1 /*
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.ArrayList;
29 import java.util.List;
30 import sun.security.util.Debug;
31 import sun.security.util.SecurityConstants;
32
33
34 /**
35 * An AccessControlContext is used to make system resource access decisions
36 * based on the context it encapsulates.
37 *
38 * <p>More specifically, it encapsulates a context and
39 * has a single method, {@code checkPermission},
40 * that is equivalent to the {@code checkPermission} method
41 * in the AccessController class, with one difference: The AccessControlContext
42 * {@code checkPermission} method makes access decisions based on the
43 * context it encapsulates,
44 * rather than that of the current execution thread.
45 *
46 * <p>Thus, the purpose of AccessControlContext is for those situations where
47 * a security check that should be made within a given context
48 * actually needs to be done from within a
49 * <i>different</i> context (for example, from within a worker thread).
50 *
51 * <p> An AccessControlContext is created by calling the
52 * {@code AccessController.getContext} method.
53 * The {@code getContext} method takes a "snapshot"
54 * of the current calling context, and places
55 * it in an AccessControlContext object, which it returns. A sample call is
56 * the following:
57 *
58 * <pre>
59 * AccessControlContext acc = AccessController.getContext()
60 * </pre>
61 *
62 * <p>
63 * Code within a different context can subsequently call the
64 * {@code checkPermission} method on the
65 * previously-saved AccessControlContext object. A sample call is the
66 * following:
67 *
68 * <pre>
69 * acc.checkPermission(permission)
70 * </pre>
71 *
72 * @see AccessController
73 *
74 * @author Roland Schemers
75 */
76
77 public final class AccessControlContext {
78
79 private ProtectionDomain context[];
80 // isPrivileged and isAuthorized are referenced by the VM - do not remove
81 // or change their names
82 private boolean isPrivileged;
83 private boolean isAuthorized = false;
84
85 // Note: This field is directly used by the virtual machine
86 // native codes. Don't touch it.
87 private AccessControlContext privilegedContext;
88
89 private DomainCombiner combiner = null;
90
91 // limited privilege scope
92 private Permission permissions[];
93 private AccessControlContext parent;
94 private boolean isWrapped;
95
96 // is constrained by limited privilege scope?
97 private boolean isLimited;
98 private ProtectionDomain limitedContext[];
99
100 private static boolean debugInit = false;
101 private static Debug debug = null;
102
103 static Debug getDebug()
104 {
105 if (debugInit)
106 return debug;
107 else {
108 if (Policy.isSet()) {
109 debug = Debug.getInstance("access");
110 debugInit = true;
111 }
112 return debug;
113 }
114 }
115
116 /**
117 * Create an AccessControlContext with the given array of ProtectionDomains.
118 * Context must not be null. Duplicate domains will be removed from the
119 * context.
120 *
121 * @param context the ProtectionDomains associated with this context.
122 * The non-duplicate domains are copied from the array. Subsequent
123 * changes to the array will not affect this AccessControlContext.
124 * @throws NullPointerException if {@code context} is {@code null}
125 */
126 public AccessControlContext(ProtectionDomain context[])
127 {
128 if (context.length == 0) {
129 this.context = null;
130 } else if (context.length == 1) {
131 if (context[0] != null) {
132 this.context = context.clone();
133 } else {
134 this.context = null;
135 }
136 } else {
137 List<ProtectionDomain> v = new ArrayList<>(context.length);
138 for (int i =0; i< context.length; i++) {
139 if ((context[i] != null) && (!v.contains(context[i])))
140 v.add(context[i]);
141 }
142 if (!v.isEmpty()) {
143 this.context = new ProtectionDomain[v.size()];
144 this.context = v.toArray(this.context);
145 }
146 }
147 }
148
149 /**
150 * Create a new {@code AccessControlContext} with the given
151 * {@code AccessControlContext} and {@code DomainCombiner}.
