/*
 * @(#)SecurityManager.java	1.121 00/02/02
 *
 * Copyright 1995-2000 Sun Microsystems, Inc. All Rights Reserved.
 * 
 * This software is the proprietary information of Sun Microsystems, Inc.  
 * Use is subject to license terms.
 * 
 */

package java.lang;

import java.security.*;
import java.io.FileDescriptor;
import java.io.File;
import java.io.FilePermission;
import java.awt.AWTPermission;
import java.util.PropertyPermission;
import java.lang.RuntimePermission;
import java.net.SocketPermission;
import java.net.NetPermission;
import java.util.Hashtable;
import java.net.InetAddress;
import java.lang.reflect.Member;
import java.lang.reflect.*;
import java.net.URL;

/**
 * The security manager is a class that allows 
 * applications to implement a security policy. It allows an 
 * application to determine, before performing a possibly unsafe or 
 * sensitive operation, what the operation is and whether 
 * it is being attempted in a security context that allows the
 * operation to be performed. The 
 * application can allow or disallow the operation. 
 * <p>
 * The <code>SecurityManager</code> class contains many methods with 
 * names that begin with the word <code>check</code>. These methods 
 * are called by various methods in the Java libraries before those 
 * methods perform certain potentially sensitive operations. The 
 * invocation of such a <code>check</code> method typically looks like this: 
 * <p><blockquote><pre>
 *     SecurityManager security = System.getSecurityManager();
 *     if (security != null) {
 *         security.check<i>XXX</i>(argument,  . . . );
 *     }
 * </pre></blockquote>
 * <p>
 * The security manager is thereby given an opportunity to prevent 
 * completion of the operation by throwing an exception. A security 
 * manager routine simply returns if the operation is permitted, but 
 * throws a <code>SecurityException</code> if the operation is not 
 * permitted. The only exception to this convention is 
 * <code>checkTopLevelWindow</code>, which returns a 
 * <code>boolean</code> value. 
 * <p>
 * The current security manager is set by the 
 * <code>setSecurityManager</code> method in class 
 * <code>System</code>. The current security manager is obtained 
 * by the <code>getSecurityManager</code> method. 
 * <p> 
 * The special method 
 * {@link SecurityManager#checkPermission(java.security.Permission)}
 * determines whether an access request indicated by a specified
 * permission should be granted or denied. The 
 * default implementation calls
 * 
 * <pre>
 *   AccessController.checkPermission(perm);
 * </pre>
 *
 * <p> 
 * If a requested access is allowed, 
 * <code>checkPermission</code> returns quietly. If denied, a 
 * <code>SecurityException</code> is thrown. 
 * <p>
 * As of Java 2 SDK v1.2, the default implementation of each of the other
 * <code>check</code> methods in <code>SecurityManager</code> is to 
 * call the <code>SecurityManager checkPermission</code> method
 * to determine if the calling thread has permission to perform the requested
 * operation.
 * <p> 
 * Note that the <code>checkPermission</code> method with
 * just a single permission argument always performs security checks
 * within the context of the currently executing thread.
 * Sometimes a security check that should be made within a given context
 * will actually need to be done from within a
 * <i>different</i> context (for example, from within a worker thread).
 * The {@link SecurityManager#getSecurityContext getSecurityContext} method 
 * and the {@link SecurityManager#checkPermission(java.security.Permission, 
 * java.lang.Object) checkPermission}
 * method that includes a context argument are provided 
 * for this situation. The 
 * <code>getSecurityContext</code> method returns a "snapshot"
 * of the current calling context. (The default implementation 
 * returns an AccessControlContext object.) A sample call is
 * the following:
 * 
 * <pre>
 *   Object context = null;
 *   SecurityManager sm = System.getSecurityManager();
 *   if (sm != null) context = sm.getSecurityContext(); 
 * </pre>
 * 
 * <p>
 * The <code>checkPermission</code> method
 * that takes a context object in addition to a permission 
 * makes access decisions based on that context,
 * rather than on that of the current execution thread.
 * Code within a different context can thus call that method,
 * passing the permission and the
 * previously-saved context object. A sample call, using the
 * SecurityManager <code>sm</code> obtained as in the previous example, 
 * is the following:
 * 
 * <pre>
 *   if (sm != null) sm.checkPermission(permission, context);
 * </pre> 
 *
 * <p>Permissions fall into these categories: File, Socket, Net, 
 * Security, Runtime, Property, AWT, Reflect, and Serializable. 
 * The classes managing these various
 * permission categories are <code>java.io.FilePermission</code>,
 * <code>java.net.SocketPermission</code>, 
 * <code>java.net.NetPermission</code>, 
 * <code>java.security.SecurityPermission</code>,
 * <code>java.lang.RuntimePermission</code>, 
 * <code>java.util.PropertyPermission</code>, 
 * <code>java.awt.AWTPermission</code>,
 * <code>java.lang.reflect.ReflectPermission</code>, and
 * <code>java.io.SerializablePermission</code>. 
 * 
 * <p>All but the first two (FilePermission and SocketPermission) are 
 * subclasses of <code>java.security.BasicPermission</code>, which itself 
 * is an abstract subclass of the
 * top-level class for permissions, which is 
 * <code>java.security.Permission</code>. BasicPermission defines the 
 * functionality needed for all permissions that contain a name 
 * that follows the hierarchical property naming convention 
 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). 
 * An asterisk 
 * may appear at the end of the name, following a ".", or by itself, to 
 * signify a wildcard match. For example: "a.*" or "*" is valid, 
 * "*a" or "a*b" is not valid.
 *
 * <p>FilePermission and SocketPermission are subclasses of the
 * top-level class for permissions 
 * (<code>java.security.Permission</code>). Classes like these
 * that have a more complicated name syntax than that used by
 * BasicPermission subclass directly from Permission rather than from
 * BasicPermission. For example, 
 * for a <code>java.io.FilePermission</code> object, the permission name is
 * the pathname of a file (or directory).
 *
 * <p>Some of the permission classes have an "actions" list that tells 
 * the actions that are permitted for the object.  For example, 
 * for a <code>java.io.FilePermission</code> object, the actions list
 * (such as "read, write") specifies which actions are granted for the
 * specified file (or for files in the specified directory).
 * 
 * <p>Other permission classes are for "named" permissions - 
 * ones that contain a name but no actions list; you either have the
 * named permission or you don't.
 * 
 * <p>Note: There is also a <code>java.security.AllPermission</code>
 * permission that implies all permissions. It exists to simplify the work
 * of system administrators who might need to perform multiple
 * tasks that require all (or numerous) permissions.
 * <p>
 * See <a href ="../../../guide/security/permissions.html">
 * Permissions in the Java 2 SDK</a> for permission-related information.
 * This document includes, for example, a table listing the various SecurityManager
 * <code>check</code> methods and the permission(s) the default 
 * implementation of each such method requires. 
 * It also contains a table of all the version 1.2 methods
 * that require permissions, and for each such method tells 
 * which permission it requires.
 * <p>
 * For more information about <code>SecurityManager</code> changes made in 
 * the Java 2 SDK and advice regarding porting of 1.1-style security managers,
 * see the <a href="../../../guide/security/index.html">security documentation</a>.
 *
 * @author  Arthur van Hoff
 * @author  Roland Schemers
 *
 * @version 1.121, 02/02/00
 * @see     java.lang.ClassLoader
 * @see     java.lang.SecurityException
 * @see     java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
 *  checkTopLevelWindow
 * @see     java.lang.System#getSecurityManager() getSecurityManager
 * @see     java.lang.System#setSecurityManager(java.lang.SecurityManager)
 *  setSecurityManager
 * @see     java.security.AccessController AccessController
 * @see     java.security.AccessControlContext AccessControlContext
 * @see     java.security.AccessControlException AccessControlException
 * @see     java.security.Permission 
 * @see     java.security.BasicPermission
 * @see     java.io.FilePermission
 * @see     java.net.SocketPermission
 * @see     java.util.PropertyPermission
 * @see     java.lang.RuntimePermission
 * @see     java.awt.AWTPermission
 * @see     java.security.Policy Policy
 * @see     java.security.SecurityPermission SecurityPermission
 * @see     java.security.ProtectionDomain
 *
 * @since   JDK1.0
 */
public 
class SecurityManager {

    /**
     * This field is <code>true</code> if there is a security check in 
     * progress; <code>false</code> otherwise.
     *
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     */
    protected boolean inCheck;

    /* 
     * Have we been initialized. Effective against finalizer attacks.
     */
    private boolean initialized = false;

    // static permissions. Create here and used in the various
    // check permission calls

    private static RuntimePermission createClassLoaderPermission;

    private static AWTPermission topLevelWindowPermission;

    private static AWTPermission accessClipboardPermission;

    private static AWTPermission checkAwtEventQueuePermission;

    private static RuntimePermission checkMemberAccessPermission;

    private static AllPermission allPermission;

    private static RuntimePermission threadPermission;

    private static RuntimePermission threadGroupPermission;

    /**
     * returns true if the current context has been granted AllPermission
     */
    private boolean hasAllPermission() 
    {
	if (allPermission == null)
	    allPermission = new AllPermission();
	try {
	    checkPermission(allPermission);
	    return true;
	} catch (SecurityException se) {
	    return false;
	}
    }

    /** 
     * Tests if there is a security check in progress.
     *
     * @return the value of the <code>inCheck</code> field. This field 
     *          should contain <code>true</code> if a security check is
     *          in progress,
     *          <code>false</code> otherwise.
     * @see     java.lang.SecurityManager#inCheck
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     */
    public boolean getInCheck() {
	return inCheck;
    }

    /**
     * Constructs a new <code>SecurityManager</code>.
     *
     * <p> If there is a security manager already installed, this method first
     * calls the security manager's <code>checkPermission</code> method
     * with the <code>RuntimePermission("createSecurityManager")</code>
     * permission to ensure the calling thread has permission to create a new 
     * security manager.
     * This may result in throwing a <code>SecurityException</code>.
     *
     * @exception  java.lang.SecurityException if a security manager already 
     *             exists and its <code>checkPermission</code> method 
     *             doesn't allow creation of a new security manager.
     * @see        java.lang.System#getSecurityManager()
     * @see        #checkPermission(java.security.Permission) checkPermission
     * @see java.lang.RuntimePermission
     */
    public SecurityManager() {
	synchronized(SecurityManager.class) {
 	    SecurityManager sm = System.getSecurityManager();
 	    if (sm != null) {
		// ask the currently installed security manager if we 
		// can create a new one.
 		sm.checkPermission(new RuntimePermission
				   ("createSecurityManager"));
  	    }
	    initialized = true;
	}
    }

    /**
     * Returns the current execution stack as an array of classes. 
     * <p>
     * The length of the array is the number of methods on the execution 
     * stack. The element at index <code>0</code> is the class of the 
     * currently executing method, the element at index <code>1</code> is 
     * the class of that method's caller, and so on. 
     *
     * @return  the execution stack.
     */
    protected native Class[] getClassContext();

    /**
     * Returns the class loader of the most recently executing method from
     * a class defined using a non-system class loader. A non-system 
     * class loader is defined as being a class loader that is not equal to
     * the system class loader (as returned 
     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
     * <p>
     * This method will return
     * <code>null</code> in the following three cases:<p>
     * <ol>
     *   <li>All methods on the execution stack are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li>All methods on the execution stack up to the first
     *   "privileged" caller 
     *   (see {@link java.security.AccessController#doPrivileged})
     *   are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li> A call to <code>checkPermission</code> with 
     *   <code>java.security.AllPermission</code> does not 
     *   result in a SecurityException. 
     *
     * </ol>
     *
     * @return  the class loader of the most recent occurrence on the stack
     *          of a method from a class defined using a non-system class 
     *          loader.
     *
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     * 
     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
     * @see  #checkPermission(java.security.Permission) checkPermission
     */
    protected ClassLoader currentClassLoader()
    {
	ClassLoader cl = currentClassLoader0();
	if ((cl != null) && hasAllPermission())
	    cl = null;
	return cl;
    }

    private native ClassLoader currentClassLoader0();

