Class PrivilegedUtil

java.lang.Object
oshi.util.PrivilegedUtil
@ThreadSafe public final class PrivilegedUtil extends Object
Utility class for privileged command execution and file reading. Provides methods to execute commands and read files with optional privilege escalation via sudo when running as a non-root user.

  • Method Details

    • isCommandAllowed

      public static boolean isCommandAllowed(String command, Set<String> allowlist)
      Checks if a command is allowed for privileged execution. Extracts the command name from the full command string and matches against the allowlist. Supports both bare names and full paths.
      Parameters:
      command - The full command string (e.g., "dmidecode -t system")
      allowlist - Set of allowed command names or paths
      Returns:
      true if the command is in the allowlist, false otherwise

    • isFileAllowed

      public static boolean isFileAllowed(String filePath, Set<String> allowlist)
      Checks if a file path is allowed for privileged reading. Supports Java glob pattern matching.
      Parameters:
      filePath - The file path to check
      allowlist - Set of allowed file paths or glob patterns
      Returns:
      true if the file path matches an entry in the allowlist, false otherwise

    • getCommandAllowlist

      public static Set<String> getCommandAllowlist()
      Gets the command allowlist, refreshing periodically from config.
      Returns:
      The current command allowlist

    • getFileAllowlist

      public static Set<String> getFileAllowlist()
      Gets the file allowlist, refreshing periodically from config.
      Returns:
      The current file allowlist

    • getPrefix

      public static String getPrefix()
      Gets the configured sudo command prefix for the current platform.
      Returns:
      The prefix string, or empty string if not configured or not supported on this platform

    • readFilePrivileged

      public static List<String> readFilePrivileged(String filePath)
      Reads a file with privileged fallback. First attempts normal read, then falls back to sudo cat if the file exists but is not readable and the file is in the allowlist.
      Parameters:
      filePath - The file to read
      Returns:
      A list of Strings representing each line of the file, or empty list if unreadable

    • getStringFromFilePrivileged

      public static String getStringFromFilePrivileged(String filePath)
      Reads a file and returns the first line as a String, with privileged fallback.
      Parameters:
      filePath - The file to read
      Returns:
      The first line of the file, or empty string if unreadable

    • getKeyValueMapFromFilePrivileged

      public static Map<String,String> getKeyValueMapFromFilePrivileged(String filePath, String separator)
      Reads a file and returns a map of string keys to string values, with privileged fallback.
      Parameters:
      filePath - The file to read
      separator - Character(s) in each line of the file that separate the key and the value
      Returns:
      The map contained in the file, delimited by the separator, with the value whitespace trimmed

    • readAllBytesPrivileged

      public static byte[] readAllBytesPrivileged(String filePath, boolean reportError)
      Reads all bytes from a file with privileged fallback.
      Parameters:
      filePath - The file to read
      reportError - Whether to log errors reading the file
      Returns:
      A byte array representing the file contents, or empty array if unreadable