java.io.FilePermission Java Examples

The following examples show how to use java.io.FilePermission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PluginSandboxPolicy.java    From rapidminer-studio with GNU Affero General Public License v3.0 7 votes vote down vote up
/**
 * Create permission for groovy scripts of the {@link ScriptingOperator}.
 *
 * @return the permissions, never {@code null}
 */
private static PermissionCollection createGroovySourcePermissions() {
	if (ProductConstraintManager.INSTANCE.isInitialized()) {
		if (ProductConstraintManager.INSTANCE.getActiveLicense()
				.getPrecedence() >= StudioLicenseConstants.UNLIMITED_LICENSE_PRECEDENCE
				|| ProductConstraintManager.INSTANCE.isTrialLicense()) {
			return createAllPermissions();
		}
	}

	Permissions permissions = new Permissions();

	// grant some permissions because the script is something the user himself created
	permissions.add(new PropertyPermission("*", "read, write"));
	permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));

	addCommonPermissions(permissions);

	return permissions;
}
 
Example #2
Source File: PolicyFile.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #3
Source File: FieldSetAccessibleTest.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #4
Source File: PolicyFile.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #5
Source File: FieldSetAccessibleTest.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #6
Source File: FieldSetAccessibleTest.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #7
Source File: FieldSetAccessibleTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #8
Source File: UnixFileSystemProvider.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #9
Source File: PolicyFile.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #10
Source File: PermissionsWrapper.java    From knopflerfish.org with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
/**
 *
 */
private PermissionCollection makeImplicitPermissionCollection(FrameworkContext fw, Bundle b) {
  // NYI, perhaps we should optimize this collection.
  final Permissions pc = new Permissions();
  if (dataRoot != null) {
    pc.add(new FilePermission(dataRoot.getPath(), "read,write"));
    pc.add(new FilePermission((new File(dataRoot, "-")).getPath(),
                              "read,write,delete"));
  }
  final StringBuffer sb = new StringBuffer("(id=");
  sb.append(b.getBundleId());
  sb.append(")");
  pc.add(new AdminPermission(sb.toString(),
                             AdminPermission.RESOURCE + "," +
                             AdminPermission.METADATA + "," +
                             AdminPermission.CLASS));
  pc.add(new PropertyPermission("org.osgi.framework.*", "read"));
  pc.add(new CapabilityPermission(ExecutionEnvironmentNamespace.EXECUTION_ENVIRONMENT_NAMESPACE,
                                  CapabilityPermission.REQUIRE));
  return pc;
}
 
Example #11
Source File: FileURL.java    From netbeans with Apache License 2.0 6 votes vote down vote up
public Permission getPermission() throws IOException {
    // Note this is normally called by URLClassPath with an unconnected
    // URLConnection, so the fo will probably be null anyway.
    if (fo != null) {
        File f = FileUtil.toFile(fo);

        if (f != null) {
            return new FilePermission(f.getAbsolutePath(), "read"); // NOI18N
        }

        try {
            FileSystem fs = fo.getFileSystem();

            if (fs instanceof JarFileSystem) {
                return new FilePermission(((JarFileSystem) fs).getJarFile().getAbsolutePath(), "read"); // NOI18N
            }

            // [PENDING] could do XMLFileSystem too...
        } catch (FileStateInvalidException fsie) {
            // ignore
        }
    }

    // fallback
    return new FilePermission("<<ALL FILES>>", "read"); // NOI18N
}
 
Example #12
Source File: PolicyFile.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #13
Source File: FieldSetAccessibleTest.java    From native-obfuscator with GNU General Public License v3.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #14
Source File: FileHandlerPath.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #15
Source File: FileHandlerPath.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #16
Source File: UnixFileSystemProvider.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #17
Source File: ProxyClassesDumper.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
public static ProxyClassesDumper getInstance(String path) {
    if (null == path) {
        return null;
    }
    try {
        path = path.trim();
        final Path dir = Path.of(path.isEmpty() ? "." : path);
        AccessController.doPrivileged(new PrivilegedAction<>() {
                @Override
                public Void run() {
                    validateDumpDir(dir);
                    return null;
                }
            }, null, new FilePermission("<<ALL FILES>>", "read, write"));
        return new ProxyClassesDumper(dir);
    } catch (InvalidPathException ex) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning("Path " + path + " is not valid - dumping disabled", ex);
    } catch (IllegalArgumentException iae) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning(iae.getMessage() + " - dumping disabled");
    }
    return null;
}
 
Example #18
Source File: FieldSetAccessibleTest.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #19
Source File: FileHandlerPath.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #20
Source File: UnixFileSystemProvider.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #21
Source File: UnixFileSystemProvider.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #22
Source File: RootLevelInConfigFile.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(String configFile) {
    perms.add(new LoggingPermission("control", null));
    perms.add(new PropertyPermission("java.util.logging.config.class","read"));
    perms.add(new PropertyPermission("java.util.logging.config.file","read"));
    perms.add(new FilePermission(configFile, "read"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.misc"));
}
 
Example #23
Source File: Invalid.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String args[]) throws Exception {

        // Normal
        FilePermission fp = new FilePermission("a", "read");

        // Invalid
        FilePermission fp1 = new FilePermission("a\000", "read");
        FilePermission fp2 = new FilePermission("a\000", "read");
        FilePermission fp3 = new FilePermission("b\000", "read");

        // Invalid equals to itself
        Asserts.assertEQ(fp1, fp1);

        // and not equals to anything else, including other invalid ones
        Asserts.assertNE(fp, fp1);
        Asserts.assertNE(fp1, fp);
        Asserts.assertNE(fp1, fp2);
        Asserts.assertNE(fp1, fp3);

        // Invalid implies itself
        Asserts.assertTrue(fp1.implies(fp1));

        // and not implies or implied by anything else, including other
        // invalid ones
        Asserts.assertFalse(fp.implies(fp1));
        Asserts.assertFalse(fp1.implies(fp));
        Asserts.assertFalse(fp1.implies(fp2));
        Asserts.assertFalse(fp1.implies(fp3));
    }
 
Example #24
Source File: WPrinterJob.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
private final boolean getPrintToFileEnabled() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        FilePermission printToFilePermission =
            new FilePermission("<<ALL FILES>>", "read,write");
        try {
            security.checkPermission(printToFilePermission);
        } catch (SecurityException e) {
            return false;
        }
    }
    return true;
}
 
Example #25
Source File: Desktop.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                                              SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #26
Source File: Desktop.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                                              SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #27
Source File: Desktop.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #28
Source File: RegistryImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
 
Example #29
Source File: Desktop.java    From jdk-1.7-annotated with Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                                              SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #30
Source File: DataTransferer.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
    if (null == protectionDomain) {
        return false;
    }
    try {
        FilePermission filePermission =
                new FilePermission(file.getCanonicalPath(), "read, delete");
        if (protectionDomain.implies(filePermission)) {
            return false;
        }
    } catch (IOException e) {}

    return true;
}