java.lang.Object | |
↳ | java.lang.SecurityManager |
Warning: security managers do not provide a secure environment for executing untrusted code. Untrusted code cannot be safely isolated within the Dalvik VM.
Provides security verification facilities for applications. SecurityManager
contains a set of checkXXX
methods which determine
if it is safe to perform a specific operation such as establishing network
connections, modifying files, and many more. In general, these methods simply
return if they allow the application to perform the operation; if an
operation is not allowed, then they throw a SecurityException
. The
only exception is checkTopLevelWindow(Object)
, which returns a
boolean to indicate permission.
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
inCheck |
This field is deprecated.
Use checkPermission(Permission)
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Constructs a new
SecurityManager instance. |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks whether the calling thread is allowed to accept socket
connections.
| |||||||||||
Checks whether the calling thread is allowed to modify the specified
thread group.
| |||||||||||
Checks whether the calling thread is allowed to modify the specified
thread.
| |||||||||||
Checks whether the calling thread is allowed to access the AWT event
queue.
| |||||||||||
Checks whether the specified security context is allowed to establish
socket connections.
| |||||||||||
Checks whether the calling thread is allowed to establish socket
connections.
| |||||||||||
Checks whether the calling thread is allowed to create a class loader.
| |||||||||||
Checks whether the calling thread is allowed to delete the file with the
specified name, which should be passed in canonical form.
| |||||||||||
Checks whether the calling thread is allowed to execute the specified
platform specific command.
| |||||||||||
Checks whether the calling thread is allowed to terminate the virtual
machine.
| |||||||||||
Checks whether the calling thread is allowed to load the specified native
library.
| |||||||||||
Checks whether the calling thread is allowed to listen on the specified
port.
| |||||||||||
Checks whether the calling thread is allowed to access members.
| |||||||||||
Checks whether the calling thread is allowed to use the specified IP
multicast group address.
| |||||||||||
This method is deprecated.
use
checkMulticast(java.net.InetAddress)
| |||||||||||
Checks whether the calling thread is allowed to access the specified
package.
| |||||||||||
Checks whether the calling thread is allowed to define new classes in the
specified package.
| |||||||||||
Checks whether the calling thread is allowed to access the resource being
guarded by the specified permission object.
| |||||||||||
Checks whether the specified security context is allowed to access the
resource being guarded by the specified permission object.
| |||||||||||
Checks whether the calling thread is allowed to start a new print job.
| |||||||||||
Checks whether the calling thread is allowed to access the system
properties.
| |||||||||||
Checks whether the calling thread is allowed to access a particular
system property.
| |||||||||||
Checks whether the calling thread is allowed to read from the file with
the specified file descriptor.
| |||||||||||
Checks whether the given security context is allowed to read from the
file named by the argument, which should be passed in canonical form.
| |||||||||||
Checks whether the calling thread is allowed to read from the file with
the specified name, which should be passed in canonical form.
| |||||||||||
Checks whether the calling thread is allowed to perform the security
operation named by the target.
| |||||||||||
Checks whether the calling thread is allowed to set the net object
factories.
| |||||||||||
Checks whether the calling thread is allowed to access the system
clipboard.
| |||||||||||
Checks whether the calling thread is trusted to show the specified top
level window.
| |||||||||||
Checks whether the calling thread is allowed to write to the file with
the specified name, which should be passed in canonical form.
| |||||||||||
Checks whether the calling thread is allowed to write to the file with
the specified file descriptor.
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
Returns an object which encapsulates the security state of the current
point in the execution.
| |||||||||||
Returns the thread group which should be used to instantiate new threads.
|
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
Returns an array containing one entry for each method in the current
execution stack.
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission) .
| |||||||||||
This method is deprecated.
Use
checkPermission(Permission)
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class java.lang.Object
|
This field is deprecated.
Use checkPermission(Permission)
Flag to indicate whether a security check is in progress.
Constructs a new SecurityManager
instance.
The RuntimePermission("createSecurityManager")
is checked if a
security manager is installed.