    /**
     * Returns the class of the most recently executing method from
     * a class defined using a non-system class loader. A non-system 
     * class loader is defined as being a class loader that is not equal to
     * the system class loader (as returned 
     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
     * <p>
     * This method will return
     * <code>null</code> in the following three cases:<p>
     * <ol>
     *   <li>All methods on the execution stack are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li>All methods on the execution stack up to the first
     *   "privileged" caller
     *   (see {@link java.security.AccessController#doPrivileged})
     *   are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li> A call to <code>checkPermission</code> with 
     *   <code>java.security.AllPermission</code> does not 
     *   result in a SecurityException. 
     *
     * </ol>
     *
     * @return  the class  of the most recent occurrence on the stack
     *          of a method from a class defined using a non-system class 
     *          loader.
     *
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     * 
     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
     * @see  #checkPermission(java.security.Permission) checkPermission
     */
    protected Class currentLoadedClass() {
	Class c = currentLoadedClass0();
	if ((c != null) && hasAllPermission())
	    c = null;
	return c;
    }

    /**
     * Returns the stack depth of the specified class. 
     *
     * @param   name   the fully qualified name of the class to search for.
     * @return  the depth on the stack frame of the first occurrence of a
     *          method from a class with the specified name;
     *          <code>-1</code> if such a frame cannot be found.
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     *
     */
    protected native int classDepth(String name);

    /**
     * Returns the stack depth of the most recently executing method 
     * from a class defined using a non-system class loader.  A non-system 
     * class loader is defined as being a class loader that is not equal to
     * the system class loader (as returned 
     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
     * <p>
     * This method will return
     * -1 in the following three cases:<p>
     * <ol>
     *   <li>All methods on the execution stack are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li>All methods on the execution stack up to the first
     *   "privileged" caller
     *   (see {@link java.security.AccessController#doPrivileged})
     *   are from classes
     *   defined using the system class loader or one of its ancestors.
     *
     *   <li> A call to <code>checkPermission</code> with 
     *   <code>java.security.AllPermission</code> does not 
     *   result in a SecurityException. 
     *
     * </ol>
     *
     * @return the depth on the stack frame of the most recent occurrence of
     *          a method from a class defined using a non-system class loader.
     *
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     * 
     * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
     * @see   #checkPermission(java.security.Permission) checkPermission
     */
    protected int classLoaderDepth()
    {
	int depth = classLoaderDepth0();
	if (depth != -1) {
	    if (hasAllPermission())
		depth = -1;
	    else
		depth--; // make sure we don't include ourself
	}
	return depth;
    }

    private native int classLoaderDepth0();

    /**
     * Tests if a method from a class with the specified
     *         name is on the execution stack. 
     *
     * @param  name   the fully qualified name of the class.
     * @return <code>true</code> if a method from a class with the specified
     *         name is on the execution stack; <code>false</code> otherwise.
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     */
    protected boolean inClass(String name) {
	return classDepth(name) >= 0;
    }

    /**
     * Basically, tests if a method from a class defined using a
     *          class loader is on the execution stack.
     *
     * @return  <code>true</code> if a call to <code>currentClassLoader</code>
     *          has a non-null return value.
     *
     * @deprecated This type of security checking is not recommended.
     *  It is recommended that the <code>checkPermission</code>
     *  call be used instead.
     * @see        #currentClassLoader() currentClassLoader 
     */
    protected boolean inClassLoader() {
	return currentClassLoader() != null;
    }

    /**
     * Creates an object that encapsulates the current execution 
     * environment. The result of this method is used, for example, by the 
     * three-argument <code>checkConnect</code> method and by the 
     * two-argument <code>checkRead</code> method. 
     * These methods are needed because a trusted method may be called 
     * on to read a file or open a socket on behalf of another method. 
     * The trusted method needs to determine if the other (possibly 
     * untrusted) method would be allowed to perform the operation on its 
     * own. 
     * <p> The default implementation of this method is to return 
     * an <code>AccessControlContext</code> object.
     *
     * @return  an implementation-dependent object that encapsulates
     *          sufficient information about the current execution environment
     *          to perform some security checks later.
     * @see     java.lang.SecurityManager#checkConnect(java.lang.String, int, 
     *   java.lang.Object) checkConnect
     * @see     java.lang.SecurityManager#checkRead(java.lang.String, 
     *   java.lang.Object) checkRead
     * @see     java.security.AccessControlContext AccessControlContext
     */
    public Object getSecurityContext() {
	return AccessController.getContext();
    }

    /**
     * Throws a <code>SecurityException</code> if the requested
     * access, specified by the given permission, is not permitted based
     * on the security policy currently in effect.
     * <p>
     * This method calls <code>AccessController.checkPermission</code> 
     * with the given permission.
     *
     * @param     perm   the requested permission.
     * @exception SecurityException if access is not permitted based on
     *		  the current security policy.
     * @exception NullPointerException if the permission argument is
     *            <code>null</code>.
     * @since     1.2
     */
    public void checkPermission(Permission perm) {
	java.security.AccessController.checkPermission(perm);
    }

