Пример #1
0
 private static boolean checkPermissions() {
   SecurityManager manager = System.getSecurityManager();
   if (manager == null) {
     return true;
   }
   manager.checkPermission(ML_PERM);
   try {
     manager.checkPermission(MODULE_REDEFINE_PERM);
     return true;
   } catch (SecurityException e) {
     return false;
   }
 }
Пример #2
0
 public ACLProviderEntry[] getACLProviderEntry() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM);
   ACLProviderEntry[] entries = new ACLProviderEntry[moduleEntries.size()];
   moduleEntries.toArray(entries);
   return entries;
 }
Пример #3
0
  static UserPrincipal lookup(String name) throws IOException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      sm.checkPermission(new RuntimePermission("lookupUserInformation"));
    }

    // invoke LookupAccountName to get buffer size needed for SID
    int size = 0;
    try {
      size = LookupAccountName(name, 0L, 0);
    } catch (WindowsException x) {
      if (x.lastError() == ERROR_NONE_MAPPED) throw new UserPrincipalNotFoundException(name);
      throw new IOException(name + ": " + x.errorString());
    }
    assert size > 0;

    // allocate buffer and re-invoke LookupAccountName get SID
    NativeBuffer sidBuffer = NativeBuffers.getNativeBuffer(size);
    try {
      int newSize = LookupAccountName(name, sidBuffer.address(), size);
      if (newSize != size) {
        // can this happen?
        throw new AssertionError("SID change during lookup");
      }

      // return user principal
      return fromSid(sidBuffer.address());
    } catch (WindowsException x) {
      throw new IOException(name + ": " + x.errorString());
    } finally {
      sidBuffer.release();
    }
  }
 @Override
 public boolean hasPermission(Object permission) {
   Generation current = (Generation) module.getCurrentRevision().getRevisionInfo();
   ProtectionDomain domain = current.getDomain();
   if (domain != null) {
     if (permission instanceof Permission) {
       SecurityManager sm = System.getSecurityManager();
       if (sm instanceof EquinoxSecurityManager) {
         /*
          * If the FrameworkSecurityManager is active, we need to do checks the "right" way.
          * We can exploit our knowledge that the security context of FrameworkSecurityManager
          * is an AccessControlContext to invoke it properly with the ProtectionDomain.
          */
         AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {domain});
         try {
           sm.checkPermission((Permission) permission, acc);
           return true;
         } catch (Exception e) {
           return false;
         }
       }
       return domain.implies((Permission) permission);
     }
     return false;
   }
   return true;
 }
 public LinuxInputDevice addDevice(LinuxInputDevice device, String name) {
   SecurityManager security = System.getSecurityManager();
   if (security != null) {
     security.checkPermission(new AllPermission());
   }
   return addDeviceInternal(device, name);
 }
 /** @see UserAdminUtil#checkPermission(String, String) */
 @Override
 public void checkPermission(String name, String action) {
   SecurityManager sm = System.getSecurityManager();
   if (null != sm) {
     sm.checkPermission(new UserAdminPermission(name, action));
   }
 }
Пример #7
0
 public ConnectionPeerIdentity getConnectionPeerIdentity() throws SecurityException {
   final SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(RemotingPermission.GET_CONNECTION_PEER_IDENTITY);
   }
   return getPeerIdentityContext().getConnectionIdentity();
 }
Пример #8
0
  public static PACLPolicy getPACLPolicy() {
    if (!PACLPolicyManager.isActive()) {
      return null;
    }

    SecurityManager securityManager = System.getSecurityManager();

    if (securityManager == null) {
      return null;
    }

    try {
      java.security.Permission permission = new PACLUtil.Permission();

      securityManager.checkPermission(permission);
    } catch (SecurityException se) {
      if (!(se instanceof PACLUtil.Exception)) {
        throw se;
      }

