Search in sources :

Example 81 with FilePermission

use of java.io.FilePermission in project jdk8u_jdk by JetBrains.

the class RegistryImpl method getAccessControlContext.

/**
     * Generates an AccessControlContext with minimal permissions.
     * The approach used here is taken from the similar method
     * getAccessControlContext() in the sun.applet.AppletPanel class.
     */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {

        public PermissionCollection run() {
            CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
            Policy p = java.security.Policy.getPolicy();
            if (p != null) {
                return p.getPermissions(codesource);
            } else {
                return new Permissions();
            }
        }
    });
    /*
         * Anyone can connect to the registry and the registry can connect
         * to and possibly download stubs from anywhere. Downloaded stubs and
         * related classes themselves are more tightly limited by RMI.
         */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:" + port, "listen,accept"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
    perms.add(new FilePermission("<<ALL FILES>>", "read"));
    /*
         * Create an AccessControlContext that consists of a single
         * protection domain with only the permissions calculated above.
         */
    ProtectionDomain pd = new ProtectionDomain(new CodeSource(null, (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions)

Example 82 with FilePermission

use of java.io.FilePermission in project jdk8u_jdk by JetBrains.

the class TestPolicy method setMinimalPermissions.

/*
     * Defines the minimal permissions required by testNG when running these
     * tests
     */
private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames", "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));
}
Also used : PropertyPermission(java.util.PropertyPermission) FilePermission(java.io.FilePermission) SecurityPermission(java.security.SecurityPermission)

Example 83 with FilePermission

use of java.io.FilePermission in project jdk8u_jdk by JetBrains.

the class PathPermissions method init.

private synchronized void init() {
    if (perms != null)
        return;
    perms = new Permissions();
    // this is needed to be able to create the classloader itself!
    perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
    // add permission to read any "java.*" property
    perms.add(new java.util.PropertyPermission("java.*", SecurityConstants.PROPERTY_READ_ACTION));
    AccessController.doPrivileged(new PrivilegedAction<Void>() {

        public Void run() {
            for (int i = 0; i < path.length; i++) {
                File f = path[i];
                String path;
                try {
                    path = f.getCanonicalPath();
                } catch (IOException ioe) {
                    path = f.getAbsolutePath();
                }
                if (i == 0) {
                    codeBase = Launcher.getFileURL(new File(path));
                }
                if (f.isDirectory()) {
                    if (path.endsWith(File.separator)) {
                        perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
                    } else {
                        perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
                    }
                } else {
                    int endIndex = path.lastIndexOf(File.separatorChar);
                    if (endIndex != -1) {
                        path = path.substring(0, endIndex + 1) + "-";
                        perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
                    } else {
                    // XXX?
                    }
                }
            }
            return null;
        }
    });
}
Also used : Permissions(java.security.Permissions) IOException(java.io.IOException) File(java.io.File) FilePermission(java.io.FilePermission)

Example 84 with FilePermission

use of java.io.FilePermission in project jdk8u_jdk by JetBrains.

the class FactoryURLClassLoader method getPermissions.

/**
     * Returns the permissions for the given codesource object.
     * The implementation of this method first calls super.getPermissions
     * and then adds permissions based on the URL of the codesource.
     * <p>
     * If the protocol of this URL is "jar", then the permission granted
     * is based on the permission that is required by the URL of the Jar
     * file.
     * <p>
     * If the protocol is "file" and there is an authority component, then
     * permission to connect to and accept connections from that authority
     * may be granted. If the protocol is "file"
     * and the path specifies a file, then permission to read that
     * file is granted. If protocol is "file" and the path is
     * a directory, permission is granted to read all files
     * and (recursively) all files and subdirectories contained in
     * that directory.
     * <p>
     * If the protocol is not "file", then permission
     * to connect to and accept connections from the URL's host is granted.
     * @param codesource the codesource
     * @exception NullPointerException if {@code codesource} is {@code null}.
     * @return the permissions granted to the codesource
     */
protected PermissionCollection getPermissions(CodeSource codesource) {
    PermissionCollection perms = super.getPermissions(codesource);
    URL url = codesource.getLocation();
    Permission p;
    URLConnection urlConnection;
    try {
        urlConnection = url.openConnection();
        p = urlConnection.getPermission();
    } catch (java.io.IOException ioe) {
        p = null;
        urlConnection = null;
    }
    if (p instanceof FilePermission) {
        // if the permission has a separator char on the end,
        // it means the codebase is a directory, and we need
        // to add an additional permission to read recursively
        String path = p.getName();
        if (path.endsWith(File.separator)) {
            path += "-";
            p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
        }
    } else if ((p == null) && (url.getProtocol().equals("file"))) {
        String path = url.getFile().replace('/', File.separatorChar);
        path = ParseUtil.decode(path);
        if (path.endsWith(File.separator))
            path += "-";
        p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
    } else {
        /**
             * Not loading from a 'file:' URL so we want to give the class
             * permission to connect to and accept from the remote host
             * after we've made sure the host is the correct one and is valid.
             */
        URL locUrl = url;
        if (urlConnection instanceof JarURLConnection) {
            locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
        }
        String host = locUrl.getHost();
        if (host != null && (host.length() > 0))
            p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
    }
    if (p != null) {
        final SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            final Permission fp = p;
            AccessController.doPrivileged(new PrivilegedAction<Void>() {

