1 /* SecurityManager.java -- security checks for privileged actions
2 Copyright (C) 1998, 1999, 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
41 import gnu
.classpath
.VMStackWalker
;
43 import java
.awt
.AWTPermission
;
45 import java
.io
.FileDescriptor
;
46 import java
.io
.FileInputStream
;
47 import java
.io
.FileOutputStream
;
48 import java
.io
.FilePermission
;
49 import java
.io
.RandomAccessFile
;
50 import java
.lang
.reflect
.Member
;
51 import java
.net
.InetAddress
;
52 import java
.net
.ServerSocket
;
53 import java
.net
.Socket
;
54 import java
.net
.SocketImplFactory
;
55 import java
.net
.SocketPermission
;
57 import java
.net
.URLStreamHandlerFactory
;
58 import java
.security
.AccessControlContext
;
59 import java
.security
.AccessControlException
;
60 import java
.security
.AccessController
;
61 import java
.security
.AllPermission
;
62 import java
.security
.BasicPermission
;
63 import java
.security
.Permission
;
64 import java
.security
.Policy
;
65 import java
.security
.PrivilegedAction
;
66 import java
.security
.ProtectionDomain
;
67 import java
.security
.Security
;
68 import java
.security
.SecurityPermission
;
69 import java
.util
.Properties
;
70 import java
.util
.PropertyPermission
;
71 import java
.util
.StringTokenizer
;
74 * SecurityManager is a class you can extend to create your own Java
75 * security policy. By default, there is no SecurityManager installed in
76 * 1.1, which means that all things are permitted to all people. The security
77 * manager, if set, is consulted before doing anything with potentially
78 * dangerous results, and throws a <code>SecurityException</code> if the
79 * action is forbidden.
81 * <p>A typical check is as follows, just before the dangerous operation:<br>
83 * SecurityManager sm = System.getSecurityManager();
85 * sm.checkABC(<em>argument</em>, ...);
87 * Note that this is thread-safe, by caching the security manager in a local
88 * variable rather than risking a NullPointerException if the mangager is
89 * changed between the check for null and before the permission check.
91 * <p>The special method <code>checkPermission</code> is a catchall, and
92 * the default implementation calls
93 * <code>AccessController.checkPermission</code>. In fact, all the other
94 * methods default to calling checkPermission.
96 * <p>Sometimes, the security check needs to happen from a different context,
97 * such as when called from a worker thread. In such cases, use
98 * <code>getSecurityContext</code> to take a snapshot that can be passed
99 * to the worker thread:<br>
101 * Object context = null;
102 * SecurityManager sm = System.getSecurityManager();
104 * context = sm.getSecurityContext(); // defaults to an AccessControlContext
105 * // now, in worker thread
107 * sm.checkPermission(permission, context);
110 * <p>Permissions fall into these categories: File, Socket, Net, Security,
111 * Runtime, Property, AWT, Reflect, and Serializable. Each of these
112 * permissions have a property naming convention, that follows a hierarchical
113 * naming convention, to make it easy to grant or deny several permissions
114 * at once. Some permissions also take a list of permitted actions, such
115 * as "read" or "write", to fine-tune control even more. The permission
116 * <code>java.security.AllPermission</code> grants all permissions.
118 * <p>The default methods in this class deny all things to all people. You
119 * must explicitly grant permission for anything you want to be legal when
120 * subclassing this class.
122 * @author John Keiser
123 * @author Eric Blake (ebb9@email.byu.edu)
125 * @see SecurityException
126 * @see #checkTopLevelWindow(Object)
127 * @see System#getSecurityManager()
128 * @see System#setSecurityManager(SecurityManager)
129 * @see AccessController
130 * @see AccessControlContext
131 * @see AccessControlException
133 * @see BasicPermission
134 * @see java.io.FilePermission
135 * @see java.net.SocketPermission
136 * @see java.util.PropertyPermission
137 * @see RuntimePermission
138 * @see java.awt.AWTPermission
140 * @see SecurityPermission
141 * @see ProtectionDomain
143 * @status still missing 1.4 functionality
145 public class SecurityManager
148 * The current security manager. This is located here instead of in
149 * System, to avoid security problems, as well as bootstrap issues.
150 * Make sure to access it in a thread-safe manner; it is package visible
151 * to avoid overhead in java.lang.