      PACLUtil.Exception paclUtilException = (PACLUtil.Exception) se;

      return paclUtilException.getPaclPolicy();
    }

    return null;
  }
Пример #9
0
 /**
  * Gets the class singleton.
  *
  * @return single instance of ConnectionSettings
  */
 public static ConnectionSettings getInstance() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(GenericLocalPermission.EXT_GENERIC);
   }
   return instance;
 }
Пример #10
0
 /**
  * Sets (or unsets) the system-wide cookie handler.
  *
  * <p>Note: non-standard http protocol handlers may ignore this setting.
  *
  * @param cHandler The HTTP cookie handler, or <code>null</code> to unset.
  * @throws SecurityException If a security manager has been installed and it denies {@link
  *     NetPermission}<tt>("setCookieHandler")</tt>
  * @see #getDefault()
  */
 public static synchronized void setDefault(CookieHandler cHandler) {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(SecurityConstants.SET_COOKIEHANDLER_PERMISSION);
   }
   cookieHandler = cHandler;
 }
 final void checkWriteExtended() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     file.checkWrite();
     sm.checkPermission(new RuntimePermission("accessUserInformation"));
   }
 }
Пример #12
0
 /**
  * Gets the system-wide cookie handler.
  *
  * @return the system-wide cookie handler; A null return means there is no system-wide cookie
  *     handler currently set.
  * @throws SecurityException If a security manager has been installed and it denies {@link
  *     NetPermission}<tt>("getCookieHandler")</tt>
  * @see #setDefault(CookieHandler)
  */
 public static synchronized CookieHandler getDefault() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(SecurityConstants.GET_COOKIEHANDLER_PERMISSION);
   }
   return cookieHandler;
 }
Пример #13
0
 /**
  * Returns a new code store instance.
  *
  * @param context the current context
  * @return The instance, or null if code store could not be created
  */
 public static CodeStore newCodeStore(final Context context) {
   final Class<CodeStore> baseClass = CodeStore.class;
   try {
     // security check first
     final SecurityManager sm = System.getSecurityManager();
     if (sm != null) {
       sm.checkPermission(new RuntimePermission(NASHORN_PROVIDE_CODE_STORE));
     }
     final ServiceLoader<CodeStore> services = ServiceLoader.load(baseClass);
     final Iterator<CodeStore> iterator = services.iterator();
     if (iterator.hasNext()) {
       final CodeStore store = iterator.next();
       store
           .initLogger(context)
           .info("using code store provider ", store.getClass().getCanonicalName());
       return store;
     }
   } catch (final AccessControlException e) {
     context.getLogger(CodeStore.class).warning("failed to load code store provider ", e);
   }
   try {
     final CodeStore store = new DirectoryCodeStore(context);
     store.initLogger(context);
     return store;
   } catch (final IOException e) {
     context.getLogger(CodeStore.class).warning("failed to create cache directory ", e);
     return null;
   }
 }
  private JarFile getCachedJarFile(URL url) {
    JarFile result = (JarFile) fileCache.get(url);

    /* if the JAR file is cached, the permission will always be there */
    if (result != null) {
      Permission perm = getPermission(result);
      if (perm != null) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
          try {
            sm.checkPermission(perm);
          } catch (SecurityException se) {
            // fallback to checkRead/checkConnect for pre 1.2
            // security managers
            if ((perm instanceof java.io.FilePermission)
                && perm.getActions().indexOf("read") != -1) {
              sm.checkRead(perm.getName());
            } else if ((perm instanceof java.net.SocketPermission)
                && perm.getActions().indexOf("connect") != -1) {
              sm.checkConnect(url.getHost(), url.getPort());
            } else {
              throw se;
            }
          }
        }
      }
    }
    return result;
  }
Пример #15
0
    /**
     * Check that the current context is trusted to modify the logging
     * configuration.  This requires LoggingPermission("control").
     * <p>
     * If the check fails we throw a SecurityException, otherwise
     * we return normally.
     *
     * @exception  SecurityException  if a security manager exists and if
     *             the caller does not have LoggingPermission("control").
     */
    public void checkAccess() throws SecurityException {
	SecurityManager sm = System.getSecurityManager();
	if (sm == null) {
	    return;
	}
        sm.checkPermission(ourPermission);
    }
Пример #16
0
  /**
   * @see
   *     org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#removeToken(java.lang.String)
   */
  public void removeToken(String tokenID) throws IOException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) sm.checkPermission(PicketLinkCoreSTS.rte);

