122 private ClassLoader classloader;
123
124 /* Principals running-as within this protection domain */
125 private Principal[] principals;
126
127 /* the rights this protection domain is granted */
128 private PermissionCollection permissions;
129
130 /* if the permissions object has AllPermission */
131 private boolean hasAllPerm = false;
132
133 /* the PermissionCollection is static (pre 1.4 constructor)
134 or dynamic (via a policy refresh) */
135 private boolean staticPermissions;
136
137 /*
138 * An object used as a key when the ProtectionDomain is stored in a Map.
139 */
140 final Key key = new Key();
141
142 private static final Debug debug = Debug.getInstance("domain");
143
144 /**
145 * Creates a new ProtectionDomain with the given CodeSource and
146 * Permissions. If the permissions object is not null, then
147 * {@code setReadOnly())} will be called on the passed in
148 * Permissions object. The only permissions granted to this domain
149 * are the ones specified; the current Policy will not be consulted.
150 *
151 * @param codesource the codesource associated with this domain
152 * @param permissions the permissions granted to this domain
153 */
154 public ProtectionDomain(CodeSource codesource,
155 PermissionCollection permissions) {
156 this.codesource = codesource;
157 if (permissions != null) {
158 this.permissions = permissions;
159 this.permissions.setReadOnly();
160 if (permissions instanceof Permissions &&
161 ((Permissions)permissions).allPermission != null) {
162 hasAllPerm = true;
163 }
321 palBuf.append(",\n");
322 else
323 palBuf.append(")\n");
324 }
325 pals = palBuf.toString();
326 }
327
328 // Check if policy is set; we don't want to load
329 // the policy prematurely here
330 PermissionCollection pc = Policy.isSet() && seeAllp() ?
331 mergePermissions():
332 getPermissions();
333
334 return "ProtectionDomain "+
335 " "+codesource+"\n"+
336 " "+classloader+"\n"+
337 " "+pals+"\n"+
338 " "+pc+"\n";
339 }
340
341 /**
342 * Return true (merge policy permissions) in the following cases:
343 *
344 * . SecurityManager is null
345 *
346 * . SecurityManager is not null,
347 * debug is not null,
348 * SecurityManager impelmentation is in bootclasspath,
349 * Policy implementation is in bootclasspath
350 * (the bootclasspath restrictions avoid recursion)
351 *
352 * . SecurityManager is not null,
353 * debug is null,
354 * caller has Policy.getPolicy permission
355 */
356 private static boolean seeAllp() {
357 SecurityManager sm = System.getSecurityManager();
358
359 if (sm == null) {
360 return true;
361 } else {
362 if (debug != null) {
363 if (sm.getClass().getClassLoader() == null &&
364 Policy.getPolicyNoCheck().getClass().getClassLoader()
365 == null) {
366 return true;
367 }
368 } else {
369 try {
370 sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
371 return true;
372 } catch (SecurityException se) {
373 // fall thru and return false
374 }
375 }
376 }
377
378 return false;
379 }
380
381 private PermissionCollection mergePermissions() {
382 if (staticPermissions)
|
122 private ClassLoader classloader;
123
124 /* Principals running-as within this protection domain */
125 private Principal[] principals;
126
127 /* