1 | /*
|
---|
2 | * Copyright 2003-2004 The Apache Software Foundation
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License, Version 2.0 (the "License");
|
---|
5 | * you may not use this file except in compliance with the License.
|
---|
6 | * You may obtain a copy of the License at
|
---|
7 | *
|
---|
8 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
9 | *
|
---|
10 | * Unless required by applicable law or agreed to in writing, software
|
---|
11 | * distributed under the License is distributed on an "AS IS" BASIS,
|
---|
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
13 | * See the License for the specific language governing permissions and
|
---|
14 | * limitations under the License.
|
---|
15 | *
|
---|
16 | */
|
---|
17 |
|
---|
18 | package org.apache.tools.ant.types;
|
---|
19 |
|
---|
20 | import java.security.UnresolvedPermission;
|
---|
21 | import java.util.HashSet;
|
---|
22 | import java.util.Iterator;
|
---|
23 | import java.util.LinkedList;
|
---|
24 | import java.util.List;
|
---|
25 | import java.util.Set;
|
---|
26 | import java.util.StringTokenizer;
|
---|
27 |
|
---|
28 | import org.apache.tools.ant.BuildException;
|
---|
29 | import org.apache.tools.ant.ExitException;
|
---|
30 |
|
---|
31 | /**
|
---|
32 | * This class implements a security manager meant for useage by tasks that run inside the
|
---|
33 | * ant VM. An examples are the Java Task and JUnitTask.
|
---|
34 | *
|
---|
35 | * The basic functionality is that nothing (except for a base set of permissions) is allowed, unless
|
---|
36 | * the permission is granted either explicitly or implicitly.
|
---|
37 | * If an permission is granted this can be overruled by explicitly revoking the permission.
|
---|
38 | *
|
---|
39 | * It is not permissible to add permissions (either granted or revoked) while the Security Manager
|
---|
40 | * is active (after calling setSecurityManager() but before calling restoreSecurityManager()).
|
---|
41 | *
|
---|
42 | * @since Ant 1.6
|
---|
43 | */
|
---|
44 | public class Permissions {
|
---|
45 |
|
---|
46 | private List grantedPermissions = new LinkedList();
|
---|
47 | private List revokedPermissions = new LinkedList();
|
---|
48 | private java.security.Permissions granted = null;
|
---|
49 | private SecurityManager origSm = null;
|
---|
50 | private boolean active = false;
|
---|
51 | private boolean delegateToOldSM = false;
|
---|
52 |
|
---|
53 | /**
|
---|
54 | * default constructor
|
---|
55 | */
|
---|
56 | public Permissions() {
|
---|
57 | }
|
---|
58 | /**
|
---|
59 | * create a new set of permissions
|
---|
60 | * @param delegateToOldSM if <code>true</code> the old security manager
|
---|
61 | * will be used if the permission has not been explicitly granted or revoked
|
---|
62 | * in this instance
|
---|
63 | * if false, it behaves like the default constructor
|
---|
64 | */
|
---|
65 | public Permissions(boolean delegateToOldSM) {
|
---|
66 | this.delegateToOldSM = delegateToOldSM;
|
---|
67 | }
|
---|
68 | /**
|
---|
69 | * Adds a permission to be granted.
|
---|
70 | * @param perm The Permissions.Permission to be granted.
|
---|
71 | */
|
---|
72 | public void addConfiguredGrant(Permissions.Permission perm) {
|
---|
73 | grantedPermissions.add(perm);
|
---|
74 | }
|
---|
75 |
|
---|
76 | /**
|
---|
77 | * Adds a permission to be revoked.
|
---|
78 | * @param perm The Permissions.Permission to be revoked
|
---|
79 | */
|
---|
80 | public void addConfiguredRevoke(Permissions.Permission perm) {
|
---|
81 | revokedPermissions.add(perm);
|
---|
82 | }
|
---|
83 |
|
---|
84 | /**
|
---|
85 | * To be used by tasks wishing to use this security model before executing the part to be
|
---|
86 | * subject to these Permissions. Note that setting the SecurityManager too early may
|
---|
87 | * prevent your part from starting, as for instance changing classloaders may be prohibited.
