java.io.FilePermission Java Examples

The following examples show how to use java.io.FilePermission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: rapidminer-studio   Author: rapidminer   File: PluginSandboxPolicy.java    License: GNU Affero General Public License v3.0 7 votes vote down vote up
/**
 * Create permission for groovy scripts of the {@link ScriptingOperator}.
 *
 * @return the permissions, never {@code null}
 */
private static PermissionCollection createGroovySourcePermissions() {
	if (ProductConstraintManager.INSTANCE.isInitialized()) {
		if (ProductConstraintManager.INSTANCE.getActiveLicense()
				.getPrecedence() >= StudioLicenseConstants.UNLIMITED_LICENSE_PRECEDENCE
				|| ProductConstraintManager.INSTANCE.isTrialLicense()) {
			return createAllPermissions();
		}
	}

	Permissions permissions = new Permissions();

	// grant some permissions because the script is something the user himself created
	permissions.add(new PropertyPermission("*", "read, write"));
	permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));

	addCommonPermissions(permissions);

	return permissions;
}
 
Example #2
Source Project: jdk8u-dev-jdk   Author: frohoff   File: FieldSetAccessibleTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #3
Source Project: knopflerfish.org   Author: knopflerfish   File: PermissionsWrapper.java    License: BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
/**
 *
 */
private PermissionCollection makeImplicitPermissionCollection(FrameworkContext fw, Bundle b) {
  // NYI, perhaps we should optimize this collection.
  final Permissions pc = new Permissions();
  if (dataRoot != null) {
    pc.add(new FilePermission(dataRoot.getPath(), "read,write"));
    pc.add(new FilePermission((new File(dataRoot, "-")).getPath(),
                              "read,write,delete"));
  }
  final StringBuffer sb = new StringBuffer("(id=");
  sb.append(b.getBundleId());
  sb.append(")");
  pc.add(new AdminPermission(sb.toString(),
                             AdminPermission.RESOURCE + "," +
                             AdminPermission.METADATA + "," +
                             AdminPermission.CLASS));
  pc.add(new PropertyPermission("org.osgi.framework.*", "read"));
  pc.add(new CapabilityPermission(ExecutionEnvironmentNamespace.EXECUTION_ENVIRONMENT_NAMESPACE,
                                  CapabilityPermission.REQUIRE));
  return pc;
}
 
Example #4
Source Project: dragonwell8_jdk   Author: alibaba   File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #5
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #6
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: FileHandlerPath.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #7
Source Project: dragonwell8_jdk   Author: alibaba   File: UnixFileSystemProvider.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #8
Source Project: Bytecoder   Author: mirkosertic   File: ProxyClassesDumper.java    License: Apache License 2.0 6 votes vote down vote up
public static ProxyClassesDumper getInstance(String path) {
    if (null == path) {
        return null;
    }
    try {
        path = path.trim();
        final Path dir = Path.of(path.isEmpty() ? "." : path);
        AccessController.doPrivileged(new PrivilegedAction<>() {
                @Override
                public Void run() {
                    validateDumpDir(dir);
                    return null;
                }
            }, null, new FilePermission("<<ALL FILES>>", "read, write"));
        return new ProxyClassesDumper(dir);
    } catch (InvalidPathException ex) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning("Path " + path + " is not valid - dumping disabled", ex);
    } catch (IllegalArgumentException iae) {
        PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
                      .warning(iae.getMessage() + " - dumping disabled");
    }
    return null;
}
 
Example #9
Source Project: dragonwell8_jdk   Author: alibaba   File: FileHandlerPath.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #10
Source Project: jdk8u_jdk   Author: JetBrains   File: UnixFileSystemProvider.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #11
Source Project: TencentKona-8   Author: Tencent   File: UnixFileSystemProvider.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #12
Source Project: TencentKona-8   Author: Tencent   File: FieldSetAccessibleTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #13
Source Project: TencentKona-8   Author: Tencent   File: FileHandlerPath.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
    permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
    permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
    permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #14
Source Project: native-obfuscator   Author: radioegor146   File: FieldSetAccessibleTest.java    License: GNU General Public License v3.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #15
Source Project: netbeans   Author: apache   File: FileURL.java    License: Apache License 2.0 6 votes vote down vote up
public Permission getPermission() throws IOException {
    // Note this is normally called by URLClassPath with an unconnected
    // URLConnection, so the fo will probably be null anyway.
    if (fo != null) {
        File f = FileUtil.toFile(fo);

        if (f != null) {
            return new FilePermission(f.getAbsolutePath(), "read"); // NOI18N
        }

        try {
            FileSystem fs = fo.getFileSystem();

            if (fs instanceof JarFileSystem) {
                return new FilePermission(((JarFileSystem) fs).getJarFile().getAbsolutePath(), "read"); // NOI18N
            }

            // [PENDING] could do XMLFileSystem too...
        } catch (FileStateInvalidException fsie) {
            // ignore
        }
    }

    // fallback
    return new FilePermission("<<ALL FILES>>", "read"); // NOI18N
}
 
Example #16
Source Project: openjdk-8   Author: bpupadhyaya   File: UnixFileSystemProvider.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
    UnixPath link = UnixPath.toUnixPath(obj1);
    // permission check
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
            SecurityConstants.FILE_READLINK_ACTION);
        sm.checkPermission(perm);
    }
    try {
        byte[] target = readlink(link);
        return new UnixPath(link.getFileSystem(), target);
    } catch (UnixException x) {
       if (x.errno() == UnixConstants.EINVAL)
            throw new NotLinkException(link.getPathForExceptionMessage());
        x.rethrowAsIOException(link);
        return null;    // keep compiler happy
    }
}
 
