2362N/A * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class is for property permissions. 0N/A * The name is the name of the property ("java.home", 0N/A * "os.name", etc). The naming 0N/A * convention follows the hierarchical property naming convention. 0N/A * may appear at the end of the name, following a ".", or by itself, to 0N/A * signify a wildcard match. For example: "java.*" or "*" is valid, 0N/A * "*java" or "a*b" is not valid. 0N/A * The actions to be granted are passed to the constructor in a string containing 0N/A * a list of one or more comma-separated keywords. The possible keywords are 0N/A * "read" and "write". Their meaning is defined as follows: 0N/A * <DD> read permission. Allows <code>System.getProperty</code> to 0N/A * <DD> write permission. Allows <code>System.setProperty</code> to 0N/A * The actions string is converted to lowercase before processing. 0N/A * Care should be taken before granting code permission to access 0N/A * certain system properties. For example, granting permission to 0N/A * access the "java.home" system property gives potentially malevolent 0N/A * code sensitive information about the system environment (the Java 0N/A * installation directory). Also, granting permission to access 0N/A * the "user.name" and "user.home" system properties gives potentially 0N/A * malevolent code sensitive information about the user environment 0N/A * (the user's account name and home directory). 0N/A * @see java.security.BasicPermission 0N/A * @see java.security.Permission 0N/A * @see java.security.Permissions 0N/A * @see java.security.PermissionCollection 0N/A * @see java.lang.SecurityManager 0N/A * @author Roland Schemers 0N/A private final static int READ =
0x1;
0N/A * All actions (read,write); 0N/A private final static int NONE =
0x0;
0N/A * The actions string. 0N/A // created and re-used in the getAction function. 0N/A * initialize a PropertyPermission object. Common to all constructors. 0N/A * Also called during de-serialization. 0N/A * @param mask the actions mask to use. 0N/A * Creates a new PropertyPermission object with the specified name. 0N/A * The name is the name of the system property, and 0N/A * <i>actions</i> contains a comma-separated list of the 0N/A * desired actions granted on the property. Possible actions are 0N/A * "read" and "write". 0N/A * @param name the name of the PropertyPermission. 0N/A * @param actions the actions string. 0N/A * @throws NullPointerException if <code>name</code> is <code>null</code>. 0N/A * @throws IllegalArgumentException if <code>name</code> is empty or if 0N/A * <code>actions</code> is invalid. 0N/A * Checks if this PropertyPermission object "implies" the specified 0N/A * More specifically, this method returns true if:<p> 0N/A * <li> <i>p</i> is an instanceof PropertyPermission,<p> 0N/A * <li> <i>p</i>'s actions are a subset of this 0N/A * object's actions, and <p> 0N/A * <li> <i>p</i>'s name is implied by this object's 0N/A * name. For example, "java.*" implies "java.home". 0N/A * @param p the permission to check against. 0N/A * @return true if the specified permission is implied by this object, 0N/A // we get the effective mask. i.e., the "and" of this and that. 0N/A // They must be equal to that.mask for implies to return true. 0N/A * Checks two PropertyPermission objects for equality. Checks that <i>obj</i> is 0N/A * a PropertyPermission, and has the same name and actions as this object. 0N/A * @param obj the object we are testing for equality with this object. 0N/A * @return true if obj is a PropertyPermission, and has the same name and 0N/A * actions as this PropertyPermission object. 0N/A * Returns the hash code value for this object. 0N/A * The hash code used is the hash code of this permissions name, that is, 0N/A * <code>getName().hashCode()</code>, where <code>getName</code> is 0N/A * from the Permission superclass. 0N/A * @return a hash code value for this object. 0N/A * Converts an actions String to an actions mask. 0N/A * @param action the action string. 0N/A * @return the actions mask. 0N/A // Check against use of constants (used heavily within the JDK) 0N/A while ((i!=-
1) && ((c = a[i]) ==
' ' ||
0N/A // check for the known strings 0N/A if (i >=
3 && (a[i-
3] ==
'r' || a[i-
3] ==
'R') &&
0N/A (a[i-
2] ==
'e' || a[i-
2] ==
'E') &&
0N/A (a[i-
1] ==
'a' || a[i-
1] ==
'A') &&
0N/A (a[i] ==
'd' || a[i] ==
'D'))
0N/A }
else if (i >=
4 && (a[i-
4] ==
'w' || a[i-
4] ==
'W') &&
0N/A (a[i-
3] ==
'r' || a[i-
3] ==
'R') &&
0N/A (a[i-
2] ==
'i' || a[i-
2] ==
'I') &&
