/** Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.** This code is free software; you can redistribute it and/or modify it* under the terms of the GNU General Public License version 2 only, as* published by the Free Software Foundation. Oracle designates this* particular file as subject to the "Classpath" exception as provided* by Oracle in the LICENSE file that accompanied this code.** This code is distributed in the hope that it will be useful, but WITHOUT* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License* version 2 for more details (a copy is included in the LICENSE file that* accompanied this code).** You should have received a copy of the GNU General Public License version* 2 along with this work; if not, write to the Free Software Foundation,* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.** Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA* or visit www.oracle.com if you need additional information or have any* questions.*/package java.lang;import java.lang.module.ModuleDescriptor;import java.lang.module.ModuleDescriptor.Exports;import java.lang.module.ModuleDescriptor.Opens;import java.lang.reflect.Member;import java.io.FileDescriptor;import java.io.File;import java.io.FilePermission;import java.net.InetAddress;import java.net.SocketPermission;import java.security.AccessControlContext;import java.security.AccessController;import java.security.Permission;import java.security.PrivilegedAction;import java.security.Security;import java.security.SecurityPermission;import java.util.HashSet;import java.util.Map;import java.util.Objects;import java.util.PropertyPermission;import java.util.Set;import java.util.concurrent.ConcurrentHashMap;import jdk.internal.module.ModuleLoaderMap;import jdk.internal.reflect.CallerSensitive;import sun.security.util.SecurityConstants;/*** The security manager is a class that allows* applications to implement a security policy. It allows an* application to determine, before performing a possibly unsafe or* sensitive operation, what the operation is and whether* it is being attempted in a security context that allows the* operation to be performed. The* application can allow or disallow the operation.* <p>* The <code>SecurityManager</code> class contains many methods with* names that begin with the word <code>check</code>. These methods* are called by various methods in the Java libraries before those* methods perform certain potentially sensitive operations. The* invocation of such a <code>check</code> method typically looks like this:* <blockquote><pre>* SecurityManager security = System.getSecurityManager();* if (security != null) {* security.check<i>XXX</i>(argument, . . . );* }* </pre></blockquote>* <p>* The security manager is thereby given an opportunity to prevent* completion of the operation by throwing an exception. A security* manager routine simply returns if the operation is permitted, but* throws a <code>SecurityException</code> if the operation is not* permitted.* <p>* Environments using a security manager will typically set the security* manager at startup. In the JDK implementation, this is done by setting* the system property {@code java.security.manager} on the command line to* the class name of the security manager. It can also be set to the empty* String ("") or the special token "{@code default}" to use the* default {@code java.lang.SecurityManager}. If a class name is specified,* it must be {@code java.lang.SecurityManager} or a public subclass and have* a public no-arg constructor. The class is loaded by the* {@linkplain ClassLoader#getSystemClassLoader() built-in system class loader}* if it is not {@code java.lang.SecurityManager}. If the* {@code java.security.manager} system property is not set, the default value* is {@code null}, which means a security manager will not be set at startup.* <p>* The Java run-time may also allow, but is not required to allow, the security* manager to be set dynamically by invoking the* {@link System#setSecurityManager(SecurityManager) setSecurityManager} method.* In the JDK implementation, if the Java virtual machine is started with* the {@code java.security.manager} system property set to the special token* "{@code disallow}" then a security manager will not be set at startup and* cannot be set dynamically (the* {@link System#setSecurityManager(SecurityManager) setSecurityManager}* method will throw an {@code UnsupportedOperationException}). If the* {@code java.security.manager} system property is not set or is set to the* special token "{@code allow}", then a security manager will not be set at* startup but can be set dynamically. Finally, if the* {@code java.security.manager} system property is set to the class name of* the security manager, or to the empty String ("") or the special token* "{@code default}", then a security manager is set at startup (as described* previously) and can also be subsequently replaced (or disabled) dynamically* (subject to the policy of the currently installed security manager). The* following table illustrates the behavior of the JDK implementation for the* different settings of the {@code java.security.manager} system property:* <table class="striped">* <caption style="display:none">property value,* the SecurityManager set at startup,* can dynamically set a SecurityManager* </caption>* <thead>* <tr>* <th scope="col">Property Value</th>* <th scope="col">The SecurityManager set at startup</th>* <th scope="col">System.setSecurityManager run-time behavior</th>* </tr>* </thead>* <tbody>** <tr>* <th scope="row">null</th>* <td>None</td>* <td>Success or throws {@code SecurityException} if not permitted by* the currently installed security manager</td>* </tr>** <tr>* <th scope="row">empty String ("")</th>* <td>{@code java.lang.SecurityManager}</td>* <td>Success or throws {@code SecurityException} if not permitted by* the currently installed security manager</td>* </tr>** <tr>* <th scope="row">"default"</th>* <td>{@code java.lang.SecurityManager}</td>* <td>Success or throws {@code SecurityException} if not permitted by* the currently installed security manager</td>* </tr>** <tr>* <th scope="row">"disallow"</th>* <td>None</td>* <td>Always throws {@code UnsupportedOperationException}</td>* </tr>** <tr>* <th scope="row">"allow"</th>* <td>None</td>* <td>Success or throws {@code SecurityException} if not permitted by* the currently installed security manager</td>* </tr>** <tr>* <th scope="row">a class name</th>* <td>the named class</td>* <td>Success or throws {@code SecurityException} if not permitted by* the currently installed security manager</td>* </tr>** </tbody>* </table>* <p> A future release of the JDK may change the default value of the* {@code java.security.manager} system property to "{@code disallow}".