Checks whether the calling thread is allowed to accept socket connections.
host | the address of the host that attempts to connect. |
---|---|
port | the port number to check. |
NullPointerException | if host is null . |
---|---|
SecurityException | if the calling thread is not allowed to accept socket
connections from host through port .
|
Checks whether the calling thread is allowed to modify the specified thread group.
group | the thread group to access. |
---|
NullPointerException | if group is null . |
---|---|
SecurityException | if the calling thread is not allowed to access group .
|
Checks whether the calling thread is allowed to modify the specified thread.
thread | the thread to access. |
---|
SecurityException | if the calling thread is not allowed to access thread .
|
---|
Checks whether the calling thread is allowed to access the AWT event queue.
SecurityException | if the calling thread is not allowed to access the AWT event queue. |
---|
Checks whether the specified security context is allowed to establish socket connections. A -1 port indicates the caller is trying to resolve the hostname.
host | the address of the host to connect to. |
---|---|
port | the port number to check, or -1 for resolve. |
context | the security context to use for the check. |
NullPointerException | if host is null . |
---|---|
SecurityException | if context is not allowed to connect to host
through port .
|
Checks whether the calling thread is allowed to establish socket connections. A -1 port indicates the caller is trying to resolve the hostname.
host | the address of the host to connect to. |
---|---|
port | the port number to check, or -1 for resolve. |
NullPointerException | if host is null . |
---|---|
SecurityException | if the calling thread is not allowed to connect to host through port .
|
Checks whether the calling thread is allowed to create a class loader.
SecurityException | if the calling thread is not allowed to create a class loader. |
---|
Checks whether the calling thread is allowed to delete the file with the specified name, which should be passed in canonical form.
file | the name of the file to delete. |
---|
SecurityException | if the calling thread is not allowed to delete file .
|
---|
Checks whether the calling thread is allowed to execute the specified platform specific command.
cmd | the command line to execute. |
---|
SecurityException | if the calling thread is not allowed to execute cmd .
|
---|
Checks whether the calling thread is allowed to terminate the virtual machine.
status | the status that the virtual machine returns when it is terminated. |
---|
SecurityException | if the calling thread is not allowed to terminate the virtual
machine with status .
|
---|
Checks whether the calling thread is allowed to load the specified native library.
libName | the name of the library to load. |
---|
SecurityException | if the calling thread is not allowed to load libName .
|
---|
Checks whether the calling thread is allowed to listen on the specified port.
port | the port number to check. |
---|
SecurityException | if the calling thread is not allowed listen on port .
|
---|
Checks whether the calling thread is allowed to access members. The
default is to allow access to public members (that is, java.lang.reflect.Member.PUBLIC
) and to classes loaded by the same
loader as the original caller (that is, the method that called the
reflect API). Due to the nature of the check, overriding implementations
cannot call super.checkMemberAccess()
since the stack would no
longer be of the expected shape.
cls | the class of which members are accessed. |
---|---|
type | the access type, either java.lang.reflect.Member.PUBLIC or java.lang.reflect.Member.DECLARED . |
SecurityException | if the calling thread is not allowed to access members of
cls .
|
---|
Checks whether the calling thread is allowed to use the specified IP multicast group address.
maddr | the internet group address to use. |
---|
SecurityException | if the calling thread is not allowed to use maddr .
|
---|
This method is deprecated.
use checkMulticast(java.net.InetAddress)
Checks whether the calling thread is allowed to use the specified IP multicast group address.
maddr | the internet group address to use. |
---|---|
ttl | the value in use for multicast send. This parameter is ignored. |
SecurityException | if the calling thread is not allowed to use maddr . |
---|
Checks whether the calling thread is allowed to access the specified package.
packageName | the name of the package to access. |
---|
SecurityException | if the calling thread is not allowed to access packageName .
|
---|
Checks whether the calling thread is allowed to define new classes in the specified package.
packageName | the name of the package to add a class to. |
---|
SecurityException | if the calling thread is not allowed to add classes to
packageName .
|
---|
Checks whether the calling thread is allowed to access the resource being guarded by the specified permission object.
permission | the permission to check. |
---|
SecurityException | if the requested permission is denied according to
the current security policy.
|
---|
Checks whether the specified security context is allowed to access the resource being guarded by the specified permission object.
permission | the permission to check. |
---|---|
context | the security context for which to check permission. |
SecurityException | if context is not an instance of AccessControlContext or if the requested permission
is denied for context according to the current
security policy.
|
---|
Checks whether the calling thread is allowed to start a new print job.
