AT&T Labs Research - Yoix / Documentation / Page

The Yoix^® Scripting Language

SecurityManager typedict

A SecurityManager defines a group of functions that serve as the interface to Java's SecurityManager class, but in practice a custom securitymanager is rarely needed because the -S and --applet command line options provide an easy alternative. Functions that are not NULL in a securitymanager that has been installed using setSecurityManager must return non-zero if the operation they are protecting is allowed. Any other result, including no return value, means the operation will fail with a securitycheck error. The fields in an SecurityManager are:

checkAccept(String host, int port)	A Function that returns non-zero if the calling thread can accept a socket connection from host on port. This function can be referenced by name or the `accept` and `socket` abbreviations when security checking is enabled using the `-S` command line option.
checkConnect(String host, int port)	A Function that returns non-zero if the calling thread can open a socket that connects to port on host. This function can be referenced by name or the `connect` and `socket` abbreviations when security checking is enabled using the `-S` command line option.
checkCreateRobot()	A Function that returns non-zero if the calling thread can create the Java Robot class that is used by the builtins in the `yoix.robot` module. This function can be referenced by name or the `robot` abbreviation when security checking is enabled using the `-S` command line option.
checkDelete(String path)	A Function that returns non-zero if the calling thread can delete the file named by path. This function can be referenced by name or the `delete` and `file` abbreviations when security checking is enabled using the `-S` command line option.
checkExec(String command)	A Function that returns non-zero if the calling thread can create a process to execute command. This function can be referenced by name or the `exec` abbreviation when security checking is enabled using the `-S` command line option.
checkExit(int status)	A Function that takes an exit status as an int argument, and returns non-zero if the calling thread can cause the Yoix interpreter or the Java Virtual Machine to stop running. This function can be referenced by name or the `exit` abbreviation when security checking is enabled using the `-S` command line option.
checkListen(int port)	A Function that returns non-zero if the calling thread can wait for connections on port. This function can be referenced by name or the `listen` and `socket` abbreviations when security checking is enabled using the `-S` command line option.
checkMulticast(String maddr)	A Function that returns non-zero if the calling thread can use the IP multicast group address maddr. This function can be referenced by name or the `multicast` and `socket` abbreviations when security checking is enabled using the `-S` command line option.
checkPropertiesAccess()	A Function that returns non-zero if the calling thread can access all system properties. Unfortunately the Java methods that read and write the entire collection of system properties both end up here, so there is currently no way to tell if we are checking a read or write request. This function can be referenced by name or the `properties` abbreviation when security checking is enabled using the `-S` command line option.
checkRead(String path)	A Function that returns non-zero if the calling thread can read the file named by path. This function can be referenced by name or the `read` and `file` abbreviations when security checking is enabled using the `-S` command line option.
checkReadDisplayPixels()	A Function that returns non-zero if the calling thread can read pixels from the display screen. This function can be referenced by name or the `readdisplay` abbreviation when security checking is enabled using the `-S` command line option.
checkReadEnvironment(String name)	A Function that returns non-zero if the calling thread can read the environment variable identified by name. This function can be referenced by name or the `readenvironment` abbreviation when security checking is enabled using the `-S` command line option.
checkReadProperty(String key)	A Function that returns non-zero if the calling thread can read the system property identified by key. This function can be referenced by name or the `readproperty` and `properties` abbreviations when security checking is enabled using the `-S` command line option.
checkSystemClipboardAccess()	A Function that returns non-zero if the calling thread can access the system clipboard. This function can be referenced by name or the `clipboard` abbreviation when security checking is enabled using the `-S` command line option.
checkWrite(String path)	A Function that returns non-zero if the calling thread can write to the file named by path. This function can be referenced by name or the `write` and `file` abbreviations when security checking is enabled using the `-S` command line option.
checkWriteProperty(String key)	A Function that returns non-zero if the calling thread can write or remove the system property identified by key. This function can be referenced by name or the `writeproperty` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixAddProvider(String name)	A Function that returns non-zero if the calling thread can try to load the Java classes of the cryptographic algorithm provider identified by name. This function can be referenced by name or the `addprovider` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixEval(String source, int ispath)	A Function that returns non-zero if the calling thread can eval the Yoix statements represented by source, which should be interpreted as the pathname of a file whose contents will be processed by eval if ispath is non-zero, otherwise source is the actual script that will be handed to eval. This function can be referenced by name or the `eval` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixExecute(String source, int ispath, Array args)	A Function that returns non-zero if the calling thread can execute the Yoix statements represented by source, which should be interpreted as the pathname of a file whose contents will be processed by execute if ispath is non-zero, otherwise source is the actual script that will be handed to execute. The args array contains strings that are loaded into the global.argv array that is available when source is actually executed. This function can be referenced by name or the `execute` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixInclude(String path)	A Function that returns non-zero if the calling thread can include the source named by path in a Yoix program. This function can be referenced by name or the `include` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixModule(String classname)	A Function that returns non-zero if the calling thread can load the Java class named by classname as a Yoix module. Java classes in default Yoix package, which is named by the string `VM.Package`, can always be loaded and are never checked by this function. This function can be referenced by name or the `module` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixOpen(String source, int type, int mode)	A Function that returns non-zero if the calling thread can open the stream named source for the operations encoded in mode. type identifies source as a `FILE`, `STRINGSTREAM`, or `URL`, which are constants defined in `yoix.io`. mode identifies the requested operation as `READ`, `WRITE`, or `READ\|WRITE`, which are constants defined in `yoix.io`. This function can be referenced by name or the `open` abbreviation when security checking is enabled using the `-S` command line option.
checkYoixRemoveProvider(String name)	A Function that returns non-zero if the calling thread can remove the Java classes of the cryptographic algorithm provider identified by name. This function can be referenced by name or the `removeprovider` abbreviation when security checking is enabled using the `-S` command line option.
incheck	An int that is `1` when the thread that accessed the field is running a security check and `0` otherwise.

Several permanent fields have not been documented and should not be used in Yoix applications.


Example:	The program, `import yoix.stdio.; import yoix.system.; SecurityManager sm = { checkDelete(file) { printf("checkDelete: file=%s\n", file); return(FALSE); } checkRead(file) { printf("checkRead: file=%s\n", file); return(TRUE); } checkWrite(file) { printf("checkWrite: file=%s\n", file); } }; setSecurityManager(sm); fopen("/tmp/xxx", "r"); fopen("/tmp/yyy", "w");` defines and installs a simple securitymanager and then prints something like, `checkRead: file=/tmp/xxx checkWrite: file=/tmp/yyy Error: securitycheck; Access Denied: checkWrite; Line: 23; Source: /tmp/xxx` on standard output.

See Also:	setSecurityChecker, setSecurityManager

Yoix is a registered trademark of AT&T Inc.

The Yoix® Scripting Language

The Yoix^® Scripting Language