SecurityManager.java (getSecurityContext, [...]): Merge with Classpath.

2006-08-07 Gary Benson <gbenson@redhat.com> Casey Marshall <csm@gnu.org> * java/lang/SecurityManager.java (getSecurityContext, checkPermission, checkAccess, checkRead, checkConnect, checkPackageAccess, checkPackageDefinition, checkPackageList): Merge with Classpath. (SecurityContext): Remove. Co-Authored-By: Casey Marshall <csm@gnu.org> From-SVN: r115998
author: Gary Benson <gbenson@redhat.com> 2006-08-07 14:42:48 +0000
committer: Gary Benson <gary@gcc.gnu.org> 2006-08-07 14:42:48 +0000
commit: da0f033486c5ba410fac5c4296e562ee22a0a3e9 (patch)
tree: 001e722f3e9c3ed2a960b6d618506efc6918531a
parent: e79e0270c06080eaff1f06afd485beee53626090 (diff)
download: gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.zip
gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.tar.gz
gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.tar.bz2
2 files changed, 61 insertions, 59 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index 5b8d467..9436ff9 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,4 +1,13 @@
 2006-08-07  Gary Benson  <gbenson@redhat.com>
+	    Casey Marshall <csm@gnu.org>
+
+	* java/lang/SecurityManager.java (getSecurityContext,
+	checkPermission, checkAccess, checkRead, checkConnect,
+	checkPackageAccess, checkPackageDefinition, checkPackageList):
+	Merge with Classpath.
+	(SecurityContext): Remove.
+
+2006-08-07  Gary Benson  <gbenson@redhat.com>
 
 	* java/security/VMAccessController.java (pushContext, popContext,
 	getContext): Use Thread.currentThread() to determine when we're
diff --git a/libjava/java/lang/SecurityManager.java b/libjava/java/lang/SecurityManager.java
index 4f9a39a..c803c5b 100644
--- a/libjava/java/lang/SecurityManager.java
+++ b/libjava/java/lang/SecurityManager.java
@@ -1,5 +1,6 @@
 /* SecurityManager.java -- security checks for privileged actions
-   Copyright (C) 1998, 1999, 2001, 2002, 2005  Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2001, 2002, 2005, 2006
+   Free Software Foundation, Inc.
 
 This file is part of GNU Classpath.
 
@@ -45,11 +46,15 @@ import java.io.FilePermission;
 import java.lang.reflect.Member;
 import java.net.InetAddress;
 import java.net.SocketPermission;
+import java.security.AccessController;
+import java.security.AccessControlContext;
 import java.security.AllPermission;
 import java.security.Permission;
+import java.security.PrivilegedAction;
 import java.security.Security;
 import java.security.SecurityPermission;
 import java.util.PropertyPermission;
+import java.util.StringTokenizer;
 
 /**
  * SecurityManager is a class you can extend to create your own Java
@@ -315,8 +320,7 @@ public class SecurityManager
    */
   public Object getSecurityContext()
   {
-    // XXX Should be: return AccessController.getContext();
-    return new SecurityContext(getClassContext());
+    return AccessController.getContext();
   }
 
   /**
@@ -331,8 +335,7 @@ public class SecurityManager
    */
   public void checkPermission(Permission perm)
   {
-    // XXX Should be: AccessController.checkPermission(perm);
-    //.throw new SecurityException("Operation not allowed");
+    AccessController.checkPermission(perm);
   }
 
   /**
@@ -353,11 +356,9 @@ public class SecurityManager
    */
   public void checkPermission(Permission perm, Object context)
   {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // ((AccessControlContext) context).checkPermission(perm);
-    throw new SecurityException("Operation not allowed");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    ((AccessControlContext) context).checkPermission(perm);
   }
 
   /**
@@ -402,7 +403,7 @@ public class SecurityManager
   public void checkAccess(Thread thread)
   {
     if (thread.getThreadGroup() != null 
-	&& thread.getThreadGroup().getParent() != null)
+	&& thread.getThreadGroup().getParent() == null)
       checkPermission(new RuntimePermission("modifyThread"));
   }
 
@@ -435,7 +436,7 @@ public class SecurityManager
    */
   public void checkAccess(ThreadGroup g)
   {
-    if (g.getParent() != null)
+    if (g.getParent() == null)
       checkPermission(new RuntimePermission("modifyThreadGroup"));
   }
 
