예제 #1
0
 public boolean implies(ProtectionDomain pd, Permission p) {
   return perms.implies(p);
 }
 public void checkPermission(Permission perm) {
   // They can be an undefined number of security.provider.*
   // Used by jmxmp
   if (perm instanceof java.security.SecurityPermission
       && perm.getName().startsWith("getProperty.security.provider")) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " =");
     }
     return;
   }
   if (perm instanceof java.io.FilePermission && "read".equals(perm.getActions())) {
     String name = perm.getName();
     if (filesallowed.contains(name)) {
       if (debugPerm) {
         permUsed.add(perm.toString() + " =");
       }
       return;
     }
     // Already allowed, don't check any more
     if (allowed.implies(perm)) {
       if (debugPerm) {
         permUsed.add(perm.toString() + " =");
       }
       filesallowed.add(name);
       return;
     }
     // Perhaps it's in the allowed /proc/<pid>/... files
     if (procinfoPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
       if (debugPerm) {
         permUsed.add(
             "(\"java.io.FilePermission\" \"" + procinfoPattern.pattern() + "\" \"read\") =");
       }
       return;
     }
     // Or it's block device
     if (diskPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
       if (debugPerm) {
         permUsed.add("(\"java.io.FilePermission\" \"" + diskPattern.pattern() + "\" \"read\") =");
       }
       filesallowed.add(name);
       return;
     }
     // Only non hidden folder are allowed, for file system usage
     // If it call itself, privileges will be set to true,
     // so it can check isDirectory and isHidden
     PrivilegHolder privileged = Privilege.get();
     if (privileged.privileged) {
       return;
     } else {
       File fullpath = new File(name);
       privileged.privileged = true;
       boolean allowed = false;
       try {
         allowed = fullpath.isDirectory() && !fullpath.isHidden();
       } catch (Exception e) {
         throw new RuntimeException(e);
       } finally {
         privileged.privileged = false;
       }
       if (allowed) {
         if (debugPerm) {
           permUsed.add(perm.toString() + " =");
         }
         filesallowed.add(name);
         return;
       }
     }
   }
   if (allowed.implies(perm)) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " =");
     }
     return;
   }
   try {
     super.checkPermission(perm);
     // Was acceped, but we should add it anyway
     // Some accepted permissions make jrdsagent failed anyway
     permUsed.add(perm.toString() + " ?");
   } catch (SecurityException e) {
     if (debugPerm) {
       permUsed.add(perm.toString() + " -");
     } else {
       throw e;
     }
   }
 }
 public boolean implies(Permission permission) {
   return perms.implies(permission);
 }
 private boolean isAllowed(Permission permission) {
   final boolean isAllowed = permissions.implies(permission);
   return isAllowed;
 }
예제 #5
0
 public void checkPermission(Permission permission) {
   if (denied != null && denied.implies(permission)) throw new SecurityException();
 }