth; |
|
477 |
} |
|
478 |
||
479 |
private native int classLoaderDepth0(); |
|
480 |
||
481 |
/** |
|
482 |
* Tests if a method from a class with the specified |
|
483 |
* name is on the execution stack. |
|
484 |
* |
|
485 |
* @param name the fully qualified name of the class. |
|
486 |
* @return <code>true</code> if a method from a class with the specified |
|
487 |
* name is on the execution stack; <code>false</code> otherwise. |
|
488 |
* @deprecated This type of security checking is not recommended. |
|
489 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
490 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
491 |
* future version of Java SE. |
2 | 492 |
*/ |
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
493 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 494 |
protected boolean inClass(String name) { |
495 |
return classDepth(name) >= 0; |
|
496 |
} |
|
497 |
||
498 |
/** |
|
499 |
* Basically, tests if a method from a class defined using a |
|
500 |
* class loader is on the execution stack. |
|
501 |
* |
|
502 |
* @return <code>true</code> if a call to <code>currentClassLoader</code> |
|
503 |
* has a non-null return value. |
|
504 |
* |
|
505 |
* @deprecated This type of security checking is not recommended. |
|
506 |
* It is recommended that the <code>checkPermission</code> |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
507 |
* call be used instead. This method is subject to removal in a |
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
508 |
* future version of Java SE. |
2 | 509 |
* @see #currentClassLoader() currentClassLoader |
510 |
*/ |
|
39888
bec759b9b909
8161506: Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
mullan
parents:
37894
diff
changeset
|
511 |
@Deprecated(since="1.2", forRemoval=true) |
2 | 512 |
protected boolean inClassLoader() { |
513 |
return currentClassLoader() != null; |
|
514 |
} |
|
515 |
||
516 |
/** |
|
517 |
* Creates an object that encapsulates the current execution |
|
518 |
* environment. The result of this method is used, for example, by the |
|
519 |
* three-argument <code>checkConnect</code> method and by the |
|
520 |
* two-argument <code>checkRead</code> method. |
|
521 |
* These methods are needed because a trusted method may be called |
|
522 |
* on to read a file or open a socket on behalf of another method. |
|
523 |
* The trusted method needs to determine if the other (possibly |
|
524 |
* untrusted) method would be allowed to perform the operation on its |
|
525 |
* own. |
|
526 |
* <p> The default implementation of this method is to return |
|
527 |
* an <code>AccessControlContext</code> object. |
|
528 |
* |
|
529 |
* @return an implementation-dependent object that encapsulates |
|
530 |
* sufficient information about the current execution environment |
|
531 |
* to perform some security checks later. |
|
532 |
* @see java.lang.SecurityManager#checkConnect(java.lang.String, int, |
|
533 |
* java.lang.Object) checkConnect |
|
534 |
* @see java.lang.SecurityManager#checkRead(java.lang.String, |
|
535 |
* java.lang.Object) checkRead |
|
536 |
* @see java.security.AccessControlContext AccessControlContext |
|
537 |
*/ |
|
538 |
public Object getSecurityContext() { |
|
539 |
return AccessController.getContext(); |
|
540 |
} |
|
541 |
||
542 |
/** |
|
543 |
* Throws a <code>SecurityException</code> if the requested |
|
544 |
* access, specified by the given permission, is not permitted based |
|
545 |
* on the security policy currently in effect. |
|
546 |
* <p> |
|
547 |
* This method calls <code>AccessController.checkPermission</code> |
|
548 |
* with the given permission. |
|
549 |
* |
|
550 |
* @param perm the requested permission. |
|
551 |
* @exception SecurityException if access is not permitted based on |
|
552 |
* the current security policy. |
|
553 |
* @exception NullPointerException if the permission argument is |
|
554 |
* <code>null</code>. |
|
555 |
* @since 1.2 |
|
556 |
*/ |
|
557 |
public void checkPermission(Permission perm) { |
|
558 |
java.security.AccessController.checkPermission(perm); |
|
559 |
} |
|
560 |
||
561 |
/** |
|
562 |
* Throws a <code>SecurityException</code> if the |
|
563 |
* specified security context is denied access to the resource |
|
564 |
* specified by the given permission. |
|
565 |
* The context must be a security |
|
566 |
* context returned by a previous call to |
|
567 |
* <code>getSecurityContext</code> and the access control |
|
568 |
* decision is based upon the configured security policy for |
|
569 |
* that security context. |
|
570 |
* <p> |
|
571 |
* If <code>context</code> is an instance of |
|
572 |
* <code>AccessControlContext</code> then the |
|
573 |
* <code>AccessControlContext.checkPermission</code> method is |
|
574 |
* invoked with the specified permission. |
|
575 |
* <p> |
|
576 |
* If <code>context</code> is not an instance of |
|
577 |
* <code>AccessControlContext</code> then a |
|
578 |
* <code>SecurityException</code> is thrown. |
|
579 |
* |
|
580 |
* @param perm the specified permission |
|
581 |
* @param context a system-dependent security context. |
|
582 |
* @exception SecurityException if the specified security context |
|
583 |
* is not an instance of <code>AccessControlContext</code> |
|
584 |
* (e.g., is <code>null</code>), or is denied access to the |
|
585 |
* resource specified by the given permission. |
|
586 |
* @exception NullPointerException if the permission argument is |
|
587 |
* <code>null</code>. |
|
588 |
* @see java.lang.SecurityManager#getSecurityContext() |
|
589 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
590 |
* @since 1.2 |
|
591 |
*/ |
|
592 |
public void checkPermission(Permission perm, Object context) { |
|
593 |
if (context instanceof AccessControlContext) { |
|
594 |
((AccessControlContext)context).checkPermission(perm); |
|
595 |
} else { |
|
596 |
throw new SecurityException(); |
|
597 |
} |
|
598 |
} |
|
599 |
||
600 |
/** |
|
601 |
* Throws a <code>SecurityException</code> if the |
|
602 |
* calling thread is not allowed to create a new class loader. |
|
603 |
* <p> |
|
604 |
* This method calls <code>checkPermission</code> with the |
|
605 |
* <code>RuntimePermission("createClassLoader")</code> |
|
606 |
* permission. |
|
607 |
* <p> |
|
608 |
* If you override this method, then you should make a call to |
|
609 |
* <code>super.checkCreateClassLoader</code> |
|
610 |
* at the point the overridden method would normally throw an |
|
611 |
* exception. |
|
612 |
* |
|
613 |
* @exception SecurityException if the calling thread does not |
|
614 |
* have permission |
|
615 |
* to create a new class loader. |
|
616 |
* @see java.lang.ClassLoader#ClassLoader() |
|
617 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
618 |
*/ |
|
619 |
public void checkCreateClassLoader() { |
|
620 |
checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); |
|
621 |
} |
|
622 |
||
623 |
/** |
|
624 |
* reference to the root thread group, used for the checkAccess |
|
625 |
* methods. |
|
626 |
*/ |
|
627 |
||
628 |
private static ThreadGroup rootGroup = getRootGroup(); |
|
629 |
||
630 |
private static ThreadGroup getRootGroup() { |
|
631 |
ThreadGroup root = Thread.currentThread().getThreadGroup(); |
|
632 |
while (root.getParent() != null) { |
|
633 |
root = root.getParent(); |
|
634 |
} |
|
635 |
return root; |
|
636 |
} |
|
637 |
||
638 |
/** |
|
639 |
* Throws a <code>SecurityException</code> if the |
|
640 |
* calling thread is not allowed to modify the thread argument. |
|
641 |
* <p> |
|
642 |
* This method is invoked for the current security manager by the |
|
643 |
* <code>stop</code>, <code>suspend</code>, <code>resume</code>, |
|
644 |
* <code>setPriority</code>, <code>setName</code>, and |
|
645 |
* <code>setDaemon</code> methods of class <code>Thread</code>. |
|
646 |
* <p> |
|
647 |
* If the thread argument is a system thread (belongs to |
|
648 |
* the thread group with a <code>null</code> parent) then |
|
649 |
* this method calls <code>checkPermission</code> with the |
|
650 |
* <code>RuntimePermission("modifyThread")</code> permission. |
|
651 |
* If the thread argument is <i>not</i> a system thread, |
|
652 |
* this method just returns silently. |
|
653 |
* <p> |
|
654 |
* Applications that want a stricter policy should override this |
|
655 |
* method. If this method is overridden, the method that overrides |
|
656 |
* it should additionally check to see if the calling thread has the |
|
657 |
* <code>RuntimePermission("modifyThread")</code> permission, and |
|
658 |
* if so, return silently. This is to ensure that code granted |
|
659 |
* that permission (such as the JDK itself) is allowed to |
|
660 |
* manipulate any thread. |
|
661 |
* <p> |
|
662 |
* If this method is overridden, then |
|
663 |
* <code>super.checkAccess</code> should |
|
664 |
* be called by the first statement in the overridden method, or the |
|
665 |
* equivalent security check should be placed in the overridden method. |
|
666 |
* |
|
667 |
* @param t the thread to be checked. |
|
668 |
* @exception SecurityException if the calling thread does not have |
|
669 |
* permission to modify the thread. |
|
670 |
