1 /* java.lang.SecurityManager
2 Copyright (C) 1998, 1999, 2001 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
21 As a special exception, if you link this library with other files to
22 produce an executable, this library does not by itself cause the
23 resulting executable to be covered by the GNU General Public License.
24 This exception does not however invalidate any other reasons why the
25 executable file might be covered by the GNU General Public License. */
35 ** SecurityManager is a class you can extend to create
36 ** your own Java security policy. By default, there is
37 ** no SecurityManager installed in 1.1, which means that
38 ** all things are permitted to all people.<P>
40 ** The default methods in this class deny all
41 ** things to all people.
43 ** @author John Keiser
44 ** @version 1.1.0, 31 May 1998
47 public class SecurityManager {
48 /** Tells whether or not the SecurityManager is currently
49 ** performing a security check.
51 protected boolean inCheck;
53 /** Tells whether or not the SecurityManager is currently
54 ** performing a security check.
56 ** @return whether or not the SecurityManager is
57 ** currently performing a security check.
59 public boolean getInCheck() {
63 /** Get a list of all the classes currently executing
64 ** methods on the Java stack. getClassContext()[0] is
65 ** the currently executing method
66 ** <STRONG>Spec Note:</STRONG> does not say whether
67 ** the stack will include the getClassContext() call or
68 ** the one just before it.
70 ** @return an array containing all the methods on classes
71 ** on the Java execution stack.
73 protected Class[] getClassContext() {
74 return VMSecurityManager.getClassContext();
77 /** Find the ClassLoader for the most recent class on the
78 ** stack that was loaded by an explicit ClassLoader. If
79 ** everything on the stack was loaded by the system
80 ** classloader, null is returned.
82 ** @return the most recent ClassLoader on the execution
85 protected ClassLoader currentClassLoader() {
86 return VMSecurityManager.currentClassLoader();
89 /** Find the most recent class on the stack that was
90 ** loaded by an explicit ClassLoader. If everything on
91 ** the stack was loaded by the system classloader, null
94 ** @return the most recent loaded Class on the execution
97 protected Class currentLoadedClass() {
98 Class[] c = getClassContext();
99 for(int i=0;i<c.length;i++) {
100 if(c[i].getClassLoader() != null) {
107 /** Get the depth on the execution stack of the most
108 ** recent class that was loaded by an explicit
109 ** ClassLoader. This can be used as an index into
110 ** getClassContext().
112 ** @return the index of the most recent loaded Class on
113 ** the execution stack.
115 protected int classLoaderDepth() {
116 Class[] c = getClassContext();
117 for(int i=0;i<c.length;i++) {
118 if(c[i].getClassLoader() != null) {
125 /** Tell whether there is a class loaded with an explicit
126 ** ClassLoader on the stack.
128 ** @return whether there is a class loaded with an
129 ** explicit ClassLoader on the stack.
131 protected boolean inClassLoader() {
132 return classLoaderDepth() != -1;
136 /** Get the depth of a particular class on the execution
139 ** @param className the fully-qualified name of the class
140 ** to search for on the stack.
141 ** @return the index of the class on the stack, or -1 if
142 ** the class is not on the stack.
144 protected int classDepth(String className) {
145 Class[] c = getClassContext();
146 for(int i=0;i<c.length;i++) {
147 if(className.equals(c[i].getName())) {
154 /** Tell whether the specified class is on the execution
157 ** @param className the fully-qualified name of the class
158 ** to search for on the stack.
159 ** @return whether the specified class is on the
162 protected boolean inClass(String className) {
163 return classDepth(className) != -1;
166 /** Get an implementation-dependent Object that contains
167 ** enough information about the current environment to be
168 ** able to perform standard security checks later. This
169 ** is used by trusted methods that need to verify that
170 ** their callers have sufficient access to perform
171 ** certain operations.<P>
173 ** Currently the only methods that use this are checkRead()
174 ** and checkConnect().
176 ** @see checkConnect(java.lang.String,int,java.lang.Object)
177 ** @see checkRead(java.lang.String,java.lang.Object)
179 public Object getSecurityContext() {
180 return new SecurityContext(getClassContext());
183 /** Check if the current thread is allowed to create a
186 ** This method is called from ClassLoader.ClassLoader(),
187 ** in other words, whenever a ClassLoader is created.<P>
189 ** SecurityManager's implementation always denies access.
