public class

SecurityManager

extends Object
java.lang.Object
   ↳ java.lang.SecurityManager

Class Overview

Warning: security managers do not provide a secure environment for executing untrusted code. Untrusted code cannot be safely isolated within the Dalvik VM.

Provides security verification facilities for applications. SecurityManager contains a set of checkXXX methods which determine if it is safe to perform a specific operation such as establishing network connections, modifying files, and many more. In general, these methods simply return if they allow the application to perform the operation; if an operation is not allowed, then they throw a SecurityException. The only exception is checkTopLevelWindow(Object), which returns a boolean to indicate permission.

Summary

Fields
protected boolean inCheck This field is deprecated. Use checkPermission(Permission)
Public Constructors
SecurityManager()
Constructs a new SecurityManager instance.
Public Methods
void checkAccept(String host, int port)
Checks whether the calling thread is allowed to accept socket connections.
void checkAccess(ThreadGroup group)
Checks whether the calling thread is allowed to modify the specified thread group.
void checkAccess(Thread thread)
Checks whether the calling thread is allowed to modify the specified thread.
void checkAwtEventQueueAccess()
Checks whether the calling thread is allowed to access the AWT event queue.
void checkConnect(String host, int port, Object context)
Checks whether the specified security context is allowed to establish socket connections.
void checkConnect(String host, int port)
Checks whether the calling thread is allowed to establish socket connections.
void checkCreateClassLoader()
Checks whether the calling thread is allowed to create a class loader.
void checkDelete(String file)
Checks whether the calling thread is allowed to delete the file with the specified name, which should be passed in canonical form.
void checkExec(String cmd)
Checks whether the calling thread is allowed to execute the specified platform specific command.
void checkExit(int status)
Checks whether the calling thread is allowed to terminate the virtual machine.
void checkLink(String libName)
Checks whether the calling thread is allowed to load the specified native library.
void checkListen(int port)
Checks whether the calling thread is allowed to listen on the specified port.
void checkMemberAccess(Class<?> cls, int type)
Checks whether the calling thread is allowed to access members.
void checkMulticast(InetAddress maddr)
Checks whether the calling thread is allowed to use the specified IP multicast group address.
void checkMulticast(InetAddress maddr, byte ttl)
This method is deprecated. use checkMulticast(java.net.InetAddress)
void checkPackageAccess(String packageName)
Checks whether the calling thread is allowed to access the specified package.
void checkPackageDefinition(String packageName)
Checks whether the calling thread is allowed to define new classes in the specified package.
void checkPermission(Permission permission)
Checks whether the calling thread is allowed to access the resource being guarded by the specified permission object.
void checkPermission(Permission permission, Object context)
Checks whether the specified security context is allowed to access the resource being guarded by the specified permission object.
void checkPrintJobAccess()
Checks whether the calling thread is allowed to start a new print job.
void checkPropertiesAccess()
Checks whether the calling thread is allowed to access the system properties.
void checkPropertyAccess(String key)
Checks whether the calling thread is allowed to access a particular system property.
void checkRead(String file)
Checks whether the calling thread is allowed to read from the file with the specified name, which should be passed in canonical form.
void checkRead(FileDescriptor fd)
Checks whether the calling thread is allowed to read from the file with the specified file descriptor.
void checkRead(String file, Object context)
Checks whether the given security context is allowed to read from the file named by the argument, which should be passed in canonical form.
void checkSecurityAccess(String target)
Checks whether the calling thread is allowed to perform the security operation named by the target.
void checkSetFactory()
Checks whether the calling thread is allowed to set the net object factories.
void checkSystemClipboardAccess()
Checks whether the calling thread is allowed to access the system clipboard.
boolean checkTopLevelWindow(Object window)
Checks whether the calling thread is trusted to show the specified top level window.
void checkWrite(FileDescriptor fd)
Checks whether the calling thread is allowed to write to the file with the specified file descriptor.
void checkWrite(String file)
Checks whether the calling thread is allowed to write to the file with the specified name, which should be passed in canonical form.
boolean getInCheck()
This method is deprecated. Use checkPermission(Permission).
Object getSecurityContext()
Returns an object which encapsulates the security state of the current point in the execution.
ThreadGroup getThreadGroup()
Returns the thread group which should be used to instantiate new threads.
Protected Methods
int classDepth(String name)
This method is deprecated. Use checkPermission(Permission).
int classLoaderDepth()
This method is deprecated. Use checkPermission(Permission).
ClassLoader currentClassLoader()
This method is deprecated. Use checkPermission(Permission).
Class<?> currentLoadedClass()
This method is deprecated. Use checkPermission(Permission).
Class[] getClassContext()
Returns an array containing one entry for each method in the current execution stack.
boolean inClass(String name)
This method is deprecated. Use checkPermission(Permission).
boolean inClassLoader()
This method is deprecated. Use checkPermission(Permission)
[Expand]
Inherited Methods
From class java.lang.Object

Fields

protected boolean inCheck

Since: API Level 1

This field is deprecated.
Use checkPermission(Permission)

Flag to indicate whether a security check is in progress.

Public Constructors

public SecurityManager ()

Since: API Level 1

Constructs a new SecurityManager instance.

The RuntimePermission("createSecurityManager") is checked if a security manager is installed.

Public Methods

public void checkAccept (String host, int port)

Since: API Level 1

Checks whether the calling thread is allowed to accept socket connections.

Parameters
host the address of the host that attempts to connect.
port the port number to check.
Throws
NullPointerException if host is null.
SecurityException if the calling thread is not allowed to accept socket connections from host through port.

public void checkAccess (ThreadGroup group)

Since: API Level 1

Checks whether the calling thread is allowed to modify the specified thread group.

Parameters
group the thread group to access.
Throws
NullPointerException if group is null.
SecurityException if the calling thread is not allowed to access group.

public void checkAccess (Thread thread)

Since: API Level 1

Checks whether the calling thread is allowed to modify the specified thread.

Parameters
thread the thread to access.
Throws
SecurityException if the calling thread is not allowed to access thread.

public void checkAwtEventQueueAccess ()

Since: API Level 1

Checks whether the calling thread is allowed to access the AWT event queue.

Throws
SecurityException if the calling thread is not allowed to access the AWT event queue.

public void checkConnect (String host, int port, Object context)

Since: API Level 1

Checks whether the specified security context is allowed to establish socket connections. A -1 port indicates the caller is trying to resolve the hostname.

Parameters
host the address of the host to connect to.
port the port number to check, or -1 for resolve.
context the security context to use for the check.
Throws
NullPointerException if host is null.
SecurityException if context is not allowed to connect to host through port.

public void checkConnect (String host, int port)

Since: API Level 1

Checks whether the calling thread is allowed to establish socket connections. A -1 port indicates the caller is trying to resolve the hostname.

Parameters
host the address of the host to connect to.
port the port number to check, or -1 for resolve.
Throws
NullPointerException if host is null.
SecurityException if the calling thread is not allowed to connect to host through port.

public void checkCreateClassLoader ()

Since: API Level 1

Checks whether the calling thread is allowed to create a class loader.

Throws
SecurityException if the calling thread is not allowed to create a class loader.

public void checkDelete (String file)

Since: API Level 1

Checks whether the calling thread is allowed to delete the file with the specified name, which should be passed in canonical form.

Parameters
file the name of the file to delete.
Throws
SecurityException if the calling thread is not allowed to delete file.

public void checkExec (String cmd)

Since: API Level 1

Checks whether the calling thread is allowed to execute the specified platform specific command.

Parameters
cmd the command line to execute.
Throws
SecurityException if the calling thread is not allowed to execute cmd.

public void checkExit (int status)

Since: API Level 1

Checks whether the calling thread is allowed to terminate the virtual machine.