152 * This constructor associates the provided
153 * {@code DomainCombiner} with the provided
154 * {@code AccessControlContext}.
155 *
156 * <p>
157 *
158 * @param acc the {@code AccessControlContext} associated
159 * with the provided {@code DomainCombiner}.
160 *
161 * @param combiner the {@code DomainCombiner} to be associated
162 * with the provided {@code AccessControlContext}.
163 *
164 * @exception NullPointerException if the provided
165 * {@code context} is {@code null}.
166 *
167 * @exception SecurityException if a security manager is installed and the
168 * caller does not have the "createAccessControlContext"
169 * {@link SecurityPermission}
170 * @since 1.3
171 */
172 public AccessControlContext(AccessControlContext acc,
173 DomainCombiner combiner) {
174
175 SecurityManager sm = System.getSecurityManager();
176 if (sm != null) {
177 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
178 this.isAuthorized = true;
179 }
180
181 this.context = acc.context;
182
183 // we do not need to run the combine method on the
184 // provided ACC. it was already "combined" when the
185 // context was originally retrieved.
186 //
187 // at this point in time, we simply throw away the old
188 // combiner and use the newly provided one.
189 this.combiner = combiner;
190 }
191
192 /**
193 * package private for AccessController
194 *
195 * This "argument wrapper" context will be passed as the actual context
196 * parameter on an internal doPrivileged() call used in the implementation.
197 */
198 AccessControlContext(ProtectionDomain caller, DomainCombiner combiner,
199 AccessControlContext parent, AccessControlContext context,
200 Permission[] perms)
201 {
202 /*
203 * Combine the domains from the doPrivileged() context into our
204 * wrapper context, if necessary.
205 */
206 ProtectionDomain[] callerPDs = null;
207 if (caller != null) {
208 callerPDs = new ProtectionDomain[] { caller };
209 }
210 if (context != null) {
211 if (combiner != null) {
212 this.context = combiner.combine(callerPDs, context.context);
213 } else {
214 this.context = combine(callerPDs, context.context);
215 }
216 } else {
217 /*
218 * Call combiner even if there is seemingly nothing to combine.
219 */
220 if (combiner != null) {
221 this.context = combiner.combine(callerPDs, null);
222 } else {
223 this.context = combine(callerPDs, null);
224 }
225 }
226 this.combiner = combiner;
227
228 Permission[] tmp = null;
229 if (perms != null) {
230 tmp = new Permission[perms.length];
231 for (int i=0; i < perms.length; i++) {
232 if (perms[i] == null) {
233 throw new NullPointerException("permission can't be null");
234 }
235
236 /*
237 * An AllPermission argument is equivalent to calling
238 * doPrivileged() without any limit permissions.
239 */
240 if (perms[i].getClass() == AllPermission.class) {
241 parent = null;
242 }
243 tmp[i] = perms[i];
244 }
245 }
246
247 /*
248 * For a doPrivileged() with limited privilege scope, initialize
249 * the relevant fields.
250 *
251 * The limitedContext field contains the union of all domains which
252 * are enclosed by this limited privilege scope. In other words,
253 * it contains all of the domains which could potentially be checked
254 * if none of the limiting permissions implied a requested permission.
255 */
256 if (parent != null) {
257 this.limitedContext = combine(parent.context, parent.limitedContext);
258 this.isLimited = true;
259 this.isWrapped = true;
260 this.permissions = tmp;
261 this.parent = parent;
262 this.privilegedContext = context; // used in checkPermission2()
263 }
264 this.isAuthorized = true;
265 }
266
267
268 /**
269 * package private constructor for AccessController.getContext()
270 */
271
272 AccessControlContext(ProtectionDomain context[],
273 boolean isPrivileged)
274 {
275 this.context = context;
276 this.isPrivileged = isPrivileged;
277 this.isAuthorized = true;
278 }
279
280 /**
281 * Constructor for JavaSecurityAccess.doIntersectionPrivilege()
282 */
283 AccessControlContext(ProtectionDomain[] context,
284 AccessControlContext privilegedContext)
285 {
286 this.context = context;
287 this.privilegedContext = privilegedContext;
288 this.isPrivileged = true;
289 }
290
291 /**
292 * Returns this context's context.
