sun.security.util.SecurityConstants Java Examples

The following examples show how to use sun.security.util.SecurityConstants. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PolicyFile.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #2
Source File: Executors.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
PrivilegedCallableUsingCurrentClassLoader(Callable<T> task) {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        // Calls to getContextClassLoader from this class
        // never trigger a security check, but we check
        // whether our callers have this permission anyways.
        sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);

        // Whether setContextClassLoader turns out to be necessary
        // or not, we fail fast if permission is not available.
        sm.checkPermission(new RuntimePermission("setContextClassLoader"));
    }
    this.task = task;
    this.acc = AccessController.getContext();
    this.ccl = Thread.currentThread().getContextClassLoader();
}
 
Example #3
Source File: ReflectUtil.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Does a conservative approximation of member access check. Use this if
 * you don't have an actual 'userland' caller Class/ClassLoader available.
 * This might be more restrictive than a precise member access check where
 * you have a caller, but should never allow a member access that is
 * forbidden.
 *
 * @param m the {@code Member} about to be accessed
 */
public static void conservativeCheckMemberAccess(Member m) throws SecurityException{
    final SecurityManager sm = System.getSecurityManager();
    if (sm == null)
        return;

    // Check for package access on the declaring class.
    //
    // In addition, unless the member and the declaring class are both
    // public check for access declared member permissions.
    //
    // This is done regardless of ClassLoader relations between the {@code
    // Member m} and any potential caller.

    final Class<?> declaringClass = m.getDeclaringClass();

    checkPackageAccess(declaringClass);

    if (Modifier.isPublic(m.getModifiers()) &&
            Modifier.isPublic(declaringClass.getModifiers()))
        return;

    // Check for declared member access.
    sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
 
Example #4
Source File: ReflectUtil.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Does a conservative approximation of member access check. Use this if
 * you don't have an actual 'userland' caller Class/ClassLoader available.
 * This might be more restrictive than a precise member access check where
 * you have a caller, but should never allow a member access that is
 * forbidden.
 *
 * @param m the {@code Member} about to be accessed
 */
public static void conservativeCheckMemberAccess(Member m) throws SecurityException{
    final SecurityManager sm = System.getSecurityManager();
    if (sm == null)
        return;

    // Check for package access on the declaring class.
    //
    // In addition, unless the member and the declaring class are both
    // public check for access declared member permissions.
    //
    // This is done regardless of ClassLoader relations between the {@code
    // Member m} and any potential caller.

    final Class<?> declaringClass = m.getDeclaringClass();

    checkPackageAccess(declaringClass);

    if (Modifier.isPublic(m.getModifiers()) &&
            Modifier.isPublic(declaringClass.getModifiers()))
        return;

    // Check for declared member access.
    sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
 
Example #5
Source File: ReflectUtil.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Does a conservative approximation of member access check. Use this if
 * you don't have an actual 'userland' caller Class/ClassLoader available.
 * This might be more restrictive than a precise member access check where
 * you have a caller, but should never allow a member access that is
 * forbidden.
 *
 * @param m the {@code Member} about to be accessed
 */
public static void conservativeCheckMemberAccess(Member m) throws SecurityException{
    final SecurityManager sm = System.getSecurityManager();
    if (sm == null)
        return;

    // Check for package access on the declaring class.
    //
    // In addition, unless the member and the declaring class are both
    // public check for access declared member permissions.
    //
    // This is done regardless of ClassLoader relations between the {@code
    // Member m} and any potential caller.

    final Class<?> declaringClass = m.getDeclaringClass();

    checkPackageAccess(declaringClass);

    if (Modifier.isPublic(m.getModifiers()) &&
            Modifier.isPublic(declaringClass.getModifiers()))
        return;

    // Check for declared member access.
    sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
 
Example #6
Source File: PolicyFile.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #7
Source File: UnixFileSystemProvider.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #8
Source File: Executors.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
PrivilegedCallableUsingCurrentClassLoader(Callable<T> task) {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        // Calls to getContextClassLoader from this class
        // never trigger a security check, but we check
        // whether our callers have this permission anyways.
        sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);