191 ** @exception SecurityException if the operation is not
193 ** @see java.lang.ClassLoader#ClassLoader()
195 public void checkCreateClassLoader() {
196 throw new SecurityException("Cannot create new ClassLoaders.");
199 /** Check if the current thread is allowed to modify this
202 ** Called by Thread.stop(), suspend(), resume(), and
203 ** interrupt(), destroy(), setPriority(), setName() and
206 ** SecurityManager's implementation always denies access.
208 ** @param g the Thread to check against
209 ** @exception SecurityException if the operation is not
211 ** @see java.lang.Thread#stop()
212 ** @see java.lang.Thread#suspend()
213 ** @see java.lang.Thread#resume()
214 ** @see java.lang.Thread#interrupt()
215 ** @see java.lang.Thread#destroy()
216 ** @see java.lang.Thread#setPriority(int)
217 ** @see java.lang.Thread#setName(java.lang.String)
218 ** @see java.lang.Thread#setDaemon(boolean)
220 public void checkAccess(Thread t) {
221 throw new SecurityException("Cannot modify Threads.");
224 /** Check if the current thread is allowed to modify this
227 ** Called by Thread.Thread() (to add a thread to the
228 ** ThreadGroup), ThreadGroup.ThreadGroup() (to add this
229 ** ThreadGroup to a parent), ThreadGroup.stop(),
230 ** suspend(), resume(), interrupt(), destroy(),
231 ** setDaemon(), and setMaxPriority().<P>
233 ** SecurityManager's implementation always denies access.
235 ** @param g the ThreadGroup to check against
236 ** @exception SecurityException if the operation is not
238 ** @see java.lang.Thread#Thread()
239 ** @see java.lang.ThreadGroup#ThreadGroup()
240 ** @see java.lang.ThreadGroup#stop()
241 ** @see java.lang.ThreadGroup#suspend()
242 ** @see java.lang.ThreadGroup#resume()
243 ** @see java.lang.ThreadGroup#interrupt()
244 ** @see java.lang.ThreadGroup#setDaemon(boolean)
245 ** @see java.lang.ThreadGroup#setMaxPriority(int)
247 public void checkAccess(ThreadGroup g) {
248 throw new SecurityException("Cannot modify ThreadGroups.");
251 /** Check if the current thread is allowed to exit the
252 ** JVM with the given status.<P>
254 ** This method is called from Runtime.exit().<P>
256 ** SecurityManager's implementation always denies access.
258 ** @param status the status to exit with
259 ** @exception SecurityException if the operation is not
261 ** @see java.lang.Runtime#exit()
262 ** @see java.lang.Runtime#exit(int)
264 public void checkExit(int status) {
265 throw new SecurityException("Cannot exit JVM.");
268 /** Check if the current thread is allowed to execute the
271 ** This method is called from Runtime.exec().<P>
273 ** SecurityManager's implementation always denies access.
275 ** @param program the name of the program to exec
276 ** @exception SecurityException if the operation is not
278 ** @see java.lang.Runtime#exec(java.lang.String[],java.lang.String[])
280 public void checkExec(String program) {
281 throw new SecurityException("Cannot execute programs.");
284 /** Check if the current thread is allowed to link in the
285 ** given native library.<P>
287 ** This method is called from Runtime.load() (and hence,
288 ** by loadLibrary() as well).<P>
290 ** SecurityManager's implementation always denies access.
292 ** @param filename the full name of the library to load
293 ** @exception SecurityException if the operation is not
295 ** @see java.lang.Runtime#load(java.lang.String)
297 public void checkLink(String filename) {
298 throw new SecurityException("Cannot link native libraries.");
301 /** Check if the current thread is allowed to read the
302 ** given file using the FileDescriptor.<P>
304 ** This method is called from
305 ** FileInputStream.FileInputStream().<P>
307 ** SecurityManager's implementation always denies access.
309 ** @param desc the FileDescriptor representing the file
311 ** @exception SecurityException if the operation is not
313 ** @see java.io.FileInputStream#FileInputStream(java.io.FileDescriptor)
315 public void checkRead(FileDescriptor desc) {
316 throw new SecurityException("Cannot read files via file descriptors.");
319 /** Check if the current thread is allowed to read the
322 ** This method is called from
323 ** FileInputStream.FileInputStream(),
324 ** RandomAccessFile.RandomAccessFile(), File.exists(),
325 ** canRead(), isFile(), isDirectory(), lastModified(),
326 ** length() and list().<P>
328 ** SecurityManager's implementation always denies access.
330 ** @param filename the full name of the file to access
331 ** @exception SecurityException if the operation is not
334 ** @see java.io.FileInputStream#FileInputStream(java.lang.String)
335 ** @see java.io.RandomAccessFile#RandomAccessFile(java.lang.String)
337 public void checkRead(String filename) {
338 throw new SecurityException("Cannot read files via file names.");
341 /** Check if the current thread is allowed to read the
342 ** given file. using the given SecurityContext.<P>
344 ** I know of no core class that calls this method.<P>
346 ** SecurityManager's implementation always denies access.
348 ** @param filename the full name of the file to access
349 ** @param securityContext the Security Context to
350 ** determine access for.
351 ** @exception SecurityException if the operation is not
354 public void checkRead(String filename, Object securityContext) {
355 throw new SecurityException("Cannot read files via file names.");
358 /** Check if the current thread is allowed to write to the
359 ** given file using the FileDescriptor.<P>
361 ** This method is called from
362 ** FileOutputStream.FileOutputStream().<P>
364 ** SecurityManager's implementation always denies access.
366 ** @param desc the FileDescriptor representing the file
368 ** @exception SecurityException if the operation is not
370 ** @see java.io.FileOutputStream#FileOutputStream(java.io.FileDescriptor)
372 public void checkWrite(FileDescriptor desc) {
373 throw new SecurityException("Cannot write files via file descriptors.");
376 /** Check if the current thread is allowed to write to the
379 ** This method is called from
380 ** FileOutputStream.FileOutputStream(),
381 ** RandomAccessFile.RandomAccessFile(),
382 ** File.canWrite(), mkdir(), and renameTo().<P>
384 ** SecurityManager's implementation always denies access.
386 ** @param filename the full name of the file to access
387 ** @exception SecurityException if the operation is not
389 ** @see java.io.File#canWrite()
390 ** @see java.io.File#mkdir()
391 ** @see java.io.File#renameTo()
392 ** @see java.io.FileOutputStream#FileOutputStream(java.lang.String)
393 ** @see java.io.RandomAccessFile#RandomAccessFile(java.lang.String)
395 public void checkWrite(String filename) {
396 throw new SecurityException("Cannot write files via file names.");
399 /** Check if the current thread is allowed to delete the
402 ** This method is called from File.delete().<P>
404 ** SecurityManager's implementation always denies access.
406 ** @param filename the full name of the file to delete
407 ** @exception SecurityException if th operation is not
409 ** @see java.io.File#delete()
411 public void checkDelete(String filename) {
412 throw new SecurityException("Cannot delete files.");
415 /** Check if the current thread is allowed to connect to a
416 ** given host on a given port.<P>
418 ** This method is called from Socket.Socket().
420 ** SecurityManager's implementation always denies access.
422 ** @param host the host to connect to
423 ** @param port the port to connect on
424 ** @exception SecurityException if the operation is not
426 ** @see java.net.Socket#Socket()
428 public void checkConnect(String host, int port) {
429 throw new SecurityException("Cannot make network connections.");
432 /** Check if the current thread is allowed to connect to a
433 ** given host on a given port using a specific security
434 ** context to determine access.<P>
436 ** This method is not called in the 1.1 core classes.<P>
438 ** SecurityManager's implementation always denies access.
440 ** @param host the host to connect to
441 ** @param port the port to connect on
442 ** @param securityContext the security context to
443 ** determine access with
444 ** @exception SecurityException if the operation is not
447 public void checkConnect(String host, int port, Object securityContext) {
448 throw new SecurityException("Cannot make network connections.");
451 /** Check if the current thread is allowed to listen to a
452 ** specific port for data.<P>
454 ** This method is called by ServerSocket.ServerSocket().<P>
456 ** SecurityManager's implementation always denies access.
458 ** @param port the port to listen on
459 ** @exception SecurityException if the operation is not
461 ** @see java.net.ServerSocket#ServerSocket(int)
463 public void checkListen(int port) {
464 throw new SecurityException("Cannot listen for connections.");
467 /** Check if the current thread is allowed to accept a
468 ** connection from a particular host on a particular
471 ** This method is called by ServerSocket.implAccept().<P>
473 ** SecurityManager's implementation always denies access.