    holders.remove(tokenID);
    flush();
  }
Пример #17
0
  /**
   * This method initializes a new instance of <code>URL</code> with the specified protocol, host,
   * port, and file. Additionally, this method allows the caller to specify a protocol handler to
   * use instead of the default. If this handler is specified, the caller must have the
   * "specifyStreamHandler" permission (see <code>NetPermission</code>) or a <code>SecurityException
   * </code> will be thrown.
   *
   * @param protocol The protocol for this URL ("http", "ftp", etc)
   * @param host The hostname or IP address to connect to
   * @param port The port number to use, or -1 to use the protocol's default port
   * @param file The "file" portion of the URL.
   * @param ph The protocol handler to use with this URL.
   * @exception MalformedURLException If no protocol handler can be loaded for the specified
   *     protocol.
   * @exception SecurityException If the <code>SecurityManager</code> exists and does not allow the
   *     caller to specify its own protocol handler.
   * @since 1.2
   */
  public URL(String protocol, String host, int port, String file, URLStreamHandler ph)
      throws MalformedURLException {
    if (protocol == null) throw new MalformedURLException("null protocol");
    protocol = protocol.toLowerCase();
    this.protocol = protocol;

    if (ph != null) {
      SecurityManager s = System.getSecurityManager();
      if (s != null) s.checkPermission(new NetPermission("specifyStreamHandler"));

      this.ph = ph;
    } else this.ph = getURLStreamHandler(protocol);

    if (this.ph == null) throw new MalformedURLException("Protocol handler not found: " + protocol);

    this.host = host;
    this.port = port;
    this.authority = (host != null) ? host : "";
    if (port >= 0 && host != null) this.authority += ":" + port;

    int hashAt = file.indexOf('#');
    if (hashAt < 0) {
      this.file = file;
      this.ref = null;
    } else {
      this.file = file.substring(0, hashAt);
      this.ref = file.substring(hashAt + 1);
    }
    hashCode = hashCode(); // Used for serialization.
  }
Пример #18
0
  private static synchronized void setSecurityManager0(final SecurityManager s) {
    SecurityManager sm = getSecurityManager();
    if (sm != null) {
      // ask the currently installed security manager if we
      // can replace it.
      sm.checkPermission(new RuntimePermission("setSecurityManager"));
    }

    if ((s != null) && (s.getClass().getClassLoader() != null)) {
      // New security manager class is not on bootstrap classpath.
      // Cause policy to get initialized before we install the new
      // security manager, in order to prevent infinite loops when
      // trying to initialize the policy (which usually involves
      // accessing some security and/or system properties, which in turn
      // calls the installed security manager's checkPermission method
      // which will loop infinitely if there is a non-system class
      // (in this case: the new security manager class) on the stack).
      AccessController.doPrivileged(
          new PrivilegedAction<Object>() {
            public Object run() {
              s.getClass().getProtectionDomain().implies(SecurityConstants.ALL_PERMISSION);
              return null;
            }
          });
    }

    security = s;
  }
Пример #19
0
  private static void permissionCheck() {
    SecurityManager sec = System.getSecurityManager();

    if (sec != null) {
      sec.checkPermission(new RuntimePermission("useKeychainStore"));
    }
  }
  // only package private for testing!
  static String parse(final byte content[], final Metadata metadata, final int limit)
      throws TikaException, IOException {
    // check that its not unprivileged code like a script
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      sm.checkPermission(new SpecialPermission());
    }

