Source Home >> Java Source 1.6.0 >> java.lang.SecurityManager V 0.09

0001/*
0002 * @(#)SecurityManager.java	1.139 06/04/21
0003 *
0004 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
0005 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
0006 */
0007
0008package java.lang;
0009
0010import java.security.*;
0011import java.io.FileDescriptor;
0012import java.io.File;
0013import java.io.FilePermission;
0014import java.awt.AWTPermission;
0015import java.util.PropertyPermission;
0016import java.lang.RuntimePermission;
0017import java.net.SocketPermission;
0018import java.net.NetPermission;
0019import java.util.Hashtable;
0020import java.net.InetAddress;
0021import java.lang.reflect.Member;
0022import java.lang.reflect.*;
0023import java.net.URL;
0024
0025import sun.security.util.SecurityConstants;
0026
0027/**
0028 * The security manager is a class that allows 
0029 * applications to implement a security policy. It allows an 
0030 * application to determine, before performing a possibly unsafe or 
0031 * sensitive operation, what the operation is and whether 
0032 * it is being attempted in a security context that allows the
0033 * operation to be performed. The 
0034 * application can allow or disallow the operation. 
0035 * <p>
0036 * The <code>SecurityManager</code> class contains many methods with 
0037 * names that begin with the word <code>check</code>. These methods 
0038 * are called by various methods in the Java libraries before those 
0039 * methods perform certain potentially sensitive operations. The 
0040 * invocation of such a <code>check</code> method typically looks like this: 
0041 * <p><blockquote><pre>
0042 *     SecurityManager security = System.getSecurityManager();
0043 *     if (security != null) {
0044 *         security.check<i>XXX</i>(argument,  . . . );
0045 *     }
0046 * </pre></blockquote>
0047 * <p>
0048 * The security manager is thereby given an opportunity to prevent 
0049 * completion of the operation by throwing an exception. A security 
0050 * manager routine simply returns if the operation is permitted, but 
0051 * throws a <code>SecurityException</code> if the operation is not 
0052 * permitted. The only exception to this convention is 
0053 * <code>checkTopLevelWindow</code>, which returns a 
0054 * <code>boolean</code> value. 
0055 * <p>
0056 * The current security manager is set by the 
0057 * <code>setSecurityManager</code> method in class 
0058 * <code>System</code>. The current security manager is obtained 
0059 * by the <code>getSecurityManager</code> method. 
0060 * <p> 
0061 * The special method 
0062 * {@link SecurityManager#checkPermission(java.security.Permission)}
0063 * determines whether an access request indicated by a specified
0064 * permission should be granted or denied. The 
0065 * default implementation calls
0066 * 
0067 * <pre>
0068 *   AccessController.checkPermission(perm);
0069 * </pre>
0070 *
0071 * <p> 
0072 * If a requested access is allowed, 
0073 * <code>checkPermission</code> returns quietly. If denied, a 
0074 * <code>SecurityException</code> is thrown. 
0075 * <p>
0076 * As of Java 2 SDK v1.2, the default implementation of each of the other
0077 * <code>check</code> methods in <code>SecurityManager</code> is to 
0078 * call the <code>SecurityManager checkPermission</code> method
0079 * to determine if the calling thread has permission to perform the requested
0080 * operation.
0081 * <p> 
0082 * Note that the <code>checkPermission</code> method with
0083 * just a single permission argument always performs security checks
0084 * within the context of the currently executing thread.
0085 * Sometimes a security check that should be made within a given context
0086 * will actually need to be done from within a
0087 * <i>different</i> context (for example, from within a worker thread).
0088 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 
0089 * and the {@link SecurityManager#checkPermission(java.security.Permission, 
0090 * java.lang.Object) checkPermission}
0091 * method that includes a context argument are provided 
0092 * for this situation. The 
0093 * <code>getSecurityContext</code> method returns a "snapshot"
0094 * of the current calling context. (The default implementation 
0095 * returns an AccessControlContext object.) A sample call is
0096 * the following:
0097 * 
0098 * <pre>
0099 *   Object context = null;
0100 *   SecurityManager sm = System.getSecurityManager();
0101 *   if (sm != null) context = sm.getSecurityContext(); 
0102 * </pre>
0103 * 
0104 * <p>
0105 * The <code>checkPermission</code> method
0106 * that takes a context object in addition to a permission 
0107 * makes access decisions based on that context,
0108 * rather than on that of the current execution thread.
0109 * Code within a different context can thus call that method,
0110 * passing the permission and the
0111 * previously-saved context object. A sample call, using the
0112 * SecurityManager <code>sm</code> obtained as in the previous example, 
0113 * is the following:
0114 * 
0115 * <pre>
0116 *   if (sm != null) sm.checkPermission(permission, context);
0117 * </pre> 
0118 *
0119 * <p>Permissions fall into these categories: File, Socket, Net, 
0120 * Security, Runtime, Property, AWT, Reflect, and Serializable. 
0121 * The classes managing these various
0122 * permission categories are <code>java.io.FilePermission</code>,
0123 * <code>java.net.SocketPermission</code>, 
0124 * <code>java.net.NetPermission</code>, 
0125 * <code>java.security.SecurityPermission</code>,
0126 * <code>java.lang.RuntimePermission</code>, 
0127 * <code>java.util.PropertyPermission</code>, 
0128 * <code>java.awt.AWTPermission</code>,
0129 * <code>java.lang.reflect.ReflectPermission</code>, and
0130 * <code>java.io.SerializablePermission</code>. 
0131 * 
0132 * <p>All but the first two (FilePermission and SocketPermission) are 
0133 * subclasses of <code>java.security.BasicPermission</code>, which itself 
0134 * is an abstract subclass of the
0135 * top-level class for permissions, which is 
0136 * <code>java.security.Permission</code>. BasicPermission defines the 
0137 * functionality needed for all permissions that contain a name 
0138 * that follows the hierarchical property naming convention 
0139 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 
0140 * An asterisk 
0141 * may appear at the end of the name, following a ".", or by itself, to 
0142 * signify a wildcard match. For example: "a.*" or "*" is valid, 
0143 * "*a" or "a*b" is not valid.
0144 *
0145 * <p>FilePermission and SocketPermission are subclasses of the
0146 * top-level class for permissions 
0147 * (<code>java.security.Permission</code>). Classes like these
0148 * that have a more complicated name syntax than that used by
0149 * BasicPermission subclass directly from Permission rather than from
0150 * BasicPermission. For example, 
0151 * for a <code>java.io.FilePermission</code> object, the permission name is
0152 * the path name of a file (or directory).
0153 *
0154 * <p>Some of the permission classes have an "actions" list that tells 
0155 * the actions that are permitted for the object.  For example, 
0156 * for a <code>java.io.FilePermission</code> object, the actions list
0157 * (such as "read, write") specifies which actions are granted for the
0158 * specified file (or for files in the specified directory).
0159 * 
0160 * <p>Other permission classes are for "named" permissions - 
0161 * ones that contain a name but no actions list; you either have the
0162 * named permission or you don't.
0163 * 
0164 * <p>Note: There is also a <code>java.security.AllPermission</code>
0165 * permission that implies all permissions. It exists to simplify the work
0166 * of system administrators who might need to perform multiple
0167 * tasks that require all (or numerous) permissions.
0168 * <p>
0169 * See <a href ="../../../technotes/guides/security/permissions.html">
0170 * Permissions in the JDK</a> for permission-related information.
0171 * This document includes, for example, a table listing the various SecurityManager
0172 * <code>check</code> methods and the permission(s) the default 
0173 * implementation of each such method requires. 
0174 * It also contains a table of all the version 1.2 methods
0175 * that require permissions, and for each such method tells 
0176 * which permission it requires.
0177 * <p>
0178 * For more information about <code>SecurityManager</code> changes made in 
0179 * the JDK and advice regarding porting of 1.1-style security managers,
0180 * see the <a href="../../../technotes/guides/security/index.html">security documentation</a>.