Parameters
status the status that the virtual machine returns when it is terminated.
Throws
SecurityException if the calling thread is not allowed to terminate the virtual machine with status.

public void checkLink (String libName)

Since: API Level 1

Checks whether the calling thread is allowed to load the specified native library.

Parameters
libName the name of the library to load.
Throws
SecurityException if the calling thread is not allowed to load libName.

public void checkListen (int port)

Since: API Level 1

Checks whether the calling thread is allowed to listen on the specified port.

Parameters
port the port number to check.
Throws
SecurityException if the calling thread is not allowed listen on port.

public void checkMemberAccess (Class<?> cls, int type)

Since: API Level 1

Checks whether the calling thread is allowed to access members. The default is to allow access to public members (that is, java.lang.reflect.Member.PUBLIC) and to classes loaded by the same loader as the original caller (that is, the method that called the reflect API). Due to the nature of the check, overriding implementations cannot call super.checkMemberAccess() since the stack would no longer be of the expected shape.

Parameters
cls the class of which members are accessed.
type the access type, either java.lang.reflect.Member.PUBLIC or java.lang.reflect.Member.DECLARED.
Throws
SecurityException if the calling thread is not allowed to access members of cls.

public void checkMulticast (InetAddress maddr)

Since: API Level 1

Checks whether the calling thread is allowed to use the specified IP multicast group address.

Parameters
maddr the internet group address to use.
Throws
SecurityException if the calling thread is not allowed to use maddr.

public void checkMulticast (InetAddress maddr, byte ttl)

Since: API Level 1

This method is deprecated.
use checkMulticast(java.net.InetAddress)

Checks whether the calling thread is allowed to use the specified IP multicast group address.

Parameters
maddr the internet group address to use.
ttl the value in use for multicast send. This parameter is ignored.
Throws
SecurityException if the calling thread is not allowed to use maddr.

public void checkPackageAccess (String packageName)

Since: API Level 1

Checks whether the calling thread is allowed to access the specified package.

Parameters
packageName the name of the package to access.
Throws
SecurityException if the calling thread is not allowed to access packageName.

public void checkPackageDefinition (String packageName)

Since: API Level 1

Checks whether the calling thread is allowed to define new classes in the specified package.

Parameters
packageName the name of the package to add a class to.
Throws
SecurityException if the calling thread is not allowed to add classes to packageName.

public void checkPermission (Permission permission)

Since: API Level 1

Checks whether the calling thread is allowed to access the resource being guarded by the specified permission object.

Parameters
permission the permission to check.
Throws
SecurityException if the requested permission is denied according to the current security policy.

public void checkPermission (Permission permission, Object context)

Since: API Level 1

Checks whether the specified security context is allowed to access the resource being guarded by the specified permission object.

Parameters
permission the permission to check.
context the security context for which to check permission.
Throws
SecurityException if context is not an instance of AccessControlContext or if the requested permission is denied for context according to the current security policy.

public void checkPrintJobAccess ()

Since: API Level 1

Checks whether the calling thread is allowed to start a new print job.

Throws
SecurityException if the calling thread is not allowed to start a new print job.

public void checkPropertiesAccess ()

Since: API Level 1

Checks whether the calling thread is allowed to access the system properties.

Throws
SecurityException if the calling thread is not allowed to access system properties.

public void checkPropertyAccess (String key)

Since: API Level 1

Checks whether the calling thread is allowed to access a particular system property.

Parameters
key the name of the property to access.
Throws
SecurityException if the calling thread is not allowed to access the key system property.

public void checkRead (String file)

Since: API Level 1

Checks whether the calling thread is allowed to read from the file with the specified name, which should be passed in canonical form.

Parameters
file the name of the file or directory to read from.
Throws
SecurityException if the calling thread is not allowed to read from file.

public void checkRead (FileDescriptor fd)

Since: API Level 1

Checks whether the calling thread is allowed to read from the file with the specified file descriptor.

