securitymanager.java

来自「This is a resource based on j2me embedde」· Java 代码 · 共 1,623 行 · 第 1/5 页

/*
 * @(#)SecurityManager.java	1.138 06/10/10
 *
 * Copyright  1990-2008 Sun Microsystems, Inc. All Rights Reserved.  
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER  
 *   
 * This program is free software; you can redistribute it and/or  
 * modify it under the terms of the GNU General Public License version  
 * 2 only, as published by the Free Software Foundation.   
 *   
 * This program is distributed in the hope that it will be useful, but  
 * WITHOUT ANY WARRANTY; without even the implied warranty of  
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  
 * General Public License version 2 for more details (a copy is  
 * included at /legal/license.txt).   
 *   
 * You should have received a copy of the GNU General Public License  
 * version 2 along with this work; if not, write to the Free Software  
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  
 * 02110-1301 USA   
 *   
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa  
 * Clara, CA 95054 or visit www.sun.com if you need additional  
 * information or have any questions. 
 *
 */

package java.lang;

import java.security.*;
import java.io.FileDescriptor;
import java.io.File;
import java.io.FilePermission;
import java.util.PropertyPermission;
import java.lang.RuntimePermission;
import java.net.SocketPermission;
import java.net.NetPermission;
import java.util.Hashtable;
import java.net.InetAddress;
import java.lang.reflect.Member;
import java.lang.reflect.*;
import java.net.URL;

import sun.security.util.SecurityConstants;

/**
 * The security manager is a class that allows 
 * applications to implement a security policy. It allows an 
 * application to determine, before performing a possibly unsafe or 
 * sensitive operation, what the operation is and whether 
 * it is being attempted in a security context that allows the
 * operation to be performed. The 
 * application can allow or disallow the operation. 
 * <p>
 * The <code>SecurityManager</code> class contains many methods with 
 * names that begin with the word <code>check</code>. These methods 
 * are called by various methods in the Java libraries before those 
 * methods perform certain potentially sensitive operations. The 
 * invocation of such a <code>check</code> method typically looks like this: 
 * <p><blockquote><pre>
 *     SecurityManager security = System.getSecurityManager();
 *     if (security != null) {
 *         security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
 *     }
 * </pre></blockquote>
 * <p>
 * The security manager is thereby given an opportunity to prevent 
 * completion of the operation by throwing an exception. A security 
 * manager routine simply returns if the operation is permitted, but 
 * throws a <code>SecurityException</code> if the operation is not 
 * permitted. The only exception to this convention is 
 * <code>checkTopLevelWindow</code>, which returns a 
 * <code>boolean</code> value. 
 * <p>
 * The current security manager is set by the 
 * <code>setSecurityManager</code> method in class 
 * <code>System</code>. The current security manager is obtained 
 * by the <code>getSecurityManager</code> method. 
 * <p> 
 * The special method 
 * {@link SecurityManager#checkPermission(java.security.Permission)}
 * determines whether an access request indicated by a specified
 * permission should be granted or denied. The 
 * default implementation calls
 * 
 * <pre>
 *   AccessController.checkPermission(perm);
 * </pre>
 *
 * <p> 
 * If a requested access is allowed, 
 * <code>checkPermission</code> returns quietly. If denied, a 
 * <code>SecurityException</code> is thrown. 
 * <p>
 * As of Java 2 SDK v1.2, the default implementation of each of the other
 * <code>check</code> methods in <code>SecurityManager</code> is to 
 * call the <code>SecurityManager checkPermission</code> method
 * to determine if the calling thread has permission to perform the requested
 * operation.
 * <p> 
 * Note that the <code>checkPermission</code> method with
 * just a single permission argument always performs security checks
 * within the context of the currently executing thread.
 * Sometimes a security check that should be made within a given context
 * will actually need to be done from within a
 * <i>different</i> context (for example, from within a worker thread).
 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 
 * and the {@link SecurityManager#checkPermission(java.security.Permission, 
 * java.lang.Object) checkPermission}
 * method that includes a context argument are provided 
 * for this situation. The 
 * <code>getSecurityContext</code> method returns a "snapshot"
 * of the current calling context. (The default implementation 
 * returns an AccessControlContext object.) A sample call is
 * the following:
 * 
 * <pre>
 *   Object context = null;
 *   SecurityManager sm = System.getSecurityManager();
 *   if (sm != null) context = sm.getSecurityContext(); 
 * </pre>
 * 
 * <p>
 * The <code>checkPermission</code> method
 * that takes a context object in addition to a permission 
 * makes access decisions based on that context,
 * rather than on that of the current execution thread.
 * Code within a different context can thus call that method,
 * passing the permission and the
 * previously-saved context object. A sample call, using the
 * SecurityManager <code>sm</code> obtained as in the previous example, 
 * is the following:
 * 
 * <pre>
 *   if (sm != null) sm.checkPermission(permission, context);
 * </pre> 
 *
 * <p>Permissions fall into these categories: File, Socket, Net, 
 * Security, Runtime, Property, AWT, Reflect, and Serializable. 
 * The classes managing these various
 * permission categories are <code>java.io.FilePermission</code>,
 * <code>java.net.SocketPermission</code>, 
 * <code>java.net.NetPermission</code>, 
 * <code>java.security.SecurityPermission</code>,
 * <code>java.lang.RuntimePermission</code>, 
 * <code>java.util.PropertyPermission</code>, 
 * <code>java.lang.reflect.ReflectPermission</code>, and
 * <code>java.io.SerializablePermission</code>. 
 * 
 * <p>All but the first two (FilePermission and SocketPermission) are 
 * subclasses of <code>java.security.BasicPermission</code>, which itself 
 * is an abstract subclass of the
 * top-level class for permissions, which is 
 * <code>java.security.Permission</code>. BasicPermission defines the 
 * functionality needed for all permissions that contain a name 
 * that follows the hierarchical property naming convention 
 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 
 * An asterisk 
 * may appear at the end of the name, following a ".", or by itself, to 
 * signify a wildcard match. For example: "a.*" or "*" is valid, 
 * "*a" or "a*b" is not valid.
 *
 * <p>FilePermission and SocketPermission are subclasses of the
 * top-level class for permissions 
 * (<code>java.security.Permission</code>). Classes like these
 * that have a more complicated name syntax than that used by
 * BasicPermission subclass directly from Permission rather than from
 * BasicPermission. For example, 
 * for a <code>java.io.FilePermission</code> object, the permission name is
 * the path name of a file (or directory).
 *
 * <p>Some of the permission classes have an "actions" list that tells 
 * the actions that are permitted for the object.  For example, 
 * for a <code>java.io.FilePermission</code> object, the actions list
 * (such as "read, write") specifies which actions are granted for the
 * specified file (or for files in the specified directory).
 * 
 * <p>Other permission classes are for "named" permissions - 
 * ones that contain a name but no actions list; you either have the
 * named permission or you don't.
 * 
 * <p>Note: There is also a <code>java.security.AllPermission</code>
 * permission that implies all permissions. It exists to simplify the work
 * of system administrators who might need to perform multiple
 * tasks that require all (or numerous) permissions.
 * <p>
 * See <a href ="../../../guide/security/permissions.html">
 * Permissions in the Java 2 SDK</a> for permission-related information.
 * This document includes, for example, a table listing the various SecurityManager
 * <code>check</code> methods and the permission(s) the default 
 * implementation of each such method requires. 
 * It also contains a table of all the version 1.2 methods
 * that require permissions, and for each such method tells 
 * which permission it requires.
 * <p>
 * For more information about <code>SecurityManager</code> changes made in 
 * the Java 2 SDK and advice regarding porting of 1.1-style security managers,
 * see the <a href="../../../guide/security/index.html">security documentation</a>.
 *
 * @author  Arthur van Hoff
 * @author  Roland Schemers
 *
 * @version 1.125, 05/16/00
 * @see     java.lang.ClassLoader
 * @see     java.lang.SecurityException
 * @see     java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
 *  checkTopLevelWindow
 * @see     java.lang.System#getSecurityManager() getSecurityManager
 * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
 *  setSecurityManager
 * @see     java.security.AccessController AccessController
 * @see     java.security.AccessControlContext AccessControlContext
 * @see     java.security.AccessControlException AccessControlException
 * @see     java.security.Permission 
 * @see     java.security.BasicPermission
 * @see     java.io.FilePermission
 * @see     java.net.SocketPermission
 * @see     java.util.PropertyPermission
 * @see     java.lang.RuntimePermission
 * @see     java.security.Policy Policy
 * @see     java.security.SecurityPermission SecurityPermission
 * @see     java.security.ProtectionDomain
 *
 * @since   JDK1.0
 */
public 
class SecurityManager {

