com.android.ide.common.rendering
Class RenderSecurityManager

java.lang.Object
  java.lang.SecurityManager
      com.android.ide.common.rendering.RenderSecurityManager

public class RenderSecurityManager
extends java.lang.SecurityManager

A SecurityManager which is used for layout lib rendering, to prevent custom views from accidentally exiting the whole IDE if they call System.exit, as well as unintentionally writing files etc.

The security manager only checks calls on the current thread for which it was made active with a call to setActive(boolean, Object), as well as any threads constructed from the render thread.

Field Summary

static java.lang.String	ENABLED_PROPERTY Property used to disable sandbox
static boolean	RESTRICT_READS Whether we should restrict reading to certain paths
static boolean	sEnabled Whether the security manager is enabled for this session (it might still be inactive, either because it's active for a different thread, or because it has been disabled via setActive(boolean, Object) (which sets the per-instance mEnabled flag)

Fields inherited from class java.lang.SecurityManager

inCheck

Constructor Summary

RenderSecurityManager(java.lang.String sdkPath, java.lang.String projectPath)
Creates a security manager suitable for controlling access to custom views being rendered by layoutlib, ensuring that they don't accidentally try to write files etc (which could corrupt data if they for example assume device paths that are not the same for the running IDE; for example, they could try to clear out their own local app storage, which in the IDE could be the user's home directory.)

Method Summary

void	checkAccept(java.lang.String host, int port)
void	checkAccess(java.lang.Thread thread)
void	checkAccess(java.lang.ThreadGroup threadGroup)
void	checkAwtEventQueueAccess()
void	checkConnect(java.lang.String host, int port)
void	checkConnect(java.lang.String host, int port, java.lang.Object context)
void	checkCreateClassLoader()
void	checkDelete(java.lang.String file)
void	checkExec(java.lang.String cmd)
void	checkExit(int status)
void	checkLink(java.lang.String lib)
void	checkListen(int port)
void	checkMemberAccess(java.lang.Class<?> clazz, int which)
void	checkMulticast(java.net.InetAddress inetAddress)
void	checkMulticast(java.net.InetAddress inetAddress, byte ttl)
void	checkPackageAccess(java.lang.String pkg)
void	checkPackageDefinition(java.lang.String pkg)
void	checkPermission(java.security.Permission permission)
void	checkPrintJobAccess()
void	checkPropertiesAccess()
void	checkPropertyAccess(java.lang.String property)
void	checkRead(java.lang.String file)
void	checkRead(java.lang.String file, java.lang.Object context)
void	checkSetFactory()
void	checkSystemClipboardAccess()
boolean	checkTopLevelWindow(java.lang.Object context)
void	checkWrite(java.io.FileDescriptor fileDescriptor)
void	checkWrite(java.lang.String file)
void	dispose(java.lang.Object credential) Disposes the security manager.
static boolean	enterSafeRegion(java.lang.Object credential) Enters a code region where the sandbox is not needed
static void	exitSafeRegion(boolean token) Exits a code region where the sandbox was not needed
static RenderSecurityManager	getCurrent() Returns the current render security manager, if any.
static java.lang.String	getLastFailedPath() Returns the most recently denied path.
void	setActive(boolean active, java.lang.Object credential) Sets whether the RenderSecurityManager is active or not.
RenderSecurityManager	setAppTempDir(java.lang.String appTempDir) Sets an optional application temp directory.
RenderSecurityManager	setLogger(com.android.utils.ILogger logger) Sets an optional logger.

Methods inherited from class java.lang.SecurityManager

checkPermission, checkRead, checkSecurityAccess, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENABLED_PROPERTY

public static final java.lang.String ENABLED_PROPERTY

Property used to disable sandbox

See Also:

Constant Field Values

RESTRICT_READS

public static final boolean RESTRICT_READS

Whether we should restrict reading to certain paths

See Also:

Constant Field Values

sEnabled

public static boolean sEnabled

Whether the security manager is enabled for this session (it might still be inactive, either because it's active for a different thread, or because it has been disabled via setActive(boolean, Object) (which sets the per-instance mEnabled flag)

Constructor Detail

RenderSecurityManager

public RenderSecurityManager(@Nullable
                             java.lang.String sdkPath,
                             @Nullable
                             java.lang.String projectPath)

Creates a security manager suitable for controlling access to custom views being rendered by layoutlib, ensuring that they don't accidentally try to write files etc (which could corrupt data if they for example assume device paths that are not the same for the running IDE; for example, they could try to clear out their own local app storage, which in the IDE could be the user's home directory.)

Note: By default a security manager is not active. You need to call setActive(boolean, Object) with true to activate it, instead of just calling System.setSecurityManager(SecurityManager).

Parameters:

sdkPath - an optional path to the SDK install being used by layoutlib; this is used to white-list path prefixes for layoutlib resource lookup

projectPath - a path to the project directory, used for similar purposes

Method Detail

getCurrent

@Nullable
public static RenderSecurityManager getCurrent()

Returns the current render security manager, if any. This will only return non-null if there is an active RenderSecurityManager as the current global security manager.

setLogger

public RenderSecurityManager setLogger(@Nullable
                                       com.android.utils.ILogger logger)

Sets an optional logger. Returns this for constructor chaining.

setAppTempDir

public RenderSecurityManager setAppTempDir(@Nullable
                                           java.lang.String appTempDir)

Sets an optional application temp directory. Returns this for constructor chaining.

setActive

public void setActive(boolean active,
                      @Nullable
                      java.lang.Object credential)

Sets whether the RenderSecurityManager is active or not. If it is being set as active, the passed in credential is remembered and anyone wishing to turn off the security manager must provide the same credential.