Parameters
fd the file descriptor of the file to read from.
Throws
SecurityException if the calling thread is not allowed to read from fd.

public void checkRead (String file, Object context)

Since: API Level 1

Checks whether the given security context is allowed to read from the file named by the argument, which should be passed in canonical form.

Parameters
file the name of the file or directory to check.
context the security context to use for the check.
Throws
SecurityException if context is not allowed to read from file.

public void checkSecurityAccess (String target)

Since: API Level 1

Checks whether the calling thread is allowed to perform the security operation named by the target.

Parameters
target the name of the operation to perform.
Throws
SecurityException if the calling thread is not allowed to perform target.

public void checkSetFactory ()

Since: API Level 1

Checks whether the calling thread is allowed to set the net object factories.

Throws
SecurityException if the calling thread is not allowed to set the net object factories.

public void checkSystemClipboardAccess ()

Since: API Level 1

Checks whether the calling thread is allowed to access the system clipboard.

Throws
SecurityException if the calling thread is not allowed to access the system clipboard.

public boolean checkTopLevelWindow (Object window)

Since: API Level 1

Checks whether the calling thread is trusted to show the specified top level window.

Parameters
window the window to show.
Returns
  • true if the calling thread is allowed to show window; false otherwise.
Throws
NullPointerException if window is null.

public void checkWrite (FileDescriptor fd)

Since: API Level 1

Checks whether the calling thread is allowed to write to the file with the specified file descriptor.

Parameters
fd the file descriptor of the file to write to.
Throws
SecurityException if the calling thread is not allowed to write to fd.

public void checkWrite (String file)

Since: API Level 1

Checks whether the calling thread is allowed to write to the file with the specified name, which should be passed in canonical form.

Parameters
file the name of the file or directory to write to.
Throws
SecurityException if the calling thread is not allowed to write to file.

public boolean getInCheck ()

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Indicates if this security manager is currently checking something.

Returns
  • true if this security manager is executing a security check method; false otherwise.

public Object getSecurityContext ()

Since: API Level 1

Returns an object which encapsulates the security state of the current point in the execution. In our case, this is an AccessControlContext.

Returns
  • an object that encapsulates information about the current execution environment.

public ThreadGroup getThreadGroup ()

Since: API Level 1

Returns the thread group which should be used to instantiate new threads. By default, this is the same as the thread group of the thread running this method.

Returns
  • ThreadGroup the thread group to create new threads in.

Protected Methods

protected int classDepth (String name)

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Returns the index in the call stack of the first method which is contained in the class with the specified name. Returns -1 if no methods from this class are in the stack.

Parameters
name the name of the class to look for.
Returns
  • the frame index of the first method found is contained in the class identified by name.

protected int classLoaderDepth ()

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Returns the index in the call stack of the first class whose class loader is not a system class loader.

Returns
  • the frame index of the first method whose class was loaded by a non-system class loader.

protected ClassLoader currentClassLoader ()

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Returns the class loader of the first class in the execution stack whose class loader is not a system class loader.

Returns
  • the most recent non-system class loader.

protected Class<?> currentLoadedClass ()

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Returns the first class in the call stack that was loaded by a class loader which is not a system class loader.

Returns
  • the most recent class loaded by a non-system class loader.

protected Class[] getClassContext ()

Since: API Level 1

Returns an array containing one entry for each method in the current execution stack. Each entry is the java.lang.Class which represents the class in which the method is defined.

Returns
  • all classes in the execution stack.

protected boolean inClass (String name)

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission).

Indicates whether there is a method in the call stack from the class with the specified name.

Parameters
name the name of the class to look for.
Returns
  • true if a method from the class identified by name is executing; false otherwise.

protected boolean inClassLoader ()

Since: API Level 1

This method is deprecated.
Use checkPermission(Permission)

Indicates whether there is a method in the call stack from a class which was defined by a non-system class loader.

Returns
  • true if a method from a class that was defined by a non-system class loader is executing; false otherwise.