    /**
     * This field is <code>true</code> if there is a security check in 
     * progress; <code>false</code> otherwise.
     *
     * deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     *
    protected boolean inCheck;
     */

    /* 
     * Have we been initialized. Effective against finalizer attacks.
     */
    private boolean initialized = false;


    private static Constructor AWTPermissionCtor;

    private static BasicPermission topLevelWindowPermission;

    /**
     * returns true if the current context has been granted AllPermission
     */
    private boolean hasAllPermission() 
    {
	try {
	    checkPermission(SecurityConstants.ALL_PERMISSION);
	    return true;
	} catch (SecurityException se) {
	    return false;
	}
    }

    /** 
     * Tests if there is a security check in progress.
     *
     * return the value of the <code>inCheck</code> field. This field 
     *          should contain <code>true</code> if a security check is
     *          in progress,
     *          <code>false</code> otherwise.
     * see     java.lang.SecurityManager#inCheck
     * deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     *
    public boolean getInCheck() {
	return inCheck;
    }
     */

    /**
     * Constructs a new <code>SecurityManager</code>.
     *
     * <p> If there is a security manager already installed, this method first
     * calls the security manager's <code>checkPermission</code> method
     * with the <code>RuntimePermission("createSecurityManager")</code>
     * permission to ensure the calling thread has permission to create a new 
     * security manager.
     * This may result in throwing a <code>SecurityException</code>.
     *
     * @exception  java.lang.SecurityException if a security manager already 
     *             exists and its <code>checkPermission</code> method 
     *             doesn't allow creation of a new security manager.
     * @see        java.lang.System#getSecurityManager()
     * @see        #checkPermission(java.security.Permission) checkPermission
     * @see java.lang.RuntimePermission
     */
    public SecurityManager() {
	synchronized(SecurityManager.class) {
 	    SecurityManager sm = System.getSecurityManager();
 	    if (sm != null) {
		// ask the currently installed security manager if we 
		// can create a new one.
 		sm.checkPermission(new RuntimePermission
				   ("createSecurityManager"));
  	    }
	    initialized = true;
	}
    }

    /**
     * Returns the current execution stack as an array of classes. 
     * <p>
     * The length of the array is the number of methods on the execution 
     * stack. The element at index <code>0</code> is the class of the 
     * currently executing method, the element at index <code>1</code> is 
     * the class of that method's caller, and so on. 
     *
     * @return  the execution stack.
     */
    protected native Class[] getClassContext();

    /**
     * Returns the class loader of the most recently executing method from
     * a class defined using a non-system class loader. A non-system 
     * class loader is defined as being a class loader that is not equal to