293 */
294 ProtectionDomain[] getContext() {
295 return context;
296 }
297
298 /**
299 * Returns true if this context is privileged.
300 */
301 boolean isPrivileged()
302 {
303 return isPrivileged;
304 }
305
306 /**
307 * get the assigned combiner from the privileged or inherited context
308 */
309 DomainCombiner getAssignedCombiner() {
310 AccessControlContext acc;
311 if (isPrivileged) {
312 acc = privilegedContext;
313 } else {
314 acc = AccessController.getInheritedAccessControlContext();
315 }
316 if (acc != null) {
317 return acc.combiner;
318 }
319 return null;
320 }
321
322 /**
323 * Get the {@code DomainCombiner} associated with this
324 * {@code AccessControlContext}.
325 *
326 * <p>
327 *
328 * @return the {@code DomainCombiner} associated with this
329 * {@code AccessControlContext}, or {@code null}
330 * if there is none.
331 *
332 * @exception SecurityException if a security manager is installed and
333 * the caller does not have the "getDomainCombiner"
334 * {@link SecurityPermission}
335 * @since 1.3
336 */
337 public DomainCombiner getDomainCombiner() {
338
339 SecurityManager sm = System.getSecurityManager();
340 if (sm != null) {
341 sm.checkPermission(SecurityConstants.GET_COMBINER_PERMISSION);
342 }
343 return getCombiner();
344 }
345
346 /**
347 * package private for AccessController
348 */
349 DomainCombiner getCombiner() {
350 return combiner;
351 }
352
353 /**
354 * Determines whether the access request indicated by the
355 * specified permission should be allowed or denied, based on
356 * the security policy currently in effect, and the context in
357 * this object. The request is allowed only if every ProtectionDomain
358 * in the context implies the permission. Otherwise the request is
359 * denied.
360 *
361 * <p>
362 * This method quietly returns if the access request
363 * is permitted, or throws a suitable AccessControlException otherwise.
364 *
365 * @param perm the requested permission.
366 *
367 * @exception AccessControlException if the specified permission
368 * is not permitted, based on the current security policy and the
369 * context encapsulated by this object.
370 * @exception NullPointerException if the permission to check for is null.
371 */
372 public void checkPermission(Permission perm)
373 throws AccessControlException
374 {
375 boolean dumpDebug = false;
376
377 if (perm == null) {
378 throw new NullPointerException("permission can't be null");
379 }
380 if (getDebug() != null) {
381 // If "codebase" is not specified, we dump the info by default.
382 dumpDebug = !Debug.isOn("codebase=");
383 if (!dumpDebug) {
384 // If "codebase" is specified, only dump if the specified code
385 // value is in the stack.
386 for (int i = 0; context != null && i < context.length; i++) {
387 if (context[i].getCodeSource() != null &&
388 context[i].getCodeSource().getLocation() != null &&
389 Debug.isOn("codebase=" + context[i].getCodeSource().getLocation().toString())) {
390 dumpDebug = true;
391 break;
392 }
393 }
394 }
395
396 dumpDebug &= !Debug.isOn("permission=") ||
397 Debug.isOn("permission=" + perm.getClass().getCanonicalName());
398
399 if (dumpDebug && Debug.isOn("stack")) {
400 Thread.dumpStack();
401 }
402
403 if (dumpDebug && Debug.isOn("domain")) {
404 if (context == null) {
405 debug.println("domain (context is null)");
406 } else {
407 for (int i=0; i< context.length; i++) {
408 debug.println("domain "+i+" "+context[i]);
409 }
410 }
411 }
412 }
413
414 /*
415 * iterate through the ProtectionDomains in the context.
