Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: other-projects/trunk/gs3-release-maker/apache-ant-1.6.5/src/main/org/apache/tools/ant/types/Permissions.java@ 14627

Last change on this file since 14627 was 14627, checked in by oranfry, 17 years ago
initial import of the gs3-release-maker
File size: 12.4 KB

Line
1	/*
2	* Copyright 2003-2004 The Apache Software Foundation
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*
16	*/
17
18	package org.apache.tools.ant.types;
19
20	import java.security.UnresolvedPermission;
21	import java.util.HashSet;
22	import java.util.Iterator;
23	import java.util.LinkedList;
24	import java.util.List;
25	import java.util.Set;
26	import java.util.StringTokenizer;
27
28	import org.apache.tools.ant.BuildException;
29	import org.apache.tools.ant.ExitException;
30
31	/**
32	* This class implements a security manager meant for useage by tasks that run inside the
33	* ant VM. An examples are the Java Task and JUnitTask.
34	*
35	* The basic functionality is that nothing (except for a base set of permissions) is allowed, unless
36	* the permission is granted either explicitly or implicitly.
37	* If an permission is granted this can be overruled by explicitly revoking the permission.
38	*
39	* It is not permissible to add permissions (either granted or revoked) while the Security Manager
40	* is active (after calling setSecurityManager() but before calling restoreSecurityManager()).
41	*
42	* @since Ant 1.6
43	*/
44	public class Permissions {
45
46	private List grantedPermissions = new LinkedList();
47	private List revokedPermissions = new LinkedList();
48	private java.security.Permissions granted = null;
49	private SecurityManager origSm = null;
50	private boolean active = false;
51	private boolean delegateToOldSM = false;
52
53	/**
54	* default constructor
55	*/
56	public Permissions() {
57	}
58	/**
59	* create a new set of permissions
60	* @param delegateToOldSM if <code>true</code> the old security manager
61	* will be used if the permission has not been explicitly granted or revoked
62	* in this instance
63	* if false, it behaves like the default constructor
64	*/
65	public Permissions(boolean delegateToOldSM) {
66	this.delegateToOldSM = delegateToOldSM;
67	}
68	/**
69	* Adds a permission to be granted.
70	* @param perm The Permissions.Permission to be granted.
71	*/
72	public void addConfiguredGrant(Permissions.Permission perm) {
73	grantedPermissions.add(perm);
74	}
75
76	/**
77	* Adds a permission to be revoked.
78	* @param perm The Permissions.Permission to be revoked
79	*/
80	public void addConfiguredRevoke(Permissions.Permission perm) {
81	revokedPermissions.add(perm);
82	}
83
84	/**
85	* To be used by tasks wishing to use this security model before executing the part to be
86	* subject to these Permissions. Note that setting the SecurityManager too early may
87	* prevent your part from starting, as for instance changing classloaders may be prohibited.
88	* The classloader for the new situation is supposed to be present.
89	*/
90	public void setSecurityManager() throws BuildException{
91	origSm = System.getSecurityManager();
92	init();
93	System.setSecurityManager(new MySM());
94	active = true;
95	}
96
97	/**
98	* Initializes the list of granted permissions, checks the list of revoked permissions.
99	*/
100	private void init() throws BuildException {
101	granted = new java.security.Permissions();
102	for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
103	Permissions.Permission p = (Permissions.Permission) i.next();
104	if (p.getClassName() == null) {
105	throw new BuildException("Revoked permission " + p + " does not contain a class.");
106	}
107	}
108	for (Iterator i = grantedPermissions.listIterator(); i.hasNext();) {
109	Permissions.Permission p = (Permissions.Permission) i.next();
110	if (p.getClassName() == null) {
111	throw new BuildException("Granted permission " + p + " does not contain a class.");
112	} else {
113	java.security.Permission perm = new UnresolvedPermission(p.getClassName(),p.getName(),p.getActions(),null);
114	granted.add(perm);
115	}
116	}
117	// Add base set of permissions
118	granted.add(new java.net.SocketPermission("localhost:1024-", "listen"));
119	granted.add(new java.util.PropertyPermission("java.version", "read"));
120	granted.add(new java.util.PropertyPermission("java.vendor", "read"));
121	granted.add(new java.util.PropertyPermission("java.vendor.url", "read"));
122	granted.add(new java.util.PropertyPermission("java.class.version", "read"));
123	granted.add(new java.util.PropertyPermission("os.name", "read"));
124	granted.add(new java.util.PropertyPermission("os.version", "read"));
125	granted.add(new java.util.PropertyPermission("os.arch", "read"));
126	granted.add(new java.util.PropertyPermission("file.encoding", "read"));
127	granted.add(new java.util.PropertyPermission("file.separator", "read"));
128	granted.add(new java.util.PropertyPermission("path.separator", "read"));
129	granted.add(new java.util.PropertyPermission("line.separator", "read"));
130	granted.add(new java.util.PropertyPermission("java.specification.version", "read"));
131	granted.add(new java.util.PropertyPermission("java.specification.vendor", "read"));
132	granted.add(new java.util.PropertyPermission("java.specification.name", "read"));
133	granted.add(new java.util.PropertyPermission("java.vm.specification.version", "read"));
134	granted.add(new java.util.PropertyPermission("java.vm.specification.vendor", "read"));
135	granted.add(new java.util.PropertyPermission("java.vm.specification.name", "read"));
136	granted.add(new java.util.PropertyPermission("java.vm.version", "read"));
137	granted.add(new java.util.PropertyPermission("java.vm.vendor", "read"));
138	granted.add(new java.util.PropertyPermission("java.vm.name", "read"));
139	}
140
141	/**
142	* To be used by tasks that just finished executing the parts subject to these permissions.