|
---|
88 | * The classloader for the new situation is supposed to be present.
|
---|
89 | */
|
---|
90 | public void setSecurityManager() throws BuildException{
|
---|
91 | origSm = System.getSecurityManager();
|
---|
92 | init();
|
---|
93 | System.setSecurityManager(new MySM());
|
---|
94 | active = true;
|
---|
95 | }
|
---|
96 |
|
---|
97 | /**
|
---|
98 | * Initializes the list of granted permissions, checks the list of revoked permissions.
|
---|
99 | */
|
---|
100 | private void init() throws BuildException {
|
---|
101 | granted = new java.security.Permissions();
|
---|
102 | for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
|
---|
103 | Permissions.Permission p = (Permissions.Permission) i.next();
|
---|
104 | if (p.getClassName() == null) {
|
---|
105 | throw new BuildException("Revoked permission " + p + " does not contain a class.");
|
---|
106 | }
|
---|
107 | }
|
---|
108 | for (Iterator i = grantedPermissions.listIterator(); i.hasNext();) {
|
---|
109 | Permissions.Permission p = (Permissions.Permission) i.next();
|
---|
110 | if (p.getClassName() == null) {
|
---|
111 | throw new BuildException("Granted permission " + p + " does not contain a class.");
|
---|
112 | } else {
|
---|
113 | java.security.Permission perm = new UnresolvedPermission(p.getClassName(),p.getName(),p.getActions(),null);
|
---|
114 | granted.add(perm);
|
---|
115 | }
|
---|
116 | }
|
---|
117 | // Add base set of permissions
|
---|
118 | granted.add(new java.net.SocketPermission("localhost:1024-", "listen"));
|
---|
119 | granted.add(new java.util.PropertyPermission("java.version", "read"));
|
---|
120 | granted.add(new java.util.PropertyPermission("java.vendor", "read"));
|
---|
121 | granted.add(new java.util.PropertyPermission("java.vendor.url", "read"));
|
---|
122 | granted.add(new java.util.PropertyPermission("java.class.version", "read"));
|
---|
123 | granted.add(new java.util.PropertyPermission("os.name", "read"));
|
---|
124 | granted.add(new java.util.PropertyPermission("os.version", "read"));
|
---|
125 | granted.add(new java.util.PropertyPermission("os.arch", "read"));
|
---|
126 | granted.add(new java.util.PropertyPermission("file.encoding", "read"));
|
---|
127 | granted.add(new java.util.PropertyPermission("file.separator", "read"));
|
---|
128 | granted.add(new java.util.PropertyPermission("path.separator", "read"));
|
---|
129 | granted.add(new java.util.PropertyPermission("line.separator", "read"));
|
---|
130 | granted.add(new java.util.PropertyPermission("java.specification.version", "read"));
|
---|
131 | granted.add(new java.util.PropertyPermission("java.specification.vendor", "read"));
|
---|
132 | granted.add(new java.util.PropertyPermission("java.specification.name", "read"));
|
---|
133 | granted.add(new java.util.PropertyPermission("java.vm.specification.version", "read"));
|
---|
134 | granted.add(new java.util.PropertyPermission("java.vm.specification.vendor", "read"));
|
---|
135 | granted.add(new java.util.PropertyPermission("java.vm.specification.name", "read"));
|
---|
136 | granted.add(new java.util.PropertyPermission("java.vm.version", "read"));
|
---|
137 | granted.add(new java.util.PropertyPermission("java.vm.vendor", "read"));
|
---|
138 | granted.add(new java.util.PropertyPermission("java.vm.name", "read"));
|
---|
139 | }
|
---|
140 |
|
---|
141 | /**
|
---|
142 | * To be used by tasks that just finished executing the parts subject to these permissions.
