View Javadoc
1   /*
2    * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  package java.lang;
27  
28  import java.security.*;
29  import java.io.FileDescriptor;
30  import java.io.File;
31  import java.io.FilePermission;
32  import java.awt.AWTPermission;
33  import java.util.PropertyPermission;
34  import java.lang.RuntimePermission;
35  import java.net.SocketPermission;
36  import java.net.NetPermission;
37  import java.util.Hashtable;
38  import java.net.InetAddress;
39  import java.lang.reflect.*;
40  import java.net.URL;
41  
42  import sun.reflect.CallerSensitive;
43  import sun.security.util.SecurityConstants;
44  
45  /**
46   * The security manager is a class that allows
47   * applications to implement a security policy. It allows an
48   * application to determine, before performing a possibly unsafe or
49   * sensitive operation, what the operation is and whether
50   * it is being attempted in a security context that allows the
51   * operation to be performed. The
52   * application can allow or disallow the operation.
53   * <p>
54   * The <code>SecurityManager</code> class contains many methods with
55   * names that begin with the word <code>check</code>. These methods
56   * are called by various methods in the Java libraries before those
57   * methods perform certain potentially sensitive operations. The
58   * invocation of such a <code>check</code> method typically looks like this:
59   * <blockquote><pre>
60   *     SecurityManager security = System.getSecurityManager();
61   *     if (security != null) {
62   *         security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
63   *     }
64   * </pre></blockquote>
65   * <p>
66   * The security manager is thereby given an opportunity to prevent
67   * completion of the operation by throwing an exception. A security
68   * manager routine simply returns if the operation is permitted, but
69   * throws a <code>SecurityException</code> if the operation is not
70   * permitted. The only exception to this convention is
71   * <code>checkTopLevelWindow</code>, which returns a
72   * <code>boolean</code> value.
73   * <p>
74   * The current security manager is set by the
75   * <code>setSecurityManager</code> method in class
76   * <code>System</code>. The current security manager is obtained
77   * by the <code>getSecurityManager</code> method.
78   * <p>
79   * The special method
80   * {@link SecurityManager#checkPermission(java.security.Permission)}
81   * determines whether an access request indicated by a specified
82   * permission should be granted or denied. The
83   * default implementation calls
84   *
85   * <pre>
86   *   AccessController.checkPermission(perm);
87   * </pre>
88   *
89   * <p>
90   * If a requested access is allowed,
91   * <code>checkPermission</code> returns quietly. If denied, a
92   * <code>SecurityException</code> is thrown.
93   * <p>
94   * As of Java 2 SDK v1.2, the default implementation of each of the other
95   * <code>check</code> methods in <code>SecurityManager</code> is to
96   * call the <code>SecurityManager checkPermission</code> method
97   * to determine if the calling thread has permission to perform the requested
98   * operation.
99   * <p>
100  * Note that the <code>checkPermission</code> method with
101  * just a single permission argument always performs security checks
102  * within the context of the currently executing thread.
103  * Sometimes a security check that should be made within a given context
104  * will actually need to be done from within a
105  * <i>different</i> context (for example, from within a worker thread).
106  * The {@link SecurityManager#getSecurityContext getSecurityContext} method
107  * and the {@link SecurityManager#checkPermission(java.security.Permission,
108  * java.lang.Object) checkPermission}
109  * method that includes a context argument are provided
110  * for this situation. The
111  * <code>getSecurityContext</code> method returns a "snapshot"
112  * of the current calling context. (The default implementation
113  * returns an AccessControlContext object.) A sample call is
114  * the following:
115  *
116  * <pre>
117  *   Object context = null;
118  *   SecurityManager sm = System.getSecurityManager();
119  *   if (sm != null) context = sm.getSecurityContext();
120  * </pre>
121  *
122  * <p>
123  * The <code>checkPermission</code> method
124  * that takes a context object in addition to a permission
125  * makes access decisions based on that context,
126  * rather than on that of the current execution thread.
127  * Code within a different context can thus call that method,
128  * passing the permission and the
129  * previously-saved context object. A sample call, using the
130  * SecurityManager <code>sm</code> obtained as in the previous example,
131  * is the following:
132  *
133  * <pre>
134  *   if (sm != null) sm.checkPermission(permission, context);
135  * </pre>
136  *
137  * <p>Permissions fall into these categories: File, Socket, Net,
138  * Security, Runtime, Property, AWT, Reflect, and Serializable.
139  * The classes managing these various
140  * permission categories are <code>java.io.FilePermission</code>,
141  * <code>java.net.SocketPermission</code>,
142  * <code>java.net.NetPermission</code>,
143  * <code>java.security.SecurityPermission</code>,
144  * <code>java.lang.RuntimePermission</code>,
145  * <code>java.util.PropertyPermission</code>,
146  * <code>java.awt.AWTPermission</code>,
147  * <code>java.lang.reflect.ReflectPermission</code>, and
148  * <code>java.io.SerializablePermission</code>.
149  *
150  * <p>All but the first two (FilePermission and SocketPermission) are
151  * subclasses of <code>java.security.BasicPermission</code>, which itself
152  * is an abstract subclass of the
153  * top-level class for permissions, which is
154  * <code>java.security.Permission</code>. BasicPermission defines the
155  * functionality needed for all permissions that contain a name
156  * that follows the hierarchical property naming convention
157  * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
158  * An asterisk
159  * may appear at the end of the name, following a ".", or by itself, to
160  * signify a wildcard match. For example: "a.*" or "*" is valid,
161  * "*a" or "a*b" is not valid.
162  *
163  * <p>FilePermission and SocketPermission are subclasses of the
164  * top-level class for permissions
165  * (<code>java.security.Permission</code>). Classes like these
166  * that have a more complicated name syntax than that used by
167  * BasicPermission subclass directly from Permission rather than from
168  * BasicPermission. For example,
169  * for a <code>java.io.FilePermission</code> object, the permission name is
170  * the path name of a file (or directory).
171  *
172  * <p>Some of the permission classes have an "actions" list that tells
173  * the actions that are permitted for the object.  For example,
174  * for a <code>java.io.FilePermission</code> object, the actions list
175  * (such as "read, write") specifies which actions are granted for the
176  * specified file (or for files in the specified directory).
177  *
178  * <p>Other permission classes are for "named" permissions -
179  * ones that contain a name but no actions list; you either have the
180  * named permission or you don't.
181  *
182  * <p>Note: There is also a <code>java.security.AllPermission</code>
183  * permission that implies all permissions. It exists to simplify the work
184  * of system administrators who might need to perform multiple
185  * tasks that require all (or numerous) permissions.
186  * <p>
187  * See <a href ="../../../technotes/guides/security/permissions.html">
188  * Permissions in the JDK</a> for permission-related information.
189  * This document includes, for example, a table listing the various SecurityManager
190  * <code>check</code> methods and the permission(s) the default
191  * implementation of each such method requires.
192  * It also contains a table of all the version 1.2 methods
193  * that require permissions, and for each such method tells
194  * which permission it requires.
195  * <p>
196  * For more information about <code>SecurityManager</code> changes made in
197  * the JDK and advice regarding porting of 1.1-style security managers,
198  * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
199  *
200  * @author  Arthur van Hoff
201  * @author  Roland Schemers
202  *
203  * @see     java.lang.ClassLoader
204  * @see     java.lang.SecurityException
205  * @see     java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
206  *  checkTopLevelWindow
207  * @see     java.lang.System#getSecurityManager() getSecurityManager
208  * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
209  *  setSecurityManager
210  * @see     java.security.AccessController AccessController
211  * @see     java.security.AccessControlContext AccessControlContext
212  * @see     java.security.AccessControlException AccessControlException
213  * @see     java.security.Permission
214  * @see     java.security.BasicPermission
215  * @see     java.io.FilePermission
216  * @see     java.net.SocketPermission
217  * @see     java.util.PropertyPermission
218  * @see     java.lang.RuntimePermission
219  * @see     java.awt.AWTPermission
220  * @see     java.security.Policy Policy
221  * @see     java.security.SecurityPermission SecurityPermission
222  * @see     java.security.ProtectionDomain
223  *
224  * @since   JDK1.0
225  */
226 public
227 class SecurityManager {
228 
229     /**
230      * This field is <code>true</code> if there is a security check in
231      * progress; <code>false</code> otherwise.
