private static void permissionCheck() {
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(new RuntimePermission("useKeychainStore"));
}
}
private static synchronized void setSecurityManager0(final SecurityManager s) {
SecurityManager sm = getSecurityManager();
if (sm != null) {
// ask the currently installed security manager if we
// can replace it.
sm.checkPermission(new RuntimePermission("setSecurityManager"));
}
if ((s != null) && (s.getClass().getClassLoader() != null)) {
// New security manager class is not on bootstrap classpath.
// Cause policy to get initialized before we install the new
// security manager, in order to prevent infinite loops when
// trying to initialize the policy (which usually involves
// accessing some security and/or system properties, which in turn
// calls the installed security manager's checkPermission method
// which will loop infinitely if there is a non-system class
// (in this case: the new security manager class) on the stack).
AccessController.doPrivileged(
new PrivilegedAction<Object>() {
public Object run() {
s.getClass().getProtectionDomain().implies(SecurityConstants.ALL_PERMISSION);
return null;
}
});
}
security = s;
}
/**
* Check that the current context is trusted to modify the logging
* configuration. This requires LoggingPermission("control").
* <p>
* If the check fails we throw a SecurityException, otherwise
* we return normally.
*
* @exception SecurityException if a security manager exists and if
* the caller does not have LoggingPermission("control").
*/
public void checkAccess() throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return;
}
sm.checkPermission(ourPermission);
}
/**
* Sets the default locale for this instance of the Java Virtual Machine. This does not affect the
* host locale.
*
* <p>If there is a security manager, its <code>checkPermission</code> method is called with a
* <code>PropertyPermission("user.language", "write")</code> permission before the default locale
* is changed.
*
* <p>The Java Virtual Machine sets the default locale during startup based on the host
* environment. It is used by many locale-sensitive methods if no locale is explicitly specified.
*
* <p>Since changing the default locale may affect many different areas of functionality, this
* method should only be used if the caller is prepared to reinitialize locale-sensitive code
* running within the same Java Virtual Machine, such as the user interface.
*
* @throws SecurityException if a security manager exists and its <code>checkPermission</code>
* method doesn't allow the operation.
* @throws NullPointerException if <code>newLocale</code> is null
* @param newLocale the new default locale
* @see SecurityManager#checkPermission
* @see java.util.PropertyPermission
*/
public static synchronized void setDefault(Locale newLocale) {
if (newLocale == null) throw new NullPointerException("Can't set default locale to NULL");
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new PropertyPermission("user.language", "write"));
defaultLocale = newLocale;
}
@Override
public boolean hasPermission(Object permission) {
Generation current = (Generation) module.getCurrentRevision().getRevisionInfo();
ProtectionDomain domain = current.getDomain();
if (domain != null) {
if (permission instanceof Permission) {
SecurityManager sm = System.getSecurityManager();
if (sm instanceof EquinoxSecurityManager) {
/*
* If the FrameworkSecurityManager is active, we need to do checks the "right" way.
* We can exploit our knowledge that the security context of FrameworkSecurityManager
* is an AccessControlContext to invoke it properly with the ProtectionDomain.
*/
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {domain});
try {
sm.checkPermission((Permission) permission, acc);
return true;
} catch (Exception e) {
return false;
}
}
return domain.implies((Permission) permission);
}
return false;
}
return true;
}
/** Check for permission to get a service. */
private <A> void checkAdaptPermission(Class<A> adapterType) {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return;
}
sm.checkPermission(new AdaptPermission(adapterType.getName(), this, AdaptPermission.ADAPT));
}
private JarFile getCachedJarFile(URL url) {
JarFile result = (JarFile) fileCache.get(url);
/* if the JAR file is cached, the permission will always be there */
if (result != null) {
Permission perm = getPermission(result);
if (perm != null) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(perm);
} catch (SecurityException se) {
// fallback to checkRead/checkConnect for pre 1.2
// security managers
if ((perm instanceof java.io.FilePermission)
&& perm.getActions().indexOf("read") != -1) {
sm.checkRead(perm.getName());
} else if ((perm instanceof java.net.SocketPermission)
&& perm.getActions().indexOf("connect") != -1) {
sm.checkConnect(url.getHost(), url.getPort());
} else {
throw se;
}
}
}
}
}
return result;
}
/**
* Returns an unmodifiable string map view of the current system environment. The environment is a
* system-dependent mapping from names to values which is passed from parent to child processes.