416 * Stop at the first one that doesn't allow the
417 * requested permission (throwing an exception).
418 *
419 */
420
421 /* if ctxt is null, all we had on the stack were system domains,
422 or the first domain was a Privileged system domain. This
423 is to make the common case for system code very fast */
424
425 if (context == null) {
426 checkPermission2(perm);
427 return;
428 }
429
430 for (int i=0; i< context.length; i++) {
431 if (context[i] != null && !context[i].implies(perm)) {
432 if (dumpDebug) {
433 debug.println("access denied " + perm);
434 }
435
436 if (Debug.isOn("failure") && debug != null) {
437 // Want to make sure this is always displayed for failure,
438 // but do not want to display again if already displayed
439 // above.
440 if (!dumpDebug) {
441 debug.println("access denied " + perm);
442 }
443 Thread.dumpStack();
444 final ProtectionDomain pd = context[i];
445 final Debug db = debug;
446 AccessController.doPrivileged (new PrivilegedAction<Void>() {
447 public Void run() {
448 db.println("domain that failed "+pd);
449 return null;
450 }
451 });
452 }
453 throw new AccessControlException("access denied "+perm, perm);
454 }
455 }
456
457 // allow if all of them allowed access
458 if (dumpDebug) {
459 debug.println("access allowed "+perm);
460 }
461
462 checkPermission2(perm);
463 }
464
465 /*
466 * Check the domains associated with the limited privilege scope.
467 */
468 private void checkPermission2(Permission perm) {
469 if (!isLimited) {
470 return;
471 }
472
473 /*
474 * Check the doPrivileged() context parameter, if present.
475 */
476 if (privilegedContext != null) {
477 privilegedContext.checkPermission2(perm);
478 }
479
480 /*
481 * Ignore the limited permissions and parent fields of a wrapper
482 * context since they were already carried down into the unwrapped
483 * context.
484 */
485 if (isWrapped) {
486 return;
487 }
488
489 /*
490 * Try to match any limited privilege scope.
491 */
492 if (permissions != null) {
493 Class<?> permClass = perm.getClass();
494 for (int i=0; i < permissions.length; i++) {
495 Permission limit = permissions[i];
496 if (limit.getClass().equals(permClass) && limit.implies(perm)) {
497 return;
498 }
499 }
500 }
501
502 /*
503 * Check the limited privilege scope up the call stack or the inherited
504 * parent thread call stack of this ACC.
505 */
506 if (parent != null) {
507 /*
508 * As an optimization, if the parent context is the inherited call
509 * stack context from a parent thread then checking the protection
510 * domains of the parent context is redundant since they have
511 * already been merged into the child thread's context by
512 * optimize(). When parent is set to an inherited context this
513 * context was not directly created by a limited scope
514 * doPrivileged() and it does not have its own limited permissions.
515 */
516 if (permissions == null) {
517 parent.checkPermission2(perm);
518 } else {
519 parent.checkPermission(perm);
520 }
521 }
522 }
523
524 /**
525 * Take the stack-based context (this) and combine it with the
526 * privileged or inherited context, if need be. Any limited
527 * privilege scope is flagged regardless of whether the assigned
528 * context comes from an immediately enclosing limited doPrivileged().
529 * The limited privilege scope can indirectly flow from the inherited
530 * parent thread or an assigned context previously captured by getContext().
531 */
532 AccessControlContext optimize() {
533 // the assigned (privileged or inherited) context
534 AccessControlContext acc;
535 DomainCombiner combiner = null;
536 AccessControlContext parent = null;
537 Permission[] permissions = null;
538
539 if (isPrivileged) {
540 acc = privilegedContext;
541 if (acc != null) {
542 /*
543 * If the context is from a limited scope doPrivileged() then
544 * copy the permissions and parent fields out of the wrapper
545 * context that was created to hold them.