* <p>* The current security manager is returned by the* {@link System#getSecurityManager() getSecurityManager} method.* <p>* The special method* {@link SecurityManager#checkPermission(java.security.Permission)}* determines whether an access request indicated by a specified* permission should be granted or denied. The* default implementation calls** <pre>* AccessController.checkPermission(perm);* </pre>** <p>* If a requested access is allowed,* <code>checkPermission</code> returns quietly. If denied, a* <code>SecurityException</code> is thrown.* <p>* The default implementation of each of the other* <code>check</code> methods in <code>SecurityManager</code> is to* call the <code>SecurityManager checkPermission</code> method* to determine if the calling thread has permission to perform the requested* operation.* <p>* Note that the <code>checkPermission</code> method with* just a single permission argument always performs security checks* within the context of the currently executing thread.* Sometimes a security check that should be made within a given context* will actually need to be done from within a* <i>different</i> context (for example, from within a worker thread).* The {@link SecurityManager#getSecurityContext getSecurityContext} method* and the {@link SecurityManager#checkPermission(java.security.Permission,* java.lang.Object) checkPermission}* method that includes a context argument are provided* for this situation. The* <code>getSecurityContext</code> method returns a "snapshot"* of the current calling context. (The default implementation* returns an AccessControlContext object.) A sample call is* the following:** <pre>* Object context = null;* SecurityManager sm = System.getSecurityManager();* if (sm != null) context = sm.getSecurityContext();* </pre>** <p>* The <code>checkPermission</code> method* that takes a context object in addition to a permission* makes access decisions based on that context,* rather than on that of the current execution thread.* Code within a different context can thus call that method,* passing the permission and the* previously-saved context object. A sample call, using the* SecurityManager <code>sm</code> obtained as in the previous example,* is the following:** <pre>* if (sm != null) sm.checkPermission(permission, context);* </pre>** <p>Permissions fall into these categories: File, Socket, Net,* Security, Runtime, Property, AWT, Reflect, and Serializable.* The classes managing these various* permission categories are <code>java.io.FilePermission</code>,* <code>java.net.SocketPermission</code>,* <code>java.net.NetPermission</code>,* <code>java.security.SecurityPermission</code>,* <code>java.lang.RuntimePermission</code>,* <code>java.util.PropertyPermission</code>,* <code>java.awt.AWTPermission</code>,* <code>java.lang.reflect.ReflectPermission</code>, and* <code>java.io.SerializablePermission</code>.** <p>All but the first two (FilePermission and SocketPermission) are* subclasses of <code>java.security.BasicPermission</code>, which itself* is an abstract subclass of the* top-level class for permissions, which is* <code>java.security.Permission</code>. BasicPermission defines the* functionality needed for all permissions that contain a name* that follows the hierarchical property naming convention* (for example, "exitVM", "setFactory", "queuePrintJob", etc).* An asterisk* may appear at the end of the name, following a ".", or by itself, to* signify a wildcard match. For example: "a.*" or "*" is valid,* "*a" or "a*b" is not valid.** <p>FilePermission and SocketPermission are subclasses of the* top-level class for permissions* (<code>java.security.Permission</code>). Classes like these* that have a more complicated name syntax than that used by* BasicPermission subclass directly from Permission rather than from* BasicPermission. For example,* for a <code>java.io.FilePermission</code> object, the permission name is* the path name of a file (or directory).** <p>Some of the permission classes have an "actions" list that tells* the actions that are permitted for the object. For example,* for a <code>java.io.FilePermission</code> object, the actions list* (such as "read, write") specifies which actions are granted for the* specified file (or for files in the specified directory).** <p>Other permission classes are for "named" permissions -* ones that contain a name but no actions list; you either have the* named permission or you don't.** <p>Note: There is also a <code>java.security.AllPermission</code>* permission that implies all permissions. It exists to simplify the work* of system administrators who might need to perform multiple* tasks that require all (or numerous) permissions.* <p>* See {@extLink security_guide_permissions* Permissions in the Java Development Kit (JDK)}* for permission-related information.* This document includes a table listing the various SecurityManager* <code>check</code> methods and the permission(s) the default* implementation of each such method requires.* It also contains a table of the methods* that require permissions, and for each such method tells* which permission it requires.** @author Arthur van Hoff* @author Roland Schemers** @see java.lang.ClassLoader* @see java.lang.SecurityException* @see java.lang.System#getSecurityManager() getSecurityManager* @see java.lang.System#setSecurityManager(java.lang.SecurityManager)* setSecurityManager* @see java.security.AccessController AccessController* @see java.security.AccessControlContext AccessControlContext* @see java.security.AccessControlException AccessControlException* @see java.security.Permission* @see java.security.BasicPermission* @see java.io.FilePermission* @see java.net.SocketPermission* @see java.util.PropertyPermission* @see java.lang.RuntimePermission* @see java.security.Policy Policy* @see java.security.SecurityPermission SecurityPermission* @see java.security.ProtectionDomain** @since 1.0*/public class SecurityManager {/** Have we been initialized. Effective against finalizer attacks.*/private boolean initialized = false;/*** Constructs a new <code>SecurityManager</code>.** <p> If there is a security manager already installed, this method first* calls the security manager's <code>checkPermission</code> method* with the <code>RuntimePermission("createSecurityManager")</code>* permission to ensure the calling thread has permission to create a new* security manager.* This may result in throwing a <code>SecurityException</code>.