SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 2

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Define a custom permission LibraryPermission ExceptionReporterPermission "exc.reporter" to prohibit illegitimate callers from setting the default exception handler. This can be achieved by subclassing BasicPermission which allows binary style permissions (either allow or disallow). By default one cannot define permissions with actions using BasicPermission but the actions can be implemented in the subclass if required. BasicPermission is abstract even though it contains no abstract methods; it defines all the methods it extends from the Permission class. The custom defined subclass of BasicPermission class has to define two constructors in order to call the most appropriate (single or double argument) superclass constructor (the superclass lacks a default constructor). The two-argument constructor also accepts an action even though a basic permission does not use it. This is required for constructing permission objects from the policy file.

This compliant solution uses a security manager to check whether the caller has the requisite permission to set the handler. The code confronts the user with a SecurityException if the check fails. The custom permission class LibraryPermission ExceptionReporterPermission is also defined with the two required constructors.

Code Block
bgColor#ccccff
class LoadLibrary {
  private void loadLibrary() {
    AccessController.doPrivileged(new PrivilegedAction() {
      public Object run() {
        // privileged code
        System.loadLibrary("awt");
      
        SecurityManager sm = System.getSecurityManager();
        if(sm != null) {
          sm.checkPermission(new LibraryPermissionExceptionReporterPermission("exc.reporter"));
        }

        // perform some sensitive operation like setting the default exception handler
        MyExceptionReporter.setExceptionReporter(reporter); 
        return null; 
      }
    });		  
  }
}

class LibraryPermissionExceptionReporterPermission extends BasicPermission {
  public LibraryPermissionExceptionReporterPermission(String permName) {
    super(permName);
  }

  // Even though the actions parameter is ignored, this constructor has to be defined
  public LibraryPermissionExceptionReporterPermission(String permName, String actions) {
    super(permName, actions);
  }
}

Assuming that the above sources live in the c:\package directory on a Windows based system, the policy file needs to grant two permissions, LibraryPermission ExceptionReporterPermission "exc.reporter" and the RuntimePermission "loadlibrary.awt".

Code Block
grant codeBase "file:c:\\package" {  // For *nix, file:${user.home}/package/ 
  permission LibraryPermissionExceptionReporterPermission "exc.reporter";
  permission java.lang.RuntimePermission "loadLibrary.awt"; 
};

...