                public Void run() throws SecurityException {
                    sm.checkPermission(fp);
                    return null;
                }
            }, acc);
        }
        perms.add(p);
    }
    return perms;
}
Also used : PermissionCollection(java.security.PermissionCollection) IOException(java.io.IOException) FilePermission(java.io.FilePermission) FilePermission(java.io.FilePermission) Permission(java.security.Permission)

Example 85 with FilePermission

use of java.io.FilePermission in project sling by apache.

the class JspRuntimeContext method initSecurity.

// -------------------------------------------------------- Private Methods
/**
     * Method used to initialize SecurityManager data.
     */
private void initSecurity() {
    // Setup the PermissionCollection for this web app context
    // based on the permissions configured for the root of the
    // web app context directory, then add a file read permission
    // for that directory.
    Policy policy = Policy.getPolicy();
    if (policy != null) {
        try {
            // Get the permissions for the web app context
            String docBase = context.getRealPath("/");
            if (docBase == null) {
                docBase = options.getScratchDir().toString();
            }
            String codeBase = docBase;
            if (!codeBase.endsWith(File.separator)) {
                codeBase = codeBase + File.separator;
            }
            File contextDir = new File(codeBase);
            URL url = contextDir.getCanonicalFile().toURL();
            final CodeSource codeSource = new CodeSource(url, (Certificate[]) null);
            permissionCollection = policy.getPermissions(codeSource);
            // Create a file read permission for web app context directory
            if (!docBase.endsWith(File.separator)) {
                permissionCollection.add(new FilePermission(docBase, "read"));
                docBase = docBase + File.separator;
            } else {
                permissionCollection.add(new FilePermission(docBase.substring(0, docBase.length() - 1), "read"));
            }
            docBase = docBase + "-";
            permissionCollection.add(new FilePermission(docBase, "read"));
            // Create a file read permission for web app tempdir (work)
            // directory
            String workDir = options.getScratchDir().toString();
            if (!workDir.endsWith(File.separator)) {
                permissionCollection.add(new FilePermission(workDir, "read"));
                workDir = workDir + File.separator;
            }
            workDir = workDir + "-";
            permissionCollection.add(new FilePermission(workDir, "read"));
            // Allow the JSP to access org.apache.sling.scripting.jsp.jasper.runtime.HttpJspBase
            permissionCollection.add(new RuntimePermission("accessClassInPackage.org.apache.jasper.runtime"));
        } catch (final Exception e) {
            context.log("Security Init for context failed", e);
        }
    }
}
Also used : Policy(java.security.Policy) CodeSource(java.security.CodeSource) File(java.io.File) FilePermission(java.io.FilePermission) URL(java.net.URL) Certificate(java.security.cert.Certificate)

Aggregations

FilePermission (java.io.FilePermission)143 Deployment (org.jboss.arquillian.container.test.api.Deployment)38 StringAsset (org.jboss.shrinkwrap.api.asset.StringAsset)29 JavaArchive (org.jboss.shrinkwrap.api.spec.JavaArchive)29 PropertyPermission (java.util.PropertyPermission)23 IOException (java.io.IOException)22 RemotingPermission (org.jboss.remoting3.security.RemotingPermission)21 Permission (java.security.Permission)20 File (java.io.File)19 URL (java.net.URL)19 PermissionCollection (java.security.PermissionCollection)19 SocketPermission (java.net.SocketPermission)18 WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)16 ReflectPermission (java.lang.reflect.ReflectPermission)12 Test (org.junit.Test)12 Permissions (java.security.Permissions)11 CodeSource (java.security.CodeSource)9 Path (java.nio.file.Path)8 SecurityPermission (java.security.SecurityPermission)8 Policy (java.security.Policy)7