static PermissionCollection getRestrictedPermissions() { Permissions perms = new Permissions(); // property/env access needed for parsing perms.add(new PropertyPermission("*", "read")); perms.add(new RuntimePermission("getenv.TIKA_CONFIG")); // add permissions for resource access: // classpath addReadPermissions(perms, JarHell.parseClassPath()); // plugin jars if (TikaImpl.class.getClassLoader() instanceof URLClassLoader) { addReadPermissions(perms, ((URLClassLoader)TikaImpl.class.getClassLoader()).getURLs()); } // jvm's java.io.tmpdir (needs read/write) perms.add(new FilePermission(System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "-", "read,readlink,write,delete")); // current hacks needed for POI/PDFbox issues: perms.add(new SecurityPermission("putProviderProperty.BC")); perms.add(new SecurityPermission("insertProvider")); perms.add(new ReflectPermission("suppressAccessChecks")); // xmlbeans, use by POI, needs to get the context classloader perms.add(new RuntimePermission("getClassLoader")); perms.setReadOnly(); return perms; }
/** * Returns a policy containing all the permissions we ever need. */ public static Policy permissivePolicy() { return new AdjustablePolicy // Permissions j.u.c. needs directly (new RuntimePermission("modifyThread"), new RuntimePermission("getClassLoader"), new RuntimePermission("setContextClassLoader"), // Permissions needed to change permissions! new SecurityPermission("getPolicy"), new SecurityPermission("setPolicy"), new RuntimePermission("setSecurityManager"), // Permissions needed by the junit test harness new RuntimePermission("accessDeclaredMembers"), new PropertyPermission("*", "read"), new java.io.FilePermission("<<ALL FILES>>", "read")); }
/** * Returns the list of permissions for the running test. * * @return */ protected List<Permission> getTestPermissions() { List<Permission> perms = new ArrayList<Permission>(); perms.add(new PackagePermission("*", PackagePermission.EXPORT)); perms.add(new PackagePermission("*", PackagePermission.IMPORT)); perms.add(new BundlePermission("*", BundlePermission.HOST)); perms.add(new BundlePermission("*", BundlePermission.PROVIDE)); perms.add(new BundlePermission("*", BundlePermission.REQUIRE)); perms.add(new ServicePermission("*", ServicePermission.REGISTER)); perms.add(new ServicePermission("*", ServicePermission.GET)); perms.add(new PropertyPermission("*", "read,write")); // required by Spring perms.add(new RuntimePermission("*", "accessDeclaredMembers")); perms.add(new ReflectPermission("*", "suppressAccessChecks")); // logging permission perms.add(new FilePermission("-", "write")); perms.add(new FilePermission("-", "read")); return perms; }
protected List<Permission> getIAndTPermissions() { List<Permission> perms = new ArrayList<Permission>(); // export package perms.add(new PackagePermission("*", PackagePermission.EXPORT)); perms.add(new PackagePermission("*", PackagePermission.IMPORT)); perms.add(new BundlePermission("*", BundlePermission.FRAGMENT)); perms.add(new BundlePermission("*", BundlePermission.PROVIDE)); perms.add(new ServicePermission("*", ServicePermission.REGISTER)); perms.add(new ServicePermission("*", ServicePermission.GET)); perms.add(new PropertyPermission("*", "read,write")); // required by Spring perms.add(new RuntimePermission("*", "accessDeclaredMembers")); perms.add(new ReflectPermission("*", "suppressAccessChecks")); // logging permission perms.add(new FilePermission("-", "write")); perms.add(new FilePermission("-", "read")); return perms; }
private static String getSysPropertyValues(String propertyName, String permissionsToGet) { final Permissions permissions = new Permissions(); permissions.add(new PropertyPermission(propertyName, permissionsToGet)); LOGGER.info("Added " + permissionsToGet + " property permission for " + propertyName); final AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, permissions)}); LinuxOpener.EnvPropertyGetter proppy = new EnvPropertyGetter(propertyName, false); // false // = // don't // call // getenv // (rather // getProperty) AccessController.doPrivileged(proppy, context); return proppy.getPropertyValue(); }
/** * Returns the requested System Property. If a {@code SecurityException} * occurs, just return NULL * @param propName - System property to retrieve * @return The System property value or NULL if the property does not exist * or a {@code SecurityException} occurs. */ static private String getSystemProperty(final String propName) { String property = null; try { property = AccessController.doPrivileged(new PrivilegedAction<String>() { public String run() { return System.getProperty(propName); } }, null, new PropertyPermission(propName, "read")); } catch (SecurityException se) { trace("error getting " + propName + ": "+ se); if (debug) { se.printStackTrace(); } } return property; }