@@ -556,12 +557,10 @@ public class SecurityManager
    */
   public void checkRead(String filename, Object context)
   {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // AccessControlContext ac = (AccessControlContext) context;
-    // ac.checkPermission(new FilePermission(filename, "read"));
-    // throw new SecurityException("Cannot read files via file names.");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    AccessControlContext ac = (AccessControlContext) context;
+    ac.checkPermission(new FilePermission(filename, "read"));
   }
 
   /**
@@ -675,17 +674,15 @@ public class SecurityManager
    */
   public void checkConnect(String host, int port, Object context)
   {
-    // XXX Should be:
-    // if (! (context instanceof AccessControlContext))
-    //   throw new SecurityException("Missing context");
-    // AccessControlContext ac = (AccessControlContext) context;
-    // if (port == -1)
-    //   ac.checkPermission(new SocketPermission(host, "resolve"));
-    // else
-    //   // Use the toString() hack to do the null check.
-    //   ac.checkPermission(new SocketPermission(host.toString + ":" +port,
-    //                                           "connect"));
-    // throw new SecurityException("Cannot make network connections.");
+    if (! (context instanceof AccessControlContext))
+      throw new SecurityException("Missing context");
+    AccessControlContext ac = (AccessControlContext) context;
+    if (port == -1)
+      ac.checkPermission(new SocketPermission(host, "resolve"));
+    else
+      // Use the toString() hack to do the null check.
+      ac.checkPermission(new SocketPermission(host.toString() + ":" + port,
+                                              "connect"));
   }
 
   /**
@@ -902,7 +899,7 @@ public class SecurityManager
    */
   public void checkPackageAccess(String packageName)
   {
-    checkPackageList(packageName, "access", "accessClassInPackage.");
+    checkPackageList(packageName, "package.access", "accessClassInPackage.");
   }
 
   /**
@@ -924,7 +921,7 @@ public class SecurityManager
    */
   public void checkPackageDefinition(String packageName)
   {
-    checkPackageList(packageName, "definition", "defineClassInPackage.");
+    checkPackageList(packageName, "package.definition", "defineClassInPackage.");
   }
 
   /**
@@ -1027,38 +1024,34 @@ public class SecurityManager
    * @see #checkPackageAccess(String)
    * @see #checkPackageDefinition(String)
    */
-  void checkPackageList(String packageName, String restriction,
+  void checkPackageList(String packageName, final String restriction,
                         String permission)
   {
-    // Use the toString() hack to do the null check.
-    Permission p = new RuntimePermission(permission + packageName.toString());
-    String list = Security.getProperty("package." + restriction);
-    if (list == null)
+    if (packageName == null)
+      throw new NullPointerException();
+
+    String list = (String)AccessController.doPrivileged(new PrivilegedAction()
+      {
+	public Object run()
+        {
+	  return Security.getProperty(restriction);
+	}
+      });
+
+    if (list == null || list.equals(""))
       return;
-    while (! "".equals(packageName))
+
+    String packageNamePlusDot = packageName + ".";
+
+    StringTokenizer st = new StringTokenizer(list, ",");
+    while (st.hasMoreTokens())
       {
-        for (int index = list.indexOf(packageName);
-             index != -1; index = list.indexOf(packageName, index + 1))
-          {
-            // Exploit package visibility for speed.
-	    int packageNameCount = packageName.length();
-            if (index + packageNameCount == list.length()
-                || list.charAt(index + packageNameCount) == ',')
-              {
-                checkPermission(p);
-                return;
-              }
-          }
-        int index = packageName.lastIndexOf('.');
-        packageName = index < 0 ? "" : packageName.substring(0, index);
+	if (packageNamePlusDot.startsWith(st.nextToken()))
+	  {
+	    Permission p = new RuntimePermission(permission + packageName);
+	    checkPermission(p);
+	    return;
+	  }
       }
   }
-} // class SecurityManager
-
-// XXX This class is unnecessary.
-class SecurityContext {
-	Class[] classes;
-	SecurityContext(Class[] classes) {
-		this.classes = classes;
-	}
 }
author	Gary Benson <gbenson@redhat.com>	2006-08-07 14:42:48 +0000
committer	Gary Benson <gary@gcc.gnu.org>	2006-08-07 14:42:48 +0000
commit	da0f033486c5ba410fac5c4296e562ee22a0a3e9 (patch)
tree	001e722f3e9c3ed2a960b6d618506efc6918531a
parent	e79e0270c06080eaff1f06afd485beee53626090 (diff)
download	gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.zip gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.tar.gz gcc-da0f033486c5ba410fac5c4296e562ee22a0a3e9.tar.bz2