    /**
     * Throws a <code>SecurityException</code> if the
     * specified security context is denied access to the resource
     * specified by the given permission.
     * The context must be a security 
     * context returned by a previous call to 
     * <code>getSecurityContext</code> and the access control
     * decision is based upon the configured security policy for
     * that security context.
     * <p>
     * If <code>context</code> is an instance of 
     * <code>AccessControlContext</code> then the
     * <code>AccessControlContext.checkPermission</code> method is
     * invoked with the specified permission.
     * <p>
     * If <code>context</code> is not an instance of 
     * <code>AccessControlContext</code> then a
     * <code>SecurityException</code> is thrown. 
     *
     * @param      perm      the specified permission
     * @param      context   a system-dependent security context.
     * @exception  SecurityException  if the specified security context
     *             is not an instance of <code>AccessControlContext</code>
     *             (e.g., is <code>null</code>), or is denied access to the
     *             resource specified by the given permission.
     * @exception  NullPointerException if the permission argument is
     *             <code>null</code>.
     * @see        java.lang.SecurityManager#getSecurityContext()
     * @see java.security.AccessControlContext#checkPermission(java.security.Permission) 
     * @since      1.2
     */
    public void checkPermission(Permission perm, Object context) {
	if (context instanceof AccessControlContext) {
	    ((AccessControlContext)context).checkPermission(perm);
	} else {
	    throw new SecurityException();
	}
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to create a new class loader. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("createClassLoader")</code>
     * permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkCreateClassLoader</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @exception SecurityException if the calling thread does not 
     *             have permission
     *             to create a new class loader.
     * @see        java.lang.ClassLoader#ClassLoader()
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkCreateClassLoader() {
	if (createClassLoaderPermission == null)
	    createClassLoaderPermission = 
                        new RuntimePermission("createClassLoader");
	checkPermission(createClassLoaderPermission);
    }

    /** 
     * reference to the root thread group, used for the checkAccess
     * methods.
     */

    private static ThreadGroup rootGroup = getRootGroup();
   