    try {
      return AccessController.doPrivileged(
          new PrivilegedExceptionAction<String>() {
            @Override
            public String run() throws TikaException, IOException {
              return TIKA_INSTANCE.parseToString(StreamInput.wrap(content), metadata, limit);
            }
          });
    } catch (PrivilegedActionException e) {
      // checked exception from tika: unbox it
      Throwable cause = e.getCause();
      if (cause instanceof TikaException) {
        throw (TikaException) cause;
      } else if (cause instanceof IOException) {
        throw (IOException) cause;
      } else {
        throw new AssertionError(cause);
      }
    }
  }
Пример #21
0
 public void removeDevice(LinuxInputDevice device) {
   SecurityManager security = System.getSecurityManager();
   if (security != null) {
     security.checkPermission(new AllPermission());
   }
   devices.remove(device);
 }
Пример #22
0
 public ProtectionDomain getProtectionDomain() {
   SecurityManager security = System.getSecurityManager();
   if (security != null) {
     security.checkPermission(new RuntimePermission("getProtectionDomain"));
   }
   return pd == null ? StaticData.unknownProtectionDomain : pd;
 }
Пример #23
0
 public IdentityTrustModuleEntry[] getIdentityTrustModuleEntry() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM);
   IdentityTrustModuleEntry[] entries = new IdentityTrustModuleEntry[moduleEntries.size()];
   moduleEntries.toArray(entries);
   return entries;
 }
Пример #24
0
 /** @com.intel.drl.spec_ref */
 public void setAccessible(boolean flag) throws SecurityException {
   SecurityManager sc = System.getSecurityManager();
   if (sc != null) {
     sc.checkPermission(ReflectPermissionCollection.SUPPRESS_ACCESS_CHECKS_PERMISSION);
   }
   setAccessible0(flag);
 }
 public static GSSCredential getDelegCredential() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(GET_DELEGATION_CREDENTIAL);
   }
   return DelegationSecurityActions.getDelegationCredential();
 }
Пример #26
0
  /**
   * Removes the specified driver from the {@code DriverManager}'s list of registered drivers.
   *
   * <p>If a {@code null} value is specified for the driver to be removed, then no action is taken.
   *
   * <p>If a security manager exists and its {@code checkPermission} denies permission, then a
   * {@code SecurityException} will be thrown.
   *
   * <p>If the specified driver is not found in the list of registered drivers, then no action is
   * taken. If the driver was found, it will be removed from the list of registered drivers.
   *
   * <p>If a {@code DriverAction} instance was specified when the JDBC driver was registered, its
   * deregister method will be called prior to the driver being removed from the list of registered
   * drivers.
   *
   * @param driver the JDBC Driver to remove
   * @exception SQLException if a database access error occurs
   * @throws SecurityException if a security manager exists and its {@code checkPermission} method
   *     denies permission to deregister a driver.
   * @see SecurityManager#checkPermission
   */
  @CallerSensitive
  public static synchronized void deregisterDriver(Driver driver) throws SQLException {
    if (driver == null) {
      return;
    }

    SecurityManager sec = System.getSecurityManager();
    if (sec != null) {
      sec.checkPermission(DEREGISTER_DRIVER_PERMISSION);
    }

    println("DriverManager.deregisterDriver: " + driver);