* @exception NullPointerException if the thread argument is |
|
671 |
* <code>null</code>. |
|
672 |
* @see java.lang.Thread#resume() resume |
|
673 |
* @see java.lang.Thread#setDaemon(boolean) setDaemon |
|
674 |
* @see java.lang.Thread#setName(java.lang.String) setName |
|
675 |
* @see java.lang.Thread#setPriority(int) setPriority |
|
676 |
* @see java.lang.Thread#stop() stop |
|
677 |
* @see java.lang.Thread#suspend() suspend |
|
678 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
679 |
*/ |
|
680 |
public void checkAccess(Thread t) { |
|
681 |
if (t == null) { |
|
682 |
throw new NullPointerException("thread can't be null"); |
|
683 |
} |
|
684 |
if (t.getThreadGroup() == rootGroup) { |
|
685 |
checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION); |
|
686 |
} else { |
|
687 |
// just return |
|
688 |
} |
|
689 |
} |
|
690 |
/** |
|
691 |
* Throws a <code>SecurityException</code> if the |
|
692 |
* calling thread is not allowed to modify the thread group argument. |
|
693 |
* <p> |
|
694 |
* This method is invoked for the current security manager when a |
|
695 |
* new child thread or child thread group is created, and by the |
|
696 |
* <code>setDaemon</code>, <code>setMaxPriority</code>, |
|
697 |
* <code>stop</code>, <code>suspend</code>, <code>resume</code>, and |
|
698 |
* <code>destroy</code> methods of class <code>ThreadGroup</code>. |
|
699 |
* <p> |
|
700 |
* If the thread group argument is the system thread group ( |
|
701 |
* has a <code>null</code> parent) then |
|
702 |
* this method calls <code>checkPermission</code> with the |
|
703 |
* <code>RuntimePermission("modifyThreadGroup")</code> permission. |
|
704 |
* If the thread group argument is <i>not</i> the system thread group, |
|
705 |
* this method just returns silently. |
|
706 |
* <p> |
|
707 |
* Applications that want a stricter policy should override this |
|
708 |
* method. If this method is overridden, the method that overrides |
|
709 |
* it should additionally check to see if the calling thread has the |
|
710 |
* <code>RuntimePermission("modifyThreadGroup")</code> permission, and |
|
711 |
* if so, return silently. This is to ensure that code granted |
|
712 |
* that permission (such as the JDK itself) is allowed to |
|
713 |
* manipulate any thread. |
|
714 |
* <p> |
|
715 |
* If this method is overridden, then |
|
716 |
* <code>super.checkAccess</code> should |
|
717 |
* be called by the first statement in the overridden method, or the |
|
718 |
* equivalent security check should be placed in the overridden method. |
|
719 |
* |
|
720 |
* @param g the thread group to be checked. |
|
721 |
* @exception SecurityException if the calling thread does not have |
|
722 |
* permission to modify the thread group. |
|
723 |
* @exception NullPointerException if the thread group argument is |
|
724 |
* <code>null</code>. |
|
725 |
* @see java.lang.ThreadGroup#destroy() destroy |
|
726 |
* @see java.lang.ThreadGroup#resume() resume |
|
727 |
* @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon |
|
728 |
* @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority |
|
729 |
* @see java.lang.ThreadGroup#stop() stop |
|
730 |
* @see java.lang.ThreadGroup#suspend() suspend |
|
731 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
732 |
*/ |
|
733 |
public void checkAccess(ThreadGroup g) { |
|
734 |
if (g == null) { |
|
735 |
throw new NullPointerException("thread group can't be null"); |
|
736 |
} |
|
737 |
if (g == rootGroup) { |
|
738 |
checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION); |
|
739 |
} else { |
|
740 |
// just return |
|
741 |
} |
|
742 |
} |
|
743 |
||
744 |
/** |
|
745 |
* Throws a <code>SecurityException</code> if the |
|
746 |
* calling thread is not allowed to cause the Java Virtual Machine to |
|
747 |
* halt with the specified status code. |
|
748 |
* <p> |
|
749 |
* This method is invoked for the current security manager by the |
|
750 |
* <code>exit</code> method of class <code>Runtime</code>. A status |
|
751 |
* of <code>0</code> indicates success; other values indicate various |
|
752 |
* errors. |
|
753 |
* <p> |
|
754 |
* This method calls <code>checkPermission</code> with the |
|
755 |
* <code>RuntimePermission("exitVM."+status)</code> permission. |
|
756 |
* <p> |
|
757 |
* If you override this method, then you should make a call to |
|
758 |
* <code>super.checkExit</code> |
|
759 |
* at the point the overridden method would normally throw an |
|
760 |
* exception. |
|
761 |
* |
|
762 |
* @param status the exit status. |
|
763 |
* @exception SecurityException if the calling thread does not have |
|
764 |
* permission to halt the Java Virtual Machine with |
|
765 |
* the specified status. |
|
766 |
* @see java.lang.Runtime#exit(int) exit |
|
767 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
768 |
*/ |
|
769 |
public void checkExit(int status) { |
|
770 |
checkPermission(new RuntimePermission("exitVM."+status)); |
|
771 |
} |
|
772 |
||
773 |
/** |
|
774 |
* Throws a <code>SecurityException</code> if the |
|
775 |
* calling thread is not allowed to create a subprocess. |
|
776 |
* <p> |
|
777 |
* This method is invoked for the current security manager by the |
|
778 |
* <code>exec</code> methods of class <code>Runtime</code>. |
|
779 |
* <p> |
|
780 |
* This method calls <code>checkPermission</code> with the |
|
781 |
* <code>FilePermission(cmd,"execute")</code> permission |
|
782 |
* if cmd is an absolute path, otherwise it calls |
|
783 |
* <code>checkPermission</code> with |
|
784 |
* <code>FilePermission("<<ALL FILES>>","execute")</code>. |
|
785 |
* <p> |
|
786 |
* If you override this method, then you should make a call to |
|
787 |
* <code>super.checkExec</code> |
|
788 |
* at the point the overridden method would normally throw an |
|
789 |
* exception. |
|
790 |
* |
|
791 |
* @param cmd the specified system command. |
|
792 |
* @exception SecurityException if the calling thread does not have |
|
793 |
* permission to create a subprocess. |
|
794 |
* @exception NullPointerException if the <code>cmd</code> argument is |
|
795 |
* <code>null</code>. |
|
796 |
* @see java.lang.Runtime#exec(java.lang.String) |
|
797 |
* @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) |
|
798 |
* @see java.lang.Runtime#exec(java.lang.String[]) |
|
799 |
* @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) |
|
800 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
801 |
*/ |
|
802 |
public void checkExec(String cmd) { |
|
803 |
File f = new File(cmd); |
|
804 |
if (f.isAbsolute()) { |
|
805 |
checkPermission(new FilePermission(cmd, |
|
806 |
SecurityConstants.FILE_EXECUTE_ACTION)); |
|
807 |
} else { |
|
808 |
checkPermission(new FilePermission("<<ALL FILES>>", |
|
809 |
SecurityConstants.FILE_EXECUTE_ACTION)); |
|
810 |
} |
|
811 |
} |
|
812 |
||
813 |
/** |
|
814 |
* Throws a <code>SecurityException</code> if the |
|
815 |
* calling thread is not allowed to dynamic link the library code |
|
816 |
* specified by the string argument file. The argument is either a |
|
817 |
* simple library name or a complete filename. |
|
818 |
* <p> |
|
819 |
* This method is invoked for the current security manager by |
|
820 |
* methods <code>load</code> and <code>loadLibrary</code> of class |
|
821 |
* <code>Runtime</code>. |
|
822 |
* <p> |
|
823 |
* This method calls <code>checkPermission</code> with the |
|
824 |
* <code>RuntimePermission("loadLibrary."+lib)</code> permission. |
|
825 |
* <p> |
|
826 |
* If you override this method, then you should make a call to |
|
827 |
* <code>super.checkLink</code> |
|
828 |
* at the point the overridden method would normally throw an |
|
829 |
* exception. |
|
830 |
* |
|
831 |
* @param lib the name of the library. |
|
832 |
* @exception SecurityException if the calling thread does not have |
|
833 |
* permission to dynamically link the library. |
|
834 |
* @exception NullPointerException if the <code>lib</code> argument is |
|
835 |
* <code>null</code>. |
|
836 |
* @see java.lang.Runtime#load(java.lang.String) |
|
837 |
* @see java.lang.Runtime#loadLibrary(java.lang.String) |
|
838 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
839 |
*/ |
|
840 |
public void checkLink(String lib) { |
|
841 |
if (lib == null) { |
|
842 |
throw new NullPointerException("library can't be null"); |
|
843 |
} |
|
844 |
checkPermission(new RuntimePermission("loadLibrary."+lib)); |
|
845 |
} |
|
846 |
||
847 |
/** |
|
848 |
* Throws a <code>SecurityException</code> if the |
|
849 |
* calling thread is not allowed to read from the specified file |
|
850 |
* descriptor. |
|
851 |
* <p> |
|
852 |
* This method calls <code>checkPermission</code> with the |
|
853 |
* <code>RuntimePermission("readFileDescriptor")</code> |
|
854 |
* permission. |
|
855 |
* <p> |
|
856 |
* If you override this method, then you should make a call to |
|
857 |
* <code>super.checkRead</code> |
|
858 |
* at the point the overridden method would normally throw an |
|
859 |
* exception. |
|
860 |
* |
|
861 |
* @param fd the system-dependent file descriptor. |
|
862 |
* @exception SecurityException if the calling thread does not have |
|
863 |
* permission to access the specified file descriptor. |