    private static ThreadGroup getRootGroup() {
	ThreadGroup root =  Thread.currentThread().getThreadGroup();
	while (root.getParent() != null) {
	    root = root.getParent();
	}
	return root;
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to modify the thread argument. 
     * <p>
     * This method is invoked for the current security manager by the 
     * <code>stop</code>, <code>suspend</code>, <code>resume</code>, 
     * <code>setPriority</code>, <code>setName</code>, and 
     * <code>setDaemon</code> methods of class <code>Thread</code>. 
     * <p>
     * If the thread argument is a system thread (belongs to
     * the thread group with a <code>null</code> parent) then 
     * this method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("modifyThread")</code> permission.
     * If the thread argument is <i>not</i> a system thread,
     * this method just returns silently.
     * <p>
     * Applications that want a stricter policy should override this
     * method. If this method is overridden, the method that overrides
     * it should additionally check to see if the calling thread has the
     * <code>RuntimePermission("modifyThread")</code> permission, and
     * if so, return silently. This is to ensure that code granted
     * that permission (such as the SDK itself) is allowed to
     * manipulate any thread.
     * <p>
     * If this method is overridden, then 
     * <code>super.checkAccess</code> should
     * be called by the first statement in the overridden method, or the 
     * equivalent security check should be placed in the overridden method.
     *
     * @param      t   the thread to be checked.
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to modify the thread.
     * @exception  NullPointerException if the thread argument is
     *             <code>null</code>.
     * @see        java.lang.Thread#resume() resume
     * @see        java.lang.Thread#setDaemon(boolean) setDaemon
     * @see        java.lang.Thread#setName(java.lang.String) setName
     * @see        java.lang.Thread#setPriority(int) setPriority
     * @see        java.lang.Thread#stop() stop
     * @see        java.lang.Thread#suspend() suspend
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkAccess(Thread t) {
	if (t == null) {
	    throw new NullPointerException("thread can't be null");
	}
	if (t.getThreadGroup() == rootGroup) {
	    if (threadPermission == null)
		  threadPermission = new RuntimePermission("modifyThread");
	    checkPermission(threadPermission);
	} else {
	    // just return
	}
    }
    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to modify the thread group argument. 
     * <p>
     * This method is invoked for the current security manager when a 
     * new child thread or child thread group is created, and by the 
     * <code>setDaemon</code>, <code>setMaxPriority</code>, 
     * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and 
     * <code>destroy</code> methods of class <code>ThreadGroup</code>. 
     * <p>
     * If the thread group argument is the system thread group (
     * has a <code>null</code> parent) then 
     * this method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("modifyThreadGroup")</code> permission.
     * If the thread group argument is <i>not</i> the system thread group,
     * this method just returns silently.
     * <p>
     * Applications that want a stricter policy should override this
     * method. If this method is overridden, the method that overrides
     * it should additionally check to see if the calling thread has the
     * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
     * if so, return silently. This is to ensure that code granted
     * that permission (such as the SDK itself) is allowed to
     * manipulate any thread.
     * <p>
     * If this method is overridden, then 
     * <code>super.checkAccess</code> should
     * be called by the first statement in the overridden method, or the 
     * equivalent security check should be placed in the overridden method.
     *
     * @param      g   the thread group to be checked.
     * @exception  SecurityException  if the calling thread does not have
     *             permission to modify the thread group.
     * @exception  NullPointerException if the thread group argument is
     *             <code>null</code>.
     * @see        java.lang.ThreadGroup#destroy() destroy
     * @see        java.lang.ThreadGroup#resume() resume
     * @see        java.lang.ThreadGroup#setDaemon(boolean) setDaemon
     * @see        java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
     * @see        java.lang.ThreadGroup#stop() stop
     * @see        java.lang.ThreadGroup#suspend() suspend
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkAccess(ThreadGroup g) {
	if (g == null) {
	    throw new NullPointerException("thread group can't be null");
	}
	if (g == rootGroup) {
	    if (threadGroupPermission == null)
		threadGroupPermission = 
		    new RuntimePermission("modifyThreadGroup");
	    checkPermission(threadGroupPermission);
	} else {
	    // just return
	}
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to cause the Java Virtual Machine to 
     * halt with the specified status code. 
     * <p>
     * This method is invoked for the current security manager by the 
     * <code>exit</code> method of class <code>Runtime</code>. A status 
     * of <code>0</code> indicates success; other values indicate various 
     * errors. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("exitVM")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkExit</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      status   the exit status.
     * @exception SecurityException if the calling thread does not have 
     *              permission to halt the Java Virtual Machine with 
     *              the specified status.
     * @see        java.lang.Runtime#exit(int) exit
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkExit(int status) {
	checkPermission(new RuntimePermission("exitVM"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to create a subprocess. 
     * <p>
     * This method is invoked for the current security manager by the 
     * <code>exec</code> methods of class <code>Runtime</code>.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>FilePermission(cmd,"execute")</code> permission
     * if cmd is an absolute path, otherwise it calls 
     * <code>checkPermission</code> with 
     * <code>FilePermission("<<ALL FILES>>","execute")</code>.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkExec</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      cmd   the specified system command.
     * @exception  SecurityException if the calling thread does not have 
     *             permission to create a subprocess.
     * @exception  NullPointerException if the <code>cmd</code> argument is
     *             <code>null</code>.
     * @see     java.lang.Runtime#exec(java.lang.String)
     * @see     java.lang.Runtime#exec(java.lang.String, java.lang.String[])
     * @see     java.lang.Runtime#exec(java.lang.String[])
     * @see     java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
     * @see     #checkPermission(java.security.Permission) checkPermission
     */
    public void checkExec(String cmd) {
	File f = new File(cmd);
	if (f.isAbsolute()) {
	    checkPermission(new FilePermission(cmd, "execute"));
	} else {
	    checkPermission(new FilePermission("<<ALL FILES>>", "execute"));
	}
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to dynamic link the library code 
     * specified by the string argument file. The argument is either a 
     * simple library name or a complete filename. 
     * <p>
     * This method is invoked for the current security manager by 
     * methods <code>load</code> and <code>loadLibrary</code> of class 
     * <code>Runtime</code>. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkLink</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      lib   the name of the library.
     * @exception  SecurityException if the calling thread does not have
     *             permission to dynamically link the library.
     * @exception  NullPointerException if the <code>lib</code> argument is
     *             <code>null</code>.
     * @see        java.lang.Runtime#load(java.lang.String)
     * @see        java.lang.Runtime#loadLibrary(java.lang.String)
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkLink(String lib) {
	if (lib == null) {
	    throw new NullPointerException("library can't be null");
	}
        checkPermission(new RuntimePermission("loadLibrary."+lib));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to read from the specified file 
     * descriptor. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("readFileDescriptor")</code>
     * permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkRead</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      fd   the system-dependent file descriptor.
     * @exception  SecurityException  if the calling thread does not have
     *             permission to access the specified file descriptor.
     * @exception  NullPointerException if the file descriptor argument is
     *             <code>null</code>.
     * @see        java.io.FileDescriptor
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkRead(FileDescriptor fd) {
	if (fd == null) {
	    throw new NullPointerException("file descriptor can't be null");
	}
      	checkPermission(new RuntimePermission("readFileDescriptor"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to read the file specified by the 
     * string argument. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>FilePermission(file,"read")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkRead</code>
     * at the point the overridden method would normally throw an
     * exception. 
     *
     * @param      file   the system-dependent file name.
     * @exception  SecurityException if the calling thread does not have 
     *             permission to access the specified file.
     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkRead(String file) {
	checkPermission(new FilePermission(file, "read"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * specified security context is not allowed to read the file 
     * specified by the string argument. The context must be a security 
     * context returned by a previous call to 
     * <code>getSecurityContext</code>. 
     * <p> If <code>context</code> is an instance of 
     * <code>AccessControlContext</code> then the
     * <code>AccessControlContext.checkPermission</code> method will
     * be invoked with the <code>FilePermission(file,"read")</code> permission.
     * <p> If <code>context</code> is not an instance of 
     * <code>AccessControlContext</code> then a
     * <code>SecurityException</code> is thrown. 
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkRead</code>
     * at the point the overridden method would normally throw an
     * exception. 
     *
     * @param      file      the system-dependent filename.
     * @param      context   a system-dependent security context.
     * @exception  SecurityException  if the specified security context
     *             is not an instance of <code>AccessControlContext</code>
     *             (e.g., is <code>null</code>), or does not have permission
     *             to read the specified file.
     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        java.lang.SecurityManager#getSecurityContext()
     * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
     */
    public void checkRead(String file, Object context) {
	checkPermission(new FilePermission(file, "read"), context);
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to write to the specified file 
     * descriptor. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("writeFileDescriptor")</code>
     * permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkWrite</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      fd   the system-dependent file descriptor.
     * @exception SecurityException  if the calling thread does not have
     *             permission to access the specified file descriptor.
     * @exception  NullPointerException if the file descriptor argument is
     *             <code>null</code>.
     * @see        java.io.FileDescriptor
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkWrite(FileDescriptor fd) {
	if (fd == null) {
	    throw new NullPointerException("file descriptor can't be null");
	}
      	checkPermission(new RuntimePermission("writeFileDescriptor"));

