SecurityManager.java (getSecurityContext, [...]): Merge with Classpath.

2006-08-07 Gary Benson <gbenson@redhat.com> Casey Marshall <csm@gnu.org> * java/lang/SecurityManager.java (getSecurityContext, checkPermission, checkAccess, checkRead, checkConnect, checkPackageAccess, checkPackageDefinition, checkPackageList): Merge with Classpath. (SecurityContext): Remove. Co-Authored-By: Casey Marshall <csm@gnu.org> From-SVN: r115998
2006-08-07 14:42:48 +00:00 · 2006-08-07 14:42:48 +00:00 · da0f033486
parent e79e0270c0
commit da0f033486
2 changed files with 62 additions and 60 deletions
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@ -1,3 +1,12 @@
+2006-08-07  Gary Benson  <gbenson@redhat.com>
+	    Casey Marshall <csm@gnu.org>
+
+	* java/lang/SecurityManager.java (getSecurityContext,
+	checkPermission, checkAccess, checkRead, checkConnect,
+	checkPackageAccess, checkPackageDefinition, checkPackageList):
+	Merge with Classpath.
+	(SecurityContext): Remove.
+
 2006-08-07  Gary Benson  <gbenson@redhat.com>

 	* java/security/VMAccessController.java (pushContext, popContext,
--- a/libjava/java/lang/SecurityManager.java
+++ b/libjava/java/lang/SecurityManager.java
@ -1,5 +1,6 @@
 /* SecurityManager.java -- security checks for privileged actions
-   Copyright (C) 1998, 1999, 2001, 2002, 2005  Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2001, 2002, 2005, 2006
+   Free Software Foundation, Inc.

 This file is part of GNU Classpath.

@ -45,11 +46,15 @@ import java.io.FilePermission;
 import java.lang.reflect.Member;
 import java.net.InetAddress;
 import java.net.SocketPermission;
+import java.security.AccessController;
+import java.security.AccessControlContext;
 import java.security.AllPermission;
 import java.security.Permission;
+import java.security.PrivilegedAction;
 import java.security.Security;
 import java.security.SecurityPermission;
 import java.util.PropertyPermission;
+import java.util.StringTokenizer;

 /**
 * SecurityManager is a class you can extend to create your own Java
@ -315,8 +320,7 @@ public class SecurityManager
   */
  public Object getSecurityContext()
  {
-    // XXX Should be: return AccessController.getContext();
-    return new SecurityContext(getClassContext());
+    return AccessController.getContext();
  }

  /**
@ -331,8 +335,7 @@ public class SecurityManager
   */
  public void checkPermission(Permission perm)
  {
-    // XXX Should be: AccessController.checkPermission(perm);
-    //.throw new SecurityException("Operation not allowed");
+    AccessController.checkPermission(perm);
  }

  /**
@ -353,11 +356,9 @@ public class SecurityManager
   */
  public void checkPermission(Permission perm, Object context)
  {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // ((AccessControlContext) context).checkPermission(perm);
-    throw new SecurityException("Operation not allowed");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    ((AccessControlContext) context).checkPermission(perm);
  }

  /**
@ -402,7 +403,7 @@ public class SecurityManager
  public void checkAccess(Thread thread)
  {
    if (thread.getThreadGroup() != null 
-	&& thread.getThreadGroup().getParent() != null)
+	&& thread.getThreadGroup().getParent() == null)
      checkPermission(new RuntimePermission("modifyThread"));
  }

@ -435,7 +436,7 @@ public class SecurityManager
   */
  public void checkAccess(ThreadGroup g)
  {
-    if (g.getParent() != null)
+    if (g.getParent() == null)
      checkPermission(new RuntimePermission("modifyThreadGroup"));
  }

@ -556,12 +557,10 @@ public class SecurityManager
   */
  public void checkRead(String filename, Object context)
  {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // AccessControlContext ac = (AccessControlContext) context;
-    // ac.checkPermission(new FilePermission(filename, "read"));
-    // throw new SecurityException("Cannot read files via file names.");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    AccessControlContext ac = (AccessControlContext) context;
+    ac.checkPermission(new FilePermission(filename, "read"));
  }

  /**
@ -675,17 +674,15 @@ public class SecurityManager
   */
  public void checkConnect(String host, int port, Object context)
  {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // AccessControlContext ac = (AccessControlContext) context;
-    // if (port == -1)
-    //   ac.checkPermission(new SocketPermission(host, "resolve"));
-    // else
-    //   // Use the toString() hack to do the null check.
-    //   ac.checkPermission(new SocketPermission(host.toString + ":" +port,
-    //                                           "connect"));
-    // throw new SecurityException("Cannot make network connections.");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    AccessControlContext ac = (AccessControlContext) context;
+    if (port == -1)
+      ac.checkPermission(new SocketPermission(host, "resolve"));
+    else
+      // Use the toString() hack to do the null check.
+      ac.checkPermission(new SocketPermission(host.toString() + ":" + port,
+                                              "connect"));
  }

  /**
@ -902,7 +899,7 @@ public class SecurityManager
   */
  public void checkPackageAccess(String packageName)
  {
-    checkPackageList(packageName, "access", "accessClassInPackage.");
+    checkPackageList(packageName, "package.access", "accessClassInPackage.");
  }

  /**
@ -924,7 +921,7 @@ public class SecurityManager
   */
  public void checkPackageDefinition(String packageName)
  {
-    checkPackageList(packageName, "definition", "defineClassInPackage.");
+    checkPackageList(packageName, "package.definition", "defineClassInPackage.");
  }

  /**
@ -1027,38 +1024,34 @@ public class SecurityManager
   * @see #checkPackageAccess(String)
   * @see #checkPackageDefinition(String)
   */
-  void checkPackageList(String packageName, String restriction,
+  void checkPackageList(String packageName, final String restriction,
                        String permission)
  {
-    // Use the toString() hack to do the null check.
-    Permission p = new RuntimePermission(permission + packageName.toString());
-    String list = Security.getProperty("package." + restriction);
-    if (list == null)
-      return;
-    while (! "".equals(packageName))
+    if (packageName == null)
+      throw new NullPointerException();
+
+    String list = (String)AccessController.doPrivileged(new PrivilegedAction()
      {
-        for (int index = list.indexOf(packageName);
-             index != -1; index = list.indexOf(packageName, index + 1))
-          {
-            // Exploit package visibility for speed.
-	    int packageNameCount = packageName.length();
-            if (index + packageNameCount == list.length()
-                || list.charAt(index + packageNameCount) == ',')
-              {
-                checkPermission(p);
-                return;
-              }
-          }
-        int index = packageName.lastIndexOf('.');
-        packageName = index < 0 ? "" : packageName.substring(0, index);
+	public Object run()
+        {
+	  return Security.getProperty(restriction);
+	}
+      });
+
+    if (list == null || list.equals(""))
+      return;
+
+    String packageNamePlusDot = packageName + ".";
+
+    StringTokenizer st = new StringTokenizer(list, ",");
+    while (st.hasMoreTokens())
+      {
+	if (packageNamePlusDot.startsWith(st.nextToken()))
+	  {
+	    Permission p = new RuntimePermission(permission + packageName);
+	    checkPermission(p);
+	    return;
+	  }
      }
  }
-} // class SecurityManager
-
-// XXX This class is unnecessary.
-class SecurityContext {
-	Class[] classes;
-	SecurityContext(Class[] classes) {
-		this.classes = classes;
-	}
 }