546 */
547 if (acc.isWrapped) {
548 permissions = acc.permissions;
549 parent = acc.parent;
550 }
551 }
552 } else {
553 acc = AccessController.getInheritedAccessControlContext();
554 if (acc != null) {
555 /*
556 * If the inherited context is constrained by a limited scope
557 * doPrivileged() then set it as our parent so we will process
558 * the non-domain-related state.
559 */
560 if (acc.isLimited) {
561 parent = acc;
562 }
563 }
564 }
565
566 // this.context could be null if only system code is on the stack;
567 // in that case, ignore the stack context
568 boolean skipStack = (context == null);
569
570 // acc.context could be null if only system code was involved;
571 // in that case, ignore the assigned context
572 boolean skipAssigned = (acc == null || acc.context == null);
573 ProtectionDomain[] assigned = (skipAssigned) ? null : acc.context;
574 ProtectionDomain[] pd;
575
576 // if there is no enclosing limited privilege scope on the stack or
577 // inherited from a parent thread
578 boolean skipLimited = ((acc == null || !acc.isWrapped) && parent == null);
579
580 if (acc != null && acc.combiner != null) {
581 // let the assigned acc's combiner do its thing
582 if (getDebug() != null) {
583 debug.println("AccessControlContext invoking the Combiner");
584 }
585
586 // No need to clone current and assigned.context
587 // combine() will not update them
588 combiner = acc.combiner;
589 pd = combiner.combine(context, assigned);
590 } else {
591 if (skipStack) {
592 if (skipAssigned) {
593 calculateFields(acc, parent, permissions);
594 return this;
595 } else if (skipLimited) {
596 return acc;
597 }
598 } else if (assigned != null) {
599 if (skipLimited) {
600 // optimization: if there is a single stack domain and
601 // that domain is already in the assigned context; no
602 // need to combine
603 if (context.length == 1 && context[0] == assigned[0]) {
604 return acc;
605 }
606 }
607 }
608
609 pd = combine(context, assigned);
610 if (skipLimited && !skipAssigned && pd == assigned) {
611 return acc;
612 } else if (skipAssigned && pd == context) {
613 calculateFields(acc, parent, permissions);
614 return this;
615 }
616 }
617
618 // Reuse existing ACC
619 this.context = pd;
620 this.combiner = combiner;
621 this.isPrivileged = false;
622
623 calculateFields(acc, parent, permissions);
624 return this;
625 }
626
627
628 /*
629 * Combine the current (stack) and assigned domains.
630 */
631 private static ProtectionDomain[] combine(ProtectionDomain[]current,
632 ProtectionDomain[] assigned) {
633
634 // current could be null if only system code is on the stack;
635 // in that case, ignore the stack context
636 boolean skipStack = (current == null);
637
638 // assigned could be null if only system code was involved;
639 // in that case, ignore the assigned context
640 boolean skipAssigned = (assigned == null);
641
642 int slen = (skipStack) ? 0 : current.length;
643
644 // optimization: if there is no assigned context and the stack length
645 // is less then or equal to two; there is no reason to compress the
646 // stack context, it already is
647 if (skipAssigned && slen <= 2) {
648 return current;
649 }
650
651 int n = (skipAssigned) ? 0 : assigned.length;
652
653 // now we combine both of them, and create a new context
654 ProtectionDomain pd[] = new ProtectionDomain[slen + n];
655
656 // first copy in the assigned context domains, no need to compress
657 if (!skipAssigned) {
658 System.arraycopy(assigned, 0, pd, 0, n);
659 }
660
661 // now add the stack context domains, discarding nulls and duplicates
662 outer:
663 for (int i = 0; i < slen; i++) {
664 ProtectionDomain sd = current[i];
665 if (sd != null) {
666 for (int j = 0; j < n; j++) {
667 if (sd == pd[j]) {
668 continue outer;
669 }
670 }
671 pd[n++] = sd;
672 }
673 }
674
675 // if length isn't equal, we need to shorten the array
676 if (n != pd.length) {
677 // optimization: if we didn't really combine anything
678 if (!skipAssigned && n == assigned.length) {
679 return assigned;
680 } else if (skipAssigned && n == slen) {
681 return current;
682 }
683 ProtectionDomain tmp[] = new ProtectionDomain[n];
684 System.arraycopy(pd, 0, tmp, 0, n);
685 pd = tmp;
686 }
687
688 return pd;
689 }
690
691
692 /*
693 * Calculate the additional domains that could potentially be reached via
694 * limited privilege scope. Mark the context as being subject to limited
695 * privilege scope unless the reachable domains (if any) are already
696 * contained in this domain context (in which case any limited
697 * privilege scope checking would be redundant).