    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to write to the file specified by 
     * the string argument. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>FilePermission(file,"write")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkWrite</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      file   the system-dependent filename.
     * @exception  SecurityException  if the calling thread does not 
     *             have permission to access the specified file.
     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkWrite(String file) {
	checkPermission(new FilePermission(file, "write"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to delete the specified file. 
     * <p>
     * This method is invoked for the current security manager by the 
     * <code>delete</code> method of class <code>File</code>.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>FilePermission(file,"delete")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkDelete</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      file   the system-dependent filename.
     * @exception  SecurityException if the calling thread does not 
     *             have permission to delete the file.
     * @exception  NullPointerException if the <code>file</code> argument is
     *             <code>null</code>.
     * @see        java.io.File#delete()
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkDelete(String file) {
	checkPermission(new FilePermission(file, "delete"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to open a socket connection to the 
     * specified host and port number. 
     * <p>
     * A port number of <code>-1</code> indicates that the calling 
     * method is attempting to determine the IP address of the specified 
     * host name. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>SocketPermission(host+":"+port,"connect")</code> permission if
     * the port is not equal to -1. If the port is equal to -1, then
     * it calls <code>checkPermission</code> with the
     * <code>SocketPermission(host,"resolve")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkConnect</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      host   the host name port to connect to.
     * @param      port   the protocol port to connect to.
     * @exception  SecurityException  if the calling thread does not have
     *             permission to open a socket connection to the specified
     *               <code>host</code> and <code>port</code>.
     * @exception  NullPointerException if the <code>host</code> argument is
     *             <code>null</code>.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkConnect(String host, int port) {
	if (host == null) {
	    throw new NullPointerException("host can't be null");
	}
	if (port == -1) {
	    checkPermission(new SocketPermission(host,"resolve"));
	} else {
	    checkPermission(new SocketPermission(host+":"+port,"connect"));
	}
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * specified security context is not allowed to open a socket 
     * connection to the specified host and port number. 
     * <p>
     * A port number of <code>-1</code> indicates that the calling 
     * method is attempting to determine the IP address of the specified 
     * host name. 
     * <p> If <code>context</code> is not an instance of 
     * <code>AccessControlContext</code> then a
     * <code>SecurityException</code> is thrown.
     * <p>
     * Otherwise, the port number is checked. If it is not equal
     * to -1, the <code>context</code>'s <code>checkPermission</code>
     * method is called with a 
     * <code>SocketPermission(host+":"+port,"connect")</code> permission.
     * If the port is equal to -1, then
     * the <code>context</code>'s <code>checkPermission</code> method 
     * is called with a
     * <code>SocketPermission(host,"resolve")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkConnect</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      host      the host name port to connect to.
     * @param      port      the protocol port to connect to.
     * @param      context   a system-dependent security context.
     * @exception  SecurityException if the specified security context
     *             is not an instance of <code>AccessControlContext</code>
     *             (e.g., is <code>null</code>), or does not have permission
     *             to open a socket connection to the specified
     *             <code>host</code> and <code>port</code>.
     * @exception  NullPointerException if the <code>host</code> argument is
     *             <code>null</code>.
     * @see        java.lang.SecurityManager#getSecurityContext()
     * @see        java.security.AccessControlContext#checkPermission(java.security.Permission)
     */
    public void checkConnect(String host, int port, Object context) {
	if (host == null) {
	    throw new NullPointerException("host can't be null");
	}
	if (port == -1)
	    checkPermission(new SocketPermission(host,"resolve"),
			    context);
	else
	    checkPermission(new SocketPermission(host+":"+port,"connect"),
			    context);
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to wait for a connection request on 
     * the specified local port number. 
     * <p>
     * If port is not 0, this method calls
     * <code>checkPermission</code> with the
     * <code>SocketPermission("localhost:"+port,"listen")</code>.
     * If port is zero, this method calls <code>checkPermission</code>
     * with <code>SocketPermission("localhost:1024-","listen").</code>
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkListen</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      port   the local port.
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to listen on the specified port.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkListen(int port) {
	if (port == 0) {
	    if (localListenPermission == null)
		localListenPermission = 
                          new SocketPermission("localhost:1024-","listen");
	    checkPermission(localListenPermission);
	} else {
	    checkPermission(new SocketPermission("localhost:"+port,"listen"));
	}
    }

    private static SocketPermission localListenPermission;

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not permitted to accept a socket connection from 
     * the specified host and port number. 
     * <p>
     * This method is invoked for the current security manager by the 
     * <code>accept</code> method of class <code>ServerSocket</code>. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>SocketPermission(host+":"+port,"accept")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkAccept</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      host   the host name of the socket connection.
     * @param      port   the port number of the socket connection.
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to accept the connection.
     * @exception  NullPointerException if the <code>host</code> argument is
     *             <code>null</code>.
     * @see        java.net.ServerSocket#accept()
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkAccept(String host, int port) {
	if (host == null) {
	    throw new NullPointerException("host can't be null");
	}
	checkPermission(new SocketPermission(host+":"+port,"accept"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to use
     * (join/leave/send/receive) IP multicast.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>java.net.SocketPermission(maddr.getHostAddress(), 
     * "accept,connect")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkMulticast</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      maddr  Internet group address to be used.
     * @exception  SecurityException  if the calling thread is not allowed to 
     *  use (join/leave/send/receive) IP multicast.
     * @exception  NullPointerException if the address argument is
     *             <code>null</code>.
     * @since      JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkMulticast(InetAddress maddr) {
      	checkPermission(new SocketPermission(maddr.getHostAddress(),
					     "accept,connect"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to use
     * (join/leave/send/receive) IP multicast.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>java.net.SocketPermission(maddr.getHostAddress(), 
     * "accept,connect")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkMulticast</code>
     * at the point the overridden method would normally throw an
     * exception. 
     *
     * @param      maddr  Internet group address to be used.
     * @param      ttl        value in use, if it is multicast send.
     * Note: this particular implementation does not use the ttl
     * parameter. 
     * @exception  SecurityException  if the calling thread is not allowed to 
     *  use (join/leave/send/receive) IP multicast.
     * @exception  NullPointerException if the address argument is
     *             <code>null</code>.
     * @since      JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkMulticast(InetAddress maddr, byte ttl) {
      	checkPermission(new SocketPermission(maddr.getHostAddress(),
					     "accept,connect"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to access or modify the system 
     * properties. 
     * <p>
     * This method is used by the <code>getProperties</code> and 
     * <code>setProperties</code> methods of class <code>System</code>. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>PropertyPermission("*", "read,write")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkPropertiesAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     * <p>
     *
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to access or modify the system properties.
     * @see        java.lang.System#getProperties()
     * @see        java.lang.System#setProperties(java.util.Properties)
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkPropertiesAccess() {
      	checkPermission(new PropertyPermission("*", "read,write"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to access the system property with 
     * the specified <code>key</code> name. 
     * <p>
     * This method is used by the <code>getProperty</code> method of 
     * class <code>System</code>. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>PropertyPermission(key, "read")</code> permission.
     * <p>
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkPropertyAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param      key   a system property key.
     *
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to access the specified system property.
     * @exception  NullPointerException if the <code>key</code> argument is
     *             <code>null</code>.
     * @exception  IllegalArgumentException if <code>key</code> is empty.
     *
     * @see        java.lang.System#getProperty(java.lang.String)
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkPropertyAccess(String key) {
      	checkPermission(new PropertyPermission(key, "read"));
    }