232      *
233      * @deprecated This type of security checking is not recommended.
234      *  It is recommended that the <code>checkPermission</code>
235      *  call be used instead.
236      */
237     @Deprecated
238     protected boolean inCheck;
239 
240     /*
241      * Have we been initialized. Effective against finalizer attacks.
242      */
243     private boolean initialized = false;
244 
245 
246     /**
247      * returns true if the current context has been granted AllPermission
248      */
249     private boolean hasAllPermission()
250     {
251         try {
252             checkPermission(SecurityConstants.ALL_PERMISSION);
253             return true;
254         } catch (SecurityException se) {
255             return false;
256         }
257     }
258 
259     /**
260      * Tests if there is a security check in progress.
261      *
262      * @return the value of the <code>inCheck</code> field. This field
263      *          should contain <code>true</code> if a security check is
264      *          in progress,
265      *          <code>false</code> otherwise.
266      * @see     java.lang.SecurityManager#inCheck
267      * @deprecated This type of security checking is not recommended.
268      *  It is recommended that the <code>checkPermission</code>
269      *  call be used instead.
270      */
271     @Deprecated
272     public boolean getInCheck() {
273         return inCheck;
274     }
275 
276     /**
277      * Constructs a new <code>SecurityManager</code>.
278      *
279      * <p> If there is a security manager already installed, this method first
280      * calls the security manager's <code>checkPermission</code> method
281      * with the <code>RuntimePermission("createSecurityManager")</code>
282      * permission to ensure the calling thread has permission to create a new
283      * security manager.
284      * This may result in throwing a <code>SecurityException</code>.
285      *
286      * @exception  java.lang.SecurityException if a security manager already
287      *             exists and its <code>checkPermission</code> method
288      *             doesn't allow creation of a new security manager.
289      * @see        java.lang.System#getSecurityManager()
290      * @see        #checkPermission(java.security.Permission) checkPermission
291      * @see java.lang.RuntimePermission
292      */
293     public SecurityManager() {
294         synchronized(SecurityManager.class) {
295             SecurityManager sm = System.getSecurityManager();
296             if (sm != null) {
297                 // ask the currently installed security manager if we
298                 // can create a new one.
299                 sm.checkPermission(new RuntimePermission
300                                    ("createSecurityManager"));
301             }
302             initialized = true;
303         }
304     }
305 
306     /**
307      * Returns the current execution stack as an array of classes.
308      * <p>
309      * The length of the array is the number of methods on the execution
310      * stack. The element at index <code>0</code> is the class of the
311      * currently executing method, the element at index <code>1</code> is
312      * the class of that method's caller, and so on.
313      *
314      * @return  the execution stack.
315      */
316     protected native Class[] getClassContext();
317 
318     /**
319      * Returns the class loader of the most recently executing method from
320      * a class defined using a non-system class loader. A non-system
321      * class loader is defined as being a class loader that is not equal to
322      * the system class loader (as returned
323      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
324      * <p>
325      * This method will return
326      * <code>null</code> in the following three cases:
327      * <ol>
328      *   <li>All methods on the execution stack are from classes
329      *   defined using the system class loader or one of its ancestors.
330      *
331      *   <li>All methods on the execution stack up to the first
332      *   "privileged" caller
333      *   (see {@link java.security.AccessController#doPrivileged})
334      *   are from classes
335      *   defined using the system class loader or one of its ancestors.
336      *
337      *   <li> A call to <code>checkPermission</code> with
338      *   <code>java.security.AllPermission</code> does not
339      *   result in a SecurityException.
340      *
341      * </ol>
342      *
343      * @return  the class loader of the most recent occurrence on the stack
344      *          of a method from a class defined using a non-system class
345      *          loader.
346      *
347      * @deprecated This type of security checking is not recommended.
348      *  It is recommended that the <code>checkPermission</code>
349      *  call be used instead.
350      *
351      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
352      * @see  #checkPermission(java.security.Permission) checkPermission
353      */
354     @Deprecated
355     protected ClassLoader currentClassLoader()
356     {
357         ClassLoader cl = currentClassLoader0();
358         if ((cl != null) && hasAllPermission())
359             cl = null;
360         return cl;
361     }
362 
363     private native ClassLoader currentClassLoader0();
364 
365     /**
366      * Returns the class of the most recently executing method from
367      * a class defined using a non-system class loader. A non-system
368      * class loader is defined as being a class loader that is not equal to
369      * the system class loader (as returned
370      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
371      * <p>
372      * This method will return
373      * <code>null</code> in the following three cases:
374      * <ol>
375      *   <li>All methods on the execution stack are from classes
376      *   defined using the system class loader or one of its ancestors.
377      *
378      *   <li>All methods on the execution stack up to the first
379      *   "privileged" caller
380      *   (see {@link java.security.AccessController#doPrivileged})
381      *   are from classes
382      *   defined using the system class loader or one of its ancestors.
383      *
384      *   <li> A call to <code>checkPermission</code> with
385      *   <code>java.security.AllPermission</code> does not
386      *   result in a SecurityException.
387      *
388      * </ol>
389      *
390      * @return  the class  of the most recent occurrence on the stack
391      *          of a method from a class defined using a non-system class
392      *          loader.
393      *
394      * @deprecated This type of security checking is not recommended.
395      *  It is recommended that the <code>checkPermission</code>
396      *  call be used instead.
397      *
398      * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
399      * @see  #checkPermission(java.security.Permission) checkPermission
400      */
401     @Deprecated
402     protected Class<?> currentLoadedClass() {
403         Class<?> c = currentLoadedClass0();
404         if ((c != null) && hasAllPermission())
405             c = null;
406         return c;
407     }
408 
409     /**
410      * Returns the stack depth of the specified class.
411      *
412      * @param   name   the fully qualified name of the class to search for.
413      * @return  the depth on the stack frame of the first occurrence of a
414      *          method from a class with the specified name;
415      *          <code>-1</code> if such a frame cannot be found.
416      * @deprecated This type of security checking is not recommended.
417      *  It is recommended that the <code>checkPermission</code>
418      *  call be used instead.
419      *
420      */
421     @Deprecated
422     protected native int classDepth(String name);
423 
424     /**
425      * Returns the stack depth of the most recently executing method
426      * from a class defined using a non-system class loader.  A non-system
427      * class loader is defined as being a class loader that is not equal to
428      * the system class loader (as returned
429      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
430      * <p>
431      * This method will return
432      * -1 in the following three cases:
433      * <ol>
434      *   <li>All methods on the execution stack are from classes
435      *   defined using the system class loader or one of its ancestors.
436      *
437      *   <li>All methods on the execution stack up to the first
438      *   "privileged" caller
439      *   (see {@link java.security.AccessController#doPrivileged})
440      *   are from classes
441      *   defined using the system class loader or one of its ancestors.
442      *
443      *   <li> A call to <code>checkPermission</code> with
444      *   <code>java.security.AllPermission</code> does not
445      *   result in a SecurityException.
446      *
447      * </ol>
448      *
449      * @return the depth on the stack frame of the most recent occurrence of
450      *          a method from a class defined using a non-system class loader.
451      *
452      * @deprecated This type of security checking is not recommended.
453      *  It is recommended that the <code>checkPermission</code>
454      *  call be used instead.
455      *
456      * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
457      * @see   #checkPermission(java.security.Permission) checkPermission
458      */
459     @Deprecated
460     protected int classLoaderDepth()
461     {
462         int depth = classLoaderDepth0();
463         if (depth != -1) {
464             if (hasAllPermission())
465                 depth = -1;
466             else
467                 depth--; // make sure we don't include ourself
468         }
469         return depth;
470     }
471 
472     private native int classLoaderDepth0();
473 
474     /**
475      * Tests if a method from a class with the specified
476      *         name is on the execution stack.
477      *
478      * @param  name   the fully qualified name of the class.
479      * @return <code>true</code> if a method from a class with the specified
480      *         name is on the execution stack; <code>false</code> otherwise.
481      * @deprecated This type of security checking is not recommended.
482      *  It is recommended that the <code>checkPermission</code>
483      *  call be used instead.
484      */
485     @Deprecated
486     protected boolean inClass(String name) {
487         return classDepth(name) >= 0;
488     }
489 
490     /**
491      * Basically, tests if a method from a class defined using a
492      *          class loader is on the execution stack.
493      *
494      * @return  <code>true</code> if a call to <code>currentClassLoader</code>
495      *          has a non-null return value.
496      *
497      * @deprecated This type of security checking is not recommended.
498      *  It is recommended that the <code>checkPermission</code>
499      *  call be used instead.
500      * @see        #currentClassLoader() currentClassLoader
501      */
502     @Deprecated
503     protected boolean inClassLoader() {
504         return currentClassLoader() != null;
505     }
506 
507     /**
508      * Creates an object that encapsulates the current execution
509      * environment. The result of this method is used, for example, by the
510      * three-argument <code>checkConnect</code> method and by the
511      * two-argument <code>checkRead</code> method.
512      * These methods are needed because a trusted method may be called
513      * on to read a file or open a socket on behalf of another method.
514      * The trusted method needs to determine if the other (possibly
515      * untrusted) method would be allowed to perform the operation on its
516      * own.
517      * <p> The default implementation of this method is to return
518      * an <code>AccessControlContext</code> object.
519      *
520      * @return  an implementation-dependent object that encapsulates
521      *          sufficient information about the current execution environment
522      *          to perform some security checks later.
523      * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int,
524      *   java.lang.Object) checkConnect
525      * @see     java.lang.SecurityManager#checkRead(java.lang.String,
526      *   java.lang.Object) checkRead
527      * @see     java.security.AccessControlContext AccessControlContext
528      */
529     public Object getSecurityContext() {
530         return AccessController.getContext();
531     }
532 
533     /**
534      * Throws a <code>SecurityException</code> if the requested
535      * access, specified by the given permission, is not permitted based
536      * on the security policy currently in effect.
537      * <p>
538      * This method calls <code>AccessController.checkPermission</code>
539      * with the given permission.
540      *
541      * @param     perm   the requested permission.
542      * @exception SecurityException if access is not permitted based on
543      *            the current security policy.
544      * @exception NullPointerException if the permission argument is
545      *            <code>null</code>.
546      * @since     1.2
547      */
548     public void checkPermission(Permission perm) {
549         java.security.AccessController.checkPermission(perm);
550     }
551 
552     /**
553      * Throws a <code>SecurityException</code> if the
554      * specified security context is denied access to the resource
555      * specified by the given permission.
556      * The context must be a security
557      * context returned by a previous call to
558      * <code>getSecurityContext</code> and the access control
559      * decision is based upon the configured security policy for
560      * that security context.
561      * <p>
562      * If <code>context</code> is an instance of
563      * <code>AccessControlContext</code> then the
564      * <code>AccessControlContext.checkPermission</code> method is
565      * invoked with the specified permission.
566      * <p>
567      * If <code>context</code> is not an instance of
568      * <code>AccessControlContext</code> then a
569      * <code>SecurityException</code> is thrown.
570      *
571      * @param      perm      the specified permission
572      * @param      context   a system-dependent security context.
573      * @exception  SecurityException  if the specified security context
574      *             is not an instance of <code>AccessControlContext</code>
575      *             (e.g., is <code>null</code>), or is denied access to the
576      *             resource specified by the given permission.
577      * @exception  NullPointerException if the permission argument is
578      *             <code>null</code>.
579      * @see        java.lang.SecurityManager#getSecurityContext()
580      * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
581      * @since      1.2
582      */
583     public void checkPermission(Permission perm, Object context) {
584         if (context instanceof AccessControlContext) {
585             ((AccessControlContext)context).checkPermission(perm);
586         } else {
587             throw new SecurityException();
588         }
589     }
590 
591     /**
592      * Throws a <code>SecurityException</code> if the
593      * calling thread is not allowed to create a new class loader.
594      * <p>
595      * This method calls <code>checkPermission</code> with the
596      * <code>RuntimePermission("createClassLoader")</code>
597      * permission.
598      * <p>
599      * If you override this method, then you should make a call to
600      * <code>super.checkCreateClassLoader</code>
601      * at the point the overridden method would normally throw an
602      * exception.
603      *
604      * @exception SecurityException if the calling thread does not
605      *             have permission
606      *             to create a new class loader.
607      * @see        java.lang.ClassLoader#ClassLoader()
608      * @see        #checkPermission(java.security.Permission) checkPermission
609      */
610     public void checkCreateClassLoader() {
611         checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
612     }
613 
614     /**
615      * reference to the root thread group, used for the checkAccess
616      * methods.
617      */
618 
619     private static ThreadGroup rootGroup = getRootGroup();
620 
621     private static ThreadGroup getRootGroup() {
622         ThreadGroup root =  Thread.currentThread().getThreadGroup();
623         while (root.getParent() != null) {
624             root = root.getParent();
625         }
626         return root;
627     }
628 
629     /**
630      * Throws a <code>SecurityException</code> if the
631      * calling thread is not allowed to modify the thread argument.
632      * <p>
633      * This method is invoked for the current security manager by the
634      * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
635      * <code>setPriority</code>, <code>setName</code>, and
636      * <code>setDaemon</code> methods of class <code>Thread</code>.
637      * <p>
638      * If the thread argument is a system thread (belongs to
639      * the thread group with a <code>null</code> parent) then
640      * this method calls <code>checkPermission</code> with the
641      * <code>RuntimePermission("modifyThread")</code> permission.
642      * If the thread argument is <i>not</i> a system thread,
643      * this method just returns silently.
644      * <p>
645      * Applications that want a stricter policy should override this
646      * method. If this method is overridden, the method that overrides
647      * it should additionally check to see if the calling thread has the
648      * <code>RuntimePermission("modifyThread")</code> permission, and
649      * if so, return silently. This is to ensure that code granted
650      * that permission (such as the JDK itself) is allowed to
651      * manipulate any thread.
652      * <p>
653      * If this method is overridden, then
654      * <code>super.checkAccess</code> should
655      * be called by the first statement in the overridden method, or the
656      * equivalent security check should be placed in the overridden method.
657      *
658      * @param      t   the thread to be checked.
659      * @exception  SecurityException  if the calling thread does not have
660      *             permission to modify the thread.
661      * @exception  NullPointerException if the thread argument is
662      *             <code>null</code>.
663      * @see        java.lang.Thread#resume() resume
664      * @see        java.lang.Thread#setDaemon(boolean) setDaemon
665      * @see        java.lang.Thread#setName(java.lang.String) setName
666      * @see        java.lang.Thread#setPriority(int) setPriority
667      * @see        java.lang.Thread#stop() stop
668      * @see        java.lang.Thread#suspend() suspend
669      * @see        #checkPermission(java.security.Permission) checkPermission
670      */
671     public void checkAccess(Thread t) {
672         if (t == null) {
673             throw new NullPointerException("thread can't be null");
674         }
675         if (t.getThreadGroup() == rootGroup) {
676             checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
677         } else {
678             // just return
679         }
680     }
681     /**
682      * Throws a <code>SecurityException</code> if the
683      * calling thread is not allowed to modify the thread group argument.
684      * <p>
685      * This method is invoked for the current security manager when a
686      * new child thread or child thread group is created, and by the
687      * <code>setDaemon</code>, <code>setMaxPriority</code>,
688      * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
689      * <code>destroy</code> methods of class <code>ThreadGroup</code>.
690      * <p>
691      * If the thread group argument is the system thread group (
692      * has a <code>null</code> parent) then
693      * this method calls <code>checkPermission</code> with the
694      * <code>RuntimePermission("modifyThreadGroup")</code> permission.
695      * If the thread group argument is <i>not</i> the system thread group,
696      * this method just returns silently.
697      * <p>
698      * Applications that want a stricter policy should override this
699      * method. If this method is overridden, the method that overrides
700      * it should additionally check to see if the calling thread has the
701      * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
702      * if so, return silently. This is to ensure that code granted
703      * that permission (such as the JDK itself) is allowed to
704      * manipulate any thread.