|
864 |
* @exception NullPointerException if the file descriptor argument is |
|
865 |
* <code>null</code>. |
|
866 |
* @see java.io.FileDescriptor |
|
867 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
868 |
*/ |
|
869 |
public void checkRead(FileDescriptor fd) { |
|
870 |
if (fd == null) { |
|
871 |
throw new NullPointerException("file descriptor can't be null"); |
|
872 |
} |
|
873 |
checkPermission(new RuntimePermission("readFileDescriptor")); |
|
874 |
} |
|
875 |
||
876 |
/** |
|
877 |
* Throws a <code>SecurityException</code> if the |
|
878 |
* calling thread is not allowed to read the file specified by the |
|
879 |
* string argument. |
|
880 |
* <p> |
|
881 |
* This method calls <code>checkPermission</code> with the |
|
882 |
* <code>FilePermission(file,"read")</code> permission. |
|
883 |
* <p> |
|
884 |
* If you override this method, then you should make a call to |
|
885 |
* <code>super.checkRead</code> |
|
886 |
* at the point the overridden method would normally throw an |
|
887 |
* exception. |
|
888 |
* |
|
889 |
* @param file the system-dependent file name. |
|
890 |
* @exception SecurityException if the calling thread does not have |
|
891 |
* permission to access the specified file. |
|
892 |
* @exception NullPointerException if the <code>file</code> argument is |
|
893 |
* <code>null</code>. |
|
894 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
895 |
*/ |
|
896 |
public void checkRead(String file) { |
|
897 |
checkPermission(new FilePermission(file, |
|
898 |
SecurityConstants.FILE_READ_ACTION)); |
|
899 |
} |
|
900 |
||
901 |
/** |
|
902 |
* Throws a <code>SecurityException</code> if the |
|
903 |
* specified security context is not allowed to read the file |
|
904 |
* specified by the string argument. The context must be a security |
|
905 |
* context returned by a previous call to |
|
906 |
* <code>getSecurityContext</code>. |
|
907 |
* <p> If <code>context</code> is an instance of |
|
908 |
* <code>AccessControlContext</code> then the |
|
909 |
* <code>AccessControlContext.checkPermission</code> method will |
|
910 |
* be invoked with the <code>FilePermission(file,"read")</code> permission. |
|
911 |
* <p> If <code>context</code> is not an instance of |
|
912 |
* <code>AccessControlContext</code> then a |
|
913 |
* <code>SecurityException</code> is thrown. |
|
914 |
* <p> |
|
915 |
* If you override this method, then you should make a call to |
|
916 |
* <code>super.checkRead</code> |
|
917 |
* at the point the overridden method would normally throw an |
|
918 |
* exception. |
|
919 |
* |
|
920 |
* @param file the system-dependent filename. |
|
921 |
* @param context a system-dependent security context. |
|
922 |
* @exception SecurityException if the specified security context |
|
923 |
* is not an instance of <code>AccessControlContext</code> |
|
924 |
* (e.g., is <code>null</code>), or does not have permission |
|
925 |
* to read the specified file. |
|
926 |
* @exception NullPointerException if the <code>file</code> argument is |
|
927 |
* <code>null</code>. |
|
928 |
* @see java.lang.SecurityManager#getSecurityContext() |
|
929 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
930 |
*/ |
|
931 |
public void checkRead(String file, Object context) { |
|
932 |
checkPermission( |
|
933 |
new FilePermission(file, SecurityConstants.FILE_READ_ACTION), |
|
934 |
context); |
|
935 |
} |
|
936 |
||
937 |
/** |
|
938 |
* Throws a <code>SecurityException</code> if the |
|
939 |
* calling thread is not allowed to write to the specified file |
|
940 |
* descriptor. |
|
941 |
* <p> |
|
942 |
* This method calls <code>checkPermission</code> with the |
|
943 |
* <code>RuntimePermission("writeFileDescriptor")</code> |
|
944 |
* permission. |
|
945 |
* <p> |
|
946 |
* If you override this method, then you should make a call to |
|
947 |
* <code>super.checkWrite</code> |
|
948 |
* at the point the overridden method would normally throw an |
|
949 |
* exception. |
|
950 |
* |
|
951 |
* @param fd the system-dependent file descriptor. |
|
952 |
* @exception SecurityException if the calling thread does not have |
|
953 |
* permission to access the specified file descriptor. |
|
954 |
* @exception NullPointerException if the file descriptor argument is |
|
955 |
* <code>null</code>. |
|
956 |
* @see java.io.FileDescriptor |
|
957 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
958 |
*/ |
|
959 |
public void checkWrite(FileDescriptor fd) { |
|
960 |
if (fd == null) { |
|
961 |
throw new NullPointerException("file descriptor can't be null"); |
|
962 |
} |
|
963 |
checkPermission(new RuntimePermission("writeFileDescriptor")); |
|
964 |
||
965 |
} |
|
966 |
||
967 |
/** |
|
968 |
* Throws a <code>SecurityException</code> if the |
|
969 |
* calling thread is not allowed to write to the file specified by |
|
970 |
* the string argument. |
|
971 |
* <p> |
|
972 |
* This method calls <code>checkPermission</code> with the |
|
973 |
* <code>FilePermission(file,"write")</code> permission. |
|
974 |
* <p> |
|
975 |
* If you override this method, then you should make a call to |
|
976 |
* <code>super.checkWrite</code> |
|
977 |
* at the point the overridden method would normally throw an |
|
978 |
* exception. |
|
979 |
* |
|
980 |
* @param file the system-dependent filename. |
|
981 |
* @exception SecurityException if the calling thread does not |
|
982 |
* have permission to access the specified file. |
|
983 |
* @exception NullPointerException if the <code>file</code> argument is |
|
984 |
* <code>null</code>. |
|
985 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
986 |
*/ |
|
987 |
public void checkWrite(String file) { |
|
988 |
checkPermission(new FilePermission(file, |
|
989 |
SecurityConstants.FILE_WRITE_ACTION)); |
|
990 |
} |
|
991 |
||
992 |
/** |
|
993 |
* Throws a <code>SecurityException</code> if the |
|
994 |
* calling thread is not allowed to delete the specified file. |
|
995 |
* <p> |
|
996 |
* This method is invoked for the current security manager by the |
|
997 |
* <code>delete</code> method of class <code>File</code>. |
|
998 |
* <p> |
|
999 |
* This method calls <code>checkPermission</code> with the |
|
1000 |
* <code>FilePermission(file,"delete")</code> permission. |
|
1001 |
* <p> |
|
1002 |
* If you override this method, then you should make a call to |
|
1003 |
* <code>super.checkDelete</code> |
|
1004 |
* at the point the overridden method would normally throw an |
|
1005 |
* exception. |
|
1006 |
* |
|
1007 |
* @param file the system-dependent filename. |
|
1008 |
* @exception SecurityException if the calling thread does not |
|
1009 |
* have permission to delete the file. |
|
1010 |
* @exception NullPointerException if the <code>file</code> argument is |
|
1011 |
* <code>null</code>. |
|
1012 |
* @see java.io.File#delete() |
|
1013 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1014 |
*/ |
|
1015 |
public void checkDelete(String file) { |
|
1016 |
checkPermission(new FilePermission(file, |
|
1017 |
SecurityConstants.FILE_DELETE_ACTION)); |
|
1018 |
} |
|
1019 |
||
1020 |
/** |
|
1021 |
* Throws a <code>SecurityException</code> if the |
|
1022 |
* calling thread is not allowed to open a socket connection to the |
|
1023 |
* specified host and port number. |
|
1024 |
* <p> |
|
1025 |
* A port number of <code>-1</code> indicates that the calling |
|
1026 |
* method is attempting to determine the IP address of the specified |
|
1027 |
* host name. |
|
1028 |
* <p> |
|
1029 |
* This method calls <code>checkPermission</code> with the |
|
1030 |
* <code>SocketPermission(host+":"+port,"connect")</code> permission if |
|
1031 |
* the port is not equal to -1. If the port is equal to -1, then |
|
1032 |
* it calls <code>checkPermission</code> with the |
|
1033 |
* <code>SocketPermission(host,"resolve")</code> permission. |
|
1034 |
* <p> |
|
1035 |
* If you override this method, then you should make a call to |
|
1036 |
* <code>super.checkConnect</code> |
|
1037 |
* at the point the overridden method would normally throw an |
|
1038 |
* exception. |
|
1039 |
* |
|
1040 |
* @param host the host name port to connect to. |
|
1041 |
* @param port the protocol port to connect to. |
|
1042 |
* @exception SecurityException if the calling thread does not have |
|
1043 |
* permission to open a socket connection to the specified |
|
1044 |
* <code>host</code> and <code>port</code>. |
|
1045 |
* @exception NullPointerException if the <code>host</code> argument is |
|
1046 |
* <code>null</code>. |
|
1047 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1048 |
*/ |
|
1049 |
public void checkConnect(String host, int port) { |
|
1050 |
if (host == null) { |
|
1051 |
throw new NullPointerException("host can't be null"); |
|
1052 |
} |
|
1053 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1054 |
host = "[" + host + "]"; |
|
1055 |
} |
|
1056 |
if (port == -1) { |
|
1057 |
checkPermission(new SocketPermission(host, |
|
1058 |
SecurityConstants.SOCKET_RESOLVE_ACTION)); |
|
1059 |
} else { |
|
1060 |
checkPermission(new SocketPermission(host+":"+port, |
|
1061 |
SecurityConstants.SOCKET_CONNECT_ACTION)); |
|
1062 |
} |
|
1063 |
} |
|
1064 |