0181 *
0182 * @author  Arthur van Hoff
0183 * @author  Roland Schemers
0184 *
0185 * @version 1.139, 04/21/06
0186 * @see     java.lang.ClassLoader
0187 * @see     java.lang.SecurityException
0188 * @see     java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
0189 *  checkTopLevelWindow
0190 * @see     java.lang.System#getSecurityManager() getSecurityManager
0191 * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
0192 *  setSecurityManager
0193 * @see     java.security.AccessController AccessController
0194 * @see     java.security.AccessControlContext AccessControlContext
0195 * @see     java.security.AccessControlException AccessControlException
0196 * @see     java.security.Permission 
0197 * @see     java.security.BasicPermission
0198 * @see     java.io.FilePermission
0199 * @see     java.net.SocketPermission
0200 * @see     java.util.PropertyPermission
0201 * @see     java.lang.RuntimePermission
0202 * @see     java.awt.AWTPermission
0203 * @see     java.security.Policy Policy
0204 * @see     java.security.SecurityPermission SecurityPermission
0205 * @see     java.security.ProtectionDomain
0206 *
0207 * @since   JDK1.0
0208 */
0209public 
0210class SecurityManager {
0211
0212    /**
0213     * This field is <code>true</code> if there is a security check in 
0214     * progress; <code>false</code> otherwise.
0215     *
0216     * @deprecated This type of security checking is not recommended.
0217     *  It is recommended that the <code>checkPermission</code>
0218     *  call be used instead.
0219     */
0220    @Deprecated
0221    protected boolean inCheck;
0222
0223    /* 
0224     * Have we been initialized. Effective against finalizer attacks.
0225     */
0226    private boolean initialized = false;
0227
0228
0229    /**
0230     * returns true if the current context has been granted AllPermission
0231     */
0232    private boolean hasAllPermission() 
0233    {
0234	try {
0235	    checkPermission(SecurityConstants.ALL_PERMISSION);
0236	    return true;
0237	} catch (SecurityException se) {
0238	    return false;
0239	}
0240    }
0241
0242    /** 
0243     * Tests if there is a security check in progress.
0244     *
0245     * @return the value of the <code>inCheck</code> field. This field 
0246     *          should contain <code>true</code> if a security check is
0247     *          in progress,
0248     *          <code>false</code> otherwise.
0249     * @see     java.lang.SecurityManager#inCheck
0250     * @deprecated This type of security checking is not recommended.
0251     *  It is recommended that the <code>checkPermission</code>
0252     *  call be used instead.
0253     */
0254    @Deprecated
0255    public boolean getInCheck() {
0256	return inCheck;
0257    }
0258
0259    /**
0260     * Constructs a new <code>SecurityManager</code>.
0261     *
0262     * <p> If there is a security manager already installed, this method first
0263     * calls the security manager's <code>checkPermission</code> method
0264     * with the <code>RuntimePermission("createSecurityManager")</code>
0265     * permission to ensure the calling thread has permission to create a new 
0266     * security manager.
0267     * This may result in throwing a <code>SecurityException</code>.
0268     *
0269     * @exception  java.lang.SecurityException if a security manager already 
0270     *             exists and its <code>checkPermission</code> method 
0271     *             doesn't allow creation of a new security manager.
0272     * @see        java.lang.System#getSecurityManager()
0273     * @see        #checkPermission(java.security.Permission) checkPermission
0274     * @see java.lang.RuntimePermission
0275     */
0276    public SecurityManager() {
0277	synchronized(SecurityManager.class) {
0278 	    SecurityManager sm = System.getSecurityManager();
0279 	    if (sm != null) {
0280		// ask the currently installed security manager if we 
0281		// can create a new one.
0282 		sm.checkPermission(new RuntimePermission
0283				   ("createSecurityManager"));
0284  	    }
0285	    initialized = true;
0286	}
0287    }
0288
0289    /**
0290     * Returns the current execution stack as an array of classes. 
0291     * <p>
0292     * The length of the array is the number of methods on the execution 
0293     * stack. The element at index <code>0</code> is the class of the 
0294     * currently executing method, the element at index <code>1</code> is 
0295     * the class of that method's caller, and so on. 
0296     *
0297     * @return  the execution stack.
0298     */
0299    protected native Class[] getClassContext();
0300
0301    /**
0302     * Returns the class loader of the most recently executing method from
0303     * a class defined using a non-system class loader. A non-system 
0304     * class loader is defined as being a class loader that is not equal to
0305     * the system class loader (as returned 
0306     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0307     * <p>
0308     * This method will return
0309     * <code>null</code> in the following three cases:<p>
0310     * <ol>
0311     *   <li>All methods on the execution stack are from classes
0312     *   defined using the system class loader or one of its ancestors.
0313     *
0314     *   <li>All methods on the execution stack up to the first
0315     *   "privileged" caller 
0316     *   (see {@link java.security.AccessController#doPrivileged})
0317     *   are from classes
0318     *   defined using the system class loader or one of its ancestors.
0319     *
0320     *   <li> A call to <code>checkPermission</code> with 
0321     *   <code>java.security.AllPermission</code> does not 
0322     *   result in a SecurityException. 
0323     *
0324     * </ol>
0325     *
0326     * @return  the class loader of the most recent occurrence on the stack
0327     *          of a method from a class defined using a non-system class 
0328     *          loader.
0329     *
0330     * @deprecated This type of security checking is not recommended.
0331     *  It is recommended that the <code>checkPermission</code>
0332     *  call be used instead.
0333     * 
0334     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0335     * @see  #checkPermission(java.security.Permission) checkPermission
0336     */
0337    @Deprecated
0338    protected ClassLoader currentClassLoader()
0339    {
0340	ClassLoader cl = currentClassLoader0();
0341	if ((cl != null) && hasAllPermission())
0342	    cl = null;
0343	return cl;
0344    }
0345
0346    private native ClassLoader currentClassLoader0();
0347
0348    /**
0349     * Returns the class of the most recently executing method from
0350     * a class defined using a non-system class loader. A non-system 
0351     * class loader is defined as being a class loader that is not equal to
0352     * the system class loader (as returned 
0353     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0354     * <p>
0355     * This method will return
0356     * <code>null</code> in the following three cases:<p>
0357     * <ol>
0358     *   <li>All methods on the execution stack are from classes
0359     *   defined using the system class loader or one of its ancestors.
0360     *
0361     *   <li>All methods on the execution stack up to the first
0362     *   "privileged" caller
0363     *   (see {@link java.security.AccessController#doPrivileged})
0364     *   are from classes
0365     *   defined using the system class loader or one of its ancestors.
0366     *
0367     *   <li> A call to <code>checkPermission</code> with 
0368     *   <code>java.security.AllPermission</code> does not 
0369     *   result in a SecurityException. 
0370     *
0371     * </ol>
0372     *
0373     * @return  the class  of the most recent occurrence on the stack
0374     *          of a method from a class defined using a non-system class 
0375     *          loader.
0376     *
0377     * @deprecated This type of security checking is not recommended.
0378     *  It is recommended that the <code>checkPermission</code>
0379     *  call be used instead.
0380     * 
0381     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0382     * @see  #checkPermission(java.security.Permission) checkPermission
0383     */
0384    @Deprecated
0385    protected Class<?> currentLoadedClass() {
0386	Class c = currentLoadedClass0();
0387	if ((c != null) && hasAllPermission())
0388	    c = null;
0389	return c;
0390    }
0391
0392    /**
0393     * Returns the stack depth of the specified class. 
0394     *
0395     * @param   name   the fully qualified name of the class to search for.
0396     * @return  the depth on the stack frame of the first occurrence of a
0397     *          method from a class with the specified name;
0398     *          <code>-1</code> if such a frame cannot be found.
0399     * @deprecated This type of security checking is not recommended.
0400     *  It is recommended that the <code>checkPermission</code>
0401     *  call be used instead.
0402     *
0403     */
0404    @Deprecated
0405    protected native int classDepth(String name);
0406
0407    /**
0408     * Returns the stack depth of the most recently executing method 
0409     * from a class defined using a non-system class loader.  A non-system 
0410     * class loader is defined as being a class loader that is not equal to
0411     * the system class loader (as returned 
0412     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
0413     * <p>
0414     * This method will return
0415     * -1 in the following three cases:<p>
0416     * <ol>
0417     *   <li>All methods on the execution stack are from classes
0418     *   defined using the system class loader or one of its ancestors.
0419     *
0420     *   <li>All methods on the execution stack up to the first
0421     *   "privileged" caller
0422     *   (see {@link java.security.AccessController#doPrivileged})
0423     *   are from classes
0424     *   defined using the system class loader or one of its ancestors.
0425     *
0426     *   <li> A call to <code>checkPermission</code> with 
0427     *   <code>java.security.AllPermission</code> does not 
0428     *   result in a SecurityException. 