0N/A (a[i-
1] ==
't' || a[i-
1] ==
'T') &&
0N/A (a[i] ==
'e' || a[i] ==
'E'))
0N/A // make sure we didn't just match the tail of a word 0N/A // like "ackbarfaccept". Also, skip to the comma. 0N/A case ' ':
case '\r':
case '\n':
0N/A case '\f':
case '\t':
0N/A // point i at the location of the comma minus one (or -1). 0N/A * Return the canonical string representation of the actions. 0N/A * Always returns present actions in the following order: 0N/A * @return the canonical string representation of the actions. 0N/A * Returns the "canonical string representation" of the actions. 0N/A * That is, this method always returns present actions in the following order: 0N/A * read, write. For example, if this PropertyPermission object 0N/A * allows both write and read actions, a call to <code>getActions</code> 0N/A * will return the string "read,write". 0N/A * @return the canonical string representation of the actions. 0N/A * Return the current action mask. 0N/A * Used by the PropertyPermissionCollection 0N/A * @return the actions mask. 0N/A * Returns a new PermissionCollection object for storing 0N/A * PropertyPermission objects. 0N/A * @return a new PermissionCollection object suitable for storing 0N/A * PropertyPermissions. 0N/A * WriteObject is called to save the state of the PropertyPermission 0N/A * to a stream. The actions are serialized, and the superclass 0N/A * takes care of the name. 0N/A // Write out the actions. The superclass takes care of the name 0N/A // call getActions to make sure actions field is initialized 0N/A * readObject is called to restore the state of the PropertyPermission from 0N/A // Read in the action, then initialize the rest 0N/A * A PropertyPermissionCollection stores a set of PropertyPermission 0N/A * @see java.security.Permission 0N/A * @see java.security.Permissions 0N/A * @see java.security.PermissionCollection 0N/A * @author Roland Schemers 0N/A * Key is property name; value is PropertyPermission. 0N/A * Not serialized; see serialization section at end of class. 0N/A * Boolean saying if "*" is in the collection. 0N/A * @see #serialPersistentFields 0N/A // No sync access; OK for this to be stale. 0N/A * Create an empty PropertyPermissions object. 0N/A * Adds a permission to the PropertyPermissions. The key for the hash is 0N/A * @param permission the Permission object to add. 0N/A * @exception IllegalArgumentException - if the permission is not a 0N/A * PropertyPermission 0N/A * @exception SecurityException - if this PropertyPermissionCollection 0N/A * object has been marked readonly 0N/A "attempt to add a Permission to a readonly PermissionCollection");
0N/A synchronized (
this) {
0N/A * Check and see if this set of permissions implies the permissions 0N/A * expressed in "permission". 0N/A * @param p the Permission object to compare 0N/A * @return true if "permission" is a proper subset of a permission in 0N/A * the set, false if not. 0N/A // short circuit if the "*" Permission was added 0N/A synchronized (
this) {
0N/A // Check for full match first. Then work our way up the 0N/A // name looking for matches on a.b.* 0N/A //System.out.println("check "+name); 0N/A synchronized (
this) {
0N/A // we have a direct hit! 0N/A // work our way up the tree... 0N/A //System.out.println("check "+name); 0N/A synchronized (
this) {
0N/A // we don't have to check for "*" as it was already checked 0N/A // at the top (all_allowed), so we just return false 0N/A * Returns an enumeration of all the PropertyPermission objects in the 0N/A * @return an enumeration of all the PropertyPermission objects. 0N/A // Convert Iterator of Map values into an Enumeration 0N/A synchronized (
this) {
0N/A // Need to maintain serialization interoperability with earlier releases, 0N/A // which had the serializable field: 0N/A // Table of permissions. 0N/A // private Hashtable permissions; 0N/A * @serialField permissions java.util.Hashtable 0N/A * A table of the PropertyPermissions. 0N/A * @serialField all_allowed boolean 0N/A * boolean saying if "*" is in the collection. 0N/A * @serialData Default fields. 0N/A * Writes the contents of the perms field out as a Hashtable for 0N/A * serialization compatibility with earlier releases. all_allowed 0N/A // Don't call out.defaultWriteObject() 0N/A // Copy perms into a Hashtable 0N/A synchronized (
this) {
0N/A // Write out serializable fields 0N/A * Reads in a Hashtable of PropertyPermissions and saves them in the 0N/A * perms field. Reads in all_allowed. 0N/A // Don't call defaultReadObject() 0N/A // Read in serialized fields