** @exception java.lang.SecurityException if a security manager already* exists and its <code>checkPermission</code> method* doesn't allow creation of a new security manager.* @see java.lang.System#getSecurityManager()* @see #checkPermission(java.security.Permission) checkPermission* @see java.lang.RuntimePermission*/public SecurityManager() {synchronized(SecurityManager.class) {SecurityManager sm = System.getSecurityManager();if (sm != null) {// ask the currently installed security manager if we// can create a new one.sm.checkPermission(new RuntimePermission("createSecurityManager"));}initialized = true;}}/*** Returns the current execution stack as an array of classes.* <p>* The length of the array is the number of methods on the execution* stack. The element at index <code>0</code> is the class of the* currently executing method, the element at index <code>1</code> is* the class of that method's caller, and so on.** @return the execution stack.*/protected native Class<?>[] getClassContext();/*** Creates an object that encapsulates the current execution* environment. The result of this method is used, for example, by the* three-argument <code>checkConnect</code> method and by the* two-argument <code>checkRead</code> method.* These methods are needed because a trusted method may be called* on to read a file or open a socket on behalf of another method.* The trusted method needs to determine if the other (possibly* untrusted) method would be allowed to perform the operation on its* own.* <p> The default implementation of this method is to return* an <code>AccessControlContext</code> object.** @return an implementation-dependent object that encapsulates* sufficient information about the current execution environment* to perform some security checks later.* @see java.lang.SecurityManager#checkConnect(java.lang.String, int,* java.lang.Object) checkConnect* @see java.lang.SecurityManager#checkRead(java.lang.String,* java.lang.Object) checkRead* @see java.security.AccessControlContext AccessControlContext*/public Object getSecurityContext() {return AccessController.getContext();}/*** Throws a <code>SecurityException</code> if the requested* access, specified by the given permission, is not permitted based* on the security policy currently in effect.* <p>* This method calls <code>AccessController.checkPermission</code>* with the given permission.** @param perm the requested permission.* @exception SecurityException if access is not permitted based on* the current security policy.* @exception NullPointerException if the permission argument is* <code>null</code>.* @since 1.2*/public void checkPermission(Permission perm) {java.security.AccessController.checkPermission(perm);}/*** Throws a <code>SecurityException</code> if the* specified security context is denied access to the resource* specified by the given permission.* The context must be a security* context returned by a previous call to* <code>getSecurityContext</code> and the access control* decision is based upon the configured security policy for* that security context.* <p>* If <code>context</code> is an instance of* <code>AccessControlContext</code> then the* <code>AccessControlContext.checkPermission</code> method is* invoked with the specified permission.* <p>* If <code>context</code> is not an instance of* <code>AccessControlContext</code> then a* <code>SecurityException</code> is thrown.** @param perm the specified permission* @param context a system-dependent security context.* @exception SecurityException if the specified security context* is not an instance of <code>AccessControlContext</code>* (e.g., is <code>null</code>), or is denied access to the* resource specified by the given permission.* @exception NullPointerException if the permission argument is* <code>null</code>.* @see java.lang.SecurityManager#getSecurityContext()* @see java.security.AccessControlContext#checkPermission(java.security.Permission)* @since 1.2*/public void checkPermission(Permission perm, Object context) {if (context instanceof AccessControlContext) {((AccessControlContext)context).checkPermission(perm);} else {throw new SecurityException();}}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to create a new class loader.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("createClassLoader")</code>* permission.* <p>* If you override this method, then you should make a call to* <code>super.checkCreateClassLoader</code>* at the point the overridden method would normally throw an* exception.** @exception SecurityException if the calling thread does not* have permission* to create a new class loader.* @see java.lang.ClassLoader#ClassLoader()* @see #checkPermission(java.security.Permission) checkPermission*/public void checkCreateClassLoader() {checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);}/*** reference to the root thread group, used for the checkAccess* methods.*/private static ThreadGroup rootGroup = getRootGroup();private static ThreadGroup getRootGroup() {ThreadGroup root = Thread.currentThread().getThreadGroup();while (root.getParent() != null) {root = root.getParent();}return root;}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to modify the thread argument.* <p>* This method is invoked for the current security manager by the* <code>stop</code>, <code>suspend</code>, <code>resume</code>,* <code>setPriority</code>, <code>setName</code>, and* <code>setDaemon</code> methods of class <code>Thread</code>.* <p>* If the thread argument is a system thread (belongs to* the thread group with a <code>null</code> parent) then* this method calls <code>checkPermission</code> with the* <code>RuntimePermission("modifyThread")</code> permission.* If the thread argument is <i>not</i> a system thread,* this method just returns silently.* <p>* Applications that want a stricter policy should override this* method. If this method is overridden, the method that overrides* it should additionally check to see if the calling thread has the* <code>RuntimePermission("modifyThread")</code> permission, and* if so, return silently. This is to ensure that code granted* that permission (such as the JDK itself) is allowed to* manipulate any thread.* <p>* If this method is overridden, then* <code>super.checkAccess</code> should* be called by the first statement in the overridden method, or the* equivalent security check should be placed in the overridden method.** @param t the thread to be checked.* @exception SecurityException if the calling thread does not have* permission to modify the thread.* @exception NullPointerException if the thread argument is* <code>null</code>.