Search in sources :

Example 31 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class RegistryImpl method getAccessControlContext.

/**
     * Generates an AccessControlContext with minimal permissions.
     * The approach used here is taken from the similar method
     * getAccessControlContext() in the sun.applet.AppletPanel class.
     */
private static AccessControlContext getAccessControlContext(int port) {
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {

        public PermissionCollection run() {
            CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
            Policy p = java.security.Policy.getPolicy();
            if (p != null) {
                return p.getPermissions(codesource);
            } else {
                return new Permissions();
            }
        }
    });
    /*
         * Anyone can connect to the registry and the registry can connect
         * to and possibly download stubs from anywhere. Downloaded stubs and
         * related classes themselves are more tightly limited by RMI.
         */
    perms.add(new SocketPermission("*", "connect,accept"));
    perms.add(new SocketPermission("localhost:" + port, "listen,accept"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
    perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
    perms.add(new FilePermission("<<ALL FILES>>", "read"));
    /*
         * Create an AccessControlContext that consists of a single
         * protection domain with only the permissions calculated above.
         */
    ProtectionDomain pd = new ProtectionDomain(new CodeSource(null, (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions)

Example 32 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class PathPermissions method init.

private synchronized void init() {
    if (perms != null)
        return;
    perms = new Permissions();
    // this is needed to be able to create the classloader itself!
    perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
    // add permission to read any "java.*" property
    perms.add(new java.util.PropertyPermission("java.*", SecurityConstants.PROPERTY_READ_ACTION));
    AccessController.doPrivileged(new PrivilegedAction<Void>() {

        public Void run() {
            for (int i = 0; i < path.length; i++) {
                File f = path[i];
                String path;
                try {
                    path = f.getCanonicalPath();
                } catch (IOException ioe) {
                    path = f.getAbsolutePath();
                }
                if (i == 0) {
                    codeBase = Launcher.getFileURL(new File(path));
                }
                if (f.isDirectory()) {
                    if (path.endsWith(File.separator)) {
                        perms.add(new FilePermission(path + "-", SecurityConstants.FILE_READ_ACTION));
                    } else {
                        perms.add(new FilePermission(path + File.separator + "-", SecurityConstants.FILE_READ_ACTION));
                    }
                } else {
                    int endIndex = path.lastIndexOf(File.separatorChar);
                    if (endIndex != -1) {
                        path = path.substring(0, endIndex + 1) + "-";
                        perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
                    } else {
                    // XXX?
                    }
                }
            }
            return null;
        }
    });
}
Also used : Permissions(java.security.Permissions) IOException(java.io.IOException) File(java.io.File) FilePermission(java.io.FilePermission)

Example 33 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class SocketPermissionTest method setupSecurityManager.

@BeforeMethod
public void setupSecurityManager() throws Exception {
    // All permissions, a specific ACC will be used to when testing
    // with a reduced permission set.
    Policy.setPolicy(new Policy() {

        final PermissionCollection perms = new Permissions();

        {
            perms.add(new java.security.AllPermission());
        }

        public PermissionCollection getPermissions(ProtectionDomain domain) {
            return perms;
        }

        public PermissionCollection getPermissions(CodeSource codesource) {
            return perms;
        }

        public boolean implies(ProtectionDomain domain, Permission perm) {
            return perms.implies(perm);
        }
    });
    System.setSecurityManager(new SecurityManager());
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permissions(java.security.Permissions) Permission(java.security.Permission) SocketPermission(java.net.SocketPermission) CodeSource(java.security.CodeSource) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 34 with Permissions

use of java.security.Permissions in project jdk8u_jdk by JetBrains.

the class SocketPermissionTest method getAccessControlContext.

private static AccessControlContext getAccessControlContext(Permission... ps) {
    Permissions perms = new Permissions();
    for (Permission p : ps) {
        perms.add(p);
    }
    /*
         *Create an AccessControlContext that consist a single protection domain
         * with only the permissions calculated above
         */
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions) Permission(java.security.Permission) SocketPermission(java.net.SocketPermission)

Example 35 with Permissions

use of java.security.Permissions in project stanbol by apache.

the class UserAwarePolicy method getUserPermissionsFromSystemGraph.

/**
	 * Returns the permissions of the specified user according to the entries in
	 * the sytemGraph.
	 * 
	 * @param user
	 * @return
	 * @throws java.lang.IllegalArgumentException
	 * @throws java.lang.SecurityException
	 */
private PermissionCollection getUserPermissionsFromSystemGraph(final Principal user) throws IllegalArgumentException, SecurityException, UserUnregisteredException {
    final PermissionCollection result = new Permissions();
    AccessController.doPrivileged(new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            logger.debug("Get permissions for user " + user.getName());
            List<String> permissions = getAllPermissionsOfAUserByName(user.getName());
            for (String permissionStr : permissions) {
                logger.debug("Add permission {}", permissionStr);
                Permission perm = permissionMap.get(permissionStr);
                // <code>Permission</code> object is not in the map.
                if (perm == null) {
                    try {
                        perm = PermissionParser.getPermission(permissionStr, getClass().getClassLoader());
                    } catch (IllegalArgumentException e) {
                        logger.error("parsing " + permissionStr, e);
                        continue;
                    } catch (RuntimeException e) {
                        logger.error("instantiating " + permissionStr, e);
                        continue;
                    }
                }
                result.add(perm);
            }
            return null;
        }
    });
    return result;
}
Also used : PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions) Permission(java.security.Permission) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

Permissions (java.security.Permissions)35 ProtectionDomain (java.security.ProtectionDomain)21 PermissionCollection (java.security.PermissionCollection)16 AccessControlContext (java.security.AccessControlContext)13 Permission (java.security.Permission)11 FilePermission (java.io.FilePermission)10 CodeSource (java.security.CodeSource)10 SocketPermission (java.net.SocketPermission)7 Path (java.nio.file.Path)6 Policy (java.security.Policy)6 AllPermission (java.security.AllPermission)5 Certificate (java.security.cert.Certificate)5 URLClassLoader (java.net.URLClassLoader)4 File (java.io.File)3 IOException (java.io.IOException)3 SecurityPermission (java.security.SecurityPermission)2 UnresolvedPermission (java.security.UnresolvedPermission)2 ArrayList (java.util.ArrayList)2 Settings (org.elasticsearch.common.settings.Settings)2 Environment (org.elasticsearch.env.Environment)2