||
1065 |
/** |
|
1066 |
* Throws a <code>SecurityException</code> if the |
|
1067 |
* specified security context is not allowed to open a socket |
|
1068 |
* connection to the specified host and port number. |
|
1069 |
* <p> |
|
1070 |
* A port number of <code>-1</code> indicates that the calling |
|
1071 |
* method is attempting to determine the IP address of the specified |
|
1072 |
* host name. |
|
1073 |
* <p> If <code>context</code> is not an instance of |
|
1074 |
* <code>AccessControlContext</code> then a |
|
1075 |
* <code>SecurityException</code> is thrown. |
|
1076 |
* <p> |
|
1077 |
* Otherwise, the port number is checked. If it is not equal |
|
1078 |
* to -1, the <code>context</code>'s <code>checkPermission</code> |
|
1079 |
* method is called with a |
|
1080 |
* <code>SocketPermission(host+":"+port,"connect")</code> permission. |
|
1081 |
* If the port is equal to -1, then |
|
1082 |
* the <code>context</code>'s <code>checkPermission</code> method |
|
1083 |
* is called with a |
|
1084 |
* <code>SocketPermission(host,"resolve")</code> permission. |
|
1085 |
* <p> |
|
1086 |
* If you override this method, then you should make a call to |
|
1087 |
* <code>super.checkConnect</code> |
|
1088 |
* at the point the overridden method would normally throw an |
|
1089 |
* exception. |
|
1090 |
* |
|
1091 |
* @param host the host name port to connect to. |
|
1092 |
* @param port the protocol port to connect to. |
|
1093 |
* @param context a system-dependent security context. |
|
1094 |
* @exception SecurityException if the specified security context |
|
1095 |
* is not an instance of <code>AccessControlContext</code> |
|
1096 |
* (e.g., is <code>null</code>), or does not have permission |
|
1097 |
* to open a socket connection to the specified |
|
1098 |
* <code>host</code> and <code>port</code>. |
|
1099 |
* @exception NullPointerException if the <code>host</code> argument is |
|
1100 |
* <code>null</code>. |
|
1101 |
* @see java.lang.SecurityManager#getSecurityContext() |
|
1102 |
* @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
|
1103 |
*/ |
|
1104 |
public void checkConnect(String host, int port, Object context) { |
|
1105 |
if (host == null) { |
|
1106 |
throw new NullPointerException("host can't be null"); |
|
1107 |
} |
|
1108 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1109 |
host = "[" + host + "]"; |
|
1110 |
} |
|
1111 |
if (port == -1) |
|
1112 |
checkPermission(new SocketPermission(host, |
|
1113 |
SecurityConstants.SOCKET_RESOLVE_ACTION), |
|
1114 |
context); |
|
1115 |
else |
|
1116 |
checkPermission(new SocketPermission(host+":"+port, |
|
1117 |
SecurityConstants.SOCKET_CONNECT_ACTION), |
|
1118 |
context); |
|
1119 |
} |
|
1120 |
||
1121 |
/** |
|
1122 |
* Throws a <code>SecurityException</code> if the |
|
1123 |
* calling thread is not allowed to wait for a connection request on |
|
1124 |
* the specified local port number. |
|
1125 |
* <p> |
|
22339 | 1126 |
* This method calls <code>checkPermission</code> with the |
2 | 1127 |
* <code>SocketPermission("localhost:"+port,"listen")</code>. |
1128 |
* <p> |
|
1129 |
* If you override this method, then you should make a call to |
|
1130 |
* <code>super.checkListen</code> |
|
1131 |
* at the point the overridden method would normally throw an |
|
1132 |
* exception. |
|
1133 |
* |
|
1134 |
* @param port the local port. |
|
1135 |
* @exception SecurityException if the calling thread does not have |
|
1136 |
* permission to listen on the specified port. |
|
1137 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1138 |
*/ |
|
1139 |
public void checkListen(int port) { |
|
22339 | 1140 |
checkPermission(new SocketPermission("localhost:"+port, |
1141 |
SecurityConstants.SOCKET_LISTEN_ACTION)); |
|
2 | 1142 |
} |
1143 |
||
1144 |
/** |
|
1145 |
* Throws a <code>SecurityException</code> if the |
|
1146 |
* calling thread is not permitted to accept a socket connection from |
|
1147 |
* the specified host and port number. |
|
1148 |
* <p> |
|
1149 |
* This method is invoked for the current security manager by the |
|
1150 |
* <code>accept</code> method of class <code>ServerSocket</code>. |
|
1151 |
* <p> |
|
1152 |
* This method calls <code>checkPermission</code> with the |
|
1153 |
* <code>SocketPermission(host+":"+port,"accept")</code> permission. |
|
1154 |
* <p> |
|
1155 |
* If you override this method, then you should make a call to |
|
1156 |
* <code>super.checkAccept</code> |
|
1157 |
* at the point the overridden method would normally throw an |
|
1158 |
* exception. |
|
1159 |
* |
|
1160 |
* @param host the host name of the socket connection. |
|
1161 |
* @param port the port number of the socket connection. |
|
1162 |
* @exception SecurityException if the calling thread does not have |
|
1163 |
* permission to accept the connection. |
|
1164 |
* @exception NullPointerException if the <code>host</code> argument is |
|
1165 |
* <code>null</code>. |
|
1166 |
* @see java.net.ServerSocket#accept() |
|
1167 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1168 |
*/ |
|
1169 |
public void checkAccept(String host, int port) { |
|
1170 |
if (host == null) { |
|
1171 |
throw new NullPointerException("host can't be null"); |
|
1172 |
} |
|
1173 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1174 |
host = "[" + host + "]"; |
|
1175 |
} |
|
1176 |
checkPermission(new SocketPermission(host+":"+port, |
|
1177 |
SecurityConstants.SOCKET_ACCEPT_ACTION)); |
|
1178 |
} |
|
1179 |
||
1180 |
/** |
|
1181 |
* Throws a <code>SecurityException</code> if the |
|
1182 |
* calling thread is not allowed to use |
|
1183 |
* (join/leave/send/receive) IP multicast. |
|
1184 |
* <p> |
|
1185 |
* This method calls <code>checkPermission</code> with the |
|
1186 |
* <code>java.net.SocketPermission(maddr.getHostAddress(), |
|
1187 |
* "accept,connect")</code> permission. |
|
1188 |
* <p> |
|
1189 |
* If you override this method, then you should make a call to |
|
1190 |
* <code>super.checkMulticast</code> |
|
1191 |
* at the point the overridden method would normally throw an |
|
1192 |
* exception. |
|
1193 |
* |
|
1194 |
* @param maddr Internet group address to be used. |
|
1195 |
* @exception SecurityException if the calling thread is not allowed to |
|
1196 |
* use (join/leave/send/receive) IP multicast. |
|
1197 |
* @exception NullPointerException if the address argument is |
|
1198 |
* <code>null</code>. |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1199 |
* @since 1.1 |
2 | 1200 |
* @see #checkPermission(java.security.Permission) checkPermission |
1201 |
*/ |
|
1202 |
public void checkMulticast(InetAddress maddr) { |
|
1203 |
String host = maddr.getHostAddress(); |
|
1204 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1205 |
host = "[" + host + "]"; |
|
1206 |
} |
|
1207 |
checkPermission(new SocketPermission(host, |
|
1208 |
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
|
1209 |
} |
|
1210 |
||
1211 |
/** |
|
1212 |
* Throws a <code>SecurityException</code> if the |
|
1213 |
* calling thread is not allowed to use |
|
1214 |
* (join/leave/send/receive) IP multicast. |
|
1215 |
* <p> |
|
1216 |
* This method calls <code>checkPermission</code> with the |
|
1217 |
* <code>java.net.SocketPermission(maddr.getHostAddress(), |
|
1218 |
* "accept,connect")</code> permission. |
|
1219 |
* <p> |
|
1220 |
* If you override this method, then you should make a call to |
|
1221 |
* <code>super.checkMulticast</code> |
|
1222 |
* at the point the overridden method would normally throw an |
|
1223 |
* exception. |
|
1224 |
* |
|
1225 |
* @param maddr Internet group address to be used. |
|
1226 |
* @param ttl value in use, if it is multicast send. |
|
1227 |
* Note: this particular implementation does not use the ttl |
|
1228 |
* parameter. |
|
1229 |
* @exception SecurityException if the calling thread is not allowed to |
|
1230 |
* use (join/leave/send/receive) IP multicast. |
|
1231 |
* @exception NullPointerException if the address argument is |
|
1232 |
* <code>null</code>. |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1233 |
* @since 1.1 |
2 | 1234 |
* @deprecated Use #checkPermission(java.security.Permission) instead |
1235 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1236 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1237 |
@Deprecated(since="1.4") |
2 | 1238 |
public void checkMulticast(InetAddress maddr, byte ttl) { |
1239 |
String host = maddr.getHostAddress(); |
|
1240 |
if (!host.startsWith("[") && host.indexOf(':') != -1) { |
|
1241 |
host = "[" + host + "]"; |
|
1242 |
} |
|
1243 |
checkPermission(new SocketPermission(host, |
|
1244 |
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
|
1245 |
} |
|
1246 |
||
1247 |
/** |
|
1248 |
* Throws a <code>SecurityException</code> if the |
|
1249 |
* calling thread is not allowed to access or modify the system |
|
1250 |
* properties. |
|
1251 |
* <p> |
|
1252 |
* This method is used by the <code>getProperties</code> and |
|
1253 |
* <code>setProperties</code> methods of class <code>System</code>. |
|
1254 |
* <p> |
|
1255 |
* This method calls <code>checkPermission</code> with the |
|
1256 |
* <code>PropertyPermission("*", "read,write")</code> permission. |
|
1257 |
* <p> |
|
1258 |
* If you override this method, then you should make a call to |
|
1259 |
* <code>super.checkPropertiesAccess</code> |
|
1260 |
* at the point the overridden method would normally throw an |
|
1261 |
* exception. |
|
1262 |
* |
|
1263 |
* @exception SecurityException if the calling thread does not have |
|
1264 |
* permission to access or modify the system properties. |
|
1265 |
* @see java.lang.System#getProperties() |
|
1266 |
* @see java.lang.System#setProperties(java.util.Properties) |
|
1267 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1268 |
*/ |
|
1269 |
public void checkPropertiesAccess() { |
|
1270 |
checkPermission(new PropertyPermission("*", |
|
1271 |
SecurityConstants.PROPERTY_RW_ACTION)); |
|
1272 |
} |
|
1273 |
||
1274 |
/** |
|
1275 |
* Throws a <code>SecurityException</code> if the |
|
1276 |
* calling thread is not allowed to access the system property with |
|
1277 |
* the specified <code>key</code> name. |
|
1278 |
* <p> |
|
1279 |
* This method is used by the <code>getProperty</code> method of |
|
1280 |
* class <code>System</code>. |
|
1281 |
* <p> |
|
1282 |
* This method calls <code>checkPermission</code> with the |
|
1283 |
* <code>PropertyPermission(key, "read")</code> permission. |
|
1284 |
* <p> |
|
1285 |
* If you override this method, then you should make a call to |
|
1286 |
* <code>super.checkPropertyAccess</code> |
|
1287 |
* at the point the overridden method would normally throw an |
|
1288 |
* exception. |
|
1289 |
* |
|
1290 |
* @param key a system property key. |
|
1291 |
* |
|
1292 |
* @exception SecurityException if the calling thread does not have |
|
1293 |
* permission to access the specified system property. |
|
1294 |
* @exception NullPointerException if the <code>key</code> argument is |
|
1295 |
* <code>null</code>. |
|
1296 |
* @exception IllegalArgumentException if <code>key</code> is empty. |
|
1297 |
* |
|
1298 |
* @see java.lang.System#getProperty(java.lang.String) |
|
1299 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1300 |
*/ |
|
1301 |
public void checkPropertyAccess(String key) { |
|
1302 |
checkPermission(new PropertyPermission(key, |
|
1303 |
SecurityConstants.PROPERTY_READ_ACTION)); |
|
1304 |
} |
|
1305 |
||
1306 |
/** |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1307 |
* Returns {@code true} if the calling thread has {@code AllPermission}. |
2 | 1308 |
* |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1309 |
* @param window not used except to check if it is {@code null}. |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1310 |
* @return {@code true} if the calling thread has {@code AllPermission}. |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1311 |
* @exception NullPointerException if the {@code window} argument is |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1312 |
* {@code null}. |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1313 |
* @deprecated This method was originally used to check if the calling thread |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1314 |
* was trusted to bring up a top-level window. The method has been |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1315 |
* obsoleted and code should instead use {@link #checkPermission} |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1316 |
* to check {@code AWTPermission("showWindowWithoutWarningBanner")}. |
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1317 |
* This method is subject to removal in a future version of Java SE. |
2 | 1318 |
* @see #checkPermission(java.security.Permission) checkPermission |
1319 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1320 |
@Deprecated(since="1.8", forRemoval=true) |
2 | 1321 |
public boolean checkTopLevelWindow(Object window) { |
1322 |
if (window == null) { |
|
1323 |
throw new NullPointerException("window can't be null"); |
|
1324 |
} |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1325 |
return hasAllPermission(); |
2 | 1326 |
} |
1327 |
||
1328 |
/** |
|
1329 |
* Throws a <code>SecurityException</code> if the |
|
1330 |
* calling thread is not allowed to initiate a print job request. |
|
1331 |
* <p> |
|
1332 |
* This method calls |
|
1333 |
* <code>checkPermission</code> with the |
|
1334 |
* <code>RuntimePermission("queuePrintJob")</code> permission. |
|
1335 |
* <p> |
|
1336 |
* If you override this method, then you should make a call to |
|
1337 |
* <code>super.checkPrintJobAccess</code> |
|
1338 |
* at the point the overridden method would normally throw an |
|
1339 |
* exception. |
|
1340 |
* |
|
1341 |
* @exception SecurityException if the calling thread does not have |
|
1342 |
* permission to initiate a print job request. |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1343 |
* @since 1.1 |
2 | 1344 |
* @see #checkPermission(java.security.Permission) checkPermission |
1345 |
*/ |
|
1346 |
public void checkPrintJobAccess() { |
|
1347 |
checkPermission(new RuntimePermission("queuePrintJob")); |
|
1348 |
} |
|
1349 |
||
1350 |
/** |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1351 |
* Throws {@code SecurityException} if the calling thread does |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1352 |
* not have {@code AllPermission}. |
2 | 1353 |
* |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1354 |
* @since 1.1 |
2 | 1355 |
* @exception SecurityException if the calling thread does not have |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1356 |
* {@code AllPermission} |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1357 |
* @deprecated This method was originally used to check if the calling |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1358 |
* thread could access the system clipboard. The method has been |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1359 |
* obsoleted and code should instead use {@link #checkPermission} |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1360 |
* to check {@code AWTPermission("accessClipboard")}. |
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1361 |
* This method is subject to removal in a future version of Java SE. |
2 | 1362 |
* @see #checkPermission(java.security.Permission) checkPermission |
1363 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1364 |
@Deprecated(since="1.8", forRemoval=true) |
2 | 1365 |
public void checkSystemClipboardAccess() { |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1366 |
checkPermission(SecurityConstants.ALL_PERMISSION); |
2 | 1367 |
} |
1368 |
||
1369 |
/** |
|
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1370 |
* Throws {@code SecurityException} if the calling thread does |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1371 |
* not have {@code AllPermission}. |
2 | 1372 |
* |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1373 |
* @since 1.1 |
2 | 1374 |
* @exception SecurityException if the calling thread does not have |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1375 |
* {@code AllPermission} |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1376 |
* @deprecated This method was originally used to check if the calling |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1377 |
* thread could access the AWT event queue. The method has been |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1378 |
* obsoleted and code should instead use {@link #checkPermission} |
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1379 |
* to check {@code AWTPermission("accessEventQueue")}. |
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1380 |
* This method is subject to removal in a future version of Java SE. |
2 | 1381 |
* @see #checkPermission(java.security.Permission) checkPermission |
1382 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1383 |
@Deprecated(since="1.8", forRemoval=true) |
2 | 1384 |
public void checkAwtEventQueueAccess() { |
22060
cd4f9d7dbeda
8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
alanb
parents:
21330
diff
changeset
|
1385 |
checkPermission(SecurityConstants.ALL_PERMISSION); |
2 | 1386 |
} |
1387 |
||
1388 |
/* |
|
1389 |
* We have an initial invalid bit (initially false) for the class |
|
1390 |
* variables which tell if the cache is valid. If the underlying |
|
1391 |
* java.security.Security property changes via setProperty(), the |
|
1392 |
* Security class uses reflection to change the variable and thus |
|
1393 |
* invalidate the cache. |
|
1394 |
* |
|
1395 |
* Locking is handled by synchronization to the |
|
1396 |
* packageAccessLock/packageDefinitionLock objects. They are only |
|
1397 |
* used in this class. |
|
1398 |
* |
|
1399 |
* Note that cache invalidation as a result of the property change |
|
1400 |
* happens without using these locks, so there may be a delay between |
|
1401 |
* when a thread updates the property and when other threads updates |
|
1402 |
* the cache. |
|
1403 |
*/ |
|
1404 |
private static boolean packageAccessValid = false; |
|
1405 |
private static String[] packageAccess; |
|
1406 |
private static final Object packageAccessLock = new Object(); |
|
1407 |
||
1408 |
private static boolean packageDefinitionValid = false; |
|
1409 |
private static String[] packageDefinition; |
|
1410 |
private static final Object packageDefinitionLock = new Object(); |
|
1411 |
||
1412 |
private static String[] getPackages(String p) { |
|
1413 |
String packages[] = null; |
|
1414 |
if (p != null && !p.equals("")) { |
|
1415 |
java.util.StringTokenizer tok = |
|
1416 |
new java.util.StringTokenizer(p, ","); |
|
1417 |
int n = tok.countTokens(); |
|
1418 |
if (n > 0) { |
|
1419 |
packages = new String[n]; |
|
1420 |
int i = 0; |
|
1421 |
while (tok.hasMoreElements()) { |
|
1422 |
String s = tok.nextToken().trim(); |
|
1423 |
packages[i++] = s; |
|
1424 |
} |
|
1425 |
} |
|
1426 |
} |
|
1427 |
||
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1428 |
if (packages == null) { |
2 | 1429 |
packages = new String[0]; |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1430 |
} |
2 | 1431 |
return packages; |
1432 |
} |
|
1433 |
||
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1434 |
// The non-exported packages of the modules in the boot layer that are |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1435 |
// loaded by the platform class loader or its ancestors. A non-exported |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1436 |
// package is a package that either is not exported at all by its containing |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1437 |
// module or is exported in a qualified fashion by its containing module. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1438 |
private static final Set<String> nonExportedPkgs; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1439 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1440 |
static { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1441 |
// Get the modules in the boot layer |
44545
83b611b88ac8
8177530: Module system implementation refresh (4/2017)
alanb
parents:
43712
diff
changeset
|
1442 |
Stream<Module> bootLayerModules = ModuleLayer.boot().modules().stream(); |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1443 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1444 |
// Filter out the modules loaded by the boot or platform loader |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1445 |
PrivilegedAction<Set<Module>> pa = () -> |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1446 |
bootLayerModules.filter(SecurityManager::isBootOrPlatformModule) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1447 |
.collect(Collectors.toSet()); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1448 |
Set<Module> modules = AccessController.doPrivileged(pa); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1449 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1450 |
// Filter out the non-exported packages |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1451 |
nonExportedPkgs = modules.stream() |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1452 |
.map(Module::getDescriptor) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1453 |
.map(SecurityManager::nonExportedPkgs) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1454 |
.flatMap(Set::stream) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1455 |
.collect(Collectors.toSet()); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1456 |
} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1457 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1458 |
/** |
43712
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1459 |
* Called by java.security.Security |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1460 |
*/ |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1461 |
static void invalidatePackageAccessCache() { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1462 |
synchronized (packageAccessLock) { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1463 |
packageAccessValid = false; |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1464 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1465 |
synchronized (packageDefinitionLock) { |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1466 |
packageDefinitionValid = false; |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1467 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1468 |
} |
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1469 |
|
5dfd0950317c
8173393: Module system implementation refresh (2/2017)
alanb
parents:
43221
diff
changeset
|
1470 |
/** |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1471 |
* Returns true if the module's loader is the boot or platform loader. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1472 |
*/ |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1473 |
private static boolean isBootOrPlatformModule(Module m) { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1474 |
return m.getClassLoader() == null || |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1475 |
m.getClassLoader() == ClassLoader.getPlatformClassLoader(); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1476 |
} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1477 |
|
2 | 1478 |
/** |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1479 |
* Returns the non-exported packages of the specified module. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1480 |
*/ |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1481 |
private static Set<String> nonExportedPkgs(ModuleDescriptor md) { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1482 |
// start with all packages in the module |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1483 |
Set<String> pkgs = new HashSet<>(md.packages()); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1484 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1485 |
// remove the non-qualified exported packages |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1486 |
md.exports().stream() |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1487 |
.filter(p -> !p.isQualified()) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1488 |
.map(Exports::source) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1489 |
.forEach(pkgs::remove); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1490 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1491 |
// remove the non-qualified open packages |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1492 |
md.opens().stream() |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1493 |
.filter(p -> !p.isQualified()) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1494 |
.map(Opens::source) |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1495 |
.forEach(pkgs::remove); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1496 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1497 |
return pkgs; |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1498 |
} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1499 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1500 |
/** |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1501 |
* Throws a {@code SecurityException} if the calling thread is not allowed |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1502 |
* to access the specified package. |
2 | 1503 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1504 |
* This method is called by the {@code loadClass} method of class loaders. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1505 |
* <p> |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1506 |
* This method checks if the specified package starts with or equals |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1507 |
* any of the packages in the {@code package.access} Security Property. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1508 |
* An implementation may also check the package against an additional |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1509 |
* list of restricted packages as noted below. If the package is restricted, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1510 |
* {@link #checkPermission(Permission)} is called with a |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1511 |
* {@code RuntimePermission("accessClassInPackage."+pkg)} permission. |
2 | 1512 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1513 |
* If this method is overridden, then {@code super.checkPackageAccess} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1514 |
* should be called as the first line in the overridden method. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1515 |
* |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1516 |
* @implNote |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1517 |
* This implementation also restricts all non-exported packages of modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1518 |
* loaded by {@linkplain ClassLoader#getPlatformClassLoader |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1519 |
* the platform class loader} or its ancestors. A "non-exported package" |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1520 |
* refers to a package that is not exported to all modules. Specifically, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1521 |
* it refers to a package that either is not exported at all by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1522 |