public static void main(String arg[]) { SecurityManager security = System.getSecurityManager(); if (security != null) { System.out.println("Security manager detected"); try { security.checkPermission(new FilePermission("<<ALL FILES>>", "read,write")); security.checkPermission(new PropertyPermission("user.dir", "read")); } catch (SecurityException se) { System.out.println("Security requirement not obtained. TEST PASSED"); return; } } String[] testStr = {".", ""}; for (int i=0; i<testStr.length; i++) { System.out.println("Testing file name = \""+testStr[i]+"\""); doPrinterJob(testStr[i], OrientationRequested.PORTRAIT); PrintToDir ptd = new PrintToDir(); ptd.doPrintJob(testStr[i]); ptd.dispose(); } System.out.println("TEST PASSED"); }
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) { this.allowAll = allowAll; // Permission needed by the tested code exercised in the test permissions = new Permissions(); permissions.add(new RuntimePermission("fileSystemProvider")); permissions.add(new RuntimePermission("createClassLoader")); permissions.add(new RuntimePermission("closeClassLoader")); permissions.add(new RuntimePermission("getClassLoader")); permissions.add(new RuntimePermission("accessDeclaredMembers")); permissions.add(new ReflectPermission("suppressAccessChecks")); permissions.add(new PropertyPermission("*", "read")); permissions.add(new FilePermission("<<ALL FILES>>", "read")); // these are used for configuring the test itself... allPermissions = new Permissions(); allPermissions.add(new java.security.AllPermission()); }
public SimplePolicy(TestCase test, AtomicBoolean allowAll) { this.allowAll = allowAll; permissions = new Permissions(); permissions.add(new LoggingPermission("control", null)); // needed by new FileHandler() permissions.add(new FilePermission("<<ALL FILES>>", "read")); // needed by new FileHandler() permissions.add(new FilePermission(logFile, "write,delete")); // needed by new FileHandler() permissions.add(new FilePermission(logFile+".lck", "write,delete")); // needed by FileHandler.close() permissions.add(new FilePermission(logFile+".1", "write,delete")); // needed by new FileHandler() permissions.add(new FilePermission(logFile+".1.lck", "write,delete")); // needed by FileHandler.close() permissions.add(new FilePermission(tmpLogFile, "write,delete")); // needed by new FileHandler() permissions.add(new FilePermission(tmpLogFile+".lck", "write,delete")); // needed by FileHandler.close() permissions.add(new FilePermission(tmpLogFile+".1", "write,delete")); // needed by new FileHandler() permissions.add(new FilePermission(tmpLogFile+".1.lck", "write,delete")); // needed by FileHandler.close() permissions.add(new FilePermission(userDir, "write")); // needed by new FileHandler() permissions.add(new FilePermission(tmpDir, "write")); // needed by new FileHandler() permissions.add(new PropertyPermission("user.dir", "read")); permissions.add(new PropertyPermission("java.io.tmpdir", "read")); allPermissions = new Permissions(); allPermissions.add(new java.security.AllPermission()); }
public void setBasicPermissions() { permissions.add(new SecurityPermission("getPolicy")); permissions.add(new SecurityPermission("setPolicy")); permissions.add(new RuntimePermission("getClassLoader")); permissions.add(new RuntimePermission("setSecurityManager")); permissions.add(new RuntimePermission("createSecurityManager")); permissions.add(new PropertyPermission("testng.show.stack.frames", "read")); permissions.add(new PropertyPermission("user.dir", "read")); permissions.add(new PropertyPermission("test.src", "read")); permissions.add(new PropertyPermission("file.separator", "read")); permissions.add(new PropertyPermission("line.separator", "read")); permissions.add(new PropertyPermission("fileStringBuffer", "read")); permissions.add(new PropertyPermission("dataproviderthreadcount", "read")); permissions.add(new FilePermission("<<ALL FILES>>", "execute")); }
