forked from jnode/jnode
-
Notifications
You must be signed in to change notification settings - Fork 0
NetPermission
opencode-agent[bot] edited this page May 11, 2026
·
1 revision
Security permission for network operations in JNode.
NetPermission is JNode's permission class for controlling network operation access. It extends Java's java.security.BasicPermission and is used by the security manager to gate privileged network operations such as DHCP configuration and BOOTP client initialization.
| File | Purpose |
|---|---|
net/src/net/org/jnode/net/NetPermission.java |
The permission class itself |
net/src/net/org/jnode/net/ipv4/dhcp/DHCPClient.java |
Uses NetPermission("dhcpClient")
|
net/src/net/org/jnode/net/ipv4/bootp/BOOTPClient.java |
Uses NetPermission("bootpClient")
|
NetPermission extends BasicPermission which means it supports single-name matching (no wildcards). The class is straightforward:
public class NetPermission extends BasicPermission {
public NetPermission(String name) {
super(name);
}
public NetPermission(String name, String actions) {
super(name, actions);
}
}When a network operation requires authorization:
- The code retrieves the current
SecurityManagerviaSystem.getSecurityManager() - If a security manager exists,
sm.checkPermission(new NetPermission(targetName))is called - The security manager traverses the protection domain permissions and checks if any imply the requested permission
- If denied, a
SecurityExceptionis thrown; otherwise the operation proceeds
DHCP Client (DHCPClient.java:64-70):
public final void configureDevice(final Device device) throws IOException {
this.device = device;
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new NetPermission("dhcpClient"));
}
// ... privileged configuration operations
}BOOTP Client (BOOTPClient.java:55-59):
public void configureDevice(Device device) throws IOException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new NetPermission("bootpClient"));
}
// ... BOOTP configuration
}| Name | Authorized Operation |
|---|---|
dhcpClient |
DHCP-based network configuration |
bootpClient |
BOOTP-based network configuration |
-
No actions parameter:
NetPermissionextendsBasicPermissionwhich only supports a name; the actions string is ignored in permission checking. This is consistent with otherBasicPermissionsubclasses likeSocketPermission. -
Security manager optional: Code defensively checks for
nullsecurity manager before callingcheckPermission. - Static permission names: Permission names are hardcoded strings in the source; there's no central registry of valid names.
- Plugin classloader isolation: Permissions are checked against the protection domain of the calling code, so plugin classloader boundaries affect what permissions are available.