Parameters:

active - whether to turn on or off the security manager

credential - when turning off the security manager, the exact same credential passed in to the earlier activation call

dispose

public void dispose(@Nullable
                    java.lang.Object credential)

Disposes the security manager. An alias for calling setActive(boolean, java.lang.Object) with false.

Parameters:

credential - the sandbox credential initially passed to setActive(boolean, Object)

enterSafeRegion

public static boolean enterSafeRegion(@Nullable
                                      java.lang.Object credential)

Enters a code region where the sandbox is not needed

Parameters:

credential - a credential which proves that the caller has the right to do this

Returns:

a token which should be passed back to exitSafeRegion(boolean)

exitSafeRegion

public static void exitSafeRegion(boolean token)

Exits a code region where the sandbox was not needed

Parameters:

token - the token which was returned back from the paired enterSafeRegion(Object) call

getLastFailedPath

@Nullable
public static java.lang.String getLastFailedPath()

Returns the most recently denied path.

Returns:

the most recently denied path

checkPackageAccess

public void checkPackageAccess(java.lang.String pkg)

Overrides:

checkPackageAccess in class java.lang.SecurityManager

checkMemberAccess

public void checkMemberAccess(java.lang.Class<?> clazz,
                              int which)

Overrides:

checkMemberAccess in class java.lang.SecurityManager

checkPropertyAccess

public void checkPropertyAccess(java.lang.String property)

Overrides:

checkPropertyAccess in class java.lang.SecurityManager

checkLink

public void checkLink(java.lang.String lib)

Overrides:

checkLink in class java.lang.SecurityManager

checkCreateClassLoader

public void checkCreateClassLoader()

Overrides:

checkCreateClassLoader in class java.lang.SecurityManager

checkRead

public void checkRead(java.lang.String file)

Overrides:

checkRead in class java.lang.SecurityManager

checkRead

public void checkRead(java.lang.String file,
                      java.lang.Object context)

Overrides:

checkRead in class java.lang.SecurityManager

checkExit

public void checkExit(int status)

Overrides:

checkExit in class java.lang.SecurityManager

checkPropertiesAccess

public void checkPropertiesAccess()

Overrides:

checkPropertiesAccess in class java.lang.SecurityManager

checkPackageDefinition

public void checkPackageDefinition(java.lang.String pkg)

Overrides:

checkPackageDefinition in class java.lang.SecurityManager

checkExec

public void checkExec(java.lang.String cmd)

Overrides:

checkExec in class java.lang.SecurityManager

checkConnect

public void checkConnect(java.lang.String host,
                         int port)

Overrides:

checkConnect in class java.lang.SecurityManager

checkConnect

public void checkConnect(java.lang.String host,
                         int port,
                         java.lang.Object context)

Overrides:

checkConnect in class java.lang.SecurityManager

checkListen

public void checkListen(int port)

Overrides:

checkListen in class java.lang.SecurityManager

checkAccept

public void checkAccept(java.lang.String host,
                        int port)

Overrides:

checkAccept in class java.lang.SecurityManager

checkSetFactory

public void checkSetFactory()

Overrides:

checkSetFactory in class java.lang.SecurityManager

checkMulticast

public void checkMulticast(java.net.InetAddress inetAddress)

Overrides:

checkMulticast in class java.lang.SecurityManager

checkMulticast

public void checkMulticast(java.net.InetAddress inetAddress,
                           byte ttl)

Overrides:

checkMulticast in class java.lang.SecurityManager

checkDelete

public void checkDelete(java.lang.String file)

Overrides:

checkDelete in class java.lang.SecurityManager

checkAwtEventQueueAccess

public void checkAwtEventQueueAccess()

Overrides:

checkAwtEventQueueAccess in class java.lang.SecurityManager

checkWrite

public void checkWrite(java.io.FileDescriptor fileDescriptor)

Overrides:

checkWrite in class java.lang.SecurityManager

checkWrite

public void checkWrite(java.lang.String file)

Overrides:

checkWrite in class java.lang.SecurityManager

checkPrintJobAccess

public void checkPrintJobAccess()

Overrides:

checkPrintJobAccess in class java.lang.SecurityManager

checkSystemClipboardAccess

public void checkSystemClipboardAccess()

Overrides:

checkSystemClipboardAccess in class java.lang.SecurityManager

checkTopLevelWindow

public boolean checkTopLevelWindow(java.lang.Object context)

Overrides:

checkTopLevelWindow in class java.lang.SecurityManager

checkAccess

public void checkAccess(java.lang.Thread thread)

Overrides:

checkAccess in class java.lang.SecurityManager

checkAccess

public void checkAccess(java.lang.ThreadGroup threadGroup)

Overrides:

checkAccess in class java.lang.SecurityManager

checkPermission

public void checkPermission(java.security.Permission permission)

Overrides:

checkPermission in class java.lang.SecurityManager