0429     *
0430     * </ol>
0431     *
0432     * @return the depth on the stack frame of the most recent occurrence of
0433     *          a method from a class defined using a non-system class loader.
0434     *
0435     * @deprecated This type of security checking is not recommended.
0436     *  It is recommended that the <code>checkPermission</code>
0437     *  call be used instead.
0438     * 
0439     * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
0440     * @see   #checkPermission(java.security.Permission) checkPermission
0441     */
0442    @Deprecated
0443    protected int classLoaderDepth()
0444    {
0445	int depth = classLoaderDepth0();
0446	if (depth != -1) {
0447	    if (hasAllPermission())
0448		depth = -1;
0449	    else
0450		depth--; // make sure we don't include ourself
0451	}
0452	return depth;
0453    }
0454
0455    private native int classLoaderDepth0();
0456
0457    /**
0458     * Tests if a method from a class with the specified
0459     *         name is on the execution stack. 
0460     *
0461     * @param  name   the fully qualified name of the class.
0462     * @return <code>true</code> if a method from a class with the specified
0463     *         name is on the execution stack; <code>false</code> otherwise.
0464     * @deprecated This type of security checking is not recommended.
0465     *  It is recommended that the <code>checkPermission</code>
0466     *  call be used instead.
0467     */
0468    @Deprecated
0469    protected boolean inClass(String name) {
0470	return classDepth(name) >= 0;
0471    }
0472
0473    /**
0474     * Basically, tests if a method from a class defined using a
0475     *          class loader is on the execution stack.
0476     *
0477     * @return  <code>true</code> if a call to <code>currentClassLoader</code>
0478     *          has a non-null return value.
0479     *
0480     * @deprecated This type of security checking is not recommended.
0481     *  It is recommended that the <code>checkPermission</code>
0482     *  call be used instead.
0483     * @see        #currentClassLoader() currentClassLoader 
0484     */
0485    @Deprecated
0486    protected boolean inClassLoader() {
0487	return currentClassLoader() != null;
0488    }
0489
0490    /**
0491     * Creates an object that encapsulates the current execution 
0492     * environment. The result of this method is used, for example, by the 
0493     * three-argument <code>checkConnect</code> method and by the 
0494     * two-argument <code>checkRead</code> method. 
0495     * These methods are needed because a trusted method may be called 
0496     * on to read a file or open a socket on behalf of another method. 
0497     * The trusted method needs to determine if the other (possibly 
0498     * untrusted) method would be allowed to perform the operation on its 
0499     * own. 
0500     * <p> The default implementation of this method is to return 
0501     * an <code>AccessControlContext</code> object.
0502     *
0503     * @return  an implementation-dependent object that encapsulates
0504     *          sufficient information about the current execution environment
0505     *          to perform some security checks later.
0506     * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int, 
0507     *   java.lang.Object) checkConnect
0508     * @see     java.lang.SecurityManager#checkRead(java.lang.String, 
0509     *   java.lang.Object) checkRead
0510     * @see     java.security.AccessControlContext AccessControlContext
0511     */
0512    public Object getSecurityContext() {
0513	return AccessController.getContext();
0514    }
0515
0516    /**
0517     * Throws a <code>SecurityException</code> if the requested
0518     * access, specified by the given permission, is not permitted based
0519     * on the security policy currently in effect.
0520     * <p>
0521     * This method calls <code>AccessController.checkPermission</code> 
0522     * with the given permission.
0523     *
0524     * @param     perm   the requested permission.
0525     * @exception SecurityException if access is not permitted based on
0526     *		  the current security policy.
0527     * @exception NullPointerException if the permission argument is
0528     *            <code>null</code>.
0529     * @since     1.2
0530     */
0531    public void checkPermission(Permission perm) {
0532	java.security.AccessController.checkPermission(perm);
0533    }
0534
0535    /**
0536     * Throws a <code>SecurityException</code> if the
0537     * specified security context is denied access to the resource
0538     * specified by the given permission.
0539     * The context must be a security 
0540     * context returned by a previous call to 
0541     * <code>getSecurityContext</code> and the access control
0542     * decision is based upon the configured security policy for
0543     * that security context.
0544     * <p>
0545     * If <code>context</code> is an instance of 
0546     * <code>AccessControlContext</code> then the
0547     * <code>AccessControlContext.checkPermission</code> method is
0548     * invoked with the specified permission.
0549     * <p>
0550     * If <code>context</code> is not an instance of 
0551     * <code>AccessControlContext</code> then a
0552     * <code>SecurityException</code> is thrown. 
0553     *
0554     * @param      perm      the specified permission
0555     * @param      context   a system-dependent security context.
0556     * @exception  SecurityException  if the specified security context
0557     *             is not an instance of <code>AccessControlContext</code>
0558     *             (e.g., is <code>null</code>), or is denied access to the
0559     *             resource specified by the given permission.
0560     * @exception  NullPointerException if the permission argument is
0561     *             <code>null</code>.
0562     * @see        java.lang.SecurityManager#getSecurityContext()
0563     * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 
0564     * @since      1.2
0565     */
0566    public void checkPermission(Permission perm, Object context) {
0567	if (context instanceof AccessControlContext) {
0568	    ((AccessControlContext)context).checkPermission(perm);
0569	} else {
0570	    throw new SecurityException();
0571	}
0572    }
0573
0574    /**
0575     * Throws a <code>SecurityException</code> if the 
0576     * calling thread is not allowed to create a new class loader. 
0577     * <p>
0578     * This method calls <code>checkPermission</code> with the
0579     * <code>RuntimePermission("createClassLoader")</code>
0580     * permission.
0581     * <p>
0582     * If you override this method, then you should make a call to 
0583     * <code>super.checkCreateClassLoader</code>
0584     * at the point the overridden method would normally throw an
0585     * exception.
0586     *
0587     * @exception SecurityException if the calling thread does not 
0588     *             have permission
0589     *             to create a new class loader.
0590     * @see        java.lang.ClassLoader#ClassLoader()
0591     * @see        #checkPermission(java.security.Permission) checkPermission
0592     */
0593    public void checkCreateClassLoader() {
0594	checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
0595    }
0596
0597    /** 
0598     * reference to the root thread group, used for the checkAccess
0599     * methods.
0600     */
0601
0602    private static ThreadGroup rootGroup = getRootGroup();
0603   
0604    private static ThreadGroup getRootGroup() {
0605	ThreadGroup root =  Thread.currentThread().getThreadGroup();
0606	while (root.getParent() != null) {
0607	    root = root.getParent();
0608	}
0609	return root;
0610    }
0611
0612    /**
0613     * Throws a <code>SecurityException</code> if the 
0614     * calling thread is not allowed to modify the thread argument. 
0615     * <p>
0616     * This method is invoked for the current security manager by the 
0617     * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 
0618     * <code>setPriority</code>, <code>setName</code>, and 
0619     * <code>setDaemon</code> methods of class <code>Thread</code>. 
0620     * <p>
0621     * If the thread argument is a system thread (belongs to
0622     * the thread group with a <code>null</code> parent) then 
0623     * this method calls <code>checkPermission</code> with the
0624     * <code>RuntimePermission("modifyThread")</code> permission.
0625     * If the thread argument is <i>not</i> a system thread,
0626     * this method just returns silently.
0627     * <p>
0628     * Applications that want a stricter policy should override this
0629     * method. If this method is overridden, the method that overrides
0630     * it should additionally check to see if the calling thread has the
0631     * <code>RuntimePermission("modifyThread")</code> permission, and
0632     * if so, return silently. This is to ensure that code granted
0633     * that permission (such as the JDK itself) is allowed to
0634     * manipulate any thread.
0635     * <p>
0636     * If this method is overridden, then 
0637     * <code>super.checkAccess</code> should
0638     * be called by the first statement in the overridden method, or the 
0639     * equivalent security check should be placed in the overridden method.
0640     *
0641     * @param      t   the thread to be checked.
0642     * @exception  SecurityException  if the calling thread does not have 
0643     *             permission to modify the thread.
0644     * @exception  NullPointerException if the thread argument is
0645     *             <code>null</code>.