SecurityException | if the calling thread is not allowed to start a new print job. |
---|
Checks whether the calling thread is allowed to access the system properties.
SecurityException | if the calling thread is not allowed to access system properties. |
---|
Checks whether the calling thread is allowed to access a particular system property.
key | the name of the property to access. |
---|
SecurityException | if the calling thread is not allowed to access the key system property.
|
---|
Checks whether the calling thread is allowed to read from the file with the specified file descriptor.
fd | the file descriptor of the file to read from. |
---|
SecurityException | if the calling thread is not allowed to read from fd .
|
---|
Checks whether the given security context is allowed to read from the file named by the argument, which should be passed in canonical form.
file | the name of the file or directory to check. |
---|---|
context | the security context to use for the check. |
SecurityException | if context is not allowed to read from file .
|
---|
Checks whether the calling thread is allowed to read from the file with the specified name, which should be passed in canonical form.
file | the name of the file or directory to read from. |
---|
SecurityException | if the calling thread is not allowed to read from file .
|
---|
Checks whether the calling thread is allowed to perform the security operation named by the target.
target | the name of the operation to perform. |
---|
SecurityException | if the calling thread is not allowed to perform
target .
|
---|
Checks whether the calling thread is allowed to set the net object factories.
SecurityException | if the calling thread is not allowed to set the net object factories. |
---|
Checks whether the calling thread is allowed to access the system clipboard.
SecurityException | if the calling thread is not allowed to access the system clipboard. |
---|
Checks whether the calling thread is trusted to show the specified top level window.
window | the window to show. |
---|
true
if the calling thread is allowed to show window
; false
otherwise.NullPointerException | if window is null .
|
---|
Checks whether the calling thread is allowed to write to the file with the specified name, which should be passed in canonical form.
file | the name of the file or directory to write to. |
---|
SecurityException | if the calling thread is not allowed to write to
file .
|
---|
Checks whether the calling thread is allowed to write to the file with the specified file descriptor.
fd | the file descriptor of the file to write to. |
---|
SecurityException | if the calling thread is not allowed to write to fd .
|
---|
This method is deprecated.
Use checkPermission(Permission)
.
Indicates if this security manager is currently checking something.
true
if this security manager is executing a security
check method; false
otherwise.Returns an object which encapsulates the security state of the current
point in the execution. In our case, this is an AccessControlContext
.
Returns the thread group which should be used to instantiate new threads. By default, this is the same as the thread group of the thread running this method.
This method is deprecated.
Use checkPermission(Permission)
.
Returns the index in the call stack of the first method which is contained in the class with the specified name. Returns -1 if no methods from this class are in the stack.
name | the name of the class to look for. |
---|
name
.
This method is deprecated.
Use checkPermission(Permission)
.
Returns the index in the call stack of the first class whose class loader is not a system class loader.
This method is deprecated.
Use checkPermission(Permission)
.
Returns the class loader of the first class in the execution stack whose class loader is not a system class loader.
This method is deprecated.
Use checkPermission(Permission)
.
Returns the first class in the call stack that was loaded by a class loader which is not a system class loader.
Returns an array containing one entry for each method in the current
execution stack. Each entry is the java.lang.Class
which
represents the class in which the method is defined.
This method is deprecated.
Use checkPermission(Permission)
.
Indicates whether there is a method in the call stack from the class with the specified name.
name | the name of the class to look for. |
---|
true
if a method from the class identified by name
is executing; false
otherwise.
This method is deprecated.
Use checkPermission(Permission)
Indicates whether there is a method in the call stack from a class which was defined by a non-system class loader.
true
if a method from a class that was defined by a
non-system class loader is executing; false
otherwise.