* @see java.lang.Thread#resume() resume* @see java.lang.Thread#setDaemon(boolean) setDaemon* @see java.lang.Thread#setName(java.lang.String) setName* @see java.lang.Thread#setPriority(int) setPriority* @see java.lang.Thread#stop() stop* @see java.lang.Thread#suspend() suspend* @see #checkPermission(java.security.Permission) checkPermission*/public void checkAccess(Thread t) {if (t == null) {throw new NullPointerException("thread can't be null");}if (t.getThreadGroup() == rootGroup) {checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);} else {// just return}}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to modify the thread group argument.* <p>* This method is invoked for the current security manager when a* new child thread or child thread group is created, and by the* <code>setDaemon</code>, <code>setMaxPriority</code>,* <code>stop</code>, <code>suspend</code>, <code>resume</code>, and* <code>destroy</code> methods of class <code>ThreadGroup</code>.* <p>* If the thread group argument is the system thread group (* has a <code>null</code> parent) then* this method calls <code>checkPermission</code> with the* <code>RuntimePermission("modifyThreadGroup")</code> permission.* If the thread group argument is <i>not</i> the system thread group,* this method just returns silently.* <p>* Applications that want a stricter policy should override this* method. If this method is overridden, the method that overrides* it should additionally check to see if the calling thread has the* <code>RuntimePermission("modifyThreadGroup")</code> permission, and* if so, return silently. This is to ensure that code granted* that permission (such as the JDK itself) is allowed to* manipulate any thread.* <p>* If this method is overridden, then* <code>super.checkAccess</code> should* be called by the first statement in the overridden method, or the* equivalent security check should be placed in the overridden method.** @param g the thread group to be checked.* @exception SecurityException if the calling thread does not have* permission to modify the thread group.* @exception NullPointerException if the thread group argument is* <code>null</code>.* @see java.lang.ThreadGroup#destroy() destroy* @see java.lang.ThreadGroup#resume() resume* @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon* @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority* @see java.lang.ThreadGroup#stop() stop* @see java.lang.ThreadGroup#suspend() suspend* @see #checkPermission(java.security.Permission) checkPermission*/public void checkAccess(ThreadGroup g) {if (g == null) {throw new NullPointerException("thread group can't be null");}if (g == rootGroup) {checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);} else {// just return}}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to cause the Java Virtual Machine to* halt with the specified status code.* <p>* This method is invoked for the current security manager by the* <code>exit</code> method of class <code>Runtime</code>. A status* of <code>0</code> indicates success; other values indicate various* errors.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("exitVM."+status)</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkExit</code>* at the point the overridden method would normally throw an* exception.** @param status the exit status.* @exception SecurityException if the calling thread does not have* permission to halt the Java Virtual Machine with* the specified status.* @see java.lang.Runtime#exit(int) exit* @see #checkPermission(java.security.Permission) checkPermission*/public void checkExit(int status) {checkPermission(new RuntimePermission("exitVM."+status));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to create a subprocess.* <p>* This method is invoked for the current security manager by the* <code>exec</code> methods of class <code>Runtime</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>FilePermission(cmd,"execute")</code> permission* if cmd is an absolute path, otherwise it calls* <code>checkPermission</code> with* <code>FilePermission("<<ALL FILES>>","execute")</code>.* <p>* If you override this method, then you should make a call to* <code>super.checkExec</code>* at the point the overridden method would normally throw an* exception.** @param cmd the specified system command.* @exception SecurityException if the calling thread does not have* permission to create a subprocess.* @exception NullPointerException if the <code>cmd</code> argument is* <code>null</code>.* @see java.lang.Runtime#exec(java.lang.String)* @see java.lang.Runtime#exec(java.lang.String, java.lang.String[])* @see java.lang.Runtime#exec(java.lang.String[])* @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[])* @see #checkPermission(java.security.Permission) checkPermission*/public void checkExec(String cmd) {File f = new File(cmd);if (f.isAbsolute()) {checkPermission(new FilePermission(cmd,SecurityConstants.FILE_EXECUTE_ACTION));} else {checkPermission(new FilePermission("<<ALL FILES>>",SecurityConstants.FILE_EXECUTE_ACTION));}}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to dynamic link the library code* specified by the string argument file. The argument is either a* simple library name or a complete filename.* <p>* This method is invoked for the current security manager by* methods <code>load</code> and <code>loadLibrary</code> of class* <code>Runtime</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("loadLibrary."+lib)</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkLink</code>* at the point the overridden method would normally throw an* exception.** @param lib the name of the library.* @exception SecurityException if the calling thread does not have* permission to dynamically link the library.* @exception NullPointerException if the <code>lib</code> argument is* <code>null</code>.* @see java.lang.Runtime#load(java.lang.String)* @see java.lang.Runtime#loadLibrary(java.lang.String)* @see #checkPermission(java.security.Permission) checkPermission*/public void checkLink(String lib) {if (lib == null) {throw new NullPointerException("library can't be null");}checkPermission(new RuntimePermission("loadLibrary."+lib));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to read from the specified file* descriptor.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("readFileDescriptor")</code>* permission.* <p>* If you override this method, then you should make a call to* <code>super.checkRead</code>* at the point the overridden method would normally throw an* exception.** @param fd the system-dependent file descriptor.* @exception SecurityException if the calling thread does not have* permission to access the specified file descriptor.* @exception NullPointerException if the file descriptor argument is* <code>null</code>.