0646     * @see        java.lang.Thread#resume() resume
0647     * @see        java.lang.Thread#setDaemon(boolean) setDaemon
0648     * @see        java.lang.Thread#setName(java.lang.String) setName
0649     * @see        java.lang.Thread#setPriority(int) setPriority
0650     * @see        java.lang.Thread#stop() stop
0651     * @see        java.lang.Thread#suspend() suspend
0652     * @see        #checkPermission(java.security.Permission) checkPermission
0653     */
0654    public void checkAccess(Thread t) {
0655	if (t == null) {
0656	    throw new NullPointerException("thread can't be null");
0657	}
0658	if (t.getThreadGroup() == rootGroup) {
0659	    checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
0660	} else {
0661	    // just return
0662	}
0663    }
0664    /**
0665     * Throws a <code>SecurityException</code> if the 
0666     * calling thread is not allowed to modify the thread group argument. 
0667     * <p>
0668     * This method is invoked for the current security manager when a 
0669     * new child thread or child thread group is created, and by the 
0670     * <code>setDaemon</code>, <code>setMaxPriority</code>, 
0671     * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 
0672     * <code>destroy</code> methods of class <code>ThreadGroup</code>. 
0673     * <p>
0674     * If the thread group argument is the system thread group (
0675     * has a <code>null</code> parent) then 
0676     * this method calls <code>checkPermission</code> with the
0677     * <code>RuntimePermission("modifyThreadGroup")</code> permission.
0678     * If the thread group argument is <i>not</i> the system thread group,
0679     * this method just returns silently.
0680     * <p>
0681     * Applications that want a stricter policy should override this
0682     * method. If this method is overridden, the method that overrides
0683     * it should additionally check to see if the calling thread has the
0684     * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
0685     * if so, return silently. This is to ensure that code granted
0686     * that permission (such as the JDK itself) is allowed to
0687     * manipulate any thread.
0688     * <p>
0689     * If this method is overridden, then 
0690     * <code>super.checkAccess</code> should
0691     * be called by the first statement in the overridden method, or the 
0692     * equivalent security check should be placed in the overridden method.
0693     *
0694     * @param      g   the thread group to be checked.
0695     * @exception  SecurityException  if the calling thread does not have
0696     *             permission to modify the thread group.
0697     * @exception  NullPointerException if the thread group argument is
0698     *             <code>null</code>.
0699     * @see        java.lang.ThreadGroup#destroy() destroy
0700     * @see        java.lang.ThreadGroup#resume() resume
0701     * @see        java.lang.ThreadGroup#setDaemon(boolean) setDaemon
0702     * @see        java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
0703     * @see        java.lang.ThreadGroup#stop() stop
0704     * @see        java.lang.ThreadGroup#suspend() suspend
0705     * @see        #checkPermission(java.security.Permission) checkPermission
0706     */
0707    public void checkAccess(ThreadGroup g) {
0708	if (g == null) {
0709	    throw new NullPointerException("thread group can't be null");
0710	}
0711	if (g == rootGroup) {
0712	    checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
0713	} else {
0714	    // just return
0715	}
0716    }
0717
0718    /**
0719     * Throws a <code>SecurityException</code> if the 
0720     * calling thread is not allowed to cause the Java Virtual Machine to 
0721     * halt with the specified status code. 
0722     * <p>
0723     * This method is invoked for the current security manager by the 
0724     * <code>exit</code> method of class <code>Runtime</code>. A status 
0725     * of <code>0</code> indicates success; other values indicate various 
0726     * errors. 
0727     * <p>
0728     * This method calls <code>checkPermission</code> with the
0729     * <code>RuntimePermission("exitVM."+status)</code> permission.
0730     * <p>
0731     * If you override this method, then you should make a call to 
0732     * <code>super.checkExit</code>
0733     * at the point the overridden method would normally throw an
0734     * exception.
0735     *
0736     * @param      status   the exit status.
0737     * @exception SecurityException if the calling thread does not have 
0738     *              permission to halt the Java Virtual Machine with 
0739     *              the specified status.
0740     * @see        java.lang.Runtime#exit(int) exit
0741     * @see        #checkPermission(java.security.Permission) checkPermission
0742     */
0743    public void checkExit(int status) {
0744	checkPermission(new RuntimePermission("exitVM."+status));
0745    }
0746
0747    /**
0748     * Throws a <code>SecurityException</code> if the 
0749     * calling thread is not allowed to create a subprocess. 
0750     * <p>
0751     * This method is invoked for the current security manager by the 
0752     * <code>exec</code> methods of class <code>Runtime</code>.
0753     * <p>
0754     * This method calls <code>checkPermission</code> with the
0755     * <code>FilePermission(cmd,"execute")</code> permission
0756     * if cmd is an absolute path, otherwise it calls 
0757     * <code>checkPermission</code> with 
0758     * <code>FilePermission("<<ALL FILES>>","execute")</code>.
0759     * <p>
0760     * If you override this method, then you should make a call to 
0761     * <code>super.checkExec</code>
0762     * at the point the overridden method would normally throw an
0763     * exception.
0764     *
0765     * @param      cmd   the specified system command.
0766     * @exception  SecurityException if the calling thread does not have 
0767     *             permission to create a subprocess.
0768     * @exception  NullPointerException if the <code>cmd</code> argument is
0769     *             <code>null</code>.
0770     * @see     java.lang.Runtime#exec(java.lang.String)
0771     * @see     java.lang.Runtime#exec(java.lang.String, java.lang.String[])
0772     * @see     java.lang.Runtime#exec(java.lang.String[])
0773     * @see     java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
0774     * @see     #checkPermission(java.security.Permission) checkPermission
0775     */
0776    public void checkExec(String cmd) {
0777	File f = new File(cmd);
0778	if (f.isAbsolute()) {
0779	    checkPermission(new FilePermission(cmd, 
0780		SecurityConstants.FILE_EXECUTE_ACTION));
0781	} else {
0782	    checkPermission(new FilePermission("<<ALL FILES>>", 
0783		SecurityConstants.FILE_EXECUTE_ACTION));
0784	}
0785    }
0786
0787    /**
0788     * Throws a <code>SecurityException</code> if the 
0789     * calling thread is not allowed to dynamic link the library code 
0790     * specified by the string argument file. The argument is either a 
0791     * simple library name or a complete filename. 
0792     * <p>
0793     * This method is invoked for the current security manager by 
0794     * methods <code>load</code> and <code>loadLibrary</code> of class 
0795     * <code>Runtime</code>. 
0796     * <p>
0797     * This method calls <code>checkPermission</code> with the
0798     * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
0799     * <p>
0800     * If you override this method, then you should make a call to 
0801     * <code>super.checkLink</code>
0802     * at the point the overridden method would normally throw an
0803     * exception.
0804     *
0805     * @param      lib   the name of the library.
0806     * @exception  SecurityException if the calling thread does not have
0807     *             permission to dynamically link the library.
0808     * @exception  NullPointerException if the <code>lib</code> argument is
0809     *             <code>null</code>.
0810     * @see        java.lang.Runtime#load(java.lang.String)
0811     * @see        java.lang.Runtime#loadLibrary(java.lang.String)
0812     * @see        #checkPermission(java.security.Permission) checkPermission
0813     */
0814    public void checkLink(String lib) {
0815	if (lib == null) {
0816	    throw new NullPointerException("library can't be null");
0817	}
0818        checkPermission(new RuntimePermission("loadLibrary."+lib));
0819    }
0820
0821    /**
0822     * Throws a <code>SecurityException</code> if the 
0823     * calling thread is not allowed to read from the specified file 
0824     * descriptor. 
0825     * <p>
0826     * This method calls <code>checkPermission</code> with the
0827     * <code>RuntimePermission("readFileDescriptor")</code>
0828     * permission.
0829     * <p>
0830     * If you override this method, then you should make a call to 
0831     * <code>super.checkRead</code>
0832     * at the point the overridden method would normally throw an
0833     * exception.
0834     *
0835     * @param      fd   the system-dependent file descriptor.
0836     * @exception  SecurityException  if the calling thread does not have
0837     *             permission to access the specified file descriptor.
0838     * @exception  NullPointerException if the file descriptor argument is
0839     *             <code>null</code>.
0840     * @see        java.io.FileDescriptor
0841     * @see        #checkPermission(java.security.Permission) checkPermission
0842     */
0843    public void checkRead(FileDescriptor fd) {
0844	if (fd == null) {
0845	    throw new NullPointerException("file descriptor can't be null");
0846	}
0847      	checkPermission(new RuntimePermission("readFileDescriptor"));
0848    }
0849
0850    /**
0851     * Throws a <code>SecurityException</code> if the 
0852     * calling thread is not allowed to read the file specified by the 
0853     * string argument. 