705      * <p>
706      * If this method is overridden, then
707      * <code>super.checkAccess</code> should
708      * be called by the first statement in the overridden method, or the
709      * equivalent security check should be placed in the overridden method.
710      *
711      * @param      g   the thread group to be checked.
712      * @exception  SecurityException  if the calling thread does not have
713      *             permission to modify the thread group.
714      * @exception  NullPointerException if the thread group argument is
715      *             <code>null</code>.
716      * @see        java.lang.ThreadGroup#destroy() destroy
717      * @see        java.lang.ThreadGroup#resume() resume
718      * @see        java.lang.ThreadGroup#setDaemon(boolean) setDaemon
719      * @see        java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
720      * @see        java.lang.ThreadGroup#stop() stop
721      * @see        java.lang.ThreadGroup#suspend() suspend
722      * @see        #checkPermission(java.security.Permission) checkPermission
723      */
724     public void checkAccess(ThreadGroup g) {
725         if (g == null) {
726             throw new NullPointerException("thread group can't be null");
727         }
728         if (g == rootGroup) {
729             checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
730         } else {
731             // just return
732         }
733     }
734 
735     /**
736      * Throws a <code>SecurityException</code> if the
737      * calling thread is not allowed to cause the Java Virtual Machine to
738      * halt with the specified status code.
739      * <p>
740      * This method is invoked for the current security manager by the
741      * <code>exit</code> method of class <code>Runtime</code>. A status
742      * of <code>0</code> indicates success; other values indicate various
743      * errors.
744      * <p>
745      * This method calls <code>checkPermission</code> with the
746      * <code>RuntimePermission("exitVM."+status)</code> permission.
747      * <p>
748      * If you override this method, then you should make a call to
749      * <code>super.checkExit</code>
750      * at the point the overridden method would normally throw an
751      * exception.
752      *
753      * @param      status   the exit status.
754      * @exception SecurityException if the calling thread does not have
755      *              permission to halt the Java Virtual Machine with
756      *              the specified status.
757      * @see        java.lang.Runtime#exit(int) exit
758      * @see        #checkPermission(java.security.Permission) checkPermission
759      */
760     public void checkExit(int status) {
761         checkPermission(new RuntimePermission("exitVM."+status));
762     }
763 
764     /**
765      * Throws a <code>SecurityException</code> if the
766      * calling thread is not allowed to create a subprocess.
767      * <p>
768      * This method is invoked for the current security manager by the
769      * <code>exec</code> methods of class <code>Runtime</code>.
770      * <p>
771      * This method calls <code>checkPermission</code> with the
772      * <code>FilePermission(cmd,"execute")</code> permission
773      * if cmd is an absolute path, otherwise it calls
774      * <code>checkPermission</code> with
775      * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;","execute")</code>.
776      * <p>
777      * If you override this method, then you should make a call to
778      * <code>super.checkExec</code>
779      * at the point the overridden method would normally throw an
780      * exception.
781      *
782      * @param      cmd   the specified system command.
783      * @exception  SecurityException if the calling thread does not have
784      *             permission to create a subprocess.
785      * @exception  NullPointerException if the <code>cmd</code> argument is
786      *             <code>null</code>.
787      * @see     java.lang.Runtime#exec(java.lang.String)
788      * @see     java.lang.Runtime#exec(java.lang.String, java.lang.String[])
789      * @see     java.lang.Runtime#exec(java.lang.String[])
790      * @see     java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
791      * @see     #checkPermission(java.security.Permission) checkPermission
792      */
793     public void checkExec(String cmd) {
794         File f = new File(cmd);
795         if (f.isAbsolute()) {
796             checkPermission(new FilePermission(cmd,
797                 SecurityConstants.FILE_EXECUTE_ACTION));
798         } else {
799             checkPermission(new FilePermission("<<ALL FILES>>",
800                 SecurityConstants.FILE_EXECUTE_ACTION));
801         }
802     }
803 
804     /**
805      * Throws a <code>SecurityException</code> if the
806      * calling thread is not allowed to dynamic link the library code
807      * specified by the string argument file. The argument is either a
808      * simple library name or a complete filename.
809      * <p>
810      * This method is invoked for the current security manager by
811      * methods <code>load</code> and <code>loadLibrary</code> of class
812      * <code>Runtime</code>.
813      * <p>
814      * This method calls <code>checkPermission</code> with the
815      * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
816      * <p>
817      * If you override this method, then you should make a call to
818      * <code>super.checkLink</code>
819      * at the point the overridden method would normally throw an
820      * exception.
821      *
822      * @param      lib   the name of the library.
823      * @exception  SecurityException if the calling thread does not have
824      *             permission to dynamically link the library.
825      * @exception  NullPointerException if the <code>lib</code> argument is
826      *             <code>null</code>.
827      * @see        java.lang.Runtime#load(java.lang.String)
828      * @see        java.lang.Runtime#loadLibrary(java.lang.String)
829      * @see        #checkPermission(java.security.Permission) checkPermission
830      */
831     public void checkLink(String lib) {
832         if (lib == null) {
833             throw new NullPointerException("library can't be null");
834         }
835         checkPermission(new RuntimePermission("loadLibrary."+lib));
836     }
837 
838     /**
839      * Throws a <code>SecurityException</code> if the
840      * calling thread is not allowed to read from the specified file
841      * descriptor.
842      * <p>
843      * This method calls <code>checkPermission</code> with the
844      * <code>RuntimePermission("readFileDescriptor")</code>
845      * permission.
846      * <p>
847      * If you override this method, then you should make a call to
848      * <code>super.checkRead</code>
849      * at the point the overridden method would normally throw an
850      * exception.
851      *
852      * @param      fd   the system-dependent file descriptor.
853      * @exception  SecurityException  if the calling thread does not have
854      *             permission to access the specified file descriptor.
855      * @exception  NullPointerException if the file descriptor argument is
856      *             <code>null</code>.
857      * @see        java.io.FileDescriptor
858      * @see        #checkPermission(java.security.Permission) checkPermission
859      */
860     public void checkRead(FileDescriptor fd) {
861         if (fd == null) {
862             throw new NullPointerException("file descriptor can't be null");
863         }
864         checkPermission(new RuntimePermission("readFileDescriptor"));
865     }
866 
867     /**
868      * Throws a <code>SecurityException</code> if the
869      * calling thread is not allowed to read the file specified by the
870      * string argument.
871      * <p>
872      * This method calls <code>checkPermission</code> with the
873      * <code>FilePermission(file,"read")</code> permission.
874      * <p>
875      * If you override this method, then you should make a call to
876      * <code>super.checkRead</code>
877      * at the point the overridden method would normally throw an
878      * exception.
879      *
880      * @param      file   the system-dependent file name.
881      * @exception  SecurityException if the calling thread does not have
882      *             permission to access the specified file.
883      * @exception  NullPointerException if the <code>file</code> argument is
884      *             <code>null</code>.
885      * @see        #checkPermission(java.security.Permission) checkPermission
886      */
887     public void checkRead(String file) {
888         checkPermission(new FilePermission(file,
889             SecurityConstants.FILE_READ_ACTION));
890     }
891 
892     /**
893      * Throws a <code>SecurityException</code> if the
894      * specified security context is not allowed to read the file
895      * specified by the string argument. The context must be a security
896      * context returned by a previous call to
897      * <code>getSecurityContext</code>.
898      * <p> If <code>context</code> is an instance of
899      * <code>AccessControlContext</code> then the
900      * <code>AccessControlContext.checkPermission</code> method will
901      * be invoked with the <code>FilePermission(file,"read")</code> permission.
902      * <p> If <code>context</code> is not an instance of
903      * <code>AccessControlContext</code> then a
904      * <code>SecurityException</code> is thrown.
905      * <p>
906      * If you override this method, then you should make a call to
907      * <code>super.checkRead</code>
908      * at the point the overridden method would normally throw an
909      * exception.
910      *
911      * @param      file      the system-dependent filename.
912      * @param      context   a system-dependent security context.
913      * @exception  SecurityException  if the specified security context
914      *             is not an instance of <code>AccessControlContext</code>
915      *             (e.g., is <code>null</code>), or does not have permission
916      *             to read the specified file.
