예제 #1
1
  @Override
  public void checkAccess(ThreadGroup g) {
    if (!isSecutityOn) {
      return;
    }
    Thread c = Thread.currentThread();

    if (isSafeThread(c)) {
      return;
    }
    super.checkAccess(g);

    final ThreadGroup cg = c.getThreadGroup();

    if (cg == null) {
      // What the heck is going on here?  JDK 1.3 is sending me a dead thread.
      // This crashes the entire jvm if I don't return here.
      return;
    }

    IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);

    if (robotProxy == null) {
      throw new AccessControlException(
          "Preventing " + c.getName() + " from access to " + g.getName());
    }

    if (cg.activeCount() > 5) {
      String message = "Robots are only allowed to create up to 5 threads!";

      robotProxy.punishSecurityViolation(message);
      throw new AccessControlException(message);
    }
  }
예제 #2
0
  public PrintStream getRobotOutputStream() {
    Thread c = Thread.currentThread();

    if (isSafeThread(c)) {
      return null;
    }

    IHostedThread robotProxy = getLoadedOrLoadingRobotProxy(c);

    return (robotProxy != null) ? robotProxy.getOut() : null;
  }
예제 #3
0
  public FileOutputStream createRobotFileStream(String fileName, boolean append)
      throws IOException {
    final Thread c = Thread.currentThread();

    final IHostedThread robotProxy = getRobotProxy(c);

    if (robotProxy == null) {
      syserr.println("RobotProxy is null");
      return null;
    }
    if (!robotProxy.getStatics().isAdvancedRobot()) {
      throw new RobotException("Only advanced robots could create files");
    }

    final File dir = robotProxy.getRobotFileSystemManager().getWritableDirectory();

    if (!dir.exists()) {
      robotProxy.println("SYSTEM: Creating a data directory for you.");
      AccessController.doPrivileged(
          new PrivilegedAction<Object>() {
            public Object run() {
              outputStreamThreads.add(c);
              if (!dir.exists() && !dir.mkdirs()) {
                syserr.println("Can't create dir " + dir.toString());
              }
              return null;
            }
          });
    }

    final RobotFileSystemManager fileSystemManager = robotProxy.getRobotFileSystemManager();

    File f = new File(fileName);
    long len;

    if (f.exists()) {
      len = f.length();
    } else {
      fileSystemManager.checkQuota();
      len = 0;
    }

    if (!append) {
      fileSystemManager.adjustQuota(-len);
    }

    outputStreamThreads.add(c);
    return new RobotFileOutputStream(fileName, append, fileSystemManager);
  }
예제 #4
0
  @Override
  public void checkAccess(Thread t) {
    if (!isSecutityOn) {
      return;
    }

    Thread c = Thread.currentThread();

    if (isSafeThread(c)) {
      return;
    }
    super.checkAccess(t);

    // Threads belonging to other thread groups is not allowed to access threads belonging to other
    // thread groups
    // Bug fix [3021140] Possible for robot to kill other robot threads.
    // In the following the thread group of the current thread must be in the thread group hierarchy
    // of the
    // attacker thread; otherwise an AccessControlException must be thrown.

    boolean found = false;

    ThreadGroup cg = c.getThreadGroup();
    ThreadGroup tg = t.getThreadGroup();

    while (tg != null) {
      if (tg == cg) {
        found = true;
        break;
      }
      try {
        tg = tg.getParent();
      } catch (AccessControlException e) {
        // We expect an AccessControlException due to missing RuntimePermission modifyThreadGroup
        break;
      }
    }
    if (!found) {
      String message = "Preventing " + c.getName() + " from access to " + t.getName();
      IHostedThread robotProxy = threadManager.getLoadedOrLoadingRobotProxy(c);

      if (robotProxy != null) {
        robotProxy.punishSecurityViolation(message);
      }
      throw new AccessControlException(message);
    }
  }