0854     * <p>
0855     * This method calls <code>checkPermission</code> with the
0856     * <code>FilePermission(file,"read")</code> permission.
0857     * <p>
0858     * If you override this method, then you should make a call to 
0859     * <code>super.checkRead</code>
0860     * at the point the overridden method would normally throw an
0861     * exception. 
0862     *
0863     * @param      file   the system-dependent file name.
0864     * @exception  SecurityException if the calling thread does not have 
0865     *             permission to access the specified file.
0866     * @exception  NullPointerException if the <code>file</code> argument is
0867     *             <code>null</code>.
0868     * @see        #checkPermission(java.security.Permission) checkPermission
0869     */
0870    public void checkRead(String file) {
0871	checkPermission(new FilePermission(file, 
0872	    SecurityConstants.FILE_READ_ACTION));
0873    }
0874
0875    /**
0876     * Throws a <code>SecurityException</code> if the 
0877     * specified security context is not allowed to read the file 
0878     * specified by the string argument. The context must be a security 
0879     * context returned by a previous call to 
0880     * <code>getSecurityContext</code>. 
0881     * <p> If <code>context</code> is an instance of 
0882     * <code>AccessControlContext</code> then the
0883     * <code>AccessControlContext.checkPermission</code> method will
0884     * be invoked with the <code>FilePermission(file,"read")</code> permission.
0885     * <p> If <code>context</code> is not an instance of 
0886     * <code>AccessControlContext</code> then a
0887     * <code>SecurityException</code> is thrown. 
0888     * <p>
0889     * If you override this method, then you should make a call to 
0890     * <code>super.checkRead</code>
0891     * at the point the overridden method would normally throw an
0892     * exception. 
0893     *
0894     * @param      file      the system-dependent filename.
0895     * @param      context   a system-dependent security context.
0896     * @exception  SecurityException  if the specified security context
0897     *             is not an instance of <code>AccessControlContext</code>
0898     *             (e.g., is <code>null</code>), or does not have permission
0899     *             to read the specified file.
0900     * @exception  NullPointerException if the <code>file</code> argument is
0901     *             <code>null</code>.
0902     * @see        java.lang.SecurityManager#getSecurityContext()
0903     * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
0904     */
0905    public void checkRead(String file, Object context) {
0906	checkPermission(
0907	    new FilePermission(file, SecurityConstants.FILE_READ_ACTION), 
0908	    context);
0909    }
0910
0911    /**
0912     * Throws a <code>SecurityException</code> if the 
0913     * calling thread is not allowed to write to the specified file 
0914     * descriptor. 
0915     * <p>
0916     * This method calls <code>checkPermission</code> with the
0917     * <code>RuntimePermission("writeFileDescriptor")</code>
0918     * permission.
0919     * <p>
0920     * If you override this method, then you should make a call to 
0921     * <code>super.checkWrite</code>
0922     * at the point the overridden method would normally throw an
0923     * exception.
0924     *
0925     * @param      fd   the system-dependent file descriptor.
0926     * @exception SecurityException  if the calling thread does not have
0927     *             permission to access the specified file descriptor.
0928     * @exception  NullPointerException if the file descriptor argument is
0929     *             <code>null</code>.
0930     * @see        java.io.FileDescriptor
0931     * @see        #checkPermission(java.security.Permission) checkPermission
0932     */
0933    public void checkWrite(FileDescriptor fd) {
0934	if (fd == null) {
0935	    throw new NullPointerException("file descriptor can't be null");
0936	}
0937      	checkPermission(new RuntimePermission("writeFileDescriptor"));
0938
0939    }
0940
0941    /**
0942     * Throws a <code>SecurityException</code> if the 
0943     * calling thread is not allowed to write to the file specified by 
0944     * the string argument. 
0945     * <p>
0946     * This method calls <code>checkPermission</code> with the
0947     * <code>FilePermission(file,"write")</code> permission.
0948     * <p>
0949     * If you override this method, then you should make a call to 
0950     * <code>super.checkWrite</code>
0951     * at the point the overridden method would normally throw an
0952     * exception.
0953     *
0954     * @param      file   the system-dependent filename.
0955     * @exception  SecurityException  if the calling thread does not 
0956     *             have permission to access the specified file.
0957     * @exception  NullPointerException if the <code>file</code> argument is
0958     *             <code>null</code>.
0959     * @see        #checkPermission(java.security.Permission) checkPermission
0960     */
0961    public void checkWrite(String file) {
0962	checkPermission(new FilePermission(file, 
0963	    SecurityConstants.FILE_WRITE_ACTION));
0964    }
0965
0966    /**
0967     * Throws a <code>SecurityException</code> if the 
0968     * calling thread is not allowed to delete the specified file. 
0969     * <p>
0970     * This method is invoked for the current security manager by the 
0971     * <code>delete</code> method of class <code>File</code>.
0972     * <p>
0973     * This method calls <code>checkPermission</code> with the
0974     * <code>FilePermission(file,"delete")</code> permission.
0975     * <p>
0976     * If you override this method, then you should make a call to 
0977     * <code>super.checkDelete</code>
0978     * at the point the overridden method would normally throw an
0979     * exception.
0980     *
0981     * @param      file   the system-dependent filename.
0982     * @exception  SecurityException if the calling thread does not 
0983     *             have permission to delete the file.
0984     * @exception  NullPointerException if the <code>file</code> argument is
0985     *             <code>null</code>.
0986     * @see        java.io.File#delete()
0987     * @see        #checkPermission(java.security.Permission) checkPermission
0988     */
0989    public void checkDelete(String file) {
0990	checkPermission(new FilePermission(file, 
0991	    SecurityConstants.FILE_DELETE_ACTION));
0992    }
0993
0994    /**
0995     * Throws a <code>SecurityException</code> if the 
0996     * calling thread is not allowed to open a socket connection to the 
0997     * specified host and port number. 
0998     * <p>
0999     * A port number of <code>-1</code> indicates that the calling 
1000     * method is attempting to determine the IP address of the specified 
1001     * host name. 
1002     * <p>
1003     * This method calls <code>checkPermission</code> with the
1004     * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1005     * the port is not equal to -1. If the port is equal to -1, then
1006     * it calls <code>checkPermission</code> with the
1007     * <code>SocketPermission(host,"resolve")</code> permission.
1008     * <p>
1009     * If you override this method, then you should make a call to 
1010     * <code>super.checkConnect</code>
1011     * at the point the overridden method would normally throw an
1012     * exception.
1013     *
1014     * @param      host   the host name port to connect to.
1015     * @param      port   the protocol port to connect to.
1016     * @exception  SecurityException  if the calling thread does not have
1017     *             permission to open a socket connection to the specified
1018     *               <code>host</code> and <code>port</code>.
1019     * @exception  NullPointerException if the <code>host</code> argument is
1020     *             <code>null</code>.
1021     * @see        #checkPermission(java.security.Permission) checkPermission
1022     */
1023    public void checkConnect(String host, int port) {
1024	if (host == null) {
1025	    throw new NullPointerException("host can't be null");
1026	}
1027	if (!host.startsWith("[") && host.indexOf(':') != -1) {
1028	    host = "[" + host + "]";
1029	}
1030	if (port == -1) {
1031	    checkPermission(new SocketPermission(host, 
1032		SecurityConstants.SOCKET_RESOLVE_ACTION));
1033	} else {
1034	    checkPermission(new SocketPermission(host+":"+port,
1035		SecurityConstants.SOCKET_CONNECT_ACTION));
1036	}
1037    }
1038
1039    /**
1040     * Throws a <code>SecurityException</code> if the 
1041     * specified security context is not allowed to open a socket 
1042     * connection to the specified host and port number. 
1043     * <p>
1044     * A port number of <code>-1</code> indicates that the calling 
1045     * method is attempting to determine the IP address of the specified 
1046     * host name. 
1047     * <p> If <code>context</code> is not an instance of 
1048     * <code>AccessControlContext</code> then a
1049     * <code>SecurityException</code> is thrown.
1050     * <p>
1051     * Otherwise, the port number is checked. If it is not equal
1052     * to -1, the <code>context</code>'s <code>checkPermission</code>
1053     * method is called with a 
1054     * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1055     * If the port is equal to -1, then
1056     * the <code>context</code>'s <code>checkPermission</code> method 
1057     * is called with a
1058     * <code>SocketPermission(host,"resolve")</code> permission.