153 static volatile SecurityManager current
;
156 * Tells whether or not the SecurityManager is currently performing a
158 * @deprecated Use {@link #checkPermission(Permission)} instead.
160 protected boolean inCheck
;
163 * Construct a new security manager. There may be a security check, of
164 * <code>RuntimePermission("createSecurityManager")</code>.
166 * @throws SecurityException if permission is denied
168 public SecurityManager()
170 SecurityManager sm
= System
.getSecurityManager();
172 sm
.checkPermission(new RuntimePermission("createSecurityManager"));
176 * Tells whether or not the SecurityManager is currently performing a
179 * @return true if the SecurityManager is in a security check
181 * @deprecated use {@link #checkPermission(Permission)} instead
183 public boolean getInCheck()
189 * Get a list of all the classes currently executing methods on the Java
190 * stack. getClassContext()[0] is the currently executing method (ie. the
191 * class that CALLED getClassContext, not SecurityManager).
193 * @return an array of classes on the Java execution stack
195 protected Class
[] getClassContext()
197 Class
[] stack1
= VMStackWalker
.getClassContext();
198 Class
[] stack2
= new Class
[stack1
.length
- 1];
199 System
.arraycopy(stack1
, 1, stack2
, 0, stack1
.length
- 1);
204 * Find the ClassLoader of the first non-system class on the execution
205 * stack. A non-system class is one whose ClassLoader is not equal to
206 * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
207 * will return null in three cases:
210 * <li>All methods on the stack are from system classes</li>
211 * <li>All methods on the stack up to the first "privileged" caller, as
212 * created by {@link AccessController#doPrivileged(PrivilegedAction)},
213 * are from system classes</li>
214 * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
217 * @return the most recent non-system ClassLoader on the execution stack
218 * @deprecated use {@link #checkPermission(Permission)} instead
220 protected ClassLoader
currentClassLoader()
222 Class cl
= currentLoadedClass();
223 return cl
!= null ? cl
.getClassLoader() : null;
227 * Find the first non-system class on the execution stack. A non-system
228 * class is one whose ClassLoader is not equal to
229 * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
230 * will return null in three cases:
233 * <li>All methods on the stack are from system classes</li>
234 * <li>All methods on the stack up to the first "privileged" caller, as
235 * created by {@link AccessController#doPrivileged(PrivilegedAction)},
236 * are from system classes</li>
237 * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
240 * @return the most recent non-system Class on the execution stack
241 * @deprecated use {@link #checkPermission(Permission)} instead
243 protected Class
<?
> currentLoadedClass()
245 int i
= classLoaderDepth();
246 return i
>= 0 ?
getClassContext()[i
] : null;
250 * Get the depth of a particular class on the execution stack.
252 * @param className the fully-qualified name to search for
253 * @return the index of the class on the stack, or -1
254 * @deprecated use {@link #checkPermission(Permission)} instead
256 protected int classDepth(String className
)
258 Class
[] c
= getClassContext();
259 for (int i
= 0; i
< c
.length
; i
++)
260 if (className
.equals(c
[i
].getName()))
266 * Get the depth on the execution stack of the most recent non-system class.
267 * A non-system class is one whose ClassLoader is not equal to
268 * {@link ClassLoader#getSystemClassLoader()} or its ancestors. This
269 * will return -1 in three cases:
272 * <li>All methods on the stack are from system classes</li>
273 * <li>All methods on the stack up to the first "privileged" caller, as
274 * created by {@link AccessController#doPrivileged(PrivilegedAction)},
275 * are from system classes</li>
276 * <li>A check of <code>java.security.AllPermission</code> succeeds.</li>
279 * @return the index of the most recent non-system Class on the stack
280 * @deprecated use {@link #checkPermission(Permission)} instead
282 protected int classLoaderDepth()
286 checkPermission(new AllPermission());
288 catch (SecurityException e
)
290 Class
[] c
= getClassContext();
291 for (int i
= 0; i
< c
.length
; i
++)
292 if (c
[i
].getClassLoader() != null)
293 // XXX Check if c[i] is AccessController, or a system class.
300 * Tell whether the specified class is on the execution stack.
302 * @param className the fully-qualified name of the class to find
303 * @return whether the specified class is on the execution stack
304 * @deprecated use {@link #checkPermission(Permission)} instead
306 protected boolean inClass(String className
)
308 return classDepth(className
) != -1;
312 * Tell whether there is a class loaded with an explicit ClassLoader on
315 * @return whether a class with an explicit ClassLoader is on the stack
316 * @deprecated use {@link #checkPermission(Permission)} instead
318 protected boolean inClassLoader()
320 return classLoaderDepth() != -1;
324 * Get an implementation-dependent Object that contains enough information
325 * about the current environment to be able to perform standard security
326 * checks later. This is used by trusted methods that need to verify that
327 * their callers have sufficient access to perform certain operations.
329 * <p>Currently the only methods that use this are checkRead() and
330 * checkConnect(). The default implementation returns an
331 * <code>AccessControlContext</code>.
333 * @return a security context
334 * @see #checkConnect(String, int, Object)
335 * @see #checkRead(String, Object)
336 * @see AccessControlContext
337 * @see AccessController#getContext()
339 public Object
getSecurityContext()
341 return AccessController
.getContext();
345 * Check if the current thread is allowed to perform an operation that
346 * requires the specified <code>Permission</code>. This defaults to
347 * <code>AccessController.checkPermission</code>.
349 * @param perm the <code>Permission</code> required
350 * @throws SecurityException if permission is denied
351 * @throws NullPointerException if perm is null
354 public void checkPermission(Permission perm
)
356 AccessController
.checkPermission(perm
);
360 * Check if the current thread is allowed to perform an operation that
361 * requires the specified <code>Permission</code>. This is done in a
362 * context previously returned by <code>getSecurityContext()</code>. The
363 * default implementation expects context to be an AccessControlContext,
364 * and it calls <code>AccessControlContext.checkPermission(perm)</code>.
366 * @param perm the <code>Permission</code> required
367 * @param context a security context
368 * @throws SecurityException if permission is denied, or if context is
369 * not an AccessControlContext
370 * @throws NullPointerException if perm is null
371 * @see #getSecurityContext()
372 * @see AccessControlContext#checkPermission(Permission)
375 public void checkPermission(Permission perm
, Object context
)
377 if (! (context
instanceof AccessControlContext
))
378 throw new SecurityException("Missing context");
379 ((AccessControlContext
) context
).checkPermission(perm
);
383 * Check if the current thread is allowed to create a ClassLoader. This
384 * method is called from ClassLoader.ClassLoader(), and checks
385 * <code>RuntimePermission("createClassLoader")</code>. If you override
386 * this, you should call <code>super.checkCreateClassLoader()</code> rather
387 * than throwing an exception.
389 * @throws SecurityException if permission is denied
390 * @see ClassLoader#ClassLoader()
392 public void checkCreateClassLoader()
394 checkPermission(new RuntimePermission("createClassLoader"));
398 * Check if the current thread is allowed to modify another Thread. This is
399 * called by Thread.stop(), suspend(), resume(), interrupt(), destroy(),
400 * setPriority(), setName(), and setDaemon(). The default implementation
401 * checks <code>RuntimePermission("modifyThread")</code> on system threads
402 * (ie. threads in ThreadGroup with a null parent), and returns silently on
405 * <p>If you override this, you must do two things. First, call
406 * <code>super.checkAccess(t)</code>, to make sure you are not relaxing
407 * requirements. Second, if the calling thread has
408 * <code>RuntimePermission("modifyThread")</code>, return silently, so that
409 * core classes (the Classpath library!) can modify any thread.
411 * @param thread the other Thread to check
412 * @throws SecurityException if permission is denied
413 * @throws NullPointerException if thread is null
415 * @see Thread#suspend()
416 * @see Thread#resume()
417 * @see Thread#setPriority(int)
418 * @see Thread#setName(String)
419 * @see Thread#setDaemon(boolean)
421 public void checkAccess(Thread thread
)
423 if (thread
.getThreadGroup() != null
424 && thread
.getThreadGroup().parent
== null)
425 checkPermission(new RuntimePermission("modifyThread"));
429 * Check if the current thread is allowed to modify a ThreadGroup. This is
430 * called by Thread.Thread() (to add a thread to the ThreadGroup),
431 * ThreadGroup.ThreadGroup() (to add this ThreadGroup to a parent),
432 * ThreadGroup.stop(), suspend(), resume(), interrupt(), destroy(),
433 * setDaemon(), and setMaxPriority(). The default implementation
434 * checks <code>RuntimePermission("modifyThread")</code> on the system group
435 * (ie. the one with a null parent), and returns silently on other groups.