*
* <p>If the system does not support environment variables, an empty map is returned.
*
* <p>The returned map will never contain null keys or values. Attempting to query the presence of
* a null key or value will throw a {@link NullPointerException}. Attempting to query the presence
* of a key or value which is not of type {@link String} will throw a {@link ClassCastException}.
*
* <p>The returned map and its collection views may not obey the general contract of the {@link
* Object#equals} and {@link Object#hashCode} methods.
*
* <p>The returned map is typically case-sensitive on all platforms.
*
* <p>If a security manager exists, its {@link SecurityManager#checkPermission checkPermission}
* method is called with a <code>{@link RuntimePermission}("getenv.*")</code> permission. This may
* result in a {@link SecurityException} being thrown.
*
* <p>When passing information to a Java subprocess, <a href=#EnvironmentVSSystemProperties>system
* properties</a> are generally preferred over environment variables.
*
* @return the environment as a map of variable names to values
* @throws SecurityException if a security manager exists and its {@link
* SecurityManager#checkPermission checkPermission} method doesn't allow access to the process
* environment
* @see #getenv(String)
* @see ProcessBuilder#environment()
* @since 1.5
*/
public static java.util.Map<String, String> getenv() {
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getenv.*"));
}
return ProcessEnvironment.getenv();
}
/**
* Gets the value of the specified environment variable. An environment variable is a
* system-dependent external named value.
*
* <p>If a security manager exists, its {@link SecurityManager#checkPermission checkPermission}
* method is called with a <code>{@link RuntimePermission}("getenv."+name)</code> permission. This
* may result in a {@link SecurityException} being thrown. If no exception is thrown the value of
* the variable <code>name</code> is returned.
*
* <p><a name="EnvironmentVSSystemProperties"><i>System properties</i> and <i>environment
* variables</i></a> are both conceptually mappings between names and values. Both mechanisms can
* be used to pass user-defined information to a Java process. Environment variables have a more
* global effect, because they are visible to all descendants of the process which defines them,
* not just the immediate Java subprocess. They can have subtly different semantics, such as case
* insensitivity, on different operating systems. For these reasons, environment variables are
* more likely to have unintended side effects. It is best to use system properties where
* possible. Environment variables should be used when a global effect is desired, or when an
* external system interface requires an environment variable (such as <code>PATH</code>).
*
* <p>On UNIX systems the alphabetic case of <code>name</code> is typically significant, while on
* Microsoft Windows systems it is typically not. For example, the expression <code>
* System.getenv("FOO").equals(System.getenv("foo"))</code> is likely to be true on Microsoft
* Windows.
*
* @param name the name of the environment variable
* @return the string value of the variable, or <code>null</code> if the variable is not defined
* in the system environment
* @throws NullPointerException if <code>name</code> is <code>null</code>
* @throws SecurityException if a security manager exists and its {@link
* SecurityManager#checkPermission checkPermission} method doesn't allow access to the
* environment variable <code>name</code>
* @see #getenv()
* @see ProcessBuilder#environment()
*/
public static String getenv(String name) {
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getenv." + name));
}
return ProcessEnvironment.getenv(name);
}
/**
* Removes the system property indicated by the specified key.
*
* <p>First, if a security manager exists, its <code>SecurityManager.checkPermission</code> method
* is called with a <code>PropertyPermission(key, "write")</code> permission. This may result in a
* SecurityException being thrown. If no exception is thrown, the specified property is removed.
*
* <p>
*
* @param key the name of the system property to be removed.