* @see java.io.FileDescriptor* @see #checkPermission(java.security.Permission) checkPermission*/public void checkRead(FileDescriptor fd) {if (fd == null) {throw new NullPointerException("file descriptor can't be null");}checkPermission(new RuntimePermission("readFileDescriptor"));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to read the file specified by the* string argument.* <p>* This method calls <code>checkPermission</code> with the* <code>FilePermission(file,"read")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkRead</code>* at the point the overridden method would normally throw an* exception.** @param file the system-dependent file name.* @exception SecurityException if the calling thread does not have* permission to access the specified file.* @exception NullPointerException if the <code>file</code> argument is* <code>null</code>.* @see #checkPermission(java.security.Permission) checkPermission*/public void checkRead(String file) {checkPermission(new FilePermission(file,SecurityConstants.FILE_READ_ACTION));}/*** Throws a <code>SecurityException</code> if the* specified security context is not allowed to read the file* specified by the string argument. The context must be a security* context returned by a previous call to* <code>getSecurityContext</code>.* <p> If <code>context</code> is an instance of* <code>AccessControlContext</code> then the* <code>AccessControlContext.checkPermission</code> method will* be invoked with the <code>FilePermission(file,"read")</code> permission.* <p> If <code>context</code> is not an instance of* <code>AccessControlContext</code> then a* <code>SecurityException</code> is thrown.* <p>* If you override this method, then you should make a call to* <code>super.checkRead</code>* at the point the overridden method would normally throw an* exception.** @param file the system-dependent filename.* @param context a system-dependent security context.* @exception SecurityException if the specified security context* is not an instance of <code>AccessControlContext</code>* (e.g., is <code>null</code>), or does not have permission* to read the specified file.* @exception NullPointerException if the <code>file</code> argument is* <code>null</code>.* @see java.lang.SecurityManager#getSecurityContext()* @see java.security.AccessControlContext#checkPermission(java.security.Permission)*/public void checkRead(String file, Object context) {checkPermission(new FilePermission(file, SecurityConstants.FILE_READ_ACTION),context);}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to write to the specified file* descriptor.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("writeFileDescriptor")</code>* permission.* <p>* If you override this method, then you should make a call to* <code>super.checkWrite</code>* at the point the overridden method would normally throw an* exception.** @param fd the system-dependent file descriptor.* @exception SecurityException if the calling thread does not have* permission to access the specified file descriptor.* @exception NullPointerException if the file descriptor argument is* <code>null</code>.* @see java.io.FileDescriptor* @see #checkPermission(java.security.Permission) checkPermission*/public void checkWrite(FileDescriptor fd) {if (fd == null) {throw new NullPointerException("file descriptor can't be null");}checkPermission(new RuntimePermission("writeFileDescriptor"));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to write to the file specified by* the string argument.* <p>* This method calls <code>checkPermission</code> with the* <code>FilePermission(file,"write")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkWrite</code>* at the point the overridden method would normally throw an* exception.** @param file the system-dependent filename.* @exception SecurityException if the calling thread does not* have permission to access the specified file.* @exception NullPointerException if the <code>file</code> argument is* <code>null</code>.* @see #checkPermission(java.security.Permission) checkPermission*/public void checkWrite(String file) {checkPermission(new FilePermission(file,SecurityConstants.FILE_WRITE_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to delete the specified file.* <p>* This method is invoked for the current security manager by the* <code>delete</code> method of class <code>File</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>FilePermission(file,"delete")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkDelete</code>* at the point the overridden method would normally throw an* exception.** @param file the system-dependent filename.* @exception SecurityException if the calling thread does not* have permission to delete the file.* @exception NullPointerException if the <code>file</code> argument is* <code>null</code>.* @see java.io.File#delete()* @see #checkPermission(java.security.Permission) checkPermission*/public void checkDelete(String file) {checkPermission(new FilePermission(file,SecurityConstants.FILE_DELETE_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to open a socket connection to the* specified host and port number.* <p>* A port number of <code>-1</code> indicates that the calling* method is attempting to determine the IP address of the specified* host name.* <p>* This method calls <code>checkPermission</code> with the* <code>SocketPermission(host+":"+port,"connect")</code> permission if* the port is not equal to -1. If the port is equal to -1, then* it calls <code>checkPermission</code> with the* <code>SocketPermission(host,"resolve")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkConnect</code>* at the point the overridden method would normally throw an* exception.** @param host the host name port to connect to.* @param port the protocol port to connect to.* @exception SecurityException if the calling thread does not have* permission to open a socket connection to the specified* <code>host</code> and <code>port</code>.* @exception NullPointerException if the <code>host</code> argument is* <code>null</code>.* @see #checkPermission(java.security.Permission) checkPermission*/public void checkConnect(String host, int port) {if (host == null) {throw new NullPointerException("host can't be null");}if (!host.startsWith("[") && host.indexOf(':') != -1) {host = "[" + host + "]";}if (port == -1) {checkPermission(new SocketPermission(host,SecurityConstants.SOCKET_RESOLVE_ACTION));} else {checkPermission(new SocketPermission(host+":"+port,SecurityConstants.SOCKET_CONNECT_ACTION));}}/*** Throws a <code>SecurityException</code> if the* specified security context is not allowed to open a socket* connection to the specified host and port number.