--- /home/tromey/gnu/Nightly/classpath/classpath/java/lang/SecurityManager.java 2004-10-13 02:27:36.000000000 -0600 +++ java/lang/SecurityManager.java 2004-11-25 02:16:35.000000000 -0700 @@ -45,15 +45,11 @@ import java.lang.reflect.Member; import java.net.InetAddress; import java.net.SocketPermission; -import java.security.AccessControlContext; -import java.security.AccessController; import java.security.AllPermission; import java.security.Permission; -import java.security.PrivilegedAction; import java.security.Security; import java.security.SecurityPermission; import java.util.PropertyPermission; -import java.util.StringTokenizer; /** * SecurityManager is a class you can extend to create your own Java @@ -311,7 +307,8 @@ */ public Object getSecurityContext() { - return AccessController.getContext(); + // XXX Should be: return AccessController.getContext(); + return new SecurityContext(getClassContext()); } /** @@ -326,7 +323,8 @@ */ public void checkPermission(Permission perm) { - AccessController.checkPermission(perm); + // XXX Should be: AccessController.checkPermission(perm); + //.throw new SecurityException("Operation not allowed"); } /** @@ -347,9 +345,11 @@ */ public void checkPermission(Permission perm, Object context) { - if (! (context instanceof AccessControlContext)) - throw new SecurityException("Missing context"); - ((AccessControlContext) context).checkPermission(perm); + // XXX Should be: + // if (! (context instanceof AccessControlContext)) + // throw new SecurityException("Missing context"); + // ((AccessControlContext) context).checkPermission(perm); + throw new SecurityException("Operation not allowed"); } /** @@ -548,10 +548,12 @@ */ public void checkRead(String filename, Object context) { - if (! (context instanceof AccessControlContext)) - throw new SecurityException("Missing context"); - AccessControlContext ac = (AccessControlContext) context; - ac.checkPermission(new FilePermission(filename, "read")); + // XXX Should be: + // if (! (context instanceof AccessControlContext)) + // throw new SecurityException("Missing context"); + // AccessControlContext ac = (AccessControlContext) context; + // ac.checkPermission(new FilePermission(filename, "read")); + // throw new SecurityException("Cannot read files via file names."); } /** @@ -665,15 +667,17 @@ */ public void checkConnect(String host, int port, Object context) { - if (! (context instanceof AccessControlContext)) - throw new SecurityException("Missing context"); - AccessControlContext ac = (AccessControlContext) context; - if (port == -1) - ac.checkPermission(new SocketPermission(host, "resolve")); - else - // Use the toString() hack to do the null check. - ac.checkPermission(new SocketPermission(host.toString() + ":" + port, - "connect")); + // XXX Should be: + // if (! (context instanceof AccessControlContext)) + // throw new SecurityException("Missing context"); + // AccessControlContext ac = (AccessControlContext) context; + // if (port == -1) + // ac.checkPermission(new SocketPermission(host, "resolve")); + // else + // // Use the toString() hack to do the null check. + // ac.checkPermission(new SocketPermission(host.toString + ":" +port, + // "connect")); + // throw new SecurityException("Cannot make network connections."); } /** @@ -890,7 +894,7 @@ */ public void checkPackageAccess(String packageName) { - checkPackageList(packageName, "package.access", "accessClassInPackage."); + checkPackageList(packageName, "access", "accessClassInPackage."); } /** @@ -912,7 +916,7 @@ */ public void checkPackageDefinition(String packageName) { - checkPackageList(packageName, "package.definition", "defineClassInPackage."); + checkPackageList(packageName, "definition", "defineClassInPackage."); } /** @@ -1008,39 +1012,37 @@ * RuntimePermission(permission + packageName). * * @param packageName the package name to check access to - * @param restriction "package.access" or "package.definition" + * @param restriction the list of restrictions, after "package." * @param permission the base permission, including the '.' * @throws SecurityException if permission is denied * @throws NullPointerException if packageName is null * @see #checkPackageAccess(String) * @see #checkPackageDefinition(String) */ - void checkPackageList(String packageName, final String restriction, + void checkPackageList(String packageName, String restriction, String permission) { - if (packageName == null) - throw new NullPointerException(); - - String list = (String)AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - return Security.getProperty(restriction); - } - }); - - if (list == null || list.equals("")) + // Use the toString() hack to do the null check. + Permission p = new RuntimePermission(permission + packageName.toString()); + String list = Security.getProperty("package." + restriction); + if (list == null) return; - - String packageNamePlusDot = packageName + "."; - - StringTokenizer st = new StringTokenizer(list, ","); - while (st.hasMoreTokens()) + while (! "".equals(packageName)) { - if (packageNamePlusDot.startsWith(st.nextToken())) - { - Permission p = new RuntimePermission(permission + packageName); - checkPermission(p); - return; - } + for (int index = list.indexOf(packageName); + index != -1; index = list.indexOf(packageName, index + 1)) + { + // Exploit package visibility for speed. + int packageNameCount = packageName.length(); + if (index + packageNameCount == list.length() + || list.charAt(index + packageNameCount) == ',') + { + checkPermission(p); + return; + } + } + int index = packageName.lastIndexOf('.'); + packageName = index < 0 ? "" : packageName.substring(0, index); } } } // class SecurityManager