osl.foundry
Class FoundrySecurityManager

java.lang.Object
  |
  +--java.lang.SecurityManager
        |
        +--osl.foundry.FoundrySecurityManager
public final class FoundrySecurityManager
extends java.lang.SecurityManager

This class implements the security behavior of the main foundry node. The basic policy is that only the direct actions of an Actor thread are limited. We can't just limit Actor threads in general because the same thread is often used while making up-calls through the various libraries.

The security check for a thread works by looking at the class context for the call to a particular security function. The context is scanned from front to back. If an instance of Actor is encountered before any instance of one of the classes listed below, then a security exception is raised. Similarly, if no instance of one of the "privileged" classes is encountered in the context, then an exception is raised. Otherwise, no exception is thrown and the activity is allowed to continue.

A class is "privileged" if it is an instance of one of the following classes:

All other classes are considered "unprivileged".

Version:
$Revision: 1.4 $ ($Date: 1998/08/12 04:26:51 $)

Field Summary
protected static java.lang.Class actorClass
          This field caches the Class object for Actor.
protected static java.lang.String[] legalClasses
          This field holds the complete class names of all the "legal" classes.
protected static java.lang.Class[] legalTable
           
protected static java.lang.Class ourClass
          This field caches the Class object for FoundrySecurityManager.
 
Fields inherited from class java.lang.SecurityManager
inCheck
 
Constructor Summary
FoundrySecurityManager()
           
 
Method Summary
 void addPrivilegedClass(java.lang.Class toAdd)
          Add a new class to the set of privileged classes.
 void checkAccept(java.lang.String host, int port)
          Check if the caller is allowed to accept a socket connection.
 void checkAccess(java.lang.Thread g)
          Check if the calling thread can modify the thread g.
 void checkAccess(java.lang.ThreadGroup g)
          Check if the calling thread can modify the thread group g.
 void checkAwtEventQueueAccess()
          Check if the caller can get access to the AWT event queue.
 void checkConnect(java.lang.String host, int port)
          Check if the caller is allowed to open a socket connection.
 void checkConnect(java.lang.String host, int port, java.lang.Object context)
          Check if the caller is allowed to open a socket connection.
 void checkCreateClassLoader()
          Check if the calling thread is allowed to create a class loader.
 void checkDelete(java.lang.String file)
          Check if the caller is allowed to delete a file.
 void checkExec(java.lang.String cmd)
          Check if the caller is allowed to create a subprocess.
 void checkExit(int status)
          Check if the caller is allowed to halt the JVM.
 void checkLink(java.lang.String lib)
          Check if the caller is allowed to load a dynamic library.
 void checkListen(int port)
          Check if the caller is allowed to way for a connection on a port.
 void checkMemberAccess(java.lang.Class clazz, int which)
          Tests if a client is allowed to access members.
 void checkMulticast(java.net.InetAddress maddr)
          Check if the caller is allowed to perform an IP multicast.
 void checkMulticast(java.net.InetAddress maddr, byte ttl)
          Check if the caller is allowed to perform an IP multicast.
 void checkPackageAccess(java.lang.String pkg)
          Check if caller is allowed to access a package.
 void checkPackageDefinition(java.lang.String pkg)
          Check if the caller is allowed to define a class in a package.
 void checkPrintJobAccess()
          Check if the caller is allowed to initiate a print job request.
 void checkPropertiesAccess()
          Check if the caller is allowed to access or modify system properties.
 void checkPropertyAccess(java.lang.String key)
          Check if the caller is allowed to access or modify a system property.
 void checkRead(java.io.FileDescriptor fd)
          Check if the caller is alowed to read from a file.
 void checkRead(java.lang.String file)
          Check if the caller is allowed to read a file.
 void checkRead(java.lang.String file, java.lang.Object context)
          Check if the caller is allowed to read a file given a security context.
 void checkSecurityAccess(java.lang.String action)
          Don't know what exactly this is used for but according to java.lang.SecurityManager: "Tests access to certain operations for a security API action".
 void checkSetFactory()
          Check if the caller is allowed to set a socket factory.
 void checkSystemClipboardAccess()
          Check if the caller can access the system clipboard.
 boolean checkTopLevelWindow(java.lang.Object window)
          Check if the caller is allowed to create a top-level window.
 void checkWrite(java.io.FileDescriptor fd)
          Check if the caller is allowed to write to a file.
 void checkWrite(java.lang.String file)
          Check if the caller is allowed to write to a file.
protected  boolean verifyThread()
          This method returns true if the current thread (according to the class context) should be allowed access, and false otherwise.
 