    /**
     * Returns <code>false</code> if the calling 
     * thread is not trusted to bring up the top-level window indicated 
     * by the <code>window</code> argument. In this case, the caller can 
     * still decide to show the window, but the window should include 
     * some sort of visual warning. If the method returns 
     * <code>true</code>, then the window can be shown without any 
     * special restrictions. 
     * <p>
     * See class <code>Window</code> for more information on trusted and 
     * untrusted windows. 
     * <p>
     * This method calls
     * <code>checkPermission</code> with the
     * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
     * and returns <code>true</code> if a SecurityException is not thrown,
     * otherwise it returns <code>false</code>.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkTopLevelWindow</code>
     * at the point the overridden method would normally return 
     * <code>false</code>, and the value of 
     * <code>super.checkTopLevelWindow</code> should
     * be returned.
     *
     * @param      window   the new window that is being created.
     * @return     <code>true</code> if the calling thread is trusted to put up
     *             top-level windows; <code>false</code> otherwise.
     * @exception  SecurityException  if creation is disallowed entirely.
     * @exception  NullPointerException if the <code>window</code> argument is
     *             <code>null</code>.
     * @see        java.awt.Window
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public boolean checkTopLevelWindow(Object window) {
	if (window == null) {
	    throw new NullPointerException("window can't be null");
	}
	try {
	if (topLevelWindowPermission == null)
	    topLevelWindowPermission =
		new AWTPermission("showWindowWithoutWarningBanner");
	    checkPermission(topLevelWindowPermission);
	    return true;
	} catch (SecurityException se) {
	    // just return false
	}
	return false;
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to initiate a print job request.
     * <p>
     * This method calls
     * <code>checkPermission</code> with the
     * <code>RuntimePermission("queuePrintJob")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkPrintJobAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     * <p>
     *
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to initiate a print job request.
     * @since   JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkPrintJobAccess() {
      	checkPermission(new RuntimePermission("queuePrintJob"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to access the system clipboard.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>AWTPermission("accessClipboard")</code> 
     * permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkSystemClipboardAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @since   JDK1.1
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to access the system clipboard.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkSystemClipboardAccess() {
	if (accessClipboardPermission == null)
	    accessClipboardPermission = new AWTPermission("accessClipboard");
 	checkPermission(accessClipboardPermission);
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to access the AWT event queue.
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>AWTPermission("accessEventQueue")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkAwtEventQueueAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @since   JDK1.1
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to access the AWT event queue.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkAwtEventQueueAccess() {
	if (checkAwtEventQueuePermission == null)
	    checkAwtEventQueuePermission = 
		new AWTPermission("accessEventQueue");
      	checkPermission(checkAwtEventQueuePermission);
    }

    /*
     * We have an initial invalid bit (initially false) for the class
     * variables which tell if the cache is valid.  If the underlying
     * java.security.Security property changes via setProperty(), the
     * Security class uses reflection to change the variable and thus
     * invalidate the cache.
     *
     * Locking is handled by synchronization to the
     * packageAccess/packageDefinition variables.  They are only
     * used in this class.
     */
    private static boolean packageAccessValid = false;
    private static String[] packageAccess = new String[0];

    private static boolean packageDefinitionValid = false;
    private static String[] packageDefinition = new String[0];

    private static String[] getPackages(String p) {
	String packages[] = null;
	if (p != null && !p.equals("")) {
	    java.util.StringTokenizer tok =
		new java.util.StringTokenizer(p, ",");
	    int n = tok.countTokens();
	    if (n > 0) {
		packages = new String[n];
		int i = 0;
		while (tok.hasMoreElements()) {
		    String s = tok.nextToken().trim();
		    packages[i++] = s;
		}
	    }
	}

	if (packages == null)
	    packages = new String[0];
	return packages;
    }

    /**
     * Throws a <code>SecurityException</code> if the
     * calling thread is not allowed to access the package specified by
     * the argument.
     * <p>
     * This method is used by the <code>loadClass</code> method of class
     * loaders.
     * <p>
     * This method first gets a list of
     * restricted packages by obtaining a comma-separated list from
     * a call to
     * <code>java.security.Security.getProperty("package.access")</code>,
     * and checks to see if <code>pkg</code> starts with or equals
     * any of the restricted packages. If it does, then
     * <code>checkPermission</code> gets called with the
     * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
     * permission.
     * <p>
     * If this method is overridden, then
     * <code>super.checkPackageAccess</code> should be called
     * as the first line in the overridden method.
     *
     * @param      pkg   the package name.
     * @exception  SecurityException  if the calling thread does not have
     *             permission to access the specified package.
     * @exception  NullPointerException if the package name argument is
     *             <code>null</code>.
     * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
     *  loadClass
     * @see        java.security.Security#getProperty getProperty
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkPackageAccess(String pkg) {
	if (pkg == null) {
	    throw new NullPointerException("package name can't be null");
	}

 	synchronized (packageAccess) {
	    /*
	     * Do we need to update our property array?
	     */
	    if (!packageAccessValid) {
		String tmpPropertyStr =
		    (String) AccessController.doPrivileged(
			new PrivilegedAction() {
		    	    public Object run() {
				return java.security.Security.getProperty(
				    "package.access");
			    }
			}
		    );
		packageAccess = getPackages(tmpPropertyStr);
		packageAccessValid = true;
	    }

	    /*
	     * Traverse the list of packages, check for any matches.
	     */
	    for (int i = 0; i < packageAccess.length; i++) {
		if (pkg.startsWith(packageAccess[i]) ||
		    pkg.equals(packageAccess[i])) {
		    checkPermission(
			new RuntimePermission("accessClassInPackage."+pkg));
		}
	    }
	}  /* synchronized */
    }

