Java Code Examples for java.io.FilePermission

The following examples show how to use java.io.FilePermission. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may want to check out the right sidebar which shows the related API usage.
Example 1
/**
 * Create permission for groovy scripts of the {@link ScriptingOperator}.
 *
 * @return the permissions, never {@code null}
 */
private static PermissionCollection createGroovySourcePermissions() {
	if (ProductConstraintManager.INSTANCE.isInitialized()) {
		if (ProductConstraintManager.INSTANCE.getActiveLicense()
				.getPrecedence() >= StudioLicenseConstants.UNLIMITED_LICENSE_PRECEDENCE
				|| ProductConstraintManager.INSTANCE.isTrialLicense()) {
			return createAllPermissions();
		}
	}

	Permissions permissions = new Permissions();

	// grant some permissions because the script is something the user himself created
	permissions.add(new PropertyPermission("*", "read, write"));
	permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));

	addCommonPermissions(permissions);

	return permissions;
}
 
Example 2
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 3
/**
 *
 */
private PermissionCollection makeImplicitPermissionCollection(FrameworkContext fw, Bundle b) {
  // NYI, perhaps we should optimize this collection.
  final Permissions pc = new Permissions();
  if (dataRoot != null) {
    pc.add(new FilePermission(dataRoot.getPath(), "read,write"));
    pc.add(new FilePermission((new File(dataRoot, "-")).getPath(),
                              "read,write,delete"));
  }
  final StringBuffer sb = new StringBuffer("(id=");
  sb.append(b.getBundleId());
  sb.append(")");
  pc.add(new AdminPermission(sb.toString(),
                             AdminPermission.RESOURCE + "," +
                             AdminPermission.METADATA + "," +
                             AdminPermission.CLASS));
  pc.add(new PropertyPermission("org.osgi.framework.*", "read"));
  pc.add(new CapabilityPermission(ExecutionEnvironmentNamespace.EXECUTION_ENVIRONMENT_NAMESPACE,
                                  CapabilityPermission.REQUIRE));
  return pc;
}
 
Example 4
Source Project: dragonwell8_jdk   Source File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example 5
Source Project: jdk8u-jdk   Source File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example 6
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 7
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example 8
Source Project: Bytecoder   Source File: ProxyClassesDumper.java    License: Apache License 2.0 6 votes vote down vote up
public static ProxyClassesDumper getInstance(String path) {
    if (null == path) {
        return null;
    }
    try {
        path = path.trim();
        final Path dir = Path.of(path.isEmpty() ? "." : path);
        AccessController.doPrivileged(new PrivilegedAction<>() {
                @Override
                public Void run() {
                    validateDumpDir(dir);
                    return null;
                }
            }, null, new FilePermission("<<ALL FILES>>", "read, write"));
        return new ProxyClassesDumper(dir);
    } catch (InvalidPathException ex) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning("Path " + path + " is not valid - dumping disabled", ex);
    } catch (IllegalArgumentException iae) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning(iae.getMessage() + " - dumping disabled");
    }
    return null;
}
 
Example 9
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 10
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example 11
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example 12
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 13
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 14
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 15
Source Project: netbeans   Source File: FileURL.java    License: Apache License 2.0 6 votes vote down vote up
public Permission getPermission() throws IOException {
    // Note this is normally called by URLClassPath with an unconnected
    // URLConnection, so the fo will probably be null anyway.
    if (fo != null) {
        File f = FileUtil.toFile(fo);

        if (f != null) {
            return new FilePermission(f.getAbsolutePath(), "read"); // NOI18N
        }

        try {
            FileSystem fs = fo.getFileSystem();

            if (fs instanceof JarFileSystem) {
                return new FilePermission(((JarFileSystem) fs).getJarFile().getAbsolutePath(), "read"); // NOI18N
            }

            // [PENDING] could do XMLFileSystem too...
        } catch (FileStateInvalidException fsie) {
            // ignore
        }
    }

    // fallback
    return new FilePermission("<<ALL FILES>>", "read"); // NOI18N
}
 
Example 16
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example 17
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 18
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 19
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example 20
Source Project: hottub   Source File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example 21
Source Project: openjdk-8-source   Source File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example 22
Source Project: Tomcat8-Source-Read   Source File: WebappLoader.java    License: MIT License 5 votes vote down vote up
/**
 * Configure associated class loader permissions.
 */
private void setPermissions() {

    if (!Globals.IS_SECURITY_ENABLED)
        return;
    if (context == null)
        return;

    // Tell the class loader the root of the context
    ServletContext servletContext = context.getServletContext();

    // Assigning permissions for the work directory
    File workDir =
        (File) servletContext.getAttribute(ServletContext.TEMPDIR);
    if (workDir != null) {
        try {
            String workDirPath = workDir.getCanonicalPath();
            classLoader.addPermission
                (new FilePermission(workDirPath, "read,write"));
            classLoader.addPermission
                (new FilePermission(workDirPath + File.separator + "-",
                                    "read,write,delete"));
        } catch (IOException e) {
            // Ignore
        }
    }

    for (URL url : context.getResources().getBaseUrls()) {
       classLoader.addPermission(url);
    }
}
 
Example 23
Source Project: jdk1.8-source-analysis   Source File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                                              SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example 24
Source Project: Bytecoder   Source File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example 25
Source Project: Bytecoder   Source File: DataTransferer.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
    if (null == protectionDomain) {
        return false;
    }
    try {
        FilePermission filePermission =
                new FilePermission(file.getCanonicalPath(), "read, delete");
        if (protectionDomain.implies(filePermission)) {
            return false;
        }
    } catch (IOException e) {}

    return true;
}
 
Example 26
Source Project: jdk8u-jdk   Source File: RegistryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
 
Example 27
Source Project: Bytecoder   Source File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkRead() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                SecurityConstants.FILE_READ_ACTION));
    }
}
 
Example 28
Source Project: jdk8u-jdk   Source File: DataTransferer.java    License: GNU General Public License v2.0 5 votes vote down vote up
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
    if (null == protectionDomain) {
        return false;
    }
    try {
        FilePermission filePermission =
                new FilePermission(file.getCanonicalPath(), "read, delete");
        if (protectionDomain.implies(filePermission)) {
            return false;
        }
    } catch (IOException e) {}

    return true;
}
 
Example 29
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null));
    permissions.add(new FilePermission(PREFIX+".lck", "read,write,delete"));
    permissions.add(new FilePermission(PREFIX, "read,write"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example 30
Source Project: dragonwell8_jdk   Source File: RegistryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}