Methods inherited from class java.lang.SecurityManager
checkPermission, checkPermission, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

actorClass

protected static java.lang.Class actorClass
This field caches the Class object for Actor.

ourClass

protected static java.lang.Class ourClass
This field caches the Class object for FoundrySecurityManager.

legalClasses

protected static java.lang.String[] legalClasses
This field holds the complete class names of all the "legal" classes. That is, classes for which we should allow access.

legalTable

protected static java.lang.Class[] legalTable
Constructor Detail

FoundrySecurityManager

public FoundrySecurityManager()
Method Detail

verifyThread

protected boolean verifyThread()
This method returns true if the current thread (according to the class context) should be allowed access, and false otherwise.

checkCreateClassLoader

public void checkCreateClassLoader()
Check if the calling thread is allowed to create a class loader.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to create a new class loader.
Overrides:
checkCreateClassLoader in class java.lang.SecurityManager

checkAccess

public void checkAccess(java.lang.Thread g)
Check if the calling thread can modify the thread g.
Parameters:
g - The thread to be checked.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to modify the thread.
Overrides:
checkAccess in class java.lang.SecurityManager
See Also:
java.lang.System#getSecurityManager(), Thread.resume(), Thread.setDaemon(boolean), Thread.setName(java.lang.String), Thread.setPriority(int), Thread.stop(), Thread.suspend()

checkAccess

public void checkAccess(java.lang.ThreadGroup g)
Check if the calling thread can modify the thread group g.
Parameters:
g - The thread group to be checked.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to modify the thread group.
Overrides:
checkAccess in class java.lang.SecurityManager
See Also:
java.lang.System#getSecurityManager(), ThreadGroup.destroy(), ThreadGroup.resume(), ThreadGroup.setDaemon(boolean), ThreadGroup.setMaxPriority(int), ThreadGroup.stop(), ThreadGroup.suspend()

checkExit

public void checkExit(int status)
Check if the caller is allowed to halt the JVM.
Parameters:
status - The exit status.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to halt the Java Virtual Machine with the specified status.
Overrides:
checkExit in class java.lang.SecurityManager
See Also:
java.lang.Runtime#exit(int), java.lang.System#getSecurityManager()

checkExec

public void checkExec(java.lang.String cmd)
Check if the caller is allowed to create a subprocess.
Parameters:
cmd - The system command to execute.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to create a subprocess.
Overrides:
checkExec in class java.lang.SecurityManager
See Also:
java.lang.Runtime#exec(java.lang.String), java.lang.Runtime#exec(java.lang.String, java.lang.String[]), java.lang.Runtime#exec(java.lang.String[]), java.lang.Runtime#exec(java.lang.String[], java.lang.String[]), java.lang.System#getSecurityManager()

checkLink

public void checkLink(java.lang.String lib)
Check if the caller is allowed to load a dynamic library.
Parameters:
lib - The name of the library to load.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to dynamically link the library.
Overrides:
checkLink in class java.lang.SecurityManager
See Also:
java.lang.Runtime#load(java.lang.String), java.lang.Runtime#loadLibrary(java.lang.String), java.lang.System#getSecurityManager()

checkRead

public void checkRead(java.io.FileDescriptor fd)
Check if the caller is alowed to read from a file.
Parameters:
fd - The file descriptor.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified file descriptor.
Overrides:
checkRead in class java.lang.SecurityManager
See Also:
FileDescriptor

checkRead

public void checkRead(java.lang.String file)
Check if the caller is allowed to read a file.
Parameters:
file - The file name.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified file.
Overrides:
checkRead in class java.lang.SecurityManager

checkRead

public void checkRead(java.lang.String file,
                      java.lang.Object context)
Check if the caller is allowed to read a file given a security context.
Parameters:
file - The file name.
context - A security context.
Throws:
java.lang.SecurityException - Thrown if the specified security context does not have permission to read the specified file.
Overrides:
checkRead in class java.lang.SecurityManager
See Also:
SecurityManager.getSecurityContext()

checkWrite

public void checkWrite(java.io.FileDescriptor fd)
Check if the caller is allowed to write to a file.
Parameters:
fd - A file descriptor.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified file descriptor.
Overrides:
checkWrite in class java.lang.SecurityManager
See Also:
FileDescriptor

checkWrite

public void checkWrite(java.lang.String file)
Check if the caller is allowed to write to a file.
Parameters:
file - The filename.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified file.
Overrides:
checkWrite in class java.lang.SecurityManager

checkDelete

public void checkDelete(java.lang.String file)
Check if the caller is allowed to delete a file.
Parameters:
file - The filename.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to delete the file.
Overrides:
checkDelete in class java.lang.SecurityManager
See Also:
File.delete(), java.lang.System#getSecurityManager()

checkConnect

public void checkConnect(java.lang.String host,
                         int port)
Check if the caller is allowed to open a socket connection.
Parameters:
host - The host name port to connect to.
port - The protocol port to connect to.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to open a socket connection to the specified host and port.
Overrides:
checkConnect in class java.lang.SecurityManager

checkConnect

public void checkConnect(java.lang.String host,
                         int port,
                         java.lang.Object context)
Check if the caller is allowed to open a socket connection.
Parameters:
host - The host name port to connect to.
port - The protocol port to connect to.
context - A security context.
Throws:
java.lang.SecurityException - Thrown if the specified security context does not have permission to open a socket connection to the specified host and port.
Overrides:
checkConnect in class java.lang.SecurityManager
See Also:
SecurityManager.getSecurityContext()