698 */
699 private void calculateFields(AccessControlContext assigned,
700 AccessControlContext parent, Permission[] permissions)
701 {
702 ProtectionDomain[] parentLimit = null;
703 ProtectionDomain[] assignedLimit = null;
704 ProtectionDomain[] newLimit;
705
706 parentLimit = (parent != null)? parent.limitedContext: null;
707 assignedLimit = (assigned != null)? assigned.limitedContext: null;
708 newLimit = combine(parentLimit, assignedLimit);
709 if (newLimit != null) {
710 if (context == null || !containsAllPDs(newLimit, context)) {
711 this.limitedContext = newLimit;
712 this.permissions = permissions;
713 this.parent = parent;
714 this.isLimited = true;
715 }
716 }
717 }
718
719
720 /**
721 * Checks two AccessControlContext objects for equality.
722 * Checks that <i>obj</i> is
723 * an AccessControlContext and has the same set of ProtectionDomains
724 * as this context.
725 * <P>
726 * @param obj the object we are testing for equality with this object.
727 * @return true if <i>obj</i> is an AccessControlContext, and has the
728 * same set of ProtectionDomains as this context, false otherwise.
729 */
730 public boolean equals(Object obj) {
731 if (obj == this)
732 return true;
733
734 if (! (obj instanceof AccessControlContext))
735 return false;
736
737 AccessControlContext that = (AccessControlContext) obj;
738
739 if (!equalContext(that))
740 return false;
741
742 if (!equalLimitedContext(that))
743 return false;
744
745 return true;
746 }
747
748 /*
749 * Compare for equality based on state that is free of limited
750 * privilege complications.
751 */
752 private boolean equalContext(AccessControlContext that) {
753 if (!equalPDs(this.context, that.context))
754 return false;
755
756 if (this.combiner == null && that.combiner != null)
757 return false;
758
759 if (this.combiner != null && !this.combiner.equals(that.combiner))
760 return false;
761
762 return true;
763 }
764
765 private boolean equalPDs(ProtectionDomain[] a, ProtectionDomain[] b) {
766 if (a == null) {
767 return (b == null);
768 }
769
770 if (b == null)
771 return false;
772
773 if (!(containsAllPDs(a, b) && containsAllPDs(b, a)))
774 return false;
775
776 return true;
777 }
778
779 /*
780 * Compare for equality based on state that is captured during a
781 * call to AccessController.getContext() when a limited privilege
782 * scope is in effect.
783 */
784 private boolean equalLimitedContext(AccessControlContext that) {
785 if (that == null)
786 return false;
787
788 /*
789 * If neither instance has limited privilege scope then we're done.
790 */
791 if (!this.isLimited && !that.isLimited)
792 return true;
793
794 /*
795 * If only one instance has limited privilege scope then we're done.
796 */
797 if (!(this.isLimited && that.isLimited))
798 return false;
799
800 /*
801 * Wrapped instances should never escape outside the implementation
802 * this class and AccessController so this will probably never happen
803 * but it only makes any sense to compare if they both have the same
804 * isWrapped state.