1059     * <p>
1060     * If you override this method, then you should make a call to 
1061     * <code>super.checkConnect</code>
1062     * at the point the overridden method would normally throw an
1063     * exception.
1064     *
1065     * @param      host      the host name port to connect to.
1066     * @param      port      the protocol port to connect to.
1067     * @param      context   a system-dependent security context.
1068     * @exception  SecurityException if the specified security context
1069     *             is not an instance of <code>AccessControlContext</code>
1070     *             (e.g., is <code>null</code>), or does not have permission
1071     *             to open a socket connection to the specified
1072     *             <code>host</code> and <code>port</code>.
1073     * @exception  NullPointerException if the <code>host</code> argument is
1074     *             <code>null</code>.
1075     * @see        java.lang.SecurityManager#getSecurityContext()
1076     * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
1077     */
1078    public void checkConnect(String host, int port, Object context) {
1079	if (host == null) {
1080	    throw new NullPointerException("host can't be null");
1081	}
1082	if (!host.startsWith("[") && host.indexOf(':') != -1) {
1083	    host = "[" + host + "]";
1084	}
1085	if (port == -1)
1086	    checkPermission(new SocketPermission(host,
1087		SecurityConstants.SOCKET_RESOLVE_ACTION),
1088		context);
1089	else
1090	    checkPermission(new SocketPermission(host+":"+port,
1091		SecurityConstants.SOCKET_CONNECT_ACTION),
1092		context);
1093    }
1094
1095    /**
1096     * Throws a <code>SecurityException</code> if the 
1097     * calling thread is not allowed to wait for a connection request on 
1098     * the specified local port number. 
1099     * <p>
1100     * If port is not 0, this method calls
1101     * <code>checkPermission</code> with the
1102     * <code>SocketPermission("localhost:"+port,"listen")</code>.
1103     * If port is zero, this method calls <code>checkPermission</code>
1104     * with <code>SocketPermission("localhost:1024-","listen").</code>
1105     * <p>
1106     * If you override this method, then you should make a call to 
1107     * <code>super.checkListen</code>
1108     * at the point the overridden method would normally throw an
1109     * exception.
1110     *
1111     * @param      port   the local port.
1112     * @exception  SecurityException  if the calling thread does not have 
1113     *             permission to listen on the specified port.
1114     * @see        #checkPermission(java.security.Permission) checkPermission
1115     */
1116    public void checkListen(int port) {
1117	if (port == 0) {
1118	    checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
1119	} else {
1120	    checkPermission(new SocketPermission("localhost:"+port,
1121		SecurityConstants.SOCKET_LISTEN_ACTION));
1122	}
1123    }
1124
1125    /**
1126     * Throws a <code>SecurityException</code> if the 
1127     * calling thread is not permitted to accept a socket connection from 
1128     * the specified host and port number. 
1129     * <p>
1130     * This method is invoked for the current security manager by the 
1131     * <code>accept</code> method of class <code>ServerSocket</code>. 
1132     * <p>
1133     * This method calls <code>checkPermission</code> with the
1134     * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1135     * <p>
1136     * If you override this method, then you should make a call to 
1137     * <code>super.checkAccept</code>
1138     * at the point the overridden method would normally throw an
1139     * exception.
1140     *
1141     * @param      host   the host name of the socket connection.
1142     * @param      port   the port number of the socket connection.
1143     * @exception  SecurityException  if the calling thread does not have 
1144     *             permission to accept the connection.
1145     * @exception  NullPointerException if the <code>host</code> argument is
1146     *             <code>null</code>.
1147     * @see        java.net.ServerSocket#accept()
1148     * @see        #checkPermission(java.security.Permission) checkPermission
1149     */
1150    public void checkAccept(String host, int port) {
1151	if (host == null) {
1152	    throw new NullPointerException("host can't be null");
1153	}
1154	if (!host.startsWith("[") && host.indexOf(':') != -1) {
1155	    host = "[" + host + "]";
1156	}
1157	checkPermission(new SocketPermission(host+":"+port,
1158	    SecurityConstants.SOCKET_ACCEPT_ACTION));
1159    }
1160
1161    /**
1162     * Throws a <code>SecurityException</code> if the 
1163     * calling thread is not allowed to use
1164     * (join/leave/send/receive) IP multicast.
1165     * <p>
1166     * This method calls <code>checkPermission</code> with the
1167     * <code>java.net.SocketPermission(maddr.getHostAddress(), 
1168     * "accept,connect")</code> permission.
1169     * <p>
1170     * If you override this method, then you should make a call to 
1171     * <code>super.checkMulticast</code>
1172     * at the point the overridden method would normally throw an
1173     * exception.
1174     *
1175     * @param      maddr  Internet group address to be used.
1176     * @exception  SecurityException  if the calling thread is not allowed to 
1177     *  use (join/leave/send/receive) IP multicast.
1178     * @exception  NullPointerException if the address argument is
1179     *             <code>null</code>.
1180     * @since      JDK1.1
1181     * @see        #checkPermission(java.security.Permission) checkPermission
1182     */
1183    public void checkMulticast(InetAddress maddr) {
1184	String host = maddr.getHostAddress();
1185	if (!host.startsWith("[") && host.indexOf(':') != -1) {
1186	    host = "[" + host + "]";
1187	}
1188      	checkPermission(new SocketPermission(host, 
1189	    SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1190    }
1191
1192    /**
1193     * Throws a <code>SecurityException</code> if the 
1194     * calling thread is not allowed to use
1195     * (join/leave/send/receive) IP multicast.
1196     * <p>
1197     * This method calls <code>checkPermission</code> with the
1198     * <code>java.net.SocketPermission(maddr.getHostAddress(), 
1199     * "accept,connect")</code> permission.
1200     * <p>
1201     * If you override this method, then you should make a call to 
1202     * <code>super.checkMulticast</code>
1203     * at the point the overridden method would normally throw an
1204     * exception. 
1205     *
1206     * @param      maddr  Internet group address to be used.
1207     * @param      ttl        value in use, if it is multicast send.
1208     * Note: this particular implementation does not use the ttl
1209     * parameter. 
1210     * @exception  SecurityException  if the calling thread is not allowed to 
1211     *  use (join/leave/send/receive) IP multicast.
1212     * @exception  NullPointerException if the address argument is
1213     *             <code>null</code>.
1214     * @since      JDK1.1
1215     * @deprecated Use #checkPermission(java.security.Permission) instead
1216     * @see        #checkPermission(java.security.Permission) checkPermission
1217     */
1218    @Deprecated
1219    public void checkMulticast(InetAddress maddr, byte ttl) {
1220	String host = maddr.getHostAddress();
1221	if (!host.startsWith("[") && host.indexOf(':') != -1) {
1222	    host = "[" + host + "]";
1223	}
1224      	checkPermission(new SocketPermission(host, 
1225	    SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1226    }
1227
1228    /**
1229     * Throws a <code>SecurityException</code> if the 
1230     * calling thread is not allowed to access or modify the system 
1231     * properties. 
1232     * <p>
1233     * This method is used by the <code>getProperties</code> and 
1234     * <code>setProperties</code> methods of class <code>System</code>. 
1235     * <p>
1236     * This method calls <code>checkPermission</code> with the
1237     * <code>PropertyPermission("*", "read,write")</code> permission.
1238     * <p>
1239     * If you override this method, then you should make a call to 
1240     * <code>super.checkPropertiesAccess</code>
1241     * at the point the overridden method would normally throw an
1242     * exception.
1243     * <p>
1244     *
1245     * @exception  SecurityException  if the calling thread does not have 
1246     *             permission to access or modify the system properties.
1247     * @see        java.lang.System#getProperties()
1248     * @see        java.lang.System#setProperties(java.util.Properties)
1249     * @see        #checkPermission(java.security.Permission) checkPermission
1250     */
1251    public void checkPropertiesAccess() {
1252      	checkPermission(new PropertyPermission("*", 
1253	    SecurityConstants.PROPERTY_RW_ACTION));
1254    }
1255
1256    /**
1257     * Throws a <code>SecurityException</code> if the 
1258     * calling thread is not allowed to access the system property with 
1259     * the specified <code>key</code> name. 
1260     * <p>
1261     * This method is used by the <code>getProperty</code> method of 
1262     * class <code>System</code>. 
1263     * <p>
1264     * This method calls <code>checkPermission</code> with the
1265     * <code>PropertyPermission(key, "read")</code> permission.