475 ** @param host the host which wishes to connect
476 ** @param port the port the connection will be on
477 ** @exception SecurityException if the operation is not
479 ** @see java.net.ServerSocket#accept()
481 public void checkAccept(String host, int port) {
482 throw new SecurityException("Cannot accept connections.");
485 /** Check if the current thread is allowed to read and
486 ** write multicast to a particular address.<P>
488 ** SecurityManager's implementation always denies access.
490 ** @XXX where is it called?
492 ** @param addr the address to multicast to.
493 ** @exception SecurityException if the operation is not
496 public void checkMulticast(InetAddress addr) {
497 throw new SecurityException("Cannot read or write multicast.");
500 /** Check if the current thread is allowed to read and
501 ** write multicast to a particular address with a
502 ** particular ttl value.<P>
504 ** SecurityManager's implementation always denies access.<P>
506 ** @XXX where is it called?
508 ** @XXX what the hell is ttl? Expand abbreviation.
510 ** @param addr the address to multicast to.
511 ** @param ttl the ttl value to use
512 ** @exception SecurityException if the operation is not
515 public void checkMulticast(InetAddress addr, byte ttl) {
516 throw new SecurityException("Cannot read or write multicast.");
520 ** Check if the current thread is allowed to perform an
521 ** operation that requires the specified <code>Permission</code>.
523 ** @param perm The <code>Permission</code> required.
524 ** @exception SecurityException If the operation is not allowed.
526 public void checkPermission(java.security.Permission perm) {
527 throw new SecurityException("Operation not allowed");
531 ** Check if the current thread is allowed to perform an
532 ** operation that requires the specified <code>Permission</code>.
534 ** @param perm The <code>Permission</code> required.
535 ** @param context A security context
536 ** @exception SecurityException If the operation is not allowed.
539 public void checkPermission(java.security.Permission perm,
541 throw new SecurityException("Operation not allowed");
544 /** Check if the current thread is allowed to read or
545 ** write all the system properties at once.<P>
547 ** This method is called by System.getProperties()
548 ** and setProperties().<P>
550 ** SecurityManager's implementation always denies access.
552 ** @exception SecurityException if the operation is not
554 ** @see java.lang.System#getProperties()
555 ** @see java.lang.System#setProperties(java.util.Properties)
557 public void checkPropertiesAccess() {
558 throw new SecurityException("Cannot access all system properties at once.");
561 /** Check if the current thread is allowed to read or
562 ** write a particular system property.<P>
564 ** This method is called by System.getProperty() and
567 ** SecurityManager's implementation always denies access.
569 ** @exception SecurityException is the operation is not
571 ** @see java.lang.System#getProperty(java.lang.String)
572 ** @see java.lang.System#setProperty(java.lang.String,java.lang.String)
574 public void checkPropertyAccess(String name) {
575 throw new SecurityException("Cannot access individual system properties.");
578 /** Check if the current thread is allowed to create a
579 ** top-level window. If it is not, the operation should
580 ** still go through, but some sort of nonremovable
581 ** warning should be placed on the window to show that it
584 ** This method is called by Window.Window().<P>
586 ** SecurityManager's implementation always denies access.
588 ** @param window the window to create
589 ** @see java.awt.Window#Window(java.awt.Frame)
591 public boolean checkTopLevelWindow(Object window) {
595 /** Check if the current thread is allowed to create a
598 ** This method is called by Toolkit.getPrintJob(). (I
599 ** assume so, at least, it just don't say nothing about
600 ** it in the spec.)<P>
602 ** SecurityManager's implementation always denies access.
604 ** @exception SecurityException if the operation is not
606 ** @see java.awt.Toolkit.getPrintJob(java.awt.Frame,java.lang.String,java.util.Properties)
608 public void checkPrintJobAccess() {
609 throw new SecurityException("Cannot create print jobs.");
612 /** Check if the current thread is allowed to use the
613 ** system clipboard.<P>
615 ** This method is called by Toolkit.getSystemClipboard().
618 ** SecurityManager's implementation always denies access.
