下面列出了java.util.logging.LoggingPermission#java.io.FilePermission 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Create permission for groovy scripts of the {@link ScriptingOperator}.
*
* @return the permissions, never {@code null}
*/
private static PermissionCollection createGroovySourcePermissions() {
if (ProductConstraintManager.INSTANCE.isInitialized()) {
if (ProductConstraintManager.INSTANCE.getActiveLicense()
.getPrecedence() >= StudioLicenseConstants.UNLIMITED_LICENSE_PRECEDENCE
|| ProductConstraintManager.INSTANCE.isTrialLicense()) {
return createAllPermissions();
}
}
Permissions permissions = new Permissions();
// grant some permissions because the script is something the user himself created
permissions.add(new PropertyPermission("*", "read, write"));
permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));
addCommonPermissions(permissions);
return permissions;
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
/**
*
*/
private PermissionCollection makeImplicitPermissionCollection(FrameworkContext fw, Bundle b) {
// NYI, perhaps we should optimize this collection.
final Permissions pc = new Permissions();
if (dataRoot != null) {
pc.add(new FilePermission(dataRoot.getPath(), "read,write"));
pc.add(new FilePermission((new File(dataRoot, "-")).getPath(),
"read,write,delete"));
}
final StringBuffer sb = new StringBuffer("(id=");
sb.append(b.getBundleId());
sb.append(")");
pc.add(new AdminPermission(sb.toString(),
AdminPermission.RESOURCE + "," +
AdminPermission.METADATA + "," +
AdminPermission.CLASS));
pc.add(new PropertyPermission("org.osgi.framework.*", "read"));
pc.add(new CapabilityPermission(ExecutionEnvironmentNamespace.EXECUTION_ENVIRONMENT_NAMESPACE,
CapabilityPermission.REQUIRE));
return pc;
}
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class<?> claz,
String name, String actions) {
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
} else {
return null;
}
}
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class<?> claz,
String name, String actions) {
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
} else {
return null;
}
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null; // keep compiler happy
}
}
public static ProxyClassesDumper getInstance(String path) {
if (null == path) {
return null;
}
try {
path = path.trim();
final Path dir = Path.of(path.isEmpty() ? "." : path);
AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public Void run() {
validateDumpDir(dir);
return null;
}
}, null, new FilePermission("<<ALL FILES>>", "read, write"));
return new ProxyClassesDumper(dir);
} catch (InvalidPathException ex) {
PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
.warning("Path " + path + " is not valid - dumping disabled", ex);
} catch (IllegalArgumentException iae) {
PlatformLogger.getLogger(ProxyClassesDumper.class.getName())
.warning(iae.getMessage() + " - dumping disabled");
}
return null;
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null; // keep compiler happy
}
}
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null; // keep compiler happy
}
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler()
permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close()
permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler()
permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler()
permissions.add(new PropertyPermission("user.dir", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public Permission getPermission() throws IOException {
// Note this is normally called by URLClassPath with an unconnected
// URLConnection, so the fo will probably be null anyway.
if (fo != null) {
File f = FileUtil.toFile(fo);
if (f != null) {
return new FilePermission(f.getAbsolutePath(), "read"); // NOI18N
}
try {
FileSystem fs = fo.getFileSystem();
if (fs instanceof JarFileSystem) {
return new FilePermission(((JarFileSystem) fs).getJarFile().getAbsolutePath(), "read"); // NOI18N
}
// [PENDING] could do XMLFileSystem too...
} catch (FileStateInvalidException fsie) {
// ignore
}
}
// fallback
return new FilePermission("<<ALL FILES>>", "read"); // NOI18N
}
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
} catch (UnixException x) {
if (x.errno() == UnixConstants.EINVAL)
throw new NotLinkException(link.getPathForExceptionMessage());
x.rethrowAsIOException(link);
return null; // keep compiler happy
}
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
this.allowAll = allowAll;
// Permission needed by the tested code exercised in the test
permissions = new Permissions();
permissions.add(new RuntimePermission("fileSystemProvider"));
permissions.add(new RuntimePermission("createClassLoader"));
permissions.add(new RuntimePermission("closeClassLoader"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new PropertyPermission("*", "read"));
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class<?> claz,
String name, String actions) {
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
} else {
return null;
}
}
/**
* Creates one of the well-known permissions directly instead of
* via reflection. Keep list short to not penalize non-JDK-defined
* permissions.
*/
private static final Permission getKnownInstance(Class<?> claz,
String name, String actions) {
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
return new SocketPermission(name, actions);
} else if (claz.equals(RuntimePermission.class)) {
return new RuntimePermission(name, actions);
} else if (claz.equals(PropertyPermission.class)) {
return new PropertyPermission(name, actions);
} else if (claz.equals(NetPermission.class)) {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
} else {
return null;
}
}
/**
* Configure associated class loader permissions.
*/
private void setPermissions() {
if (!Globals.IS_SECURITY_ENABLED)
return;
if (context == null)
return;
// Tell the class loader the root of the context
ServletContext servletContext = context.getServletContext();
// Assigning permissions for the work directory
File workDir =
(File) servletContext.getAttribute(ServletContext.TEMPDIR);
if (workDir != null) {
try {
String workDirPath = workDir.getCanonicalPath();
classLoader.addPermission
(new FilePermission(workDirPath, "read,write"));
classLoader.addPermission
(new FilePermission(workDirPath + File.separator + "-",
"read,write,delete"));
} catch (IOException e) {
// Ignore
}
}
for (URL url : context.getResources().getBaseUrls()) {
classLoader.addPermission(url);
}
}
private void checkExec() throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new FilePermission("<<ALL FILES>>",
SecurityConstants.FILE_EXECUTE_ACTION));
}
}
private void checkExec() throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new FilePermission("<<ALL FILES>>",
SecurityConstants.FILE_EXECUTE_ACTION));
}
}
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
if (null == protectionDomain) {
return false;
}
try {
FilePermission filePermission =
new FilePermission(file.getCanonicalPath(), "read, delete");
if (protectionDomain.implies(filePermission)) {
return false;
}
} catch (IOException e) {}
return true;
}
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
private void checkRead() throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new FilePermission("<<ALL FILES>>",
SecurityConstants.FILE_READ_ACTION));
}
}
private boolean isForbiddenToRead (File file, ProtectionDomain protectionDomain)
{
if (null == protectionDomain) {
return false;
}
try {
FilePermission filePermission =
new FilePermission(file.getCanonicalPath(), "read, delete");
if (protectionDomain.implies(filePermission)) {
return false;
}
} catch (IOException e) {}
return true;
}
public SimplePolicy(TestCase test, AtomicBoolean allowAll) {
this.allowAll = allowAll;
permissions = new Permissions();
permissions.add(new LoggingPermission("control", null));
permissions.add(new FilePermission(PREFIX+".lck", "read,write,delete"));
permissions.add(new FilePermission(PREFIX, "read,write"));
// these are used for configuring the test itself...
allPermissions = new Permissions();
allPermissions.add(new java.security.AllPermission());
}
/**
* Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(int port) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new SocketPermission("localhost:"+port, "listen,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*"));
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*"));
perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource(null,
(java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}