917      * @exception  NullPointerException if the <code>file</code> argument is
918      *             <code>null</code>.
919      * @see        java.lang.SecurityManager#getSecurityContext()
920      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
921      */
922     public void checkRead(String file, Object context) {
923         checkPermission(
924             new FilePermission(file, SecurityConstants.FILE_READ_ACTION),
925             context);
926     }
927 
928     /**
929      * Throws a <code>SecurityException</code> if the
930      * calling thread is not allowed to write to the specified file
931      * descriptor.
932      * <p>
933      * This method calls <code>checkPermission</code> with the
934      * <code>RuntimePermission("writeFileDescriptor")</code>
935      * permission.
936      * <p>
937      * If you override this method, then you should make a call to
938      * <code>super.checkWrite</code>
939      * at the point the overridden method would normally throw an
940      * exception.
941      *
942      * @param      fd   the system-dependent file descriptor.
943      * @exception SecurityException  if the calling thread does not have
944      *             permission to access the specified file descriptor.
945      * @exception  NullPointerException if the file descriptor argument is
946      *             <code>null</code>.
947      * @see        java.io.FileDescriptor
948      * @see        #checkPermission(java.security.Permission) checkPermission
949      */
950     public void checkWrite(FileDescriptor fd) {
951         if (fd == null) {
952             throw new NullPointerException("file descriptor can't be null");
953         }
954         checkPermission(new RuntimePermission("writeFileDescriptor"));
955 
956     }
957 
958     /**
959      * Throws a <code>SecurityException</code> if the
960      * calling thread is not allowed to write to the file specified by
961      * the string argument.
962      * <p>
963      * This method calls <code>checkPermission</code> with the
964      * <code>FilePermission(file,"write")</code> permission.
965      * <p>
966      * If you override this method, then you should make a call to
967      * <code>super.checkWrite</code>
968      * at the point the overridden method would normally throw an
969      * exception.
970      *
971      * @param      file   the system-dependent filename.
972      * @exception  SecurityException  if the calling thread does not
973      *             have permission to access the specified file.
974      * @exception  NullPointerException if the <code>file</code> argument is
975      *             <code>null</code>.
976      * @see        #checkPermission(java.security.Permission) checkPermission
977      */
978     public void checkWrite(String file) {
979         checkPermission(new FilePermission(file,
980             SecurityConstants.FILE_WRITE_ACTION));
981     }
982 
983     /**
984      * Throws a <code>SecurityException</code> if the
985      * calling thread is not allowed to delete the specified file.
986      * <p>
987      * This method is invoked for the current security manager by the
988      * <code>delete</code> method of class <code>File</code>.
989      * <p>
990      * This method calls <code>checkPermission</code> with the
991      * <code>FilePermission(file,"delete")</code> permission.
992      * <p>
993      * If you override this method, then you should make a call to
994      * <code>super.checkDelete</code>
995      * at the point the overridden method would normally throw an
996      * exception.
997      *
998      * @param      file   the system-dependent filename.
999      * @exception  SecurityException if the calling thread does not
1000      *             have permission to delete the file.
1001      * @exception  NullPointerException if the <code>file</code> argument is
1002      *             <code>null</code>.
1003      * @see        java.io.File#delete()
1004      * @see        #checkPermission(java.security.Permission) checkPermission
1005      */
1006     public void checkDelete(String file) {
1007         checkPermission(new FilePermission(file,
1008             SecurityConstants.FILE_DELETE_ACTION));
1009     }
1010 
1011     /**
1012      * Throws a <code>SecurityException</code> if the
1013      * calling thread is not allowed to open a socket connection to the
1014      * specified host and port number.
1015      * <p>
1016      * A port number of <code>-1</code> indicates that the calling
1017      * method is attempting to determine the IP address of the specified
1018      * host name.
1019      * <p>
1020      * This method calls <code>checkPermission</code> with the
1021      * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1022      * the port is not equal to -1. If the port is equal to -1, then
1023      * it calls <code>checkPermission</code> with the
1024      * <code>SocketPermission(host,"resolve")</code> permission.
1025      * <p>
1026      * If you override this method, then you should make a call to
1027      * <code>super.checkConnect</code>
1028      * at the point the overridden method would normally throw an
1029      * exception.
1030      *
1031      * @param      host   the host name port to connect to.
1032      * @param      port   the protocol port to connect to.
1033      * @exception  SecurityException  if the calling thread does not have
1034      *             permission to open a socket connection to the specified
1035      *               <code>host</code> and <code>port</code>.
1036      * @exception  NullPointerException if the <code>host</code> argument is
1037      *             <code>null</code>.
1038      * @see        #checkPermission(java.security.Permission) checkPermission
1039      */
1040     public void checkConnect(String host, int port) {
1041         if (host == null) {
1042             throw new NullPointerException("host can't be null");
1043         }
1044         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1045             host = "[" + host + "]";
1046         }
1047         if (port == -1) {
1048             checkPermission(new SocketPermission(host,
1049                 SecurityConstants.SOCKET_RESOLVE_ACTION));
1050         } else {
1051             checkPermission(new SocketPermission(host+":"+port,
1052                 SecurityConstants.SOCKET_CONNECT_ACTION));
1053         }
1054     }
1055 
1056     /**
1057      * Throws a <code>SecurityException</code> if the
1058      * specified security context is not allowed to open a socket
1059      * connection to the specified host and port number.
1060      * <p>
1061      * A port number of <code>-1</code> indicates that the calling
1062      * method is attempting to determine the IP address of the specified
1063      * host name.
1064      * <p> If <code>context</code> is not an instance of
1065      * <code>AccessControlContext</code> then a
1066      * <code>SecurityException</code> is thrown.
1067      * <p>
1068      * Otherwise, the port number is checked. If it is not equal
1069      * to -1, the <code>context</code>'s <code>checkPermission</code>
1070      * method is called with a
1071      * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1072      * If the port is equal to -1, then
1073      * the <code>context</code>'s <code>checkPermission</code> method
1074      * is called with a
1075      * <code>SocketPermission(host,"resolve")</code> permission.
1076      * <p>
1077      * If you override this method, then you should make a call to
1078      * <code>super.checkConnect</code>
1079      * at the point the overridden method would normally throw an
1080      * exception.
1081      *
1082      * @param      host      the host name port to connect to.
1083      * @param      port      the protocol port to connect to.
1084      * @param      context   a system-dependent security context.
1085      * @exception  SecurityException if the specified security context
1086      *             is not an instance of <code>AccessControlContext</code>
1087      *             (e.g., is <code>null</code>), or does not have permission
1088      *             to open a socket connection to the specified
1089      *             <code>host</code> and <code>port</code>.
1090      * @exception  NullPointerException if the <code>host</code> argument is
1091      *             <code>null</code>.
1092      * @see        java.lang.SecurityManager#getSecurityContext()
1093      * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
1094      */
1095     public void checkConnect(String host, int port, Object context) {
1096         if (host == null) {
1097             throw new NullPointerException("host can't be null");
1098         }
1099         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1100             host = "[" + host + "]";
1101         }
1102         if (port == -1)
1103             checkPermission(new SocketPermission(host,
1104                 SecurityConstants.SOCKET_RESOLVE_ACTION),
1105                 context);
1106         else
1107             checkPermission(new SocketPermission(host+":"+port,
1108                 SecurityConstants.SOCKET_CONNECT_ACTION),
1109                 context);
1110     }
1111 
1112     /**
1113      * Throws a <code>SecurityException</code> if the
1114      * calling thread is not allowed to wait for a connection request on
1115      * the specified local port number.
1116      * <p>
1117      * This method calls <code>checkPermission</code> with the
1118      * <code>SocketPermission("localhost:"+port,"listen")</code>.
1119      * <p>
1120      * If you override this method, then you should make a call to
1121      * <code>super.checkListen</code>
1122      * at the point the overridden method would normally throw an
1123      * exception.
1124      *
1125      * @param      port   the local port.
1126      * @exception  SecurityException  if the calling thread does not have
1127      *             permission to listen on the specified port.