* <p>* A port number of <code>-1</code> indicates that the calling* method is attempting to determine the IP address of the specified* host name.* <p> If <code>context</code> is not an instance of* <code>AccessControlContext</code> then a* <code>SecurityException</code> is thrown.* <p>* Otherwise, the port number is checked. If it is not equal* to -1, the <code>context</code>'s <code>checkPermission</code>* method is called with a* <code>SocketPermission(host+":"+port,"connect")</code> permission.* If the port is equal to -1, then* the <code>context</code>'s <code>checkPermission</code> method* is called with a* <code>SocketPermission(host,"resolve")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkConnect</code>* at the point the overridden method would normally throw an* exception.** @param host the host name port to connect to.* @param port the protocol port to connect to.* @param context a system-dependent security context.* @exception SecurityException if the specified security context* is not an instance of <code>AccessControlContext</code>* (e.g., is <code>null</code>), or does not have permission* to open a socket connection to the specified* <code>host</code> and <code>port</code>.* @exception NullPointerException if the <code>host</code> argument is* <code>null</code>.* @see java.lang.SecurityManager#getSecurityContext()* @see java.security.AccessControlContext#checkPermission(java.security.Permission)*/public void checkConnect(String host, int port, Object context) {if (host == null) {throw new NullPointerException("host can't be null");}if (!host.startsWith("[") && host.indexOf(':') != -1) {host = "[" + host + "]";}if (port == -1)checkPermission(new SocketPermission(host,SecurityConstants.SOCKET_RESOLVE_ACTION),context);elsecheckPermission(new SocketPermission(host+":"+port,SecurityConstants.SOCKET_CONNECT_ACTION),context);}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to wait for a connection request on* the specified local port number.* <p>* This method calls <code>checkPermission</code> with the* <code>SocketPermission("localhost:"+port,"listen")</code>.* <p>* If you override this method, then you should make a call to* <code>super.checkListen</code>* at the point the overridden method would normally throw an* exception.** @param port the local port.* @exception SecurityException if the calling thread does not have* permission to listen on the specified port.* @see #checkPermission(java.security.Permission) checkPermission*/public void checkListen(int port) {checkPermission(new SocketPermission("localhost:"+port,SecurityConstants.SOCKET_LISTEN_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not permitted to accept a socket connection from* the specified host and port number.* <p>* This method is invoked for the current security manager by the* <code>accept</code> method of class <code>ServerSocket</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>SocketPermission(host+":"+port,"accept")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkAccept</code>* at the point the overridden method would normally throw an* exception.** @param host the host name of the socket connection.* @param port the port number of the socket connection.* @exception SecurityException if the calling thread does not have* permission to accept the connection.* @exception NullPointerException if the <code>host</code> argument is* <code>null</code>.* @see java.net.ServerSocket#accept()* @see #checkPermission(java.security.Permission) checkPermission*/public void checkAccept(String host, int port) {if (host == null) {throw new NullPointerException("host can't be null");}if (!host.startsWith("[") && host.indexOf(':') != -1) {host = "[" + host + "]";}checkPermission(new SocketPermission(host+":"+port,SecurityConstants.SOCKET_ACCEPT_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to use* (join/leave/send/receive) IP multicast.* <p>* This method calls <code>checkPermission</code> with the* <code>java.net.SocketPermission(maddr.getHostAddress(),* "accept,connect")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkMulticast</code>* at the point the overridden method would normally throw an* exception.** @param maddr Internet group address to be used.* @exception SecurityException if the calling thread is not allowed to* use (join/leave/send/receive) IP multicast.* @exception NullPointerException if the address argument is* <code>null</code>.* @since 1.1* @see #checkPermission(java.security.Permission) checkPermission*/public void checkMulticast(InetAddress maddr) {String host = maddr.getHostAddress();if (!host.startsWith("[") && host.indexOf(':') != -1) {host = "[" + host + "]";}checkPermission(new SocketPermission(host,SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to use* (join/leave/send/receive) IP multicast.* <p>* This method calls <code>checkPermission</code> with the* <code>java.net.SocketPermission(maddr.getHostAddress(),* "accept,connect")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkMulticast</code>* at the point the overridden method would normally throw an* exception.** @param maddr Internet group address to be used.* @param ttl value in use, if it is multicast send.* Note: this particular implementation does not use the ttl* parameter.* @exception SecurityException if the calling thread is not allowed to* use (join/leave/send/receive) IP multicast.* @exception NullPointerException if the address argument is* <code>null</code>.* @since 1.1* @deprecated Use #checkPermission(java.security.Permission) instead* @see #checkPermission(java.security.Permission) checkPermission*/@Deprecated(since="1.4")public void checkMulticast(InetAddress maddr, byte ttl) {String host = maddr.getHostAddress();if (!host.startsWith("[") && host.indexOf(':') != -1) {host = "[" + host + "]";}checkPermission(new SocketPermission(host,SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to access or modify the system* properties.* <p>* This method is used by the <code>getProperties</code> and* <code>setProperties</code> methods of class <code>System</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>PropertyPermission("*", "read,write")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkPropertiesAccess</code>* at the point the overridden method would normally throw an* exception.** @exception SecurityException if the calling thread does not have* permission to access or modify the system properties.