|
---|
143 | */
|
---|
144 | public void restoreSecurityManager() {
|
---|
145 | active = false;
|
---|
146 | System.setSecurityManager(origSm);
|
---|
147 | }
|
---|
148 |
|
---|
149 | /**
|
---|
150 | * This inner class implements the actual SecurityManager that can be used by tasks
|
---|
151 | * supporting Permissions.
|
---|
152 | */
|
---|
153 | private class MySM extends SecurityManager {
|
---|
154 |
|
---|
155 | /**
|
---|
156 | * Exit is treated in a special way in order to be able to return the exit code towards tasks.
|
---|
157 | * An ExitException is thrown instead of a simple SecurityException to indicate the exit
|
---|
158 | * code.
|
---|
159 | * Overridden from java.lang.SecurityManager
|
---|
160 | * @param status The exit status requested.
|
---|
161 | */
|
---|
162 | public void checkExit(int status) {
|
---|
163 | java.security.Permission perm = new java.lang.RuntimePermission("exitVM",null);
|
---|
164 | try {
|
---|
165 | checkPermission(perm);
|
---|
166 | } catch (SecurityException e) {
|
---|
167 | throw new ExitException(e.getMessage(), status);
|
---|
168 | }
|
---|
169 | }
|
---|
170 |
|
---|
171 | /**
|
---|
172 | * The central point in checking permissions.
|
---|
173 | * Overridden from java.lang.SecurityManager
|
---|
174 | *
|
---|
175 | * @param perm The permission requested.
|
---|
176 | */
|
---|
177 | public void checkPermission(java.security.Permission perm) {
|
---|
178 | if (active) {
|
---|
179 | if (delegateToOldSM && !perm.getName().equals("exitVM")) {
|
---|
180 | boolean permOK = false;
|
---|
181 | if (granted.implies(perm)) {
|
---|
182 | permOK = true;
|
---|
183 | }
|
---|
184 | checkRevoked(perm);
|
---|
185 | /*
|
---|
186 | if the permission was not explicitly granted or revoked
|
---|
187 | the original security manager will do its work
|
---|
188 | */
|
---|
189 | if (!permOK && origSm != null) {
|
---|
190 | origSm.checkPermission(perm);
|
---|
191 | }
|
---|
192 | } else {
|
---|
193 | if (!granted.implies(perm)) {
|
---|
194 | throw new SecurityException("Permission " + perm + " was not granted.");
|
---|
195 | }
|
---|
196 | checkRevoked(perm);
|
---|
197 | }
|
---|
198 | }
|
---|
199 | }
|
---|
200 | /**
|
---|
201 | * throws an exception if this permission is revoked
|
---|
202 | * @param perm the permission being checked
|
---|
203 | */
|
---|
204 | private void checkRevoked(java.security.Permission perm) {
|
---|
205 | for (Iterator i = revokedPermissions.listIterator(); i.hasNext();) {
|
---|
206 | if (((Permissions.Permission)i.next()).matches(perm)) {
|
---|
207 | throw new SecurityException("Permission " + perm + " was revoked.");
|
---|
208 | }
|
---|
209 | }
|
---|
210 |
|
---|
211 | }
|
---|
212 | }
|
---|
213 |
|
---|
214 | /** Represents a permission. */
|
---|
215 | public static class Permission {
|
---|
216 | private String className;
|
---|
217 | private String name;
|
---|
218 | private String actionString;
|
---|
219 | private Set actions;
|
---|
220 |
|
---|
221 | /**
|
---|
222 | * Sets the class, mandatory.
|
---|
223 | * @param aClass The class name of the permission.
|
---|
224 | */
|
---|
225 | public void setClass(String aClass) {
|
---|
226 | className = aClass.trim();
|
---|
227 | }
|
---|
228 |
|
---|
229 | /** Get the class of the permission
|
---|
230 | * @return The class name of the permission.