437 * <p>If you override this, you must do two things. First, call
438 * <code>super.checkAccess(t)</code>, to make sure you are not relaxing
439 * requirements. Second, if the calling thread has
440 * <code>RuntimePermission("modifyThreadGroup")</code>, return silently,
441 * so that core classes (the Classpath library!) can modify any thread.
443 * @param g the ThreadGroup to check
444 * @throws SecurityException if permission is denied
445 * @throws NullPointerException if g is null
446 * @see Thread#Thread()
447 * @see ThreadGroup#ThreadGroup(String)
448 * @see ThreadGroup#stop()
449 * @see ThreadGroup#suspend()
450 * @see ThreadGroup#resume()
451 * @see ThreadGroup#interrupt()
452 * @see ThreadGroup#setDaemon(boolean)
453 * @see ThreadGroup#setMaxPriority(int)
455 public void checkAccess(ThreadGroup g
)
457 if (g
.parent
== null)
458 checkPermission(new RuntimePermission("modifyThreadGroup"));
462 * Check if the current thread is allowed to exit the JVM with the given
463 * status. This method is called from Runtime.exit() and Runtime.halt().
464 * The default implementation checks
465 * <code>RuntimePermission("exitVM")</code>. If you override this, call
466 * <code>super.checkExit</code> rather than throwing an exception.
468 * @param status the status to exit with
469 * @throws SecurityException if permission is denied
470 * @see Runtime#exit(int)
471 * @see Runtime#halt(int)
473 public void checkExit(int status
)
475 checkPermission(new RuntimePermission("exitVM"));
479 * Check if the current thread is allowed to execute the given program. This
480 * method is called from Runtime.exec(). If the name is an absolute path,
481 * the default implementation checks
482 * <code>FilePermission(program, "execute")</code>, otherwise it checks
483 * <code>FilePermission("<<ALL FILES>>", "execute")</code>. If
484 * you override this, call <code>super.checkExec</code> rather than
485 * throwing an exception.
487 * @param program the name of the program to exec
488 * @throws SecurityException if permission is denied
489 * @throws NullPointerException if program is null
490 * @see Runtime#exec(String[], String[], File)
492 public void checkExec(String program
)
494 if (! program
.equals(new File(program
).getAbsolutePath()))
495 program
= "<<ALL FILES>>";
496 checkPermission(new FilePermission(program
, "execute"));
500 * Check if the current thread is allowed to link in the given native
501 * library. This method is called from Runtime.load() (and hence, by
502 * loadLibrary() as well). The default implementation checks
503 * <code>RuntimePermission("loadLibrary." + filename)</code>. If you
504 * override this, call <code>super.checkLink</code> rather than throwing
507 * @param filename the full name of the library to load
508 * @throws SecurityException if permission is denied
509 * @throws NullPointerException if filename is null
510 * @see Runtime#load(String)
512 public void checkLink(String filename
)
514 // Use the toString() hack to do the null check.
515 checkPermission(new RuntimePermission("loadLibrary."
516 + filename
.toString()));
520 * Check if the current thread is allowed to read the given file using the
521 * FileDescriptor. This method is called from
522 * FileInputStream.FileInputStream(). The default implementation checks
523 * <code>RuntimePermission("readFileDescriptor")</code>. If you override
524 * this, call <code>super.checkRead</code> rather than throwing an
527 * @param desc the FileDescriptor representing the file to access
528 * @throws SecurityException if permission is denied
529 * @throws NullPointerException if desc is null
530 * @see FileInputStream#FileInputStream(FileDescriptor)
532 public void checkRead(FileDescriptor desc
)
535 throw new NullPointerException();
536 checkPermission(new RuntimePermission("readFileDescriptor"));
540 * Check if the current thread is allowed to read the given file. This
541 * method is called from FileInputStream.FileInputStream(),
542 * RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(),
543 * isDirectory(), lastModified(), length() and list(). The default
544 * implementation checks <code>FilePermission(filename, "read")</code>. If
545 * you override this, call <code>super.checkRead</code> rather than
546 * throwing an exception.