* @see java.lang.System#getProperties()* @see java.lang.System#setProperties(java.util.Properties)* @see #checkPermission(java.security.Permission) checkPermission*/public void checkPropertiesAccess() {checkPermission(new PropertyPermission("*",SecurityConstants.PROPERTY_RW_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to access the system property with* the specified <code>key</code> name.* <p>* This method is used by the <code>getProperty</code> method of* class <code>System</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>PropertyPermission(key, "read")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkPropertyAccess</code>* at the point the overridden method would normally throw an* exception.** @param key a system property key.** @exception SecurityException if the calling thread does not have* permission to access the specified system property.* @exception NullPointerException if the <code>key</code> argument is* <code>null</code>.* @exception IllegalArgumentException if <code>key</code> is empty.** @see java.lang.System#getProperty(java.lang.String)* @see #checkPermission(java.security.Permission) checkPermission*/public void checkPropertyAccess(String key) {checkPermission(new PropertyPermission(key,SecurityConstants.PROPERTY_READ_ACTION));}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to initiate a print job request.* <p>* This method calls* <code>checkPermission</code> with the* <code>RuntimePermission("queuePrintJob")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkPrintJobAccess</code>* at the point the overridden method would normally throw an* exception.** @exception SecurityException if the calling thread does not have* permission to initiate a print job request.* @since 1.1* @see #checkPermission(java.security.Permission) checkPermission*/public void checkPrintJobAccess() {checkPermission(new RuntimePermission("queuePrintJob"));}/** We have an initial invalid bit (initially false) for the class* variables which tell if the cache is valid. If the underlying* java.security.Security property changes via setProperty(), the* Security class uses reflection to change the variable and thus* invalidate the cache.** Locking is handled by synchronization to the* packageAccessLock/packageDefinitionLock objects. They are only* used in this class.** Note that cache invalidation as a result of the property change* happens without using these locks, so there may be a delay between* when a thread updates the property and when other threads updates* the cache.*/private static boolean packageAccessValid = false;private static String[] packageAccess;private static final Object packageAccessLock = new Object();private static boolean packageDefinitionValid = false;private static String[] packageDefinition;private static final Object packageDefinitionLock = new Object();private static String[] getPackages(String p) {String packages[] = null;if (p != null && !p.isEmpty()) {java.util.StringTokenizer tok =new java.util.StringTokenizer(p, ",");int n = tok.countTokens();if (n > 0) {packages = new String[n];int i = 0;while (tok.hasMoreElements()) {String s = tok.nextToken().trim();packages[i++] = s;}}}if (packages == null) {packages = new String[0];}return packages;}// The non-exported packages in modules defined to the boot or platform// class loaders. A non-exported package is a package that is not exported// or is only exported to specific modules.private static final Map<String, Boolean> nonExportedPkgs = new ConcurrentHashMap<>();static {addNonExportedPackages(ModuleLayer.boot());}/*** Record the non-exported packages of the modules in the given layer*/static void addNonExportedPackages(ModuleLayer layer) {Set<String> bootModules = ModuleLoaderMap.bootModules();Set<String> platformModules = ModuleLoaderMap.platformModules();layer.modules().stream().map(Module::getDescriptor).filter(md -> bootModules.contains(md.name())|| platformModules.contains(md.name())).map(SecurityManager::nonExportedPkgs).flatMap(Set::stream).forEach(pn -> nonExportedPkgs.put(pn, Boolean.TRUE));}/*** Called by java.security.Security*/static void invalidatePackageAccessCache() {synchronized (packageAccessLock) {packageAccessValid = false;}synchronized (packageDefinitionLock) {packageDefinitionValid = false;}}/*** Returns the non-exported packages of the specified module.*/private static Set<String> nonExportedPkgs(ModuleDescriptor md) {// start with all packages in the moduleSet<String> pkgs = new HashSet<>(md.packages());// remove the non-qualified exported packagesmd.exports().stream().filter(p -> !p.isQualified()).map(Exports::source).forEach(pkgs::remove);// remove the non-qualified open packagesmd.opens().stream().filter(p -> !p.isQualified()).map(Opens::source).forEach(pkgs::remove);return pkgs;}/*** Throws a {@code SecurityException} if the calling thread is not allowed* to access the specified package.* <p>* During class loading, this method may be called by the {@code loadClass}* method of class loaders and by the Java Virtual Machine to ensure that* the caller is allowed to access the package of the class that is* being loaded.* <p>* This method checks if the specified package starts with or equals* any of the packages in the {@code package.access} Security Property.* An implementation may also check the package against an additional* list of restricted packages as noted below. If the package is restricted,* {@link #checkPermission(Permission)} is called with a* {@code RuntimePermission("accessClassInPackage."+pkg)} permission.* <p>* If this method is overridden, then {@code super.checkPackageAccess}* should be called as the first line in the overridden method.** @implNote* This implementation also restricts all non-exported packages of modules* loaded by {@linkplain ClassLoader#getPlatformClassLoader* the platform class loader} or its ancestors. A "non-exported package"* refers to a package that is not exported to all modules. Specifically,* it refers to a package that either is not exported at all by its* containing module or is exported in a qualified fashion by its* containing module.** @param pkg the package name.* @throws SecurityException if the calling thread does not have* permission to access the specified package.* @throws NullPointerException if the package name argument is* {@code null}.* @see java.lang.ClassLoader#loadClass(String, boolean) loadClass* @see java.security.Security#getProperty getProperty* @see #checkPermission(Permission) checkPermission*/public void checkPackageAccess(String pkg) {Objects.requireNonNull(pkg, "package name can't be null");// check if pkg is not exported to all modulesif (nonExportedPkgs.containsKey(pkg)) {checkPermission(new RuntimePermission("accessClassInPackage." + pkg));return;}String[] restrictedPkgs;synchronized (packageAccessLock) {/** Do we need to update our property array?