diff options
Diffstat (limited to 'framework/src/ant/apache-ant-1.9.6/src/main/org/apache/tools/ant/types/Permissions.java')
-rw-r--r-- | framework/src/ant/apache-ant-1.9.6/src/main/org/apache/tools/ant/types/Permissions.java | 356 |
1 files changed, 0 insertions, 356 deletions
diff --git a/framework/src/ant/apache-ant-1.9.6/src/main/org/apache/tools/ant/types/Permissions.java b/framework/src/ant/apache-ant-1.9.6/src/main/org/apache/tools/ant/types/Permissions.java deleted file mode 100644 index 96da71bd..00000000 --- a/framework/src/ant/apache-ant-1.9.6/src/main/org/apache/tools/ant/types/Permissions.java +++ /dev/null @@ -1,356 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package org.apache.tools.ant.types; - -import java.lang.reflect.Constructor; -import java.security.UnresolvedPermission; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; -import java.util.StringTokenizer; - -import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.ExitException; - -/** - * This class implements a security manager meant for usage by tasks that run inside the - * Ant VM. An examples are the Java Task and JUnitTask. - * - * The basic functionality is that nothing (except for a base set of permissions) is allowed, unless - * the permission is granted either explicitly or implicitly. - * If a permission is granted this can be overruled by explicitly revoking the permission. - * - * It is not permissible to add permissions (either granted or revoked) while the Security Manager - * is active (after calling setSecurityManager() but before calling restoreSecurityManager()). - * - * @since Ant 1.6 - */ -public class Permissions { - - private final List<Permission> grantedPermissions = new LinkedList<Permission>(); - private final List<Permission> revokedPermissions = new LinkedList<Permission>(); - private java.security.Permissions granted = null; - private SecurityManager origSm = null; - private boolean active = false; - private final boolean delegateToOldSM; - - // Mandatory constructor for permission object. - private static final Class<?>[] PARAMS = {String.class, String.class}; - - /** - * Create a set of Permissions. Equivalent to calling - * <code>new Permissions(false)</code>. - */ - public Permissions() { - this(false); - } - - /** - * Create a set of permissions. - * @param delegateToOldSM if <code>true</code> the old security manager - * will be used if the permission has not been explicitly granted or revoked - * in this instance. - */ - public Permissions(final boolean delegateToOldSM) { - this.delegateToOldSM = delegateToOldSM; - } - - /** - * Adds a permission to be granted. - * @param perm The Permissions.Permission to be granted. - */ - public void addConfiguredGrant(final Permissions.Permission perm) { - grantedPermissions.add(perm); - } - - /** - * Adds a permission to be revoked. - * @param perm The Permissions.Permission to be revoked - */ - public void addConfiguredRevoke(final Permissions.Permission perm) { - revokedPermissions.add(perm); - } - - /** - * To be used by tasks wishing to use this security model before executing the part to be - * subject to these Permissions. Note that setting the SecurityManager too early may - * prevent your part from starting, as for instance changing classloaders may be prohibited. - * The classloader for the new situation is supposed to be present. - * @throws BuildException on error - */ - public synchronized void setSecurityManager() throws BuildException { - origSm = System.getSecurityManager(); - init(); - System.setSecurityManager(new MySM()); - active = true; - } - - /** - * Initializes the list of granted permissions, checks the list of revoked permissions. - */ - private void init() throws BuildException { - granted = new java.security.Permissions(); - for (final Permissions.Permission p : revokedPermissions) { - if (p.getClassName() == null) { - throw new BuildException("Revoked permission " + p + " does not contain a class."); - } - } - for (final Permissions.Permission p : grantedPermissions) { - if (p.getClassName() == null) { - throw new BuildException("Granted permission " + p - + " does not contain a class."); - } else { - final java.security.Permission perm = createPermission(p); - granted.add(perm); - } - } - // Add base set of permissions - granted.add(new java.net.SocketPermission("localhost:1024-", "listen")); - granted.add(new java.util.PropertyPermission("java.version", "read")); - granted.add(new java.util.PropertyPermission("java.vendor", "read")); - granted.add(new java.util.PropertyPermission("java.vendor.url", "read")); - granted.add(new java.util.PropertyPermission("java.class.version", "read")); - granted.add(new java.util.PropertyPermission("os.name", "read")); - granted.add(new java.util.PropertyPermission("os.version", "read")); - granted.add(new java.util.PropertyPermission("os.arch", "read")); - granted.add(new java.util.PropertyPermission("file.encoding", "read")); - granted.add(new java.util.PropertyPermission("file.separator", "read")); - granted.add(new java.util.PropertyPermission("path.separator", "read")); - granted.add(new java.util.PropertyPermission("line.separator", "read")); - granted.add(new java.util.PropertyPermission("java.specification.version", "read")); - granted.add(new java.util.PropertyPermission("java.specification.vendor", "read")); - granted.add(new java.util.PropertyPermission("java.specification.name", "read")); - granted.add(new java.util.PropertyPermission("java.vm.specification.version", "read")); - granted.add(new java.util.PropertyPermission("java.vm.specification.vendor", "read")); - granted.add(new java.util.PropertyPermission("java.vm.specification.name", "read")); - granted.add(new