620 ** @exception SecurityException if the operation is not
622 ** @see java.awt.Toolkit#getSystemClipboard()
624 public void checkSystemClipboardAccess() {
625 throw new SecurityException("Cannot access the system clipboard.");
628 /** Check if the current thread is allowed to use the AWT
631 ** This method is called by Toolkit.getSystemEventQueue().<P>
633 ** SecurityManager's implementation always denies access.
635 ** @exception SecurityException if the operation is not
637 ** @see java.awt.Toolkit#getSystemEventQueue()
639 public void checkAwtEventQueueAccess() {
640 throw new SecurityException("Cannot access the AWT event queue.");
643 /** Check if the current thread is allowed to access the
644 ** specified package at all.<P>
646 ** This method is called by ClassLoader.loadClass() in
647 ** user-created ClassLoaders.<P>
649 ** SecurityManager's implementation always denies access.
651 ** @param packageName the package name to check access to
652 ** @exception SecurityException if the operation is not
654 ** @see java.lang.ClassLoader#loadClass(java.lang.String,boolean)
656 public void checkPackageAccess(String packageName) {
657 throw new SecurityException("Cannot access packages via the ClassLoader.");
660 /** Check if the current thread is allowed to define
661 ** classes the specified package. If the class already
662 ** created, though, ClassLoader.loadClass() can still
663 ** return the Class if checkPackageAccess() checks out.<P>
665 ** This method is called by ClassLoader.loadClass() in
666 ** user-created ClassLoaders.<P>
668 ** SecurityManager's implementation always denies access.
670 ** @param packageName the package name to check access to
671 ** @exception SecurityException if the operation is not
673 ** @see java.lang.ClassLoader#loadClass(java.lang.String,boolean)
675 public void checkPackageDefinition(String packageName) {
676 throw new SecurityException("Cannot load classes into any packages via the ClassLoader.");
679 /** Check if the current thread is allowed to set the
680 ** current socket factory.<P>
682 ** This method is called by Socket.setSocketImplFactory(),
683 ** ServerSocket.setSocketFactory(), and
684 ** URL.setURLStreamHandlerFactory().<P>
686 ** SecurityManager's implementation always denies access.
688 ** @exception SecurityException if the operation is not
690 ** @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory)
691 ** @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory)
692 ** @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory)
694 public void checkSetFactory() {
695 throw new SecurityException("Cannot set the socket factory.");
698 /** Check if the current thread is allowed to get certain
699 ** types of Methods, Fields and Constructors from a Class
702 ** This method is called by Class.getMethod[s](),
703 ** Class.getField[s](), Class.getConstructor[s],
704 ** Class.getDeclaredMethod[s](),
705 ** Class.getDeclaredField[s](), and
706 ** Class.getDeclaredConstructor[s]().<P>
708 ** SecurityManager's implementation always denies access.
710 ** @param c the Class to check
711 ** @param memberType the type of members to check
712 ** against, either Member.DECLARED or
714 ** @exception SecurityException if the operation is not
716 ** @see java.lang.Class
717 ** @see java.lang.reflect.Member#DECLARED
718 ** @see java.lang.reflect.Member#PUBLIC
720 public void checkMemberAccess(Class c, int memberType) {
721 throw new SecurityException("Cannot access members of classes.");
724 /** Test whether a particular security action may be
726 ** @param action the desired action to take
727 ** @exception SecurityException if the action is denied.
728 ** @XXX I have no idea what actions must be tested
731 public void checkSecurityAccess(String action) {
732 checkPermission (new java.security.SecurityPermission (action));
735 /** Get the ThreadGroup that a new Thread should belong
738 ** Called by Thread.Thread().<P>
740 ** SecurityManager's implementation just uses the
741 ** ThreadGroup of the current Thread.<P>
743 ** <STRONG>Spec Note:</STRONG> it is not clear whether
744 ** the new Thread is guaranteed to pass the
745 ** checkAccessThreadGroup() test when using this
746 ** ThreadGroup. I presume so.
748 ** @return the ThreadGroup to put the new Thread into.
750 public ThreadGroup getThreadGroup() {
751 return Thread.currentThread().getThreadGroup();
754 public SecurityManager () {
755 if (System.getSecurityManager () != null)
756 throw new SecurityException ();
760 class SecurityContext {
762 SecurityContext(Class[] classes) {
763 this.classes = classes;