public CachedFile(File tempFile) { this.tempFile = tempFile; final Permissions filePermissions = new Permissions(); final FilePermission crudPermission = new FilePermission(tempFile.getAbsolutePath(), "read,write,delete"); filePermissions.add(crudPermission); debug("filePermissions Added FilePermission for 'read', 'write', 'delete' on " + tempFile.getAbsolutePath()); filePermissionContext = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, filePermissions)}); final Permissions openPermissions = new Permissions(); openPermissions.add(crudPermission); debug("openPermissions Added FilePermission for 'read', 'write', 'delete' on " + tempFile.getAbsolutePath()); openPermissions.add(new FilePermission("<<ALL FILES>>", "execute")); debug("openPermissions Added FilePermission for 'execute' on <<ALL FILES>>"); openPermissions.add(new AWTPermission("showWindowWithoutWarningBanner")); debug("openPermissions Added AWTPermission for 'showWindowWithoutWarningBanner'"); openPermissionContext = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, openPermissions)}); setAsSynced(); }
/** * Sets the composite. * * @param comp the composite to set */ public void setComposite(Composite comp) { if (! (comp instanceof AlphaComposite)) { // FIXME: this check is only required "if this Graphics2D // context is drawing to a Component on the display screen". SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AWTPermission("readDisplayPixels")); } composite = comp; if (! (comp.equals(AlphaComposite.SrcOver))) isOptimized = false; else updateOptimization(); }
/** * Adds a couple of common permissions for both unsigned extensions as well as Groovy scripts. * * @param permissions * the permissions object which will get the permissions added to it */ private static void addCommonPermissions(Permissions permissions) { permissions.add(new AudioPermission("play")); permissions.add(new AWTPermission("listenToAllAWTEvents")); permissions.add(new AWTPermission("setWindowAlwaysOnTop")); permissions.add(new AWTPermission("watchMousePointer")); permissions.add(new LoggingPermission("control", "")); permissions.add(new SocketPermission("*", "connect, listen, accept, resolve")); permissions.add(new URLPermission("http://-", "*:*")); permissions.add(new URLPermission("https://-", "*:*")); // because random Java library calls use sun classes which may or may not do an acess check, // we have to grant access to all of them // this is a very unfortunate permission and I would love to not have it // so if at any point in the future this won't be necessary any longer, remove it!!! permissions.add(new RuntimePermission("accessClassInPackage.sun.*")); permissions.add(new RuntimePermission("accessDeclaredMembers")); permissions.add(new RuntimePermission("getenv.*")); permissions.add(new RuntimePermission("getFileSystemAttributes")); permissions.add(new RuntimePermission("readFileDescriptor")); permissions.add(new RuntimePermission("writeFileDescriptor")); permissions.add(new RuntimePermission("queuePrintJob")); permissions.add(new NetPermission("specifyStreamHandler")); }
protected boolean checkAWTPermission(AWTPermission perm) { /* * For now, we run EvoSuite in headless mode (ie no support for display, mouse, keyboard, etc). Methods that will need those devices will * throw a Headless exception. so, here, we can just grant permissions, as shouldn't really have any effect. When we ll start to test GUI * (without headless), then we ll need to carefully check which permissions to grant (eg "createRobot" seems very dangerous) */ if ("true".equals(AWT_HEADLESS)) { return true; } else { /* * accessClipboard accessEventQueue accessSystemTray createRobot fullScreenExclusive listenToAllAWTEvents readDisplayPixels * replaceKeyboardFocusManager setAppletStub setWindowAlwaysOnTop showWindowWithoutWarningBanner toolkitModality watchMousePointer */ return false; } }
/** * Calls to the security manager's <code>checkPermission</code> method with * an <code>AWTPermission("showWindowWithoutWarningBanner")</code> * permission. */ private void checkAWTPermission(){ SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new AWTPermission( "showWindowWithoutWarningBanner")); } }
public static void main(String[] args) { MySecurityManager sm = MySecurityManager.install(); Toolkit toolkit = Toolkit.getDefaultToolkit(); sm.prepare("Toolkit.getSystemClipboard()"); toolkit.getSystemClipboard(); sm.assertChecked(AWTPermission.class, "accessClipboard"); sm.prepare("Toolkit.getSystemEventQueue()"); toolkit.getSystemEventQueue(); sm.assertChecked(AWTPermission.class, "accessEventQueue"); sm.prepare("Toolkit.getSystemSelection()"); toolkit.getSystemSelection(); //sm.assertChecked(AWTPermission.class, "accessClipboard"); sm.prepare("Window(Frame)"); new Window((Frame)null); sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); sm.prepare("Window(Window)"); new Window((Window)null); sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); sm.prepare("Window(Window,GraphicsConfiguration)"); new Window((Window)null, (GraphicsConfiguration)null); sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); }