    /**
     * Throws a <code>SecurityException</code> if the
     * calling thread is not allowed to define classes in the package
     * specified by the argument.
     * <p>
     * This method is used by the <code>loadClass</code> method of some
     * class loaders.
     * <p>
     * This method first gets a list of restricted packages by
     * obtaining a comma-separated list from a call to
     * <code>java.security.Security.getProperty("package.definition")</code>,
     * and checks to see if <code>pkg</code> starts with or equals
     * any of the restricted packages. If it does, then
     * <code>checkPermission</code> gets called with the
     * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
     * permission.
     * <p>
     * If this method is overridden, then
     * <code>super.checkPackageDefinition</code> should be called
     * as the first line in the overridden method.
     *
     * @param      pkg   the package name.
     * @exception  SecurityException  if the calling thread does not have
     *             permission to define classes in the specified package.
     * @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
     * @see        java.security.Security#getProperty getProperty
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkPackageDefinition(String pkg) {
	if (pkg == null) {
	    throw new NullPointerException("package name can't be null");
	}

 	synchronized (packageDefinition) {
	    /*
	     * Do we need to update our property array?
	     */
	    if (!packageDefinitionValid) {
		String tmpPropertyStr =
		    (String) AccessController.doPrivileged(
			new PrivilegedAction() {
		    	    public Object run() {
				return java.security.Security.getProperty(
				    "package.definition");
			    }
			}
		    );
		packageDefinition = getPackages(tmpPropertyStr);
		packageDefinitionValid = true;
	    }

	    /*
	     * Traverse the list of packages, check for any matches.
	     */
	    for (int i = 0; i < packageDefinition.length; i++) {
		if (pkg.startsWith(packageDefinition[i]) ||
		    pkg.equals(packageDefinition[i])) {
		    checkPermission(
			new RuntimePermission("defineClassInPackage."+pkg));
		}
	    }
	}  /* synchronized */
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to set the socket factory used by 
     * <code>ServerSocket</code> or <code>Socket</code>, or the stream 
     * handler factory used by <code>URL</code>. 
     * <p>
     * This method calls <code>checkPermission</code> with the
     * <code>RuntimePermission("setFactory")</code> permission.
     * <p>
     * If you override this method, then you should make a call to 
     * <code>super.checkSetFactory</code>
     * at the point the overridden method would normally throw an
     * exception.
     * <p>
     *
     * @exception  SecurityException  if the calling thread does not have 
     *             permission to specify a socket factory or a stream 
     *             handler factory.
     *
     * @see        java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
     * @see        java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
     * @see        java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkSetFactory() {
      	checkPermission(new RuntimePermission("setFactory"));
    }

    /**
     * Throws a <code>SecurityException</code> if the 
     * calling thread is not allowed to access members. 
     * <p>
     * The default policy is to allow access to PUBLIC members, as well
     * as access to classes that have the same class loader as the caller.
     * In all other cases, this method calls <code>checkPermission</code> 
     * with the <code>RuntimePermission("accessDeclaredMembers")
     * </code> permission.
     * <p>
     * If this method is overridden, then a call to 
     * <code>super.checkMemberAccess</code> cannot be made,
     * as the default implementation of <code>checkMemberAccess</code>
     * relies on the code being checked being at a stack depth of
     * 4.
     * 
     * @param clazz the class that reflection is to be performed on.
     *
     * @param which type of access, PUBLIC or DECLARED.
     *
     * @exception  SecurityException if the caller does not have
     *             permission to access members.
     * @exception  NullPointerException if the <code>clazz</code> argument is
     *             <code>null</code>.
     * @see java.lang.reflect.Member
     * @since JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkMemberAccess(Class clazz, int which) {
	if (clazz == null) {
	    throw new NullPointerException("class can't be null");
	}
	if (which != Member.PUBLIC) {
	    Class stack[] = getClassContext();
	    /*
	     * stack depth of 4 should be the caller of one of the
	     * methods in java.lang.Class that invoke checkMember
	     * access. The stack should look like:
	     * 
	     * someCaller                         [3]
	     * java.lang.Class.someReflectionAPI  [2]
	     * java.lang.Class.checkMemeberAccess [1]
	     * SecurityManager.checkMemeberAccess [0]
	     *
	     */
	    if ((stack.length<4) || 
		(stack[3].getClassLoader() != clazz.getClassLoader())) {
		if (checkMemberAccessPermission == null)
		    checkMemberAccessPermission = 
			new RuntimePermission("accessDeclaredMembers");
		checkPermission(checkMemberAccessPermission);
	    }
	}
    }

    /**
     * Determines whether the permission with the specified permission target
     * name should be granted or denied.
     *
     * <p> If the requested permission is allowed, this method returns
     * quietly. If denied, a SecurityException is raised. 
     *
     * <p> This method creates a <code>SecurityPermission</code> object for
     * the given permission target name and calls <code>checkPermission</code>
     * with it.
     *
     * <p> See the documentation for
     * <code>{@link java.security.SecurityPermission}</code> for
     * a list of possible permission target names.
     * 
     * <p> If you override this method, then you should make a call to 
     * <code>super.checkSecurityAccess</code>
     * at the point the overridden method would normally throw an
     * exception.
     *
     * @param target the target name of the <code>SecurityPermission</code>.
     *
     * @exception SecurityException if the calling thread does not have
     * permission for the requested access.
     * @exception NullPointerException if <code>target</code> is null.
     * @exception IllegalArgumentException if <code>target</code> is empty.
     *
     * @since   JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
    public void checkSecurityAccess(String target) {
	checkPermission(new SecurityPermission(target));
    }

    private native Class currentLoadedClass0();

    /**
     * Returns the thread group into which to instantiate any new
     * thread being created at the time this is being called.
     * By default, it returns the thread group of the current
     * thread. This should be overridden by a specific security
     * manager to return the appropriate thread group.
     *
     * @return  ThreadGroup that new threads are instantiated into
     * @since   JDK1.1
     * @see     java.lang.ThreadGroup
     */
    public ThreadGroup getThreadGroup() {
	return Thread.currentThread().getThreadGroup();
    }

}