        // Whether setContextClassLoader turns out to be necessary
        // or not, we fail fast if permission is not available.
        sm.checkPermission(new RuntimePermission("setContextClassLoader"));
    }
    this.task = task;
    this.acc = AccessController.getContext();
    this.ccl = Thread.currentThread().getContextClassLoader();
}
 
Example #9
Source File: PolicyFile.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #10
Source File: SwingUtilities2.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * checks the security permissions for accessing system clipboard
 *
 * for untrusted context (see isTrustedContext) checks the
 * permissions for the current event being handled
 *
 */
public static boolean canAccessSystemClipboard() {
    boolean canAccess = false;
    if (!GraphicsEnvironment.isHeadless()) {
        SecurityManager sm = System.getSecurityManager();
        if (sm == null) {
            canAccess = true;
        } else {
            try {
                sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                canAccess = true;
            } catch (SecurityException e) {
            }
            if (canAccess && ! isTrustedContext()) {
                canAccess = canCurrentEventAccessSystemClipboard(true);
            }
        }
    }
    return canAccess;
}
 
Example #11
Source File: InputEvent.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
private boolean canAccessSystemClipboard() {
    boolean b = false;

    if (!GraphicsEnvironment.isHeadless()) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            try {
                sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                b = true;
            } catch (SecurityException se) {
                if (logger.isLoggable(PlatformLogger.Level.FINE)) {
                    logger.fine("InputEvent.canAccessSystemClipboard() got SecurityException ", se);
                }
            }
        } else {
            b = true;
        }
    }

    return b;
}
 
Example #12
Source File: Class.java    From JDKSourceCode1.8 with MIT License 6 votes vote down vote up
private void checkMemberAccess(int which, Class<?> caller, boolean checkProxyInterfaces) {
    final SecurityManager s = System.getSecurityManager();
    if (s != null) {
        /* Default policy allows access to all {@link Member#PUBLIC} members,
         * as well as access to classes that have the same class loader as the caller.
         * In all other cases, it requires RuntimePermission("accessDeclaredMembers")
         * permission.
         */
        final ClassLoader ccl = ClassLoader.getClassLoader(caller);
        final ClassLoader cl = getClassLoader0();
        if (which != Member.PUBLIC) {
            if (ccl != cl) {
                s.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
            }
        }
        this.checkPackageAccess(ccl, checkProxyInterfaces);
    }
}
 
Example #13
Source File: Window.java    From JDKSourceCode1.8 with MIT License 6 votes vote down vote up
private void setWarningString() {
    warningString = null;
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        try {
            sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
        } catch (SecurityException se) {
            // make sure the privileged action is only
            // for getting the property! We don't want the
            // above checkPermission call to always succeed!
            warningString = AccessController.doPrivileged(
                  new GetPropertyAction("awt.appletWarning",
                                        "Java Applet Window"));
        }
    }
}
 
Example #14
Source File: MethodHandles.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
 * Determines a trustable caller class to compare with refc, the symbolic reference class.
 * If this lookup object has private access, then the caller class is the lookupClass.
 */
void checkSecurityManager(Class<?> refc, MemberName m) {
    SecurityManager smgr = System.getSecurityManager();
    if (smgr == null)  return;
    if (allowedModes == TRUSTED)  return;

    // Step 1:
    boolean fullPowerLookup = hasPrivateAccess();
    if (!fullPowerLookup ||
        !VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
        ReflectUtil.checkPackageAccess(refc);
    }

    // Step 2:
    if (m.isPublic()) return;
    if (!fullPowerLookup) {
        smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
    }

    // Step 3:
    Class<?> defc = m.getDeclaringClass();
    if (!fullPowerLookup && defc != refc) {
        ReflectUtil.checkPackageAccess(defc);
    }
}
 
