Examples of java.io.FilePermission

• java.io.FilePermission
  This class represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.

  Pathname is the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar) indicates all the files and directories contained in that directory. A pathname that ends with "/-" indicates (recursively) all files and subdirectories contained in that directory. A pathname consisting of the special token "<<ALL FILES>>" matches any file.

  Note: A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.

  The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are "read", "write", "execute", and "delete". Their meaning is defined as follows:

  read

  read permission

  write

  write permission

  execute

  execute permission. Allows Runtime.exec to be called. Corresponds to SecurityManager.checkExec.

  delete

  delete permission. Allows File.delete to be called. Corresponds to SecurityManager.checkDelete.

  The actions string is converted to lowercase before processing.

  Be careful when granting FilePermissions. Think about the implications of granting read and especially write access to various files and directories. The "<<ALL FILES>>" permission with write action is especially dangerous. This grants permission to write to the entire file system. One thing this effectively allows is replacement of the system binary, including the JVM runtime environment.

  Please note: Code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so. @see java.security.Permission @see java.security.Permissions @see java.security.PermissionCollection @version 1.80 05/11/17 @author Marianne Mueller @author Roland Schemers @since 1.2 @serial exclude

    }

    public static boolean isSecure(String root, File file) throws IOException {
        PermissionCollection rootDirectory;
        if( root.endsWith( File.separator ) ) {
            FilePermission fp = new FilePermission( root + "-", "read" );
            rootDirectory = fp.newPermissionCollection();
            rootDirectory.add( fp );
            rootDirectory.add( new FilePermission( root.substring( 0, root.length() - 1 ), "read" ) );
        } else {
            FilePermission fp = new FilePermission( root, "read" );
            rootDirectory = fp.newPermissionCollection();
            rootDirectory.add( fp );
            rootDirectory.add( new FilePermission( root + File.separator + "-", "read" ) );
        }
        return ( rootDirectory.implies( new FilePermission( file.getCanonicalPath(), "read" ) ) );
    }

                perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
              }
              else if ( "file".equals(codesource.getLocation().getProtocol()) ) {
                // if running locally add file permission
                String path = codesource.getLocation().getFile().replace('/', File.separatorChar);
                  perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
              }

            } catch (Exception e) {
          e.printStackTrace();
        }

        final LocalFile localFile = (LocalFile) fileObject;
        final File file = localFile.getLocalFile();
        final SecurityManager sm = System.getSecurityManager();
        if (sm != null)
        {
            final FilePermission requiredPerm = new FilePermission(file.getAbsolutePath(), "read");
            sm.checkPermission(requiredPerm);
        }
        return file;
    }

      // it means the codebase is a directory, and we need
      // to add an additional permission to read recursively
      String path = p.getName();
      if (path.endsWith(File.separator)) {
    path += "-";
    p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
      }
  } else if ((p == null) && (url.getProtocol().equals("file"))) {
      String path = url.getFile().replace('/', File.separatorChar);
            path = ParseUtil.decode(path);
      if (path.endsWith(File.separator))
    path += "-";
      p =  new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
  } else {
      URL locUrl = url;
      if (urlConnection instanceof JarURLConnection) {
    locUrl = ((JarURLConnection)urlConnection).getJarFileURL();
      }

     * @see     #checkPermission(java.security.Permission) checkPermission
     */
    public void checkExec(String cmd) {
  File f = new File(cmd);
  if (f.isAbsolute()) {
      checkPermission(new FilePermission(cmd,
    SecurityConstants.FILE_EXECUTE_ACTION));
  } else {
      checkPermission(new FilePermission("<<ALL FILES>>",
    SecurityConstants.FILE_EXECUTE_ACTION));
  }
    }

     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkRead(String file) {
  checkPermission(new FilePermission(file,
      SecurityConstants.FILE_READ_ACTION));
    }

     * @see        java.lang.SecurityManager#getSecurityContext()
     * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
     */
    public void checkRead(String file, Object context) {
  checkPermission(
      new FilePermission(file, SecurityConstants.FILE_READ_ACTION),
      context);
    }

     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkWrite(String file) {
  checkPermission(new FilePermission(file,
      SecurityConstants.FILE_WRITE_ACTION));
    }

     *             <code>null</code>.
     * @see        java.io.File#delete()
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkDelete(String file) {
  checkPermission(new FilePermission(file,
      SecurityConstants.FILE_DELETE_ACTION));
    }

    //*-- create the Linux script
    if (Constants.OSNAME.endsWith("x"))
    {
     String tfile = outfile + ".sh";
     fos = new FileOutputStream(new File(tfile));
     new FilePermission(tfile, permissions);
     pw = new PrintWriter(fos);
     pw.println("#!/bin/sh");
     pw.println("#*-- Generated Linux script to run ps2txt");
     pw.println("export HOME=\"" + Constants.PS2TXTDIR + "\"");
     pw.println("cd $HOME");
     pw.println("ps2txt -dvi \"" + ifile + "\"");
    }
    //*-- create the windows script
    else
    {
     String tfile = outfile + ".bat";
     fos = new FileOutputStream(new File(tfile));
     new FilePermission(tfile, permissions);
     pw = new PrintWriter(fos);
     pw.println("@ECHO OFF");
     pw.println("REM *-- Generated Windows script to run ps2txt");
     pw.println("set HOME=" + Constants.PS2TXTDIR);
     pw.println("set PATH=" + Constants.CYGWINDIR + ";%PATH%");