548 * @param filename the full name of the file to access
549 * @throws SecurityException if permission is denied
550 * @throws NullPointerException if filename is null
552 * @see FileInputStream#FileInputStream(String)
553 * @see RandomAccessFile#RandomAccessFile(String, String)
555 public void checkRead(String filename
)
557 checkPermission(new FilePermission(filename
, "read"));
561 * Check if the current thread is allowed to read the given file. using the
562 * given security context. The context must be a result of a previous call
563 * to <code>getSecurityContext()</code>. The default implementation checks
564 * <code>AccessControlContext.checkPermission(new FilePermission(filename,
565 * "read"))</code>. If you override this, call <code>super.checkRead</code>
566 * rather than throwing an exception.
568 * @param filename the full name of the file to access
569 * @param context the context to determine access for
570 * @throws SecurityException if permission is denied, or if context is
571 * not an AccessControlContext
572 * @throws NullPointerException if filename is null
573 * @see #getSecurityContext()
574 * @see AccessControlContext#checkPermission(Permission)
576 public void checkRead(String filename
, Object context
)
578 if (! (context
instanceof AccessControlContext
))
579 throw new SecurityException("Missing context");
580 AccessControlContext ac
= (AccessControlContext
) context
;
581 ac
.checkPermission(new FilePermission(filename
, "read"));
585 * Check if the current thread is allowed to write the given file using the
586 * FileDescriptor. This method is called from
587 * FileOutputStream.FileOutputStream(). The default implementation checks
588 * <code>RuntimePermission("writeFileDescriptor")</code>. If you override
589 * this, call <code>super.checkWrite</code> rather than throwing an
592 * @param desc the FileDescriptor representing the file to access
593 * @throws SecurityException if permission is denied
594 * @throws NullPointerException if desc is null
595 * @see FileOutputStream#FileOutputStream(FileDescriptor)
597 public void checkWrite(FileDescriptor desc
)
600 throw new NullPointerException();
601 checkPermission(new RuntimePermission("writeFileDescriptor"));
605 * Check if the current thread is allowed to write the given file. This
606 * method is called from FileOutputStream.FileOutputStream(),
607 * RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and
608 * renameTo(). The default implementation checks
609 * <code>FilePermission(filename, "write")</code>. If you override this,
610 * call <code>super.checkWrite</code> rather than throwing an exception.
612 * @param filename the full name of the file to access
613 * @throws SecurityException if permission is denied
614 * @throws NullPointerException if filename is null
616 * @see File#canWrite()
618 * @see File#renameTo(File)
619 * @see FileOutputStream#FileOutputStream(String)
620 * @see RandomAccessFile#RandomAccessFile(String, String)
622 public void checkWrite(String filename
)
624 checkPermission(new FilePermission(filename
, "write"));
628 * Check if the current thread is allowed to delete the given file. This
629 * method is called from File.delete(). The default implementation checks
630 * <code>FilePermission(filename, "delete")</code>. If you override this,
631 * call <code>super.checkDelete</code> rather than throwing an exception.
633 * @param filename the full name of the file to delete
634 * @throws SecurityException if permission is denied
635 * @throws NullPointerException if filename is null
638 public void checkDelete(String filename
)
640 checkPermission(new FilePermission(filename
, "delete"));
644 * Check if the current thread is allowed to connect to a given host on a
645 * given port. This method is called from Socket.Socket(). A port number
646 * of -1 indicates the caller is attempting to determine an IP address, so
647 * the default implementation checks
648 * <code>SocketPermission(host, "resolve")</code>. Otherwise, the default
649 * implementation checks
650 * <code>SocketPermission(host + ":" + port, "connect")</code>. If you
651 * override this, call <code>super.checkConnect</code> rather than throwing
654 * @param host the host to connect to
655 * @param port the port to connect on
656 * @throws SecurityException if permission is denied
657 * @throws NullPointerException if host is null
658 * @see Socket#Socket()
660 public void checkConnect(String host
, int port
)
663 checkPermission(new SocketPermission(host
, "resolve"));
665 // Use the toString() hack to do the null check.
666 checkPermission(new SocketPermission(host
.toString() + ":" + port
,
671 * Check if the current thread is allowed to connect to a given host on a
672 * given port, using the given security context. The context must be a
673 * result of a previous call to <code>getSecurityContext</code>. A port
674 * number of -1 indicates the caller is attempting to determine an IP
675 * address, so the default implementation checks
676 * <code>AccessControlContext.checkPermission(new SocketPermission(host,
677 * "resolve"))</code>. Otherwise, the default implementation checks
678 * <code>AccessControlContext.checkPermission(new SocketPermission(host
679 * + ":" + port, "connect"))</code>. If you override this, call
680 * <code>super.checkConnect</code> rather than throwing an exception.
682 * @param host the host to connect to
683 * @param port the port to connect on
684 * @param context the context to determine access for
686 * @throws SecurityException if permission is denied, or if context is
687 * not an AccessControlContext
688 * @throws NullPointerException if host is null
690 * @see #getSecurityContext()
691 * @see AccessControlContext#checkPermission(Permission)
693 public void checkConnect(String host
, int port
, Object context
)
695 if (! (context
instanceof AccessControlContext
))
696 throw new SecurityException("Missing context");
697 AccessControlContext ac
= (AccessControlContext
) context
;
699 ac
.checkPermission(new SocketPermission(host
, "resolve"));
701 // Use the toString() hack to do the null check.
702 ac
.checkPermission(new SocketPermission(host
.toString() + ":" + port
,
707 * Check if the current thread is allowed to listen to a specific port for
708 * data. This method is called by ServerSocket.ServerSocket(). The default
709 * implementation checks
710 * <code>SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port),
711 * "listen")</code>. If you override this, call
712 * <code>super.checkListen</code> rather than throwing an exception.
714 * @param port the port to listen on
715 * @throws SecurityException if permission is denied
716 * @see ServerSocket#ServerSocket(int)
718 public void checkListen(int port
)
720 checkPermission(new SocketPermission("localhost:"
721 + (port
== 0 ?
"1024-" : "" +port
),
726 * Check if the current thread is allowed to accept a connection from a
727 * particular host on a particular port. This method is called by
728 * ServerSocket.implAccept(). The default implementation checks
729 * <code>SocketPermission(host + ":" + port, "accept")</code>. If you
730 * override this, call <code>super.checkAccept</code> rather than throwing
733 * @param host the host which wishes to connect
734 * @param port the port the connection will be on
735 * @throws SecurityException if permission is denied
736 * @throws NullPointerException if host is null
737 * @see ServerSocket#accept()
739 public void checkAccept(String host
, int port
)
741 // Use the toString() hack to do the null check.
742 checkPermission(new SocketPermission(host
.toString() + ":" + port
,
747 * Check if the current thread is allowed to read and write multicast to
748 * a particular address. The default implementation checks
749 * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>.
750 * If you override this, call <code>super.checkMulticast</code> rather than
751 * throwing an exception.
753 * @param addr the address to multicast to
754 * @throws SecurityException if permission is denied
755 * @throws NullPointerException if host is null
758 public void checkMulticast(InetAddress addr
)
760 checkPermission(new SocketPermission(addr
.getHostAddress(),
765 *Check if the current thread is allowed to read and write multicast to
766 * a particular address with a particular ttl (time-to-live) value. The
767 * default implementation ignores ttl, and checks
768 * <code>SocketPermission(addr.getHostAddress(), "accept,connect")</code>.
769 * If you override this, call <code>super.checkMulticast</code> rather than
770 * throwing an exception.
772 * @param addr the address to multicast to
773 * @param ttl value in use for multicast send
774 * @throws SecurityException if permission is denied
775 * @throws NullPointerException if host is null
777 * @deprecated use {@link #checkPermission(Permission)} instead
779 public void checkMulticast(InetAddress addr
, byte ttl
)
781 checkPermission(new SocketPermission(addr
.getHostAddress(),
786 * Check if the current thread is allowed to read or write all the system
787 * properties at once. This method is called by System.getProperties()
788 * and setProperties(). The default implementation checks
789 * <code>PropertyPermission("*", "read,write")</code>. If you override
790 * this, call <code>super.checkPropertiesAccess</code> rather than
791 * throwing an exception.
793 * @throws SecurityException if permission is denied
794 * @see System#getProperties()
795 * @see System#setProperties(Properties)
797 public void checkPropertiesAccess()
799 checkPermission(new PropertyPermission("*", "read,write"));
803 * Check if the current thread is allowed to read a particular system
804 * property (writes are checked directly via checkPermission). This method
805 * is called by System.getProperty() and setProperty(). The default
806 * implementation checks <code>PropertyPermission(key, "read")</code>. If
807 * you override this, call <code>super.checkPropertyAccess</code> rather
808 * than throwing an exception.
810 * @param key the key of the property to check
812 * @throws SecurityException if permission is denied
813 * @throws NullPointerException if key is null
814 * @throws IllegalArgumentException if key is ""
816 * @see System#getProperty(String)
818 public void checkPropertyAccess(String key
)
820 checkPermission(new PropertyPermission(key
, "read"));
824 * Check if the current thread is allowed to create a top-level window. If
825 * it is not, the operation should still go through, but some sort of
826 * nonremovable warning should be placed on the window to show that it
827 * is untrusted. This method is called by Window.Window(). The default
828 * implementation checks
829 * <code>AWTPermission("showWindowWithoutWarningBanner")</code>, and returns
830 * true if no exception was thrown. If you override this, use
831 * <code>return super.checkTopLevelWindow</code> rather than returning
834 * @param window the window to create
835 * @return true if there is permission to show the window without warning
836 * @throws NullPointerException if window is null
837 * @see java.awt.Window#Window(java.awt.Frame)
839 public boolean checkTopLevelWindow(Object window
)
842 throw new NullPointerException();
845 checkPermission(new AWTPermission("showWindowWithoutWarningBanner"));
848 catch (SecurityException e
)
855 * Check if the current thread is allowed to create a print job. This
856 * method is called by Toolkit.getPrintJob(). The default implementation
857 * checks <code>RuntimePermission("queuePrintJob")</code>. If you override
858 * this, call <code>super.checkPrintJobAccess</code> rather than throwing
861 * @throws SecurityException if permission is denied
862 * @see java.awt.Toolkit#getPrintJob(java.awt.Frame, String, Properties)
865 public void checkPrintJobAccess()
867 checkPermission(new RuntimePermission("queuePrintJob"));
871 * Check if the current thread is allowed to use the system clipboard. This
872 * method is called by Toolkit.getSystemClipboard(). The default
873 * implementation checks <code>AWTPermission("accessClipboard")</code>. If
874 * you override this, call <code>super.checkSystemClipboardAccess</code>
875 * rather than throwing an exception.
877 * @throws SecurityException if permission is denied
878 * @see java.awt.Toolkit#getSystemClipboard()
881 public void checkSystemClipboardAccess()
883 checkPermission(new AWTPermission("accessClipboard"));
887 * Check if the current thread is allowed to use the AWT event queue. This
888 * method is called by Toolkit.getSystemEventQueue(). The default
889 * implementation checks <code>AWTPermission("accessEventQueue")</code>.
890 * you override this, call <code>super.checkAwtEventQueueAccess</code>
891 * rather than throwing an exception.
893 * @throws SecurityException if permission is denied
894 * @see java.awt.Toolkit#getSystemEventQueue()
897 public void checkAwtEventQueueAccess()
899 checkPermission(new AWTPermission("accessEventQueue"));
903 * Check if the current thread is allowed to access the specified package
904 * at all. This method is called by ClassLoader.loadClass() in user-created
905 * ClassLoaders. The default implementation gets a list of all restricted
906 * packages, via <code>Security.getProperty("package.access")</code>. Then,
907 * if packageName starts with or equals any restricted package, it checks
908 * <code>RuntimePermission("accessClassInPackage." + packageName)</code>.
909 * If you override this, you should call
910 * <code>super.checkPackageAccess</code> before doing anything else.
912 * @param packageName the package name to check access to
913 * @throws SecurityException if permission is denied
914 * @throws NullPointerException if packageName is null
915 * @see ClassLoader#loadClass(String, boolean)
916 * @see Security#getProperty(String)
918 public void checkPackageAccess(String packageName
)
920 checkPackageList(packageName
, "package.access", "accessClassInPackage.");
924 * Check if the current thread is allowed to define a class into the
925 * specified package. This method is called by ClassLoader.loadClass() in
926 * user-created ClassLoaders. The default implementation gets a list of all
927 * restricted packages, via
928 * <code>Security.getProperty("package.definition")</code>. Then, if
929 * packageName starts with or equals any restricted package, it checks
930 * <code>RuntimePermission("defineClassInPackage." + packageName)</code>.
931 * If you override this, you should call
932 * <code>super.checkPackageDefinition</code> before doing anything else.