1128      * @see        #checkPermission(java.security.Permission) checkPermission
1129      */
1130     public void checkListen(int port) {
1131         checkPermission(new SocketPermission("localhost:"+port,
1132             SecurityConstants.SOCKET_LISTEN_ACTION));
1133     }
1134 
1135     /**
1136      * Throws a <code>SecurityException</code> if the
1137      * calling thread is not permitted to accept a socket connection from
1138      * the specified host and port number.
1139      * <p>
1140      * This method is invoked for the current security manager by the
1141      * <code>accept</code> method of class <code>ServerSocket</code>.
1142      * <p>
1143      * This method calls <code>checkPermission</code> with the
1144      * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1145      * <p>
1146      * If you override this method, then you should make a call to
1147      * <code>super.checkAccept</code>
1148      * at the point the overridden method would normally throw an
1149      * exception.
1150      *
1151      * @param      host   the host name of the socket connection.
1152      * @param      port   the port number of the socket connection.
1153      * @exception  SecurityException  if the calling thread does not have
1154      *             permission to accept the connection.
1155      * @exception  NullPointerException if the <code>host</code> argument is
1156      *             <code>null</code>.
1157      * @see        java.net.ServerSocket#accept()
1158      * @see        #checkPermission(java.security.Permission) checkPermission
1159      */
1160     public void checkAccept(String host, int port) {
1161         if (host == null) {
1162             throw new NullPointerException("host can't be null");
1163         }
1164         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1165             host = "[" + host + "]";
1166         }
1167         checkPermission(new SocketPermission(host+":"+port,
1168             SecurityConstants.SOCKET_ACCEPT_ACTION));
1169     }
1170 
1171     /**
1172      * Throws a <code>SecurityException</code> if the
1173      * calling thread is not allowed to use
1174      * (join/leave/send/receive) IP multicast.
1175      * <p>
1176      * This method calls <code>checkPermission</code> with the
1177      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1178      * "accept,connect")</code> permission.
1179      * <p>
1180      * If you override this method, then you should make a call to
1181      * <code>super.checkMulticast</code>
1182      * at the point the overridden method would normally throw an
1183      * exception.
1184      *
1185      * @param      maddr  Internet group address to be used.
1186      * @exception  SecurityException  if the calling thread is not allowed to
1187      *  use (join/leave/send/receive) IP multicast.
1188      * @exception  NullPointerException if the address argument is
1189      *             <code>null</code>.
1190      * @since      JDK1.1
1191      * @see        #checkPermission(java.security.Permission) checkPermission
1192      */
1193     public void checkMulticast(InetAddress maddr) {
1194         String host = maddr.getHostAddress();
1195         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1196             host = "[" + host + "]";
1197         }
1198         checkPermission(new SocketPermission(host,
1199             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1200     }
1201 
1202     /**
1203      * Throws a <code>SecurityException</code> if the
1204      * calling thread is not allowed to use
1205      * (join/leave/send/receive) IP multicast.
1206      * <p>
1207      * This method calls <code>checkPermission</code> with the
1208      * <code>java.net.SocketPermission(maddr.getHostAddress(),
1209      * "accept,connect")</code> permission.
1210      * <p>
1211      * If you override this method, then you should make a call to
1212      * <code>super.checkMulticast</code>
1213      * at the point the overridden method would normally throw an
1214      * exception.
1215      *
1216      * @param      maddr  Internet group address to be used.
1217      * @param      ttl        value in use, if it is multicast send.
1218      * Note: this particular implementation does not use the ttl
1219      * parameter.
1220      * @exception  SecurityException  if the calling thread is not allowed to
1221      *  use (join/leave/send/receive) IP multicast.
1222      * @exception  NullPointerException if the address argument is
1223      *             <code>null</code>.
1224      * @since      JDK1.1
1225      * @deprecated Use #checkPermission(java.security.Permission) instead
1226      * @see        #checkPermission(java.security.Permission) checkPermission
1227      */
1228     @Deprecated
1229     public void checkMulticast(InetAddress maddr, byte ttl) {
1230         String host = maddr.getHostAddress();
1231         if (!host.startsWith("[") && host.indexOf(':') != -1) {
1232             host = "[" + host + "]";
1233         }
1234         checkPermission(new SocketPermission(host,
1235             SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1236     }
1237 
1238     /**
1239      * Throws a <code>SecurityException</code> if the
1240      * calling thread is not allowed to access or modify the system
1241      * properties.
1242      * <p>
1243      * This method is used by the <code>getProperties</code> and
1244      * <code>setProperties</code> methods of class <code>System</code>.
1245      * <p>
1246      * This method calls <code>checkPermission</code> with the
1247      * <code>PropertyPermission("*", "read,write")</code> permission.
1248      * <p>
1249      * If you override this method, then you should make a call to
1250      * <code>super.checkPropertiesAccess</code>
1251      * at the point the overridden method would normally throw an
1252      * exception.
1253      * <p>
1254      *
1255      * @exception  SecurityException  if the calling thread does not have
1256      *             permission to access or modify the system properties.
1257      * @see        java.lang.System#getProperties()
1258      * @see        java.lang.System#setProperties(java.util.Properties)
1259      * @see        #checkPermission(java.security.Permission) checkPermission
1260      */
1261     public void checkPropertiesAccess() {
1262         checkPermission(new PropertyPermission("*",
1263             SecurityConstants.PROPERTY_RW_ACTION));
1264     }
1265 
1266     /**
1267      * Throws a <code>SecurityException</code> if the
1268      * calling thread is not allowed to access the system property with
1269      * the specified <code>key</code> name.
1270      * <p>
1271      * This method is used by the <code>getProperty</code> method of
1272      * class <code>System</code>.
1273      * <p>
1274      * This method calls <code>checkPermission</code> with the
1275      * <code>PropertyPermission(key, "read")</code> permission.
1276      * <p>
1277      * If you override this method, then you should make a call to
1278      * <code>super.checkPropertyAccess</code>
1279      * at the point the overridden method would normally throw an
1280      * exception.
1281      *
1282      * @param      key   a system property key.
1283      *
1284      * @exception  SecurityException  if the calling thread does not have
1285      *             permission to access the specified system property.
1286      * @exception  NullPointerException if the <code>key</code> argument is
1287      *             <code>null</code>.
1288      * @exception  IllegalArgumentException if <code>key</code> is empty.
1289      *
1290      * @see        java.lang.System#getProperty(java.lang.String)
1291      * @see        #checkPermission(java.security.Permission) checkPermission
1292      */
1293     public void checkPropertyAccess(String key) {
1294         checkPermission(new PropertyPermission(key,
1295             SecurityConstants.PROPERTY_READ_ACTION));
1296     }
1297 
1298     /**
1299      * Returns <code>false</code> if the calling
1300      * thread is not trusted to bring up the top-level window indicated
1301      * by the <code>window</code> argument. In this case, the caller can
1302      * still decide to show the window, but the window should include
1303      * some sort of visual warning. If the method returns
1304      * <code>true</code>, then the window can be shown without any
1305      * special restrictions.
1306      * <p>
1307      * See class <code>Window</code> for more information on trusted and
1308      * untrusted windows.
1309      * <p>
1310      * This method calls
1311      * <code>checkPermission</code> with the
1312      * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1313      * and returns <code>true</code> if a SecurityException is not thrown,
1314      * otherwise it returns <code>false</code>.
1315      * In the case of subset Profiles of Java SE that do not include the
1316      * {@code java.awt} package, {@code checkPermission} is instead called
1317      * to check the permission {@code java.security.AllPermission}.
1318      * <p>
1319      * If you override this method, then you should make a call to
1320      * <code>super.checkTopLevelWindow</code>
1321      * at the point the overridden method would normally return
1322      * <code>false</code>, and the value of
1323      * <code>super.checkTopLevelWindow</code> should
1324      * be returned.
1325      *
1326      * @param      window   the new window that is being created.
1327      * @return     <code>true</code> if the calling thread is trusted to put up
1328      *             top-level windows; <code>false</code> otherwise.
1329      * @exception  NullPointerException if the <code>window</code> argument is
1330      *             <code>null</code>.
1331      * @deprecated The dependency on {@code AWTPermission} creates an
1332      *             impediment to future modularization of the Java platform.