Example #15
Source File: ProtectionDomain.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Return true (merge policy permissions) in the following cases:
 *
 * . SecurityManager is null
 *
 * . SecurityManager is not null,
 *          debug is not null,
 *          SecurityManager impelmentation is in bootclasspath,
 *          Policy implementation is in bootclasspath
 *          (the bootclasspath restrictions avoid recursion)
 *
 * . SecurityManager is not null,
 *          debug is null,
 *          caller has Policy.getPolicy permission
 */
private static boolean seeAllp() {
    SecurityManager sm = System.getSecurityManager();

    if (sm == null) {
        return true;
    } else {
        if (DebugHolder.debug != null) {
            if (sm.getClass().getClassLoader() == null &&
                Policy.getPolicyNoCheck().getClass().getClassLoader()
                                                            == null) {
                return true;
            }
        } else {
            try {
                sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
                return true;
            } catch (SecurityException se) {
                // fall thru and return false
            }
        }
    }

    return false;
}
 
Example #16
Source File: ReflectUtil.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Does a conservative approximation of member access check. Use this if
 * you don't have an actual 'userland' caller Class/ClassLoader available.
 * This might be more restrictive than a precise member access check where
 * you have a caller, but should never allow a member access that is
 * forbidden.
 *
 * @param m the {@code Member} about to be accessed
 */
public static void conservativeCheckMemberAccess(Member m) throws SecurityException{
    final SecurityManager sm = System.getSecurityManager();
    if (sm == null)
        return;

    // Check for package access on the declaring class.
    //
    // In addition, unless the member and the declaring class are both
    // public check for access declared member permissions.
    //
    // This is done regardless of ClassLoader relations between the {@code
    // Member m} and any potential caller.

    final Class<?> declaringClass = m.getDeclaringClass();

    checkPackageAccess(declaringClass);

    if (Modifier.isPublic(m.getModifiers()) &&
            Modifier.isPublic(declaringClass.getModifiers()))
        return;

    // Check for declared member access.
    sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
 
Example #17
Source File: WToolkit.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public Clipboard getSystemClipboard() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
    }
    synchronized (this) {
        if (clipboard == null) {
            clipboard = new WClipboard();
        }
    }
    return clipboard;
}
 
Example #18
Source File: Robot.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
private static void checkScreenCaptureAllowed() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(
            SecurityConstants.AWT.READ_DISPLAY_PIXELS_PERMISSION);
    }
}
 
Example #19
Source File: AllPermission.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns an enumeration of all the AllPermission objects in the
 * container.
 *
 * @return an enumeration of all the AllPermission objects.
 */
public Enumeration<Permission> elements() {
    return new Enumeration<Permission>() {
        private boolean hasMore = all_allowed;

        public boolean hasMoreElements() {
            return hasMore;
        }

        public Permission nextElement() {
            hasMore = false;
            return SecurityConstants.ALL_PERMISSION;
        }
    };
}
 
Example #20
Source File: TextComponent.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Assigns a valid value to the canAccessClipboard instance variable.
 */
private boolean canAccessClipboard() {
    SecurityManager sm = System.getSecurityManager();
    if (sm == null) return true;
    try {
        sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
        return true;
    } catch (SecurityException e) {}
    return false;
}
 
Example #21
Source File: LWToolkit.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public final Clipboard getSystemClipboard() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
    }

    synchronized (this) {
        if (clipboard == null) {
            clipboard = createPlatformClipboard();
        }
    }
    return clipboard;
}
 
Example #22
Source File: Dialog.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
private void checkModalityPermission(ModalityType mt) {
    if (mt == ModalityType.TOOLKIT_MODAL) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(
                SecurityConstants.AWT.TOOLKIT_MODALITY_PERMISSION
            );
        }
    }
}
 