* @return the previous string value of the system property, or <code>null</code> if there was no
* property with that key.
* @exception SecurityException if a security manager exists and its <code>checkPropertyAccess
* </code> method doesn't allow access to the specified system property.
* @exception NullPointerException if <code>key</code> is <code>null</code>.
* @exception IllegalArgumentException if <code>key</code> is empty.
* @see #getProperty
* @see #setProperty
* @see java.util.Properties
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkPropertiesAccess()
* @since 1.5
*/
public static String clearProperty(String key) {
checkKey(key);
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new PropertyPermission(key, "write"));
}
return (String) props.remove(key);
}
/**
* Sets the system property indicated by the specified key.
*
* <p>First, if a security manager exists, its <code>SecurityManager.checkPermission</code> method
* is called with a <code>PropertyPermission(key, "write")</code> permission. This may result in a
* SecurityException being thrown. If no exception is thrown, the specified property is set to the
* given value.
*
* <p>
*
* @param key the name of the system property.
* @param value the value of the system property.
* @return the previous value of the system property, or <code>null</code> if it did not have one.
* @exception SecurityException if a security manager exists and its <code>checkPermission</code>
* method doesn't allow setting of the specified property.
* @exception NullPointerException if <code>key</code> or <code>value</code> is <code>null</code>.
* @exception IllegalArgumentException if <code>key</code> is empty.
* @see #getProperty
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
* @see java.util.PropertyPermission
* @see SecurityManager#checkPermission
* @since 1.2
*/
public static String setProperty(String key, String value) {
checkKey(key);
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new PropertyPermission(key, SecurityConstants.PROPERTY_WRITE_ACTION));
}
return (String) props.setProperty(key, value);
}
/**
* Gets a security property value.
*
* <p>First, if there is a security manager, its <code>checkPermission</code> method is called
* with a <code>java.security.SecurityPermission("getProperty."+key)</code> permission to see if
* it's ok to retrieve the specified security property value..
*
* @param key the key of the property being retrieved.
* @return the value of the security property corresponding to key.
* @throws SecurityException if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkPermission}</code> method denies access to retrieve the
* specified security property value
* @throws NullPointerException is key is null
* @see #setProperty
* @see java.security.SecurityPermission
*/
public static String getProperty(String key) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SecurityPermission("getProperty." + key));
}
String name = props.getProperty(key);
if (name != null) name = name.trim(); // could be a class name with trailing ws
return name;
}
/**
* Constructor. The properties specifies how the connector should be configured. The properties to
* include are;
*
* <p>'network_password' -> (String) the network password 'output_net_interface' ->
* (NetworkInterface) the output network interface to use for IPv6 scope.
*/
TCPNetworkConnector(TCPConnectorValues properties) {
// Security check,
SecurityManager security = System.getSecurityManager();
if (security != null) security.checkPermission(MckoiNetworkPermission.CREATE_TCP_CONNECTOR);
connection_pool = new HashMap<>();
this.password = properties.getNetworkPassword();
this.network_interface = properties.getOutputNetworkInterface();
// This thread kills connections that have timed out.
background_thread = new ConnectionDestroyThread(log, connection_pool);
background_thread.setDaemon(true);
background_thread.start();
}
public void checkPermission(Permission p) {
// liveconnect SocketPermission resolve takes
// FOREVER (like 6 seconds) in Safari
// Java does like 50 of these on the first JS call
// 6*50=300 seconds!
// Opera freaks out though if we deny resolve
if (isActive
&& !isOpera
&& java.net.SocketPermission.class.isInstance(p)
&& p.getActions().matches(".*resolve.*")) {
throw new SecurityException(
"DOH: liveconnect resolve locks up Safari. Denying resolve request.");
} else {
oldsecurity.checkPermission(p);
}
}
private static void checkIO() {
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("setIO"));
}
}
void checkPermission() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(controlPermission);
}
private static void checkAllPermission() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AllPermission());
}