public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) { this.allowAll = allowAll; // Permission needed by the tested code exercised in the test permissions = new Permissions(); permissions.add(new RuntimePermission("fileSystemProvider")); permissions.add(new RuntimePermission("createClassLoader")); permissions.add(new RuntimePermission("closeClassLoader")); permissions.add(new RuntimePermission("getClassLoader")); permissions.add(new RuntimePermission("accessDeclaredMembers")); permissions.add(new RuntimePermission("accessSystemModules")); permissions.add(new ReflectPermission("suppressAccessChecks")); permissions.add(new PropertyPermission("*", "read")); permissions.add(new FilePermission("<<ALL FILES>>", "read")); // these are used for configuring the test itself... allPermissions = new Permissions(); allPermissions.add(new java.security.AllPermission()); }
public SimplePolicy(TestCase test) { basic = new Permissions(); control = new Permissions(); control.add(new LoggingPermission("control", null)); // These permissions are required to call updateConfiguration(Function) control.add(new PropertyPermission("java.util.logging.config.file", "read")); control.add(new PropertyPermission("java.home", "read")); control.add(new FilePermission( Paths.get(System.getProperty("user.dir", "."),"-").toString(), "read")); control.add(new FilePermission( Paths.get(System.getProperty("java.home"),"conf","-").toString(), "read")); // these are used for configuring the test itself... all = new Permissions(); all.add(new java.security.AllPermission()); }
/** * Returns <code>true</code> if the language in preferences can be set. * @return <code>true</code> except if <code>user.language</code> System property isn't writable. * @since 3.4 */ public boolean isLanguageEditable() { try { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new PropertyPermission("user.language", "write")); } return true; } catch (AccessControlException ex) { return false; } }
/** * Create permission for groovy scripts of the {@link ScriptingOperator}. * * @return the permissions, never {@code null} */ private static PermissionCollection createGroovySourcePermissions() { if (ProductConstraintManager.INSTANCE.isInitialized()) { if (ProductConstraintManager.INSTANCE.getActiveLicense() .getPrecedence() >= StudioLicenseConstants.UNLIMITED_LICENSE_PRECEDENCE || ProductConstraintManager.INSTANCE.isTrialLicense()) { return createAllPermissions(); } } Permissions permissions = new Permissions(); // grant some permissions because the script is something the user himself created permissions.add(new PropertyPermission("*", "read, write")); permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete")); addCommonPermissions(permissions); return permissions; }
/** * Get the proxies for accessing a given URL. The result is obtained by * evaluating the PAC file with the given url (and the host) as input. * * @param url the url for which a proxy is desired * @return a list of proxies in a string like * <pre>"PROXY example.com:3128; DIRECT"</pre> * * @see #getProxies(URL) */ private String getProxiesWithoutCaching(URL url) { if (pacHelperFunctionContents == null) { OutputController.getLogger().log(OutputController.Level.ERROR_ALL, "Error loading pac functions"); return "DIRECT"; } EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(), pacHelperFunctionContents, url); // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction" // isn't supposed to do very much and so doesn't require all the default permissions given by // java.policy Permissions p = new Permissions(); p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript")); p.add(new SocketPermission("*", "resolve")); p.add(new PropertyPermission("java.vm.name", "read")); ProtectionDomain pd = new ProtectionDomain(null, p); AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd }); return AccessController.doPrivileged(evaluatePacAction, context); }
/** * Asserts that an {@link AccessControlException} is thrown when a SecurityManager restricted action is taken under * {@link SecurityManagerHelper#doPrivileged(PrivilegedAction, Collection)} where a permission is given, but it does not match the action that is being * executed. * This test asserts that no exception is thrown when {@link SecurityManager} is disabled. */ @Test public void testDoPrivilegedWhenNoMatchingPermission() { Class<? extends Exception> expectedException = null; if (SecurityManagerHelper.isSecurityManagerEnabled()) { expectedException = AccessControlException.class; } testDoPrivileged(expectedException, new PrivilegedAction<Void>() { @Override public Void run() { System.getProperty("test"); return null; } }, Arrays.<Permission> asList(new PropertyPermission("anotherValue", "read"))); }