checkListen

public void checkListen(int port)
Check if the caller is allowed to way for a connection on a port.
Parameters:
port - The port number.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to listen on the specified port.
Overrides:
checkListen in class java.lang.SecurityManager

checkAccept

public void checkAccept(java.lang.String host,
                        int port)
Check if the caller is allowed to accept a socket connection.
Parameters:
host - The host name of the socket connection.
port - The port number of the socket connection.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to accept the connection.
Overrides:
checkAccept in class java.lang.SecurityManager
See Also:
java.lang.System#getSecurityManager(), java.net.ServerSocket#accept()

checkMulticast

public void checkMulticast(java.net.InetAddress maddr)
Check if the caller is allowed to perform an IP multicast.
Parameters:
multicast - Internet address to be used.
Throws:
java.lang.SecurityException - Thrown if a security error has occurred.
Overrides:
checkMulticast in class java.lang.SecurityManager

checkMulticast

public void checkMulticast(java.net.InetAddress maddr,
                           byte ttl)
Check if the caller is allowed to perform an IP multicast.
Parameters:
multicast - Internet address to be used.
ttl - Value in use, if it is multicast send.
Throws:
java.lang.SecurityException - if a security error has occurred.
Overrides:
checkMulticast in class java.lang.SecurityManager

checkPropertiesAccess

public void checkPropertiesAccess()
Check if the caller is allowed to access or modify system properties.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access or modify the system properties.
Overrides:
checkPropertiesAccess in class java.lang.SecurityManager
See Also:
java.lang.System#getProperties(), java.lang.System#setProperties(java.util.Properties)

checkPropertyAccess

public void checkPropertyAccess(java.lang.String key)
Check if the caller is allowed to access or modify a system property.
Parameters:
key - A system property key.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified system property.
Overrides:
checkPropertyAccess in class java.lang.SecurityManager
See Also:
java.lang.System#getProperty(java.lang.String)

checkTopLevelWindow

public boolean checkTopLevelWindow(java.lang.Object window)
Check if the caller is allowed to create a top-level window.
Parameters:
window - The new window to be created.
Returns:
true if the caller is trusted to put up top-level windows; false otherwise.
Throws:
java.lang.SecurityException - Thrown if creation is disallowed entirely.
Overrides:
checkTopLevelWindow in class java.lang.SecurityManager
See Also:
java.awt.Window

checkPrintJobAccess

public void checkPrintJobAccess()
Check if the caller is allowed to initiate a print job request.
Overrides:
checkPrintJobAccess in class java.lang.SecurityManager

checkSystemClipboardAccess

public void checkSystemClipboardAccess()
Check if the caller can access the system clipboard.
Overrides:
checkSystemClipboardAccess in class java.lang.SecurityManager

checkAwtEventQueueAccess

public void checkAwtEventQueueAccess()
Check if the caller can get access to the AWT event queue.
Overrides:
checkAwtEventQueueAccess in class java.lang.SecurityManager

checkPackageAccess

public void checkPackageAccess(java.lang.String pkg)
Check if caller is allowed to access a package.
Parameters:
pkg - The package name.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to access the specified package.
Overrides:
checkPackageAccess in class java.lang.SecurityManager
See Also:
ClassLoader.loadClass(java.lang.String, boolean)

checkPackageDefinition

public void checkPackageDefinition(java.lang.String pkg)
Check if the caller is allowed to define a class in a package.
Parameters:
pkg - The package name.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to define classes in the specified package.
Overrides:
checkPackageDefinition in class java.lang.SecurityManager
See Also:
ClassLoader.loadClass(java.lang.String, boolean)

checkSetFactory

public void checkSetFactory()
Check if the caller is allowed to set a socket factory.
Throws:
java.lang.SecurityException - Thrown if the caller does not have permission to specify a socket factory or a stream handler factory.
Overrides:
checkSetFactory in class java.lang.SecurityManager
See Also:
java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory), Socket.setSocketImplFactory(java.net.SocketImplFactory), URL.setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory)

checkMemberAccess

public void checkMemberAccess(java.lang.Class clazz,
                              int which)
Tests if a client is allowed to access members. If access is denied, throw a SecurityException. Contrary to the default implementation in java.lang.SecurityManager, we allow the access if the caller is a privileged class.
Overrides:
checkMemberAccess in class java.lang.SecurityManager

checkSecurityAccess

public void checkSecurityAccess(java.lang.String action)
Don't know what exactly this is used for but according to java.lang.SecurityManager: "Tests access to certain operations for a security API action".
Overrides:
checkSecurityAccess in class java.lang.SecurityManager

addPrivilegedClass

public void addPrivilegedClass(java.lang.Class toAdd)
Add a new class to the set of privileged classes. Only a currently privileged class may add another privileged class. A SecurityException is thrown if a non-privileged class attempts to call this method.