/** * Sets the current composite context. */ public void setComposite(Composite comp) { if (this.comp == comp) return; this.comp = comp; if (compCtx != null) compCtx.dispose(); compCtx = null; if (comp instanceof AlphaComposite) { AlphaComposite a = (AlphaComposite) comp; cairoSetOperator(nativePointer, a.getRule()); } else { cairoSetOperator(nativePointer, AlphaComposite.SRC_OVER); if (comp != null) { // FIXME: this check is only required "if this Graphics2D // context is drawing to a Component on the display screen". SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AWTPermission("readDisplayPixels")); compCtx = comp.createContext(getBufferCM(), getNativeCM(), hints); } } }
public void setComposite(Composite comp) { if( comp == null) { setNativeComposite( AlphaComposite.SRC_OVER ); return; } if( comp instanceof AlphaComposite ) { if( ((AlphaComposite)comp).getRule() != AlphaComposite.XOR ) setAlpha( ((AlphaComposite)comp).getAlpha() ); setNativeComposite( ((AlphaComposite)comp).getRule() ); composite = comp; } else { // FIXME: this check is only required "if this Graphics2D // context is drawing to a Component on the display screen". SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AWTPermission("readDisplayPixels")); throw new UnsupportedOperationException("We don't support custom"+ " composites yet."); } }
/** * Note: Checks for AWTPermission("showWindowWithoutWarningBanner") only. */ protected void checkPermissions() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new AWTPermission("showWindowWithoutWarningBanner")); } }
/** * @return a PermissionCollection containing the sandbox permissions */ public PermissionCollection getSandBoxPermissions() { final Permissions permissions = new Permissions(); for (Permission sandboxPermission : sandboxPermissions) { permissions.add(sandboxPermission); } if (grantAwtPermissions) { permissions.add(new AWTPermission("showWindowWithoutWarningBanner")); } if (JNLPRuntime.isWebstartApplication()) { if (file == null) { throw new NullJnlpFileException("Can not return sandbox permissions, file is null"); } if (file.isApplication()) { for (Permission jnlpRIAPermission : jnlpRIAPermissions) { permissions.add(jnlpRIAPermission); } } } if (downloadHost != null && downloadHost.getHost().length() > 0) { permissions.add(new SocketPermission(UrlUtils.getHostAndPort(downloadHost), "connect, accept")); } final Collection<Permission> urlPermissions = getUrlPermissions(); for (final Permission permission : urlPermissions) { permissions.add(permission); } return permissions; }
@Test public void testGetPermissionsGroup() throws Exception { final Permission playAudio = new AudioPermission("play"); final Permission recordAudio = new AudioPermission("record"); final Permission print = new RuntimePermission("queuePrintJob"); final Permission clipboard = new AWTPermission("accessClipboard"); final Set<Permission> expected = new HashSet<>(Arrays.asList(playAudio, recordAudio, print, clipboard)); final Set<Permission> generated = new HashSet<>(TemporaryPermissions.getPermissions(PolicyEditorPermissions.Group.MediaAccess)); assertEquals(expected, generated); }
/** * @see java.lang.SecurityManager#checkPermission(java.security.Permission) */ @Override @SuppressWarnings("nls") public void checkPermission(Permission permission) { Permission[] denied = new Permission[] { new AWTPermission("accessEventQueue"), new AWTPermission("accessClipboard"), new AWTPermission("showWindowWithoutWarningBanner") }; for (Permission per : denied) { if (null != per && per.implies(permission)) { throw new SecurityException("Denied " + permission); } } }
public void testAccessSystemClipboard() { // Regression test for HARMONY-3479 class TestSecurityManager extends SecurityManager { public boolean flag; public void checkPermission(Permission perm) { if ((perm instanceof AWTPermission) && "accessClipboard".equals(perm.getName())) { flag = true; throw new SecurityException("test"); } } } SecurityManager oldSecurityManager = System.getSecurityManager(); TestSecurityManager testSecurityManager = new TestSecurityManager(); System.setSecurityManager(testSecurityManager); try { ActionEvent event = new ActionEvent(new JPanel(), 0, ""); Action action; testSecurityManager.flag = false; TransferHandler.getCopyAction().actionPerformed(event); assertTrue(testSecurityManager.flag); testSecurityManager.flag = false; TransferHandler.getCutAction().actionPerformed(event); assertTrue(testSecurityManager.flag); testSecurityManager.flag = false; TransferHandler.getPasteAction().actionPerformed(event); assertTrue(testSecurityManager.flag); } finally { System.setSecurityManager(oldSecurityManager); } }