* containing module or is exported in a qualified fashion by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1523 |
* containing module. |
2 | 1524 |
* |
1525 |
* @param pkg the package name. |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1526 |
* @throws SecurityException if the calling thread does not have |
2 | 1527 |
* permission to access the specified package. |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1528 |
* @throws NullPointerException if the package name argument is |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1529 |
* {@code null}. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1530 |
* @see java.lang.ClassLoader#loadClass(String, boolean) loadClass |
2 | 1531 |
* @see java.security.Security#getProperty getProperty |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1532 |
* @see #checkPermission(Permission) checkPermission |
2 | 1533 |
*/ |
1534 |
public void checkPackageAccess(String pkg) { |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1535 |
Objects.requireNonNull(pkg, "package name can't be null"); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1536 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1537 |
// check if pkg is not exported to all modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1538 |
if (nonExportedPkgs.contains(pkg)) { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1539 |
checkPermission( |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1540 |
new RuntimePermission("accessClassInPackage." + pkg)); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1541 |
return; |
2 | 1542 |
} |
1543 |
||
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1544 |
String[] restrictedPkgs; |
2 | 1545 |
synchronized (packageAccessLock) { |
1546 |
/* |
|
1547 |
* Do we need to update our property array? |
|
1548 |
*/ |
|
1549 |
if (!packageAccessValid) { |
|
1550 |
String tmpPropertyStr = |
|
1551 |
AccessController.doPrivileged( |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
1552 |
new PrivilegedAction<>() { |
2 | 1553 |
public String run() { |
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1554 |
return Security.getProperty("package.access"); |
2 | 1555 |
} |
1556 |
} |
|
1557 |
); |
|
1558 |
packageAccess = getPackages(tmpPropertyStr); |
|
1559 |
packageAccessValid = true; |
|
1560 |
} |
|
1561 |
||
1562 |
// Using a snapshot of packageAccess -- don't care if static field |
|
1563 |
// changes afterwards; array contents won't change. |
|
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1564 |
restrictedPkgs = packageAccess; |
2 | 1565 |
} |
1566 |
||
1567 |
/* |
|
1568 |
* Traverse the list of packages, check for any matches. |
|
1569 |
*/ |
|
31180
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1570 |
final int plen = pkg.length(); |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1571 |
for (String restrictedPkg : restrictedPkgs) { |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1572 |
final int rlast = restrictedPkg.length() - 1; |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1573 |
|
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1574 |
// Optimizations: |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1575 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1576 |
// If rlast >= plen then restrictedPkg is longer than pkg by at |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1577 |
// least one char. This means pkg cannot start with restrictedPkg, |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1578 |
// since restrictedPkg will be longer than pkg. |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1579 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1580 |
// Similarly if rlast != plen, then pkg + "." cannot be the same |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1581 |
// as restrictedPkg, since pkg + "." will have a different length |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1582 |
// than restrictedPkg. |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1583 |
// |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1584 |
if (rlast < plen && pkg.startsWith(restrictedPkg) || |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1585 |
// The following test is equivalent to |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1586 |
// restrictedPkg.equals(pkg + ".") but is noticeably more |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1587 |
// efficient: |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1588 |
rlast == plen && restrictedPkg.startsWith(pkg) && |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1589 |
restrictedPkg.charAt(rlast) == '.') |
316a8c3e572a
8072692: Improve performance of SecurityManager.checkPackageAccess
dfuchs
parents:
29986
diff
changeset
|
1590 |
{ |
2 | 1591 |
checkPermission( |
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1592 |
new RuntimePermission("accessClassInPackage." + pkg)); |
2 | 1593 |
break; // No need to continue; only need to check this once |
1594 |
} |
|
1595 |
} |
|
1596 |
} |
|
1597 |
||
1598 |
/** |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1599 |
* Throws a {@code SecurityException} if the calling thread is not |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1600 |
* allowed to define classes in the specified package. |
2 | 1601 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1602 |
* This method is called by the {@code loadClass} method of some |
2 | 1603 |
* class loaders. |
1604 |
* <p> |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1605 |
* This method checks if the specified package starts with or equals |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1606 |
* any of the packages in the {@code package.definition} Security |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1607 |
* Property. An implementation may also check the package against an |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1608 |
* additional list of restricted packages as noted below. If the package |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1609 |
* is restricted, {@link #checkPermission(Permission)} is called with a |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1610 |
* {@code RuntimePermission("defineClassInPackage."+pkg)} permission. |
2 | 1611 |
* <p> |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1612 |
* If this method is overridden, then {@code super.checkPackageDefinition} |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1613 |
* should be called as the first line in the overridden method. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1614 |
* |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1615 |
* @implNote |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1616 |
* This implementation also restricts all non-exported packages of modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1617 |
* loaded by {@linkplain ClassLoader#getPlatformClassLoader |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1618 |
* the platform class loader} or its ancestors. A "non-exported package" |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1619 |
* refers to a package that is not exported to all modules. Specifically, |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1620 |
* it refers to a package that either is not exported at all by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1621 |
* containing module or is exported in a qualified fashion by its |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1622 |
* containing module. |
2 | 1623 |
* |
1624 |
* @param pkg the package name. |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1625 |
* @throws SecurityException if the calling thread does not have |
2 | 1626 |
* permission to define classes in the specified package. |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1627 |
* @throws NullPointerException if the package name argument is |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1628 |
* {@code null}. |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1629 |
* @see java.lang.ClassLoader#loadClass(String, boolean) |
2 | 1630 |
* @see java.security.Security#getProperty getProperty |
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1631 |
* @see #checkPermission(Permission) checkPermission |
2 | 1632 |
*/ |
1633 |
public void checkPackageDefinition(String pkg) { |
|
43221
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1634 |
Objects.requireNonNull(pkg, "package name can't be null"); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1635 |
|
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1636 |
// check if pkg is not exported to all modules |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1637 |
if (nonExportedPkgs.contains(pkg)) { |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1638 |
checkPermission( |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1639 |
new RuntimePermission("defineClassInPackage." + pkg)); |
eef9383d25cb
8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
mullan
parents:
39888
diff
changeset
|
1640 |
return; |
2 | 1641 |
} |
1642 |
||
1643 |
String[] pkgs; |
|
1644 |
synchronized (packageDefinitionLock) { |
|
1645 |
/* |
|
