Some quick background on my problem:
I’m writing a compiler that converts Domain Type Enforcement specs into Java Security Manager code. In a nutshell, DTE defines “types” (objects), assigns paths to those types; then defines “domains” (subjects), and defines what permissions (rwxdc) domains have to various types. I need to emulate this behavior as closely as possible in the JSM.
Currently I’m working on write permissions. I’ve overridden the JSM’s checkWrite(String filename) method successfully. Next on the list is checkWrite(FileDescriptor filedescriptor) and this one is proving trickier. Due to the way DTE is defined, I need path information to determine whether a write action is permissible.
Is it possible to extract path data from a FileDescriptor? I’m guessing no — I’ve checked the documentation and various tutorials, and I’ve found nothing to suggest that there’s any way for me to obtain this information (I’d be delighted to be shown wrong, however; that would make my job easier).
If the answer to the above is NO, could anyone suggest a viable workaround? For example, is there some way I could write native code to do what I want and tie this into my custom JSM class? I’m fine with doing something “advanced” like that, but I’d need some idea how to get started.
Or is my only option basically to deny all write permissions that use a FileDescriptor? I’d very much like to avoid this because it’s a crummy solution, but if that’s the reality I need to know.
Thanks very much for your time.
Advertisement
Answer
The short answer is no, because a file is independent from the path used to access that file (at least on any OS that matters).
One possible work-around is to trap the calls that open files, using an aspect framework, and put the referenced file descriptors into a WeakHashMap<FileDescriptor,File>
. Then you simply look at this map whenever you need to validate a write.