|
---|
231 | */
|
---|
232 | public String getClassName() {
|
---|
233 | return className;
|
---|
234 | }
|
---|
235 |
|
---|
236 | /**
|
---|
237 | * Sets the name of the permission.
|
---|
238 | * @param aName The name of the permission.
|
---|
239 | */
|
---|
240 | public void setName(String aName) {
|
---|
241 | name = aName.trim();
|
---|
242 | }
|
---|
243 |
|
---|
244 | /**
|
---|
245 | * Get the name of the permission.
|
---|
246 | * @return The name of the permission.
|
---|
247 | */
|
---|
248 | public String getName() {
|
---|
249 | return name;
|
---|
250 | }
|
---|
251 |
|
---|
252 | /**
|
---|
253 | * Sets the actions.
|
---|
254 | * @param actions The actions of the permission.
|
---|
255 | */
|
---|
256 | public void setActions(String actions) {
|
---|
257 | actionString = actions;
|
---|
258 | if (actions.length() > 0) {
|
---|
259 | this.actions = parseActions(actions);
|
---|
260 | }
|
---|
261 | }
|
---|
262 |
|
---|
263 | /**
|
---|
264 | * Gets the actions.
|
---|
265 | * @return The actions of the permission.
|
---|
266 | */
|
---|
267 | public String getActions() {
|
---|
268 | return actionString;
|
---|
269 | }
|
---|
270 |
|
---|
271 | /**
|
---|
272 | * Checks if the permission matches in case of a revoked permission.
|
---|
273 | * @param perm The permission to check against.
|
---|
274 | */
|
---|
275 | boolean matches(java.security.Permission perm) {
|
---|
276 |
|
---|
277 | if (!className.equals(perm.getClass().getName())) {
|
---|
278 | return false;
|
---|
279 | }
|
---|
280 |
|
---|
281 | if (name != null) {
|
---|
282 | if (name.endsWith("*")) {
|
---|
283 | if (!perm.getName().startsWith(name.substring(0, name.length() - 1))) {
|
---|
284 | return false;
|
---|
285 | }
|
---|
286 | } else {
|
---|
287 | if (!name.equals(perm.getName())) {
|
---|
288 | return false;
|
---|
289 | }
|
---|
290 | }
|
---|
291 | }
|
---|
292 |
|
---|
293 | if (actions != null) {
|
---|
294 | Set as = parseActions(perm.getActions());
|
---|
295 | int size = as.size();
|
---|
296 | as.removeAll(actions);
|
---|
297 | if (as.size() == size) {
|
---|
298 | // None of the actions revoked, so all allowed.
|
---|
299 | return false;
|
---|
300 | }
|
---|
301 | }
|
---|
302 |
|
---|
303 | return true;
|
---|
304 | }
|
---|
305 |
|
---|
306 | /**
|
---|
307 | * Parses the actions into a set of separate strings.
|
---|
308 | * @param actions The actions to be parsed.
|
---|
309 | */
|
---|
310 | private Set parseActions(String actions) {
|
---|
311 | Set result = new HashSet();
|
---|
312 | StringTokenizer tk = new StringTokenizer(actions, ",");
|
---|
313 | while (tk.hasMoreTokens()) {
|
---|
314 | String item = tk.nextToken().trim();
|
---|
315 | if (!item.equals("")) {
|
---|
316 | result.add(item);
|
---|
317 | }
|
---|
318 | }
|
---|
319 | return result;
|
---|
320 | }
|
---|
321 | /**
|
---|
322 | * get a string description of the permissions
|
---|
323 | * @return string description of the permissions
|
---|
324 | */
|
---|
325 | public String toString() {
|
---|
326 | return ("Permission: " + className + " (\"" + name + "\", \"" + actions + "\")");
|
---|
327 | }
|
---|
328 | }
|
---|
329 | }
|
---|