934 * @param packageName the package name to check access to
935 * @throws SecurityException if permission is denied
936 * @throws NullPointerException if packageName is null
937 * @see ClassLoader#loadClass(String, boolean)
938 * @see Security#getProperty(String)
940 public void checkPackageDefinition(String packageName
)
942 checkPackageList(packageName
, "package.definition", "defineClassInPackage.");
946 * Check if the current thread is allowed to set the current socket factory.
947 * This method is called by Socket.setSocketImplFactory(),
948 * ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory().
949 * The default implementation checks
950 * <code>RuntimePermission("setFactory")</code>. If you override this, call
951 * <code>super.checkSetFactory</code> rather than throwing an exception.
953 * @throws SecurityException if permission is denied
954 * @see Socket#setSocketImplFactory(SocketImplFactory)
955 * @see ServerSocket#setSocketFactory(SocketImplFactory)
956 * @see URL#setURLStreamHandlerFactory(URLStreamHandlerFactory)
958 public void checkSetFactory()
960 checkPermission(new RuntimePermission("setFactory"));
964 * Check if the current thread is allowed to get certain types of Methods,
965 * Fields and Constructors from a Class object. This method is called by
966 * Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s],
967 * Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and
968 * Class.getDeclaredConstructor[s](). The default implementation allows
969 * PUBLIC access, and access to classes defined by the same classloader as
970 * the code performing the reflection. Otherwise, it checks
971 * <code>RuntimePermission("accessDeclaredMembers")</code>. If you override
972 * this, do not call <code>super.checkMemberAccess</code>, as this would
973 * mess up the stack depth check that determines the ClassLoader requesting
976 * @param c the Class to check
977 * @param memberType either DECLARED or PUBLIC
978 * @throws SecurityException if permission is denied, including when
979 * memberType is not DECLARED or PUBLIC
980 * @throws NullPointerException if c is null
982 * @see Member#DECLARED
986 public void checkMemberAccess(Class
<?
> c
, int memberType
)
989 throw new NullPointerException();
990 if (memberType
== Member
.PUBLIC
)
992 // XXX Allow access to classes created by same classloader before next
994 checkPermission(new RuntimePermission("accessDeclaredMembers"));
998 * Test whether a particular security action may be taken. The default
999 * implementation checks <code>SecurityPermission(action)</code>. If you
1000 * override this, call <code>super.checkSecurityAccess</code> rather than
1001 * throwing an exception.
1003 * @param action the desired action to take
1004 * @throws SecurityException if permission is denied
1005 * @throws NullPointerException if action is null
1006 * @throws IllegalArgumentException if action is ""
1009 public void checkSecurityAccess(String action
)
1011 checkPermission(new SecurityPermission(action
));
1015 * Get the ThreadGroup that a new Thread should belong to by default. Called
1016 * by Thread.Thread(). The default implementation returns the current
1017 * ThreadGroup of the current Thread. <STRONG>Spec Note:</STRONG> it is not
1018 * clear whether the new Thread is guaranteed to pass the
1019 * checkAccessThreadGroup() test when using this ThreadGroup, but I presume
1022 * @return the ThreadGroup to put the new Thread into
1025 public ThreadGroup
getThreadGroup()
1027 return Thread
.currentThread().getThreadGroup();
1031 * Helper that checks a comma-separated list of restricted packages, from
1032 * <code>Security.getProperty("package.definition")</code>, for the given
1033 * package access permission. If packageName starts with or equals any
1034 * restricted package, it checks
1035 * <code>RuntimePermission(permission + packageName)</code>.
1037 * @param packageName the package name to check access to
1038 * @param restriction "package.access" or "package.definition"
1039 * @param permission the base permission, including the '.'
1040 * @throws SecurityException if permission is denied
1041 * @throws NullPointerException if packageName is null
1042 * @see #checkPackageAccess(String)
1043 * @see #checkPackageDefinition(String)
1045 void checkPackageList(String packageName
, final String restriction
,
1048 if (packageName
== null)
1049 throw new NullPointerException();
1051 String list
= (String
)AccessController
.doPrivileged(new PrivilegedAction()
1055 return Security
.getProperty(restriction
);
1059 if (list
== null || list
.equals(""))
1062 String packageNamePlusDot
= packageName
+ ".";
1064 StringTokenizer st
= new StringTokenizer(list
, ",");
1065 while (st
.hasMoreTokens())
1067 if (packageNamePlusDot
.startsWith(st
.nextToken()))
1069 Permission p
= new RuntimePermission(permission
+ packageName
);