java.util.PropertyPermission("java.vm.version", "read")); - granted.add(new java.util.PropertyPermission("java.vm.vendor", "read")); - granted.add(new java.util.PropertyPermission("java.vm.name", "read")); - } - - private java.security.Permission createPermission( - final Permissions.Permission permission) { - try { - // First add explicitly already resolved permissions will not be - // resolved when added as unresolved permission. - final Class<? extends java.security.Permission> clazz = Class.forName( - permission.getClassName()).asSubclass(java.security.Permission.class); - final String name = permission.getName(); - final String actions = permission.getActions(); - final Constructor<? extends java.security.Permission> ctr = clazz.getConstructor(PARAMS); - return ctr.newInstance(new Object[] {name, actions}); - } catch (final Exception e) { - // Let the UnresolvedPermission handle it. - return new UnresolvedPermission(permission.getClassName(), - permission.getName(), permission.getActions(), null); - } - } - - /** - * To be used by tasks that just finished executing the parts subject to these permissions. - */ - public synchronized void restoreSecurityManager() { - active = false; - System.setSecurityManager(origSm); - } - - /** - * This inner class implements the actual SecurityManager that can be used by tasks - * supporting Permissions. - */ - private class MySM extends SecurityManager { - - /** - * Exit is treated in a special way in order to be able to return the exit code - * towards tasks. - * An ExitException is thrown instead of a simple SecurityException to indicate the exit - * code. - * Overridden from java.lang.SecurityManager - * @param status The exit status requested. - */ - @Override - public void checkExit(final int status) { - final java.security.Permission perm = new java.lang.RuntimePermission("exitVM", null); - try { - checkPermission(perm); - } catch (final SecurityException e) { - throw new ExitException(e.getMessage(), status); - } - } - - /** - * The central point in checking permissions. - * Overridden from java.lang.SecurityManager - * - * @param perm The permission requested. - */ - @Override - public void checkPermission(final java.security.Permission perm) { - if (active) { - if (delegateToOldSM && !perm.getName().equals("exitVM")) { - boolean permOK = false; - if (granted.implies(perm)) { - permOK = true; - } - checkRevoked(perm); - /* - if the permission was not explicitly granted or revoked - the original security manager will do its work - */ - if (!permOK && origSm != null) { - origSm.checkPermission(perm); - } - } else { - if (!granted.implies(perm)) { - throw new SecurityException("Permission " + perm + " was not granted."); - } - checkRevoked(perm); - } - } - } - - /** - * throws an exception if this permission is revoked - * @param perm the permission being checked - */ - private void checkRevoked(final java.security.Permission perm) { - for (final Permissions.Permission revoked : revokedPermissions) { - if (revoked.matches(perm)) { - throw new SecurityException("Permission " + perm + " was revoked."); - } - } - } - } - - /** Represents a permission. */ - public static class Permission { - private String className; - private String name; - private String actionString; - private Set<String> actions; - - /** - * Set the class, mandatory. - * @param aClass The class name of the permission. - */ - public void setClass(final String aClass) { - className = aClass.trim(); - } - - /** - * Get the class of the permission. - * @return The class name of the permission. - */ - public String getClassName() { - return className; - } - - /** - * Set the name of the permission. - * @param aName The name of the permission. - */ - public void setName(final String aName) { - name = aName.trim(); - } - - /** - * Get the name of the permission. - * @return The name of the permission. - */ - public String getName() { - return name; - } - - /** - * Set the actions. - * @param actions The actions of the permission. - */ - public void setActions(final String actions) { - actionString = actions; - if (actions.length() > 0) { - this.actions = parseActions(actions); - } - } - - /** - * Get the actions. - * @return The actions of the permission. - */ - public String getActions() { - return actionString; - } - - /** - * Learn whether the permission matches in case of a revoked permission. - * @param perm The permission to check against. - */ - boolean matches(final java.security.Permission perm) { - if (!className.equals(perm.getClass().getName())) { - return false; - } - if (name != null) { - if (name.endsWith("*")) { - if (!perm.getName().startsWith(name.substring(0, name.length() - 1))) { - return false; - } - } else { - if (!name.equals(perm.getName())) { - return false; - } - } - } - if (actions != null) { - final Set<String> as = parseActions(perm.getActions()); - final int size = as.size(); - as.removeAll(actions); - if (as.size() == size) { - // None of the actions revoked, so all allowed. - return false; - } - } - return true; - } - - /** - * Parses the actions into a set of separate strings. - * @param actions The actions to be parsed. - */ - private Set<String> parseActions(final String actions) { - final Set<String> result = new HashSet<String>(); - final StringTokenizer tk = new StringTokenizer(actions, ","); - while (tk.hasMoreTokens()) { - final String item = tk.nextToken().trim(); - if (!item.equals("")) { - result.add(item); - } - } - return result; - } - - /** - * Get a string description of the permissions. - * @return string description of the permissions. - */ - @Override - public String toString() { - return ("Permission: " + className + " (\"" + name + "\", \"" + actions + "\")"); - } - } -} |