1266     * <p>
1267     * <p>
1268     * If you override this method, then you should make a call to 
1269     * <code>super.checkPropertyAccess</code>
1270     * at the point the overridden method would normally throw an
1271     * exception.
1272     *
1273     * @param      key   a system property key.
1274     *
1275     * @exception  SecurityException  if the calling thread does not have 
1276     *             permission to access the specified system property.
1277     * @exception  NullPointerException if the <code>key</code> argument is
1278     *             <code>null</code>.
1279     * @exception  IllegalArgumentException if <code>key</code> is empty.
1280     *
1281     * @see        java.lang.System#getProperty(java.lang.String)
1282     * @see        #checkPermission(java.security.Permission) checkPermission
1283     */
1284    public void checkPropertyAccess(String key) {
1285      	checkPermission(new PropertyPermission(key, 
1286	    SecurityConstants.PROPERTY_READ_ACTION));
1287    }
1288
1289    /**
1290     * Returns <code>false</code> if the calling 
1291     * thread is not trusted to bring up the top-level window indicated 
1292     * by the <code>window</code> argument. In this case, the caller can 
1293     * still decide to show the window, but the window should include 
1294     * some sort of visual warning. If the method returns 
1295     * <code>true</code>, then the window can be shown without any 
1296     * special restrictions. 
1297     * <p>
1298     * See class <code>Window</code> for more information on trusted and 
1299     * untrusted windows. 
1300     * <p>
1301     * This method calls
1302     * <code>checkPermission</code> with the
1303     * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1304     * and returns <code>true</code> if a SecurityException is not thrown,
1305     * otherwise it returns <code>false</code>.
1306     * <p>
1307     * If you override this method, then you should make a call to 
1308     * <code>super.checkTopLevelWindow</code>
1309     * at the point the overridden method would normally return 
1310     * <code>false</code>, and the value of 
1311     * <code>super.checkTopLevelWindow</code> should
1312     * be returned.
1313     *
1314     * @param      window   the new window that is being created.
1315     * @return     <code>true</code> if the calling thread is trusted to put up
1316     *             top-level windows; <code>false</code> otherwise.
1317     * @exception  NullPointerException if the <code>window</code> argument is
1318     *             <code>null</code>.
1319     * @see        java.awt.Window
1320     * @see        #checkPermission(java.security.Permission) checkPermission
1321     */
1322    public boolean checkTopLevelWindow(Object window) {
1323	if (window == null) {
1324	    throw new NullPointerException("window can't be null");
1325	}
1326	try {
1327	    checkPermission(SecurityConstants.TOPLEVEL_WINDOW_PERMISSION);
1328	    return true;
1329	} catch (SecurityException se) {
1330	    // just return false
1331	}
1332	return false;
1333    }
1334
1335    /**
1336     * Throws a <code>SecurityException</code> if the 
1337     * calling thread is not allowed to initiate a print job request.
1338     * <p>
1339     * This method calls
1340     * <code>checkPermission</code> with the
1341     * <code>RuntimePermission("queuePrintJob")</code> permission.
1342     * <p>
1343     * If you override this method, then you should make a call to 
1344     * <code>super.checkPrintJobAccess</code>
1345     * at the point the overridden method would normally throw an
1346     * exception.
1347     * <p>
1348     *
1349     * @exception  SecurityException  if the calling thread does not have 
1350     *             permission to initiate a print job request.
1351     * @since   JDK1.1
1352     * @see        #checkPermission(java.security.Permission) checkPermission
1353     */
1354    public void checkPrintJobAccess() {
1355      	checkPermission(new RuntimePermission("queuePrintJob"));
1356    }
1357
1358    /**
1359     * Throws a <code>SecurityException</code> if the 
1360     * calling thread is not allowed to access the system clipboard.
1361     * <p>
1362     * This method calls <code>checkPermission</code> with the
1363     * <code>AWTPermission("accessClipboard")</code> 
1364     * permission.
1365     * <p>
1366     * If you override this method, then you should make a call to 
1367     * <code>super.checkSystemClipboardAccess</code>
1368     * at the point the overridden method would normally throw an
1369     * exception.
1370     *
1371     * @since   JDK1.1
1372     * @exception  SecurityException  if the calling thread does not have 
1373     *             permission to access the system clipboard.
1374     * @see        #checkPermission(java.security.Permission) checkPermission
1375     */
1376    public void checkSystemClipboardAccess() {
1377 	checkPermission(SecurityConstants.ACCESS_CLIPBOARD_PERMISSION);
1378    }
1379
1380    /**
1381     * Throws a <code>SecurityException</code> if the 
1382     * calling thread is not allowed to access the AWT event queue.
1383     * <p>
1384     * This method calls <code>checkPermission</code> with the
1385     * <code>AWTPermission("accessEventQueue")</code> permission.
1386     * <p>
1387     * If you override this method, then you should make a call to 
1388     * <code>super.checkAwtEventQueueAccess</code>
1389     * at the point the overridden method would normally throw an
1390     * exception.
1391     *
1392     * @since   JDK1.1
1393     * @exception  SecurityException  if the calling thread does not have 
1394     *             permission to access the AWT event queue.
1395     * @see        #checkPermission(java.security.Permission) checkPermission
1396     */
1397    public void checkAwtEventQueueAccess() {
1398      	checkPermission(SecurityConstants.CHECK_AWT_EVENTQUEUE_PERMISSION);
1399    }
1400
1401    /*
1402     * We have an initial invalid bit (initially false) for the class
1403     * variables which tell if the cache is valid.  If the underlying
1404     * java.security.Security property changes via setProperty(), the
1405     * Security class uses reflection to change the variable and thus
1406     * invalidate the cache.
1407     *
1408     * Locking is handled by synchronization to the
1409     * packageAccessLock/packageDefinitionLock objects.  They are only
1410     * used in this class.
1411     *
1412     * Note that cache invalidation as a result of the property change
1413     * happens without using these locks, so there may be a delay between
1414     * when a thread updates the property and when other threads updates
1415     * the cache.
1416     */
1417    private static boolean packageAccessValid = false;
1418    private static String[] packageAccess;
1419    private static final Object packageAccessLock = new Object();
1420
1421    private static boolean packageDefinitionValid = false;
1422    private static String[] packageDefinition;
1423    private static final Object packageDefinitionLock = new Object();
1424
1425    private static String[] getPackages(String p) {
1426	String packages[] = null;
1427	if (p != null && !p.equals("")) {
1428	    java.util.StringTokenizer tok =
1429		new java.util.StringTokenizer(p, ",");
1430	    int n = tok.countTokens();
1431	    if (n > 0) {
1432		packages = new String[n];
1433		int i = 0;
1434		while (tok.hasMoreElements()) {
1435		    String s = tok.nextToken().trim();
1436		    packages[i++] = s;
1437		}
1438	    }
1439	}
1440
1441	if (packages == null)
1442	    packages = new String[0];
1443	return packages;
1444    }
1445
1446    /**
1447     * Throws a <code>SecurityException</code> if the
1448     * calling thread is not allowed to access the package specified by
1449     * the argument.
1450     * <p>
1451     * This method is used by the <code>loadClass</code> method of class
1452     * loaders.
1453     * <p>
1454     * This method first gets a list of
1455     * restricted packages by obtaining a comma-separated list from
1456     * a call to
1457     * <code>java.security.Security.getProperty("package.access")</code>,
1458     * and checks to see if <code>pkg</code> starts with or equals
1459     * any of the restricted packages. If it does, then
1460     * <code>checkPermission</code> gets called with the
1461     * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1462     * permission.
1463     * <p>
1464     * If this method is overridden, then
1465     * <code>super.checkPackageAccess</code> should be called
1466     * as the first line in the overridden method.
1467     *
1468     * @param      pkg   the package name.
1469     * @exception  SecurityException  if the calling thread does not have
1470     *             permission to access the specified package.
1471     * @exception  NullPointerException if the package name argument is
1472     *             <code>null</code>.
1473     * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1474     *  loadClass
1475     * @see        java.security.Security#getProperty getProperty
1476     * @see        #checkPermission(java.security.Permission) checkPermission
1477     */
1478    public void checkPackageAccess(String pkg) {
1479	if (pkg == null) {
1480	    throw new NullPointerException("package name can't be null");
1481	}
1482
1483	String[] pkgs;
1484 	synchronized (packageAccessLock) {
1485	    /*
1486	     * Do we need to update our property array?