Example #17
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: FieldSetAccessibleTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #18
Source Project: hottub   Author: dsrg-uoft   File: FieldSetAccessibleTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #19
Source Project: jdk8u60   Author: chenghanpeng   File: FieldSetAccessibleTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
    this.allowAll = allowAll;

    // Permission needed by the tested code exercised in the test
    permissions = new Permissions();
    permissions.add(new RuntimePermission("fileSystemProvider"));
    permissions.add(new RuntimePermission("createClassLoader"));
    permissions.add(new RuntimePermission("closeClassLoader"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("accessDeclaredMembers"));
    permissions.add(new ReflectPermission("suppressAccessChecks"));
    permissions.add(new PropertyPermission("*", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());
}
 
Example #20
Source Project: hottub   Author: dsrg-uoft   File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #21
Source Project: openjdk-8-source   Author: keerath   File: PolicyFile.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates one of the well-known permissions directly instead of
 * via reflection. Keep list short to not penalize non-JDK-defined
 * permissions.
 */
private static final Permission getKnownInstance(Class<?> claz,
    String name, String actions) {
    if (claz.equals(FilePermission.class)) {
        return new FilePermission(name, actions);
    } else if (claz.equals(SocketPermission.class)) {
        return new SocketPermission(name, actions);
    } else if (claz.equals(RuntimePermission.class)) {
        return new RuntimePermission(name, actions);
    } else if (claz.equals(PropertyPermission.class)) {
        return new PropertyPermission(name, actions);
    } else if (claz.equals(NetPermission.class)) {
        return new NetPermission(name, actions);
    } else if (claz.equals(AllPermission.class)) {
        return SecurityConstants.ALL_PERMISSION;
    } else {
        return null;
    }
}
 
Example #22
Source Project: Tomcat8-Source-Read   Author: chenmudu   File: WebappLoader.java    License: MIT License 5 votes vote down vote up
/**
 * Configure associated class loader permissions.
 */
private void setPermissions() {

    if (!Globals.IS_SECURITY_ENABLED)
        return;
    if (context == null)
        return;

    // Tell the class loader the root of the context
    ServletContext servletContext = context.getServletContext();

    // Assigning permissions for the work directory
    File workDir =
        (File) servletContext.getAttribute(ServletContext.TEMPDIR);
    if (workDir != null) {
        try {
            String workDirPath = workDir.getCanonicalPath();
            classLoader.addPermission
                (new FilePermission(workDirPath, "read,write"));
            classLoader.addPermission
                (new FilePermission(workDirPath + File.separator + "-",
                                    "read,write,delete"));
        } catch (IOException e) {
            // Ignore
        }
    }

    for (URL url : context.getResources().getBaseUrls()) {
       classLoader.addPermission(url);
    }
}
 
Example #23
Source Project: jdk1.8-source-analysis   Author: raysonfang   File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                                              SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #24
Source Project: Bytecoder   Author: mirkosertic   File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkExec() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                SecurityConstants.FILE_EXECUTE_ACTION));
    }
}
 
Example #25
Source Project: Bytecoder   Author: mirkosertic   File: DataTransferer.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
    if (null == protectionDomain) {
        return false;
    }
    try {
        FilePermission filePermission =
                new FilePermission(file.getCanonicalPath(), "read, delete");
        if (protectionDomain.implies(filePermission)) {
            return false;
        }
    } catch (IOException e) {}

    return true;
}
 
Example #26
Source Project: jdk8u-jdk   Author: frohoff   File: RegistryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
 
Example #27
Source Project: Bytecoder   Author: mirkosertic   File: Desktop.java    License: Apache License 2.0 5 votes vote down vote up
private void checkRead() throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new FilePermission("<<ALL FILES>>",
                SecurityConstants.FILE_READ_ACTION));
    }
}
 
Example #28
Source Project: jdk8u-jdk   Author: frohoff   File: DataTransferer.java    License: GNU General Public License v2.0 5 votes vote down vote up
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
    if (null == protectionDomain) {
        return false;
    }
    try {
        FilePermission filePermission =
                new FilePermission(file.getCanonicalPath(), "read, delete");
        if (protectionDomain.implies(filePermission)) {
            return false;
        }
    } catch (IOException e) {}

    return true;
}
 
Example #29
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: ParentLoggerWithHandlerGC.java    License: GNU General Public License v2.0 5 votes vote down vote up
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
    this.allowAll = allowAll;
    permissions = new Permissions();
    permissions.add(new LoggingPermission("control", null));
    permissions.add(new FilePermission(PREFIX+".lck", "read,write,delete"));
    permissions.add(new FilePermission(PREFIX, "read,write"));

    // these are used for configuring the test itself...
    allPermissions = new Permissions();
    allPermissions.add(new java.security.AllPermission());

}
 
Example #30
Source Project: dragonwell8_jdk   Author: alibaba   File: RegistryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Generates an AccessControlContext with minimal permissions.
 * The approach used here is taken from the similar method
 * getAccessControlContext() in the sun.applet.AppletPanel class.
 */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(
        new java.security.PrivilegedAction<PermissionCollection>() {
            public PermissionCollection run() {
                CodeSource codesource = new CodeSource(null,
                    (java.security.cert.Certificate[]) null);
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                    return p.getPermissions(codesource);
                } else {
                    return new Permissions();
                }
            }
        });

    /*
     * Anyone can connect to the registry and the registry can connect
     * to and possibly download stubs from anywhere. Downloaded stubs and
     * related classes themselves are more tightly limited by RMI.
     */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:"+port, "listen,accept"));

    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));

    perms.add(new FilePermission("<<ALL FILES>>", "read"));

    /*
     * Create an AccessControlContext that consists of a single
     * protection domain with only the permissions calculated above.
     */
    ProtectionDomain pd = new ProtectionDomain(
        new CodeSource(null,
            (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}