1646 |
* Do we need to update our property array? |
|
1647 |
*/ |
|
1648 |
if (!packageDefinitionValid) { |
|
1649 |
String tmpPropertyStr = |
|
1650 |
AccessController.doPrivileged( |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
1651 |
new PrivilegedAction<>() { |
2 | 1652 |
public String run() { |
1653 |
return java.security.Security.getProperty( |
|
1654 |
"package.definition"); |
|
1655 |
} |
|
1656 |
} |
|
1657 |
); |
|
1658 |
packageDefinition = getPackages(tmpPropertyStr); |
|
1659 |
packageDefinitionValid = true; |
|
1660 |
} |
|
1661 |
// Using a snapshot of packageDefinition -- don't care if static |
|
1662 |
// field changes afterwards; array contents won't change. |
|
1663 |
pkgs = packageDefinition; |
|
1664 |
} |
|
1665 |
||
1666 |
/* |
|
1667 |
* Traverse the list of packages, check for any matches. |
|
1668 |
*/ |
|
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1669 |
for (String restrictedPkg : pkgs) { |
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1670 |
if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) { |
2 | 1671 |
checkPermission( |
22581
e868cde95050
8032779: Update code in java.lang to use newer language features
psandoz
parents:
22342
diff
changeset
|
1672 |
new RuntimePermission("defineClassInPackage." + pkg)); |
2 | 1673 |
break; // No need to continue; only need to check this once |
1674 |
} |
|
1675 |
} |
|
1676 |
} |
|
1677 |
||
1678 |
/** |
|
1679 |
* Throws a <code>SecurityException</code> if the |
|
1680 |
* calling thread is not allowed to set the socket factory used by |
|
1681 |
* <code>ServerSocket</code> or <code>Socket</code>, or the stream |
|
1682 |
* handler factory used by <code>URL</code>. |
|
1683 |
* <p> |
|
1684 |
* This method calls <code>checkPermission</code> with the |
|
1685 |
* <code>RuntimePermission("setFactory")</code> permission. |
|
1686 |
* <p> |
|
1687 |
* If you override this method, then you should make a call to |
|
1688 |
* <code>super.checkSetFactory</code> |
|
1689 |
* at the point the overridden method would normally throw an |
|
1690 |
* exception. |
|
1691 |
* |
|
1692 |
* @exception SecurityException if the calling thread does not have |
|
1693 |
* permission to specify a socket factory or a stream |
|
1694 |
* handler factory. |
|
1695 |
* |
|
1696 |
* @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory |
|
1697 |
* @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory |
|
1698 |
* @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory |
|
1699 |
* @see #checkPermission(java.security.Permission) checkPermission |
|
1700 |
*/ |
|
1701 |
public void checkSetFactory() { |
|
1702 |
checkPermission(new RuntimePermission("setFactory")); |
|
1703 |
} |
|
1704 |
||
1705 |
/** |
|
1706 |
* Throws a <code>SecurityException</code> if the |
|
1707 |
* calling thread is not allowed to access members. |
|
1708 |
* <p> |
|
1709 |
* The default policy is to allow access to PUBLIC members, as well |
|
1710 |
* as access to classes that have the same class loader as the caller. |
|
1711 |
* In all other cases, this method calls <code>checkPermission</code> |
|
1712 |
* with the <code>RuntimePermission("accessDeclaredMembers") |
|
1713 |
* </code> permission. |
|
1714 |
* <p> |
|
1715 |
* If this method is overridden, then a call to |
|
1716 |
* <code>super.checkMemberAccess</code> cannot be made, |
|
1717 |
* as the default implementation of <code>checkMemberAccess</code> |
|
1718 |
* relies on the code being checked being at a stack depth of |
|
1719 |
* 4. |
|
1720 |
* |
|
1721 |
* @param clazz the class that reflection is to be performed on. |
|
1722 |
* |
|
1723 |
* @param which type of access, PUBLIC or DECLARED. |
|
1724 |
* |
|
1725 |
* @exception SecurityException if the caller does not have |
|
1726 |
* permission to access members. |
|
1727 |
* @exception NullPointerException if the <code>clazz</code> argument is |
|
1728 |
* <code>null</code>. |
|
18766
28c62f5e9a47
8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
mchung
parents:
16906
diff
changeset
|
1729 |
* |
28c62f5e9a47
8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
mchung
parents:
16906
diff
changeset
|
1730 |
* @deprecated This method relies on the caller being at a stack depth |
28c62f5e9a47
8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
mchung
parents:
16906
diff
changeset
|
1731 |
* of 4 which is error-prone and cannot be enforced by the runtime. |
28c62f5e9a47
8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
mchung
parents:
16906
diff
changeset
|
1732 |
* Users of this method should instead invoke {@link #checkPermission} |
37894
3acc9608c162
8156810: remove redundant sentence in SecurityManager.checkMemberAccess doc
smarks
parents:
37521
diff
changeset
|
1733 |
* directly. |
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1734 |
* This method is subject to removal in a future version of Java SE. |
18766
28c62f5e9a47
8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
mchung
parents:
16906
diff
changeset
|
1735 |
* |
2 | 1736 |
* @see java.lang.reflect.Member |
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1737 |
* @since 1.1 |
2 | 1738 |
* @see #checkPermission(java.security.Permission) checkPermission |
1739 |
*/ |
|
37521
b6e0f285c998
8145468: update java.lang APIs with new deprecations
smarks
parents:
37363
diff
changeset
|
1740 |
@Deprecated(since="1.8", forRemoval=true) |
16906
44dfee24cb71
8010117: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
mchung
parents:
16039
diff
changeset
|
1741 |
@CallerSensitive |
2 | 1742 |
public void checkMemberAccess(Class<?> clazz, int which) { |
1743 |
if (clazz == null) { |
|
1744 |
throw new NullPointerException("class can't be null"); |
|
1745 |
} |
|
1746 |
if (which != Member.PUBLIC) { |
|
21330
7b073d91ba9e
8027062: Fix lint and doclint issues in java.lang.{ClassLoader, ClassValue, SecurityManager}
darcy
parents:
19807
diff
changeset
|
1747 |
Class<?> stack[] = getClassContext(); |
2 | 1748 |
/* |
1749 |
* stack depth of 4 should be the caller of one of the |
|
1750 |
* methods in java.lang.Class that invoke checkMember |
|
1751 |
* access. The stack should look like: |
|
1752 |
* |
|
1753 |
* someCaller [3] |
|
1754 |
* java.lang.Class.someReflectionAPI [2] |
|
1755 |
* java.lang.Class.checkMemberAccess [1] |
|
1756 |
* SecurityManager.checkMemberAccess [0] |
|
1757 |
* |
|
1758 |
*/ |
|
1759 |
if ((stack.length<4) || |
|
1760 |
(stack[3].getClassLoader() != clazz.getClassLoader())) { |
|
1761 |
checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); |
|
1762 |
} |
|
1763 |
} |
|
1764 |
} |
|
1765 |
||
1766 |
/** |
|
1767 |
* Determines whether the permission with the specified permission target |
|
1768 |
* name should be granted or denied. |
|
1769 |
* |
|
1770 |
* <p> If the requested permission is allowed, this method returns |
|
1771 |
* quietly. If denied, a SecurityException is raised. |
|
1772 |
* |
|
1773 |
* <p> This method creates a <code>SecurityPermission</code> object for |
|
1774 |
* the given permission target name and calls <code>checkPermission</code> |
|
1775 |
* with it. |
|
1776 |
* |
|
1777 |
* <p> See the documentation for |
|
1778 |
* <code>{@link java.security.SecurityPermission}</code> for |
|
1779 |
* a list of possible permission target names. |
|
1780 |
* |
|
1781 |
* <p> If you override this method, then you should make a call to |
|
1782 |
* <code>super.checkSecurityAccess</code> |
|
1783 |
* at the point the overridden method would normally throw an |
|
1784 |
* exception. |
|
1785 |
* |
|
1786 |
* @param target the target name of the <code>SecurityPermission</code>. |
|
1787 |
* |
|
1788 |
* @exception SecurityException if the calling thread does not have |
|
1789 |
* permission for the requested access. |
|
1790 |
* @exception NullPointerException if <code>target</code> is null. |
|
1791 |
* @exception IllegalArgumentException if <code>target</code> is empty. |
|
1792 |
* |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1793 |
* @since 1.1 |
2 | 1794 |
* @see #checkPermission(java.security.Permission) checkPermission |
1795 |
*/ |
|
1796 |
public void checkSecurityAccess(String target) { |
|
1797 |
checkPermission(new SecurityPermission(target)); |
|
1798 |
} |
|
1799 |
||
11117
b6e68b1344d4
7116404: Miscellaneous warnings (java.rmi.**, serialization, some core classes)
alanb
parents:
5506
diff
changeset
|
1800 |
private native Class<?> currentLoadedClass0(); |
2 | 1801 |
|
1802 |
/** |
|
1803 |
* Returns the thread group into which to instantiate any new |
|
1804 |
* thread being created at the time this is being called. |
|
1805 |
* By default, it returns the thread group of the current |
|
1806 |
* thread. This should be overridden by a specific security |
|
1807 |
* manager to return the appropriate thread group. |
|
1808 |
* |
|
1809 |
* @return ThreadGroup that new threads are instantiated into |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
24367
diff
changeset
|
1810 |
* @since 1.1 |
2 | 1811 |
* @see java.lang.ThreadGroup |
1812 |
*/ |
|
1813 |
public ThreadGroup getThreadGroup() { |
|
1814 |
return Thread.currentThread().getThreadGroup(); |
|
1815 |
} |
|
1816 |
||
1817 |
} |