1487	     */
1488	    if (!packageAccessValid) {
1489		String tmpPropertyStr =
1490		    (String) AccessController.doPrivileged(
1491			new PrivilegedAction() {
1492		    	    public Object run() {
1493				return java.security.Security.getProperty(
1494				    "package.access");
1495			    }
1496			}
1497		    );
1498		packageAccess = getPackages(tmpPropertyStr);
1499		packageAccessValid = true;
1500	    }
1501
1502	    // Using a snapshot of packageAccess -- don't care if static field
1503	    // changes afterwards; array contents won't change.
1504	    pkgs = packageAccess;
1505	}
1506
1507	/*
1508         * Traverse the list of packages, check for any matches.
1509	 */
1510	for (int i = 0; i < pkgs.length; i++) {
1511	    if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1512		checkPermission(
1513		    new RuntimePermission("accessClassInPackage."+pkg));
1514		break; 	// No need to continue; only need to check this once
1515	    }
1516	}
1517    }
1518
1519    /**
1520     * Throws a <code>SecurityException</code> if the
1521     * calling thread is not allowed to define classes in the package
1522     * specified by the argument.
1523     * <p>
1524     * This method is used by the <code>loadClass</code> method of some
1525     * class loaders.
1526     * <p>
1527     * This method first gets a list of restricted packages by
1528     * obtaining a comma-separated list from a call to
1529     * <code>java.security.Security.getProperty("package.definition")</code>,
1530     * and checks to see if <code>pkg</code> starts with or equals
1531     * any of the restricted packages. If it does, then
1532     * <code>checkPermission</code> gets called with the
1533     * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1534     * permission.
1535     * <p>
1536     * If this method is overridden, then
1537     * <code>super.checkPackageDefinition</code> should be called
1538     * as the first line in the overridden method.
1539     *
1540     * @param      pkg   the package name.
1541     * @exception  SecurityException  if the calling thread does not have
1542     *             permission to define classes in the specified package.
1543     * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1544     * @see        java.security.Security#getProperty getProperty
1545     * @see        #checkPermission(java.security.Permission) checkPermission
1546     */
1547    public void checkPackageDefinition(String pkg) {
1548	if (pkg == null) {
1549	    throw new NullPointerException("package name can't be null");
1550	}
1551
1552	String[] pkgs;
1553 	synchronized (packageDefinitionLock) {
1554	    /*
1555	     * Do we need to update our property array?
1556	     */
1557	    if (!packageDefinitionValid) {
1558		String tmpPropertyStr =
1559		    (String) AccessController.doPrivileged(
1560			new PrivilegedAction() {
1561		    	    public Object run() {
1562				return java.security.Security.getProperty(
1563				    "package.definition");
1564			    }
1565			}
1566		    );
1567		packageDefinition = getPackages(tmpPropertyStr);
1568		packageDefinitionValid = true;
1569	    }
1570	    // Using a snapshot of packageDefinition -- don't care if static
1571	    // field changes afterwards; array contents won't change.
1572	    pkgs = packageDefinition;
1573	}
1574
1575	/*
1576	 * Traverse the list of packages, check for any matches.
1577	 */
1578	for (int i = 0; i < pkgs.length; i++) {
1579	    if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1580		checkPermission(
1581		    new RuntimePermission("defineClassInPackage."+pkg));
1582		break; // No need to continue; only need to check this once
1583	    }
1584	}
1585    }
1586
1587    /**
1588     * Throws a <code>SecurityException</code> if the 
1589     * calling thread is not allowed to set the socket factory used by 
1590     * <code>ServerSocket</code> or <code>Socket</code>, or the stream 
1591     * handler factory used by <code>URL</code>. 
1592     * <p>
1593     * This method calls <code>checkPermission</code> with the
1594     * <code>RuntimePermission("setFactory")</code> permission.
1595     * <p>
1596     * If you override this method, then you should make a call to 
1597     * <code>super.checkSetFactory</code>
1598     * at the point the overridden method would normally throw an
1599     * exception.
1600     * <p>
1601     *
1602     * @exception  SecurityException  if the calling thread does not have 
1603     *             permission to specify a socket factory or a stream 
1604     *             handler factory.
1605     *
1606     * @see        java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1607     * @see        java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1608     * @see        java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1609     * @see        #checkPermission(java.security.Permission) checkPermission
1610     */
1611    public void checkSetFactory() {
1612      	checkPermission(new RuntimePermission("setFactory"));
1613    }
1614
1615    /**
1616     * Throws a <code>SecurityException</code> if the 
1617     * calling thread is not allowed to access members. 
1618     * <p>
1619     * The default policy is to allow access to PUBLIC members, as well
1620     * as access to classes that have the same class loader as the caller.
1621     * In all other cases, this method calls <code>checkPermission</code> 
1622     * with the <code>RuntimePermission("accessDeclaredMembers")
1623     * </code> permission.
1624     * <p>
1625     * If this method is overridden, then a call to 
1626     * <code>super.checkMemberAccess</code> cannot be made,
1627     * as the default implementation of <code>checkMemberAccess</code>
1628     * relies on the code being checked being at a stack depth of
1629     * 4.
1630     * 
1631     * @param clazz the class that reflection is to be performed on.
1632     *
1633     * @param which type of access, PUBLIC or DECLARED.
1634     *
1635     * @exception  SecurityException if the caller does not have
1636     *             permission to access members.
1637     * @exception  NullPointerException if the <code>clazz</code> argument is
1638     *             <code>null</code>.
1639     * @see java.lang.reflect.Member
1640     * @since JDK1.1
1641     * @see        #checkPermission(java.security.Permission) checkPermission
1642     */
1643    public void checkMemberAccess(Class<?> clazz, int which) {
1644	if (clazz == null) {
1645	    throw new NullPointerException("class can't be null");
1646	}
1647	if (which != Member.PUBLIC) {
1648	    Class stack[] = getClassContext();
1649	    /*
1650	     * stack depth of 4 should be the caller of one of the
1651	     * methods in java.lang.Class that invoke checkMember
1652	     * access. The stack should look like:
1653	     * 
1654	     * someCaller                        [3]
1655	     * java.lang.Class.someReflectionAPI [2]
1656	     * java.lang.Class.checkMemberAccess [1]
1657	     * SecurityManager.checkMemberAccess [0]
1658	     *
1659	     */
1660	    if ((stack.length<4) || 
1661		(stack[3].getClassLoader() != clazz.getClassLoader())) {
1662		checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1663	    }
1664	}
1665    }
1666
1667    /**
1668     * Determines whether the permission with the specified permission target
1669     * name should be granted or denied.
1670     *
1671     * <p> If the requested permission is allowed, this method returns
1672     * quietly. If denied, a SecurityException is raised. 
1673     *
1674     * <p> This method creates a <code>SecurityPermission</code> object for
1675     * the given permission target name and calls <code>checkPermission</code>
1676     * with it.
1677     *
1678     * <p> See the documentation for
1679     * <code>{@link java.security.SecurityPermission}</code> for
1680     * a list of possible permission target names.
1681     * 
1682     * <p> If you override this method, then you should make a call to 
1683     * <code>super.checkSecurityAccess</code>
1684     * at the point the overridden method would normally throw an
1685     * exception.
1686     *
1687     * @param target the target name of the <code>SecurityPermission</code>.
1688     *
1689     * @exception SecurityException if the calling thread does not have
1690     * permission for the requested access.
1691     * @exception NullPointerException if <code>target</code> is null.
1692     * @exception IllegalArgumentException if <code>target</code> is empty.
1693     *
1694     * @since   JDK1.1
1695     * @see        #checkPermission(java.security.Permission) checkPermission
1696     */
1697    public void checkSecurityAccess(String target) {
1698	checkPermission(new SecurityPermission(target));
1699    }
1700
1701    private native Class currentLoadedClass0();
1702
1703    /**
1704     * Returns the thread group into which to instantiate any new
1705     * thread being created at the time this is being called.
1706     * By default, it returns the thread group of the current
1707     * thread. This should be overridden by a specific security
1708     * manager to return the appropriate thread group.
1709     *
1710     * @return  ThreadGroup that new threads are instantiated into
1711     * @since   JDK1.1
1712     * @see     java.lang.ThreadGroup
1713     */
1714    public ThreadGroup getThreadGroup() {
1715	return Thread.currentThread().getThreadGroup();
1716    }
1717
1718}