    DriverInfo aDriver = new DriverInfo(driver, null);
    if (registeredDrivers.contains(aDriver)) {
      if (isDriverAllowed(driver, Reflection.getCallerClass())) {
        DriverInfo di = registeredDrivers.get(registeredDrivers.indexOf(aDriver));
        // If a DriverAction was specified, Call it to notify the
        // driver that it has been deregistered
        if (di.action() != null) {
          di.action().deregister();
        }
        registeredDrivers.remove(aDriver);
      } else {
        // If the caller does not have permission to load the driver then
        // throw a SecurityException.
        throw new SecurityException();
      }
    } else {
      println("    couldn't find driver to unload");
    }
  }
 /** Check for permission to get a service. */
 private <A> void checkAdaptPermission(Class<A> adapterType) {
   SecurityManager sm = System.getSecurityManager();
   if (sm == null) {
     return;
   }
   sm.checkPermission(new AdaptPermission(adapterType.getName(), this, AdaptPermission.ADAPT));
 }
Пример #28
0
 private static Void checkPermission() {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(new RuntimePermission("localeServiceProvider"));
   }
   return null;
 }
Пример #29
0
  /**
   * Returns the platform {@link javax.management.MBeanServer MBeanServer}. On the first call to
   * this method, it first creates the platform <tt>MBeanServer</tt> by calling the {@link
   * javax.management.MBeanServerFactory#createMBeanServer MBeanServerFactory.createMBeanServer}
   * method and registers the platform MXBeans in this platform <tt>MBeanServer</tt> using the <a
   * href="#MXBeanNames">MXBean names</a> defined in the class description. This method, in
   * subsequent calls, will simply return the initially created platform <tt>MBeanServer</tt>.
   *
   * <p>MXBeans that get created and destroyed dynamically, for example, memory {@link
   * MemoryPoolMXBean pools} and {@link MemoryManagerMXBean managers}, will automatically be
   * registered and deregistered into the platform <tt>MBeanServer</tt>.
   *
   * <p>If the system property <tt>javax.management.builder.initial</tt> is set, the platform
   * <tt>MBeanServer</tt> creation will be done by the specified {@link
   * javax.management.MBeanServerBuilder}.
   *
   * <p>It is recommended that this platform MBeanServer also be used to register other application
   * managed beans besides the platform MXBeans. This will allow all MBeans to be published through
   * the same <tt>MBeanServer</tt> and hence allow for easier network publishing and discovery. Name
   * conflicts with the platform MXBeans should be avoided.
   *
   * @return the platform <tt>MBeanServer</tt>; the platform MXBeans are registered into the
   *     platform <tt>MBeanServer</tt> at the first time this method is called.
   * @exception SecurityException if there is a security manager and the caller does not have the
   *     permission required by {@link javax.management.MBeanServerFactory#createMBeanServer}.
   * @see javax.management.MBeanServerFactory
   * @see javax.management.MBeanServerFactory#createMBeanServer
   */
  public static synchronized MBeanServer getPlatformMBeanServer() {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      Permission perm = new MBeanServerPermission("createMBeanServer");
      sm.checkPermission(perm);
    }

    if (platformMBeanServer == null) {
      platformMBeanServer = MBeanServerFactory.createMBeanServer();
      for (PlatformComponent pc : PlatformComponent.values()) {
        List<? extends PlatformManagedObject> list = pc.getMXBeans(pc.getMXBeanInterface());
        for (PlatformManagedObject o : list) {
          // Each PlatformComponent represents one management
          // interface. Some MXBean may extend another one.
          // The MXBean instances for one platform component
          // (returned by pc.getMXBeans()) might be also
          // the MXBean instances for another platform component.
          // e.g. com.sun.management.GarbageCollectorMXBean
          //
          // So need to check if an MXBean instance is registered
          // before registering into the platform MBeanServer
          if (!platformMBeanServer.isRegistered(o.getObjectName())) {
            addMXBean(platformMBeanServer, o);
          }
        }
      }
    }
    return platformMBeanServer;
  }
Пример #30
0
 /**
  * Checks whether the current security context allows changing
  * the configuration of the logging framework.  For the security
  * context to be trusted, it has to be granted
  * a LoggingPermission("control").
  *
  * @throws SecurityException if a security manager exists and
  *         the caller is not granted the permission to control
  *         the logging infrastructure.
  */
 public void checkAccess()
   throws SecurityException
 {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null)
     sm.checkPermission(controlPermission);
 }