1333      *             Users of this method should instead invoke
1334      *             {@link #checkPermission} directly.
1335      *             This method will be changed in a future release to check
1336      *             the permission {@code java.security.AllPermission}.
1337      * @see        java.awt.Window
1338      * @see        #checkPermission(java.security.Permission) checkPermission
1339      */
1340     @Deprecated
1341     public boolean checkTopLevelWindow(Object window) {
1342         if (window == null) {
1343             throw new NullPointerException("window can't be null");
1344         }
1345         Permission perm = SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION;
1346         if (perm == null) {
1347             perm = SecurityConstants.ALL_PERMISSION;
1348         }
1349         try {
1350             checkPermission(perm);
1351             return true;
1352         } catch (SecurityException se) {
1353             // just return false
1354         }
1355         return false;
1356     }
1357 
1358     /**
1359      * Throws a <code>SecurityException</code> if the
1360      * calling thread is not allowed to initiate a print job request.
1361      * <p>
1362      * This method calls
1363      * <code>checkPermission</code> with the
1364      * <code>RuntimePermission("queuePrintJob")</code> permission.
1365      * <p>
1366      * If you override this method, then you should make a call to
1367      * <code>super.checkPrintJobAccess</code>
1368      * at the point the overridden method would normally throw an
1369      * exception.
1370      * <p>
1371      *
1372      * @exception  SecurityException  if the calling thread does not have
1373      *             permission to initiate a print job request.
1374      * @since   JDK1.1
1375      * @see        #checkPermission(java.security.Permission) checkPermission
1376      */
1377     public void checkPrintJobAccess() {
1378         checkPermission(new RuntimePermission("queuePrintJob"));
1379     }
1380 
1381     /**
1382      * Throws a <code>SecurityException</code> if the
1383      * calling thread is not allowed to access the system clipboard.
1384      * <p>
1385      * This method calls <code>checkPermission</code> with the
1386      * <code>AWTPermission("accessClipboard")</code>
1387      * permission.
1388      * In the case of subset Profiles of Java SE that do not include the
1389      * {@code java.awt} package, {@code checkPermission} is instead called
1390      * to check the permission {@code java.security.AllPermission}.
1391      * <p>
1392      * If you override this method, then you should make a call to
1393      * <code>super.checkSystemClipboardAccess</code>
1394      * at the point the overridden method would normally throw an
1395      * exception.
1396      *
1397      * @since   JDK1.1
1398      * @exception  SecurityException  if the calling thread does not have
1399      *             permission to access the system clipboard.
1400      * @deprecated The dependency on {@code AWTPermission} creates an
1401      *             impediment to future modularization of the Java platform.
1402      *             Users of this method should instead invoke
1403      *             {@link #checkPermission} directly.
1404      *             This method will be changed in a future release to check
1405      *             the permission {@code java.security.AllPermission}.
1406      * @see        #checkPermission(java.security.Permission) checkPermission
1407      */
1408     @Deprecated
1409     public void checkSystemClipboardAccess() {
1410         Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
1411         if (perm == null) {
1412             perm = SecurityConstants.ALL_PERMISSION;
1413         }
1414         checkPermission(perm);
1415     }
1416 
1417     /**
1418      * Throws a <code>SecurityException</code> if the
1419      * calling thread is not allowed to access the AWT event queue.
1420      * <p>
1421      * This method calls <code>checkPermission</code> with the
1422      * <code>AWTPermission("accessEventQueue")</code> permission.
1423      * In the case of subset Profiles of Java SE that do not include the
1424      * {@code java.awt} package, {@code checkPermission} is instead called
1425      * to check the permission {@code java.security.AllPermission}.
1426      *
1427      * <p>
1428      * If you override this method, then you should make a call to
1429      * <code>super.checkAwtEventQueueAccess</code>
1430      * at the point the overridden method would normally throw an
1431      * exception.
1432      *
1433      * @since   JDK1.1
1434      * @exception  SecurityException  if the calling thread does not have
1435      *             permission to access the AWT event queue.
1436      * @deprecated The dependency on {@code AWTPermission} creates an
1437      *             impediment to future modularization of the Java platform.
1438      *             Users of this method should instead invoke
1439      *             {@link #checkPermission} directly.
1440      *             This method will be changed in a future release to check
1441      *             the permission {@code java.security.AllPermission}.
1442      * @see        #checkPermission(java.security.Permission) checkPermission
1443      */
1444     @Deprecated
1445     public void checkAwtEventQueueAccess() {
1446         Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
1447         if (perm == null) {
1448             perm = SecurityConstants.ALL_PERMISSION;
1449         }
1450         checkPermission(perm);
1451     }
1452 
1453     /*
1454      * We have an initial invalid bit (initially false) for the class
1455      * variables which tell if the cache is valid.  If the underlying
1456      * java.security.Security property changes via setProperty(), the
1457      * Security class uses reflection to change the variable and thus
1458      * invalidate the cache.
1459      *
1460      * Locking is handled by synchronization to the
1461      * packageAccessLock/packageDefinitionLock objects.  They are only
1462      * used in this class.
1463      *
1464      * Note that cache invalidation as a result of the property change
1465      * happens without using these locks, so there may be a delay between
1466      * when a thread updates the property and when other threads updates
1467      * the cache.
1468      */
1469     private static boolean packageAccessValid = false;
1470     private static String[] packageAccess;
1471     private static final Object packageAccessLock = new Object();
1472 
1473     private static boolean packageDefinitionValid = false;
1474     private static String[] packageDefinition;
1475     private static final Object packageDefinitionLock = new Object();
1476 
1477     private static String[] getPackages(String p) {
1478         String packages[] = null;
1479         if (p != null && !p.equals("")) {
1480             java.util.StringTokenizer tok =
1481                 new java.util.StringTokenizer(p, ",");
1482             int n = tok.countTokens();
1483             if (n > 0) {
1484                 packages = new String[n];
1485                 int i = 0;
1486                 while (tok.hasMoreElements()) {
1487                     String s = tok.nextToken().trim();
1488                     packages[i++] = s;
1489                 }
1490             }
1491         }
1492 
1493         if (packages == null)
1494             packages = new String[0];
1495         return packages;
1496     }
1497 
1498     /**
1499      * Throws a <code>SecurityException</code> if the
1500      * calling thread is not allowed to access the package specified by
1501      * the argument.
1502      * <p>
1503      * This method is used by the <code>loadClass</code> method of class
1504      * loaders.
1505      * <p>
1506      * This method first gets a list of
1507      * restricted packages by obtaining a comma-separated list from
1508      * a call to
1509      * <code>java.security.Security.getProperty("package.access")</code>,
1510      * and checks to see if <code>pkg</code> starts with or equals
1511      * any of the restricted packages. If it does, then
1512      * <code>checkPermission</code> gets called with the
1513      * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1514      * permission.
1515      * <p>
1516      * If this method is overridden, then
1517      * <code>super.checkPackageAccess</code> should be called
1518      * as the first line in the overridden method.
1519      *
1520      * @param      pkg   the package name.
1521      * @exception  SecurityException  if the calling thread does not have
1522      *             permission to access the specified package.
1523      * @exception  NullPointerException if the package name argument is
1524      *             <code>null</code>.
1525      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1526      *  loadClass
1527      * @see        java.security.Security#getProperty getProperty
1528      * @see        #checkPermission(java.security.Permission) checkPermission
1529      */
1530     public void checkPackageAccess(String pkg) {
1531         if (pkg == null) {
1532             throw new NullPointerException("package name can't be null");
1533         }
1534 
1535         String[] pkgs;
1536         synchronized (packageAccessLock) {
1537             /*
1538              * Do we need to update our property array?
1539              */
1540             if (!packageAccessValid) {
1541                 String tmpPropertyStr =
1542                     AccessController.doPrivileged(
1543                         new PrivilegedAction<String>() {
1544                             public String run() {
1545                                 return java.security.Security.getProperty(
1546                                     "package.access");
1547                             }
1548                         }
1549                     );
1550                 packageAccess = getPackages(tmpPropertyStr);
1551                 packageAccessValid = true;
1552             }
1553 
1554             // Using a snapshot of packageAccess -- don't care if static field
1555             // changes afterwards; array contents won't change.