805 */
806 if ((this.isWrapped && !that.isWrapped) ||
807 (!this.isWrapped && that.isWrapped)) {
808 return false;
809 }
810
811 if (this.permissions == null && that.permissions != null)
812 return false;
813
814 if (this.permissions != null && that.permissions == null)
815 return false;
816
817 if (!(this.containsAllLimits(that) && that.containsAllLimits(this)))
818 return false;
819
820 /*
821 * Skip through any wrapped contexts.
822 */
823 AccessControlContext thisNextPC = getNextPC(this);
824 AccessControlContext thatNextPC = getNextPC(that);
825
826 /*
827 * The protection domains and combiner of a privilegedContext are
828 * not relevant because they have already been included in the context
829 * of this instance by optimize() so we only care about any limited
830 * privilege state they may have.
831 */
832 if (thisNextPC == null && thatNextPC != null && thatNextPC.isLimited)
833 return false;
834
835 if (thisNextPC != null && !thisNextPC.equalLimitedContext(thatNextPC))
836 return false;
837
838 if (this.parent == null && that.parent != null)
839 return false;
840
841 if (this.parent != null && !this.parent.equals(that.parent))
842 return false;
843
844 return true;
845 }
846
847 /*
848 * Follow the privilegedContext link making our best effort to skip
849 * through any wrapper contexts.
850 */
851 private static AccessControlContext getNextPC(AccessControlContext acc) {
852 while (acc != null && acc.privilegedContext != null) {
853 acc = acc.privilegedContext;
854 if (!acc.isWrapped)
855 return acc;
856 }
857 return null;
858 }
859
860 private static boolean containsAllPDs(ProtectionDomain[] thisContext,
861 ProtectionDomain[] thatContext) {
862 boolean match = false;
863
864 //
865 // ProtectionDomains within an ACC currently cannot be null
866 // and this is enforced by the constructor and the various
867 // optimize methods. However, historically this logic made attempts
868 // to support the notion of a null PD and therefore this logic continues
869 // to support that notion.
870 ProtectionDomain thisPd;
871 for (int i = 0; i < thisContext.length; i++) {
872 match = false;
873 if ((thisPd = thisContext[i]) == null) {
874 for (int j = 0; (j < thatContext.length) && !match; j++) {
875 match = (thatContext[j] == null);
876 }
877 } else {
878 Class<?> thisPdClass = thisPd.getClass();
879 ProtectionDomain thatPd;
880 for (int j = 0; (j < thatContext.length) && !match; j++) {
881 thatPd = thatContext[j];
882
883 // Class check required to avoid PD exposure (4285406)
884 match = (thatPd != null &&
885 thisPdClass == thatPd.getClass() && thisPd.equals(thatPd));
886 }
887 }
888 if (!match) return false;
889 }
890 return match;
891 }
892
893 private boolean containsAllLimits(AccessControlContext that) {
894 boolean match = false;
895 Permission thisPerm;
896
897 if (this.permissions == null && that.permissions == null)
898 return true;
899
900 for (int i = 0; i < this.permissions.length; i++) {
901 Permission limit = this.permissions[i];
902 Class <?> limitClass = limit.getClass();
903 match = false;
904 for (int j = 0; (j < that.permissions.length) && !match; j++) {
905 Permission perm = that.permissions[j];
906 match = (limitClass.equals(perm.getClass()) &&
907 limit.equals(perm));
908 }
909 if (!match) return false;
910 }
911 return match;
912 }
913
914
915 /**
916 * Returns the hash code value for this context. The hash code
917 * is computed by exclusive or-ing the hash code of all the protection
918 * domains in the context together.
919 *
920 * @return a hash code value for this context.
921 */
922
923 public int hashCode() {
924 int hashCode = 0;
925
926 if (context == null)
927 return hashCode;
928
929 for (int i =0; i < context.length; i++) {
930 if (context[i] != null)
931 hashCode ^= context[i].hashCode();
932 }
933
934 return hashCode;
935 }
936 }