Example #23
Source File: MouseInfo.java    From jdk-1.7-annotated with Apache License 2.0 5 votes vote down vote up
/**
 * Returns a <code>PointerInfo</code> instance that represents the current
 * location of the mouse pointer.
 * The <code>GraphicsDevice</code> stored in this <code>PointerInfo</code>
 * contains the mouse pointer. The coordinate system used for the mouse position
 * depends on whether or not the <code>GraphicsDevice</code> is part of a virtual
 * screen device.
 * For virtual screen devices, the coordinates are given in the virtual
 * coordinate system, otherwise they are returned in the coordinate system
 * of the <code>GraphicsDevice</code>. See {@link GraphicsConfiguration}
 * for more information about the virtual screen devices.
 * On systems without a mouse, returns <code>null</code>.
 * <p>
 * If there is a security manager, its <code>checkPermission</code> method
 * is called with an <code>AWTPermission("watchMousePointer")</code>
 * permission before creating and returning a <code>PointerInfo</code>
 * object. This may result in a <code>SecurityException</code>.
 *
 * @exception HeadlessException if GraphicsEnvironment.isHeadless() returns true
 * @exception SecurityException if a security manager exists and its
 *            <code>checkPermission</code> method doesn't allow the operation
 * @see       GraphicsConfiguration
 * @see       SecurityManager#checkPermission
 * @see       java.awt.AWTPermission
 * @return    location of the mouse pointer
 * @since     1.5
 */
public static PointerInfo getPointerInfo() throws HeadlessException {
    if (GraphicsEnvironment.isHeadless()) {
        throw new HeadlessException();
    }

    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(SecurityConstants.AWT.WATCH_MOUSE_PERMISSION);
    }

    Point point = new Point(0, 0);
    int deviceNum = Toolkit.getDefaultToolkit().getMouseInfoPeer().fillPointWithCoords(point);
    GraphicsDevice[] gds = GraphicsEnvironment.getLocalGraphicsEnvironment().
                               getScreenDevices();
    PointerInfo retval = null;
    if (areScreenDevicesIndependent(gds)) {
        retval = new PointerInfo(gds[deviceNum], point);
    } else {
        for (int i = 0; i < gds.length; i++) {
            GraphicsConfiguration gc = gds[i].getDefaultConfiguration();
            Rectangle bounds = gc.getBounds();
            if (bounds.contains(point)) {
                retval = new PointerInfo(gds[i], point);
            }
        }
    }

    return retval;
}
 
Example #24
Source File: XToolkit.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public  Clipboard getSystemClipboard() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
    }
    synchronized (this) {
        if (clipboard == null) {
            clipboard = new XClipboard("System", "CLIPBOARD");
        }
    }
    return clipboard;
}
 
Example #25
Source File: WToolkit.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
@Override
public Clipboard getSystemClipboard() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
    }
    synchronized (this) {
        if (clipboard == null) {
            clipboard = new WClipboard();
        }
    }
    return clipboard;
}
 
Example #26
Source File: ServerSocket.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
private static Void checkPermission() {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(SecurityConstants.SET_SOCKETIMPL_PERMISSION);
    }
    return null;
}
 
Example #27
Source File: SunToolkit.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns whether popup is allowed to be shown above the task bar.
 * This is a default implementation of this method, which checks
 * corresponding security permission.
 */
public boolean canPopupOverlapTaskBar() {
    boolean result = true;
    try {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(
                    SecurityConstants.AWT.SET_WINDOW_ALWAYS_ON_TOP_PERMISSION);
        }
    } catch (SecurityException se) {
        // There is no permission to show popups over the task bar
        result = false;
    }
    return result;
}
 
Example #28
Source File: SecurityManager.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * returns true if the current context has been granted AllPermission
 */
private boolean hasAllPermission()
{
    try {
        checkPermission(SecurityConstants.ALL_PERMISSION);
        return true;
    } catch (SecurityException se) {
        return false;
    }
}
 
Example #29
Source File: AppletSecurity.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Applets are not allowed to manipulate threads outside
 * applet thread groups. However a terminated thread no longer belongs
 * to any group.
 */
public void checkAccess(Thread t) {
    /* When multiple applets is reloaded simultaneously, there will be
     * multiple invocations to this method from plugin's SecurityManager.
     * This method should not be synchronized to avoid deadlock when
     * a page with multiple applets is reloaded
     */
    if ((t.getState() != Thread.State.TERMINATED) && !inThreadGroup(t)) {
        checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
    }
}
 
Example #30
Source File: Robot.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
private static void checkScreenCaptureAllowed() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(
            SecurityConstants.AWT.READ_DISPLAY_PIXELS_PERMISSION);
    }
}