*/if (!packageAccessValid) {String tmpPropertyStr =AccessController.doPrivileged(new PrivilegedAction<>() {public String run() {return Security.getProperty("package.access");}});packageAccess = getPackages(tmpPropertyStr);packageAccessValid = true;}// Using a snapshot of packageAccess -- don't care if static field// changes afterwards; array contents won't change.restrictedPkgs = packageAccess;}/** Traverse the list of packages, check for any matches.*/final int plen = pkg.length();for (String restrictedPkg : restrictedPkgs) {final int rlast = restrictedPkg.length() - 1;// Optimizations://// If rlast >= plen then restrictedPkg is longer than pkg by at// least one char. This means pkg cannot start with restrictedPkg,// since restrictedPkg will be longer than pkg.//// Similarly if rlast != plen, then pkg + "." cannot be the same// as restrictedPkg, since pkg + "." will have a different length// than restrictedPkg.//if (rlast < plen && pkg.startsWith(restrictedPkg) ||// The following test is equivalent to// restrictedPkg.equals(pkg + ".") but is noticeably more// efficient:rlast == plen && restrictedPkg.startsWith(pkg) &&restrictedPkg.charAt(rlast) == '.'){checkPermission(new RuntimePermission("accessClassInPackage." + pkg));break; // No need to continue; only need to check this once}}}/*** Throws a {@code SecurityException} if the calling thread is not* allowed to define classes in the specified package.* <p>* This method is called by the {@code loadClass} method of some* class loaders.* <p>* This method checks if the specified package starts with or equals* any of the packages in the {@code package.definition} Security* Property. An implementation may also check the package against an* additional list of restricted packages as noted below. If the package* is restricted, {@link #checkPermission(Permission)} is called with a* {@code RuntimePermission("defineClassInPackage."+pkg)} permission.* <p>* If this method is overridden, then {@code super.checkPackageDefinition}* should be called as the first line in the overridden method.** @implNote* This implementation also restricts all non-exported packages of modules* loaded by {@linkplain ClassLoader#getPlatformClassLoader* the platform class loader} or its ancestors. A "non-exported package"* refers to a package that is not exported to all modules. Specifically,* it refers to a package that either is not exported at all by its* containing module or is exported in a qualified fashion by its* containing module.** @param pkg the package name.* @throws SecurityException if the calling thread does not have* permission to define classes in the specified package.* @throws NullPointerException if the package name argument is* {@code null}.* @see java.lang.ClassLoader#loadClass(String, boolean)* @see java.security.Security#getProperty getProperty* @see #checkPermission(Permission) checkPermission*/public void checkPackageDefinition(String pkg) {Objects.requireNonNull(pkg, "package name can't be null");// check if pkg is not exported to all modulesif (nonExportedPkgs.containsKey(pkg)) {checkPermission(new RuntimePermission("defineClassInPackage." + pkg));return;}String[] pkgs;synchronized (packageDefinitionLock) {/** Do we need to update our property array?*/if (!packageDefinitionValid) {String tmpPropertyStr =AccessController.doPrivileged(new PrivilegedAction<>() {public String run() {return java.security.Security.getProperty("package.definition");}});packageDefinition = getPackages(tmpPropertyStr);packageDefinitionValid = true;}// Using a snapshot of packageDefinition -- don't care if static// field changes afterwards; array contents won't change.pkgs = packageDefinition;}/** Traverse the list of packages, check for any matches.*/for (String restrictedPkg : pkgs) {if (pkg.startsWith(restrictedPkg) || restrictedPkg.equals(pkg + ".")) {checkPermission(new RuntimePermission("defineClassInPackage." + pkg));break; // No need to continue; only need to check this once}}}/*** Throws a <code>SecurityException</code> if the* calling thread is not allowed to set the socket factory used by* <code>ServerSocket</code> or <code>Socket</code>, or the stream* handler factory used by <code>URL</code>.* <p>* This method calls <code>checkPermission</code> with the* <code>RuntimePermission("setFactory")</code> permission.* <p>* If you override this method, then you should make a call to* <code>super.checkSetFactory</code>* at the point the overridden method would normally throw an* exception.** @exception SecurityException if the calling thread does not have* permission to specify a socket factory or a stream* handler factory.** @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory* @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory* @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory* @see #checkPermission(java.security.Permission) checkPermission*/public void checkSetFactory() {checkPermission(new RuntimePermission("setFactory"));}/*** Determines whether the permission with the specified permission target* name should be granted or denied.** <p> If the requested permission is allowed, this method returns* quietly. If denied, a SecurityException is raised.** <p> This method creates a <code>SecurityPermission</code> object for* the given permission target name and calls <code>checkPermission</code>* with it.** <p> See the documentation for* <code>{@link java.security.SecurityPermission}</code> for* a list of possible permission target names.** <p> If you override this method, then you should make a call to* <code>super.checkSecurityAccess</code>* at the point the overridden method would normally throw an* exception.** @param target the target name of the <code>SecurityPermission</code>.** @exception SecurityException if the calling thread does not have* permission for the requested access.* @exception NullPointerException if <code>target</code> is null.* @exception IllegalArgumentException if <code>target</code> is empty.** @since 1.1* @see #checkPermission(java.security.Permission) checkPermission*/public void checkSecurityAccess(String target) {checkPermission(new SecurityPermission(target));}/*** Returns the thread group into which to instantiate any new* thread being created at the time this is being called.* By default, it returns the thread group of the current* thread. This should be overridden by a specific security* manager to return the appropriate thread group.** @return ThreadGroup that new threads are instantiated into* @since 1.1* @see java.lang.ThreadGroup*/public ThreadGroup getThreadGroup() {return Thread.currentThread().getThreadGroup();}}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。