1556             pkgs = packageAccess;
1557         }
1558 
1559         /*
1560          * Traverse the list of packages, check for any matches.
1561          */
1562         for (int i = 0; i < pkgs.length; i++) {
1563             if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1564                 checkPermission(
1565                     new RuntimePermission("accessClassInPackage."+pkg));
1566                 break;  // No need to continue; only need to check this once
1567             }
1568         }
1569     }
1570 
1571     /**
1572      * Throws a <code>SecurityException</code> if the
1573      * calling thread is not allowed to define classes in the package
1574      * specified by the argument.
1575      * <p>
1576      * This method is used by the <code>loadClass</code> method of some
1577      * class loaders.
1578      * <p>
1579      * This method first gets a list of restricted packages by
1580      * obtaining a comma-separated list from a call to
1581      * <code>java.security.Security.getProperty("package.definition")</code>,
1582      * and checks to see if <code>pkg</code> starts with or equals
1583      * any of the restricted packages. If it does, then
1584      * <code>checkPermission</code> gets called with the
1585      * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1586      * permission.
1587      * <p>
1588      * If this method is overridden, then
1589      * <code>super.checkPackageDefinition</code> should be called
1590      * as the first line in the overridden method.
1591      *
1592      * @param      pkg   the package name.
1593      * @exception  SecurityException  if the calling thread does not have
1594      *             permission to define classes in the specified package.
1595      * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1596      * @see        java.security.Security#getProperty getProperty
1597      * @see        #checkPermission(java.security.Permission) checkPermission
1598      */
1599     public void checkPackageDefinition(String pkg) {
1600         if (pkg == null) {
1601             throw new NullPointerException("package name can't be null");
1602         }
1603 
1604         String[] pkgs;
1605         synchronized (packageDefinitionLock) {
1606             /*
1607              * Do we need to update our property array?
1608              */
1609             if (!packageDefinitionValid) {
1610                 String tmpPropertyStr =
1611                     AccessController.doPrivileged(
1612                         new PrivilegedAction<String>() {
1613                             public String run() {
1614                                 return java.security.Security.getProperty(
1615                                     "package.definition");
1616                             }
1617                         }
1618                     );
1619                 packageDefinition = getPackages(tmpPropertyStr);
1620                 packageDefinitionValid = true;
1621             }
1622             // Using a snapshot of packageDefinition -- don't care if static
1623             // field changes afterwards; array contents won't change.
1624             pkgs = packageDefinition;
1625         }
1626 
1627         /*
1628          * Traverse the list of packages, check for any matches.
1629          */
1630         for (int i = 0; i < pkgs.length; i++) {
1631             if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1632                 checkPermission(
1633                     new RuntimePermission("defineClassInPackage."+pkg));
1634                 break; // No need to continue; only need to check this once
1635             }
1636         }
1637     }
1638 
1639     /**
1640      * Throws a <code>SecurityException</code> if the
1641      * calling thread is not allowed to set the socket factory used by
1642      * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1643      * handler factory used by <code>URL</code>.
1644      * <p>
1645      * This method calls <code>checkPermission</code> with the
1646      * <code>RuntimePermission("setFactory")</code> permission.
1647      * <p>
1648      * If you override this method, then you should make a call to
1649      * <code>super.checkSetFactory</code>
1650      * at the point the overridden method would normally throw an
1651      * exception.
1652      * <p>
1653      *
1654      * @exception  SecurityException  if the calling thread does not have
1655      *             permission to specify a socket factory or a stream
1656      *             handler factory.
1657      *
1658      * @see        java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1659      * @see        java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1660      * @see        java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1661      * @see        #checkPermission(java.security.Permission) checkPermission
1662      */
1663     public void checkSetFactory() {
1664         checkPermission(new RuntimePermission("setFactory"));
1665     }
1666 
1667     /**
1668      * Throws a <code>SecurityException</code> if the
1669      * calling thread is not allowed to access members.
1670      * <p>
1671      * The default policy is to allow access to PUBLIC members, as well
1672      * as access to classes that have the same class loader as the caller.
1673      * In all other cases, this method calls <code>checkPermission</code>
1674      * with the <code>RuntimePermission("accessDeclaredMembers")
1675      * </code> permission.
1676      * <p>
1677      * If this method is overridden, then a call to
1678      * <code>super.checkMemberAccess</code> cannot be made,
1679      * as the default implementation of <code>checkMemberAccess</code>
1680      * relies on the code being checked being at a stack depth of
1681      * 4.
1682      *
1683      * @param clazz the class that reflection is to be performed on.
1684      *
1685      * @param which type of access, PUBLIC or DECLARED.
1686      *
1687      * @exception  SecurityException if the caller does not have
1688      *             permission to access members.
1689      * @exception  NullPointerException if the <code>clazz</code> argument is
1690      *             <code>null</code>.
1691      *
1692      * @deprecated This method relies on the caller being at a stack depth
1693      *             of 4 which is error-prone and cannot be enforced by the runtime.
1694      *             Users of this method should instead invoke {@link #checkPermission}
1695      *             directly.  This method will be changed in a future release
1696      *             to check the permission {@code java.security.AllPermission}.
1697      *
1698      * @see java.lang.reflect.Member
1699      * @since JDK1.1
1700      * @see        #checkPermission(java.security.Permission) checkPermission
1701      */
1702     @Deprecated
1703     @CallerSensitive
1704     public void checkMemberAccess(Class<?> clazz, int which) {
1705         if (clazz == null) {
1706             throw new NullPointerException("class can't be null");
1707         }
1708         if (which != Member.PUBLIC) {
1709             Class<?> stack[] = getClassContext();
1710             /*
1711              * stack depth of 4 should be the caller of one of the
1712              * methods in java.lang.Class that invoke checkMember
1713              * access. The stack should look like:
1714              *
1715              * someCaller                        [3]
1716              * java.lang.Class.someReflectionAPI [2]
1717              * java.lang.Class.checkMemberAccess [1]
1718              * SecurityManager.checkMemberAccess [0]
1719              *
1720              */
1721             if ((stack.length<4) ||
1722                 (stack[3].getClassLoader() != clazz.getClassLoader())) {
1723                 checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1724             }
1725         }
1726     }
1727 
1728     /**
1729      * Determines whether the permission with the specified permission target
1730      * name should be granted or denied.
1731      *
1732      * <p> If the requested permission is allowed, this method returns
1733      * quietly. If denied, a SecurityException is raised.
1734      *
1735      * <p> This method creates a <code>SecurityPermission</code> object for
1736      * the given permission target name and calls <code>checkPermission</code>
1737      * with it.
1738      *
1739      * <p> See the documentation for
1740      * <code>{@link java.security.SecurityPermission}</code> for
1741      * a list of possible permission target names.
1742      *
1743      * <p> If you override this method, then you should make a call to
1744      * <code>super.checkSecurityAccess</code>
1745      * at the point the overridden method would normally throw an
1746      * exception.
1747      *
1748      * @param target the target name of the <code>SecurityPermission</code>.
1749      *
1750      * @exception SecurityException if the calling thread does not have
1751      * permission for the requested access.
1752      * @exception NullPointerException if <code>target</code> is null.
1753      * @exception IllegalArgumentException if <code>target</code> is empty.
1754      *
1755      * @since   JDK1.1
1756      * @see        #checkPermission(java.security.Permission) checkPermission
1757      */
1758     public void checkSecurityAccess(String target) {
1759         checkPermission(new SecurityPermission(target));
1760     }
1761 
1762     private native Class<?> currentLoadedClass0();
1763 
1764     /**
1765      * Returns the thread group into which to instantiate any new
1766      * thread being created at the time this is being called.
1767      * By default, it returns the thread group of the current
1768      * thread. This should be overridden by a specific security
1769      * manager to return the appropriate thread group.
1770      *
1771      * @return  ThreadGroup that new threads are instantiated into
1772      * @since   JDK1.1
1773      * @see     java.lang.ThreadGroup
1774      */
1775     public ThreadGroup getThreadGroup() {
1776         return Thread.currentThread().getThreadGroup();
1777     }
1778 
1779 }