143	*/
144	public void restoreSecurityManager() {
145	active = false;
146	System.setSecurityManager(origSm);
147	}
148
149	/**
150	* This inner class implements the actual SecurityManager that can be used by tasks
151	* supporting Permissions.
152	*/
153	private class MySM extends SecurityManager {
154
155	/**
156	* Exit is treated in a special way in order to be able to return the exit code towards tasks.
157	* An ExitException is thrown instead of a simple SecurityException to indicate the exit
158	* code.
159	* Overridden from java.lang.SecurityManager
160	* @param status The exit status requested.
161	*/
162	public void checkExit(int status) {
163	java.security.Permission perm = new java.lang.RuntimePermission("exitVM",null);
164	try {
165	checkPermission(perm);
166	} catch (SecurityException e) {
167	throw new ExitException(e.getMessage(), status);
168	}
169	}
170
171	/**
172	* The central point in checking permissions.
173	* Overridden from java.lang.SecurityManager
174	*
175	* @param perm The permission requested.
176	*/
177	public void checkPermission(java.security.Permission perm) {
178	if (active) {
179	if (delegateToOldSM && !perm.getName().equals("exitVM")) {
180	boolean permOK = false;
181	if (granted.implies(perm)) {
182	permOK = true;
183	}
184	checkRevoked(perm);
185	/*
186	if the permission was not explicitly granted or revoked
187	the original security manager will do its work
188	*/
189	if (!permOK && origSm != null) {
190	origSm.checkPermission(perm);
191	}
192	} else {
193	if (!granted.implies(perm)) {
194	throw new SecurityException("Permission " + perm + " was not granted.");
195	}
196	checkRevoked(perm);
197	}
198	}
199	}
200	/**
201	* throws an exception if this permission is revoked
202	* @param perm the permission being checked
203	*/
204	private void checkRevoked(java.security.Permission perm) {
205	for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
206	if (((Permissions.Permission)i.next()).matches(perm)) {
207	throw new SecurityException("Permission " + perm + " was revoked.");
208	}
209	}
210
211	}
212	}
213
214	/** Represents a permission. */
215	public static class Permission {
216	private String className;
217	private String name;
218	private String actionString;
219	private Set actions;
220
221	/**
222	* Sets the class, mandatory.
223	* @param aClass The class name of the permission.
224	*/
225	public void setClass(String aClass) {
226	className = aClass.trim();
227	}
228
229	/** Get the class of the permission
230	* @return The class name of the permission.
231	*/
232	public String getClassName() {
233	return className;
234	}
235
236	/**
237	* Sets the name of the permission.
238	* @param aName The name of the permission.
239	*/
240	public void setName(String aName) {
241	name = aName.trim();
242	}
243
244	/**
245	* Get the name of the permission.
246	* @return The name of the permission.
247	*/
248	public String getName() {
249	return name;
250	}
251
252	/**
253	* Sets the actions.
254	* @param actions The actions of the permission.
255	*/
256	public void setActions(String actions) {
257	actionString = actions;
258	if (actions.length() > 0) {
259	this.actions = parseActions(actions);
260	}
261	}
262
263	/**
264	* Gets the actions.
265	* @return The actions of the permission.
266	*/
267	public String getActions() {
268	return actionString;
269	}
270
271	/**
272	* Checks if the permission matches in case of a revoked permission.
273	* @param perm The permission to check against.
274	*/
275	boolean matches(java.security.Permission perm) {
276
277	if (!className.equals(perm.getClass().getName())) {
278	return false;
279	}
280
281	if (name != null) {
282	if (name.endsWith("*")) {
283	if (!perm.getName().startsWith(name.substring(0, name.length() - 1))) {
284	return false;
285	}
286	} else {
287	if (!name.equals(perm.getName())) {
288	return false;
289	}
290	}
291	}
292
293	if (actions != null) {
294	Set as = parseActions(perm.getActions());
295	int size = as.size();
296	as.removeAll(actions);
297	if (as.size() == size) {
298	// None of the actions revoked, so all allowed.
299	return false;
300	}
301	}
302
303	return true;
304	}
305
306	/**
307	* Parses the actions into a set of separate strings.
308	* @param actions The actions to be parsed.
309	*/
310	private Set parseActions(String actions) {
311	Set result = new HashSet();
312	StringTokenizer tk = new StringTokenizer(actions, ",");
313	while (tk.hasMoreTokens()) {
314	String item = tk.nextToken().trim();
315	if (!item.equals("")) {
316	result.add(item);
317	}
318	}
319	return result;
320	}
321	/**
322	* get a string description of the permissions
323	* @return string description of the permissions
324	*/
325	public String toString() {
326	return ("Permission: " + className + " (\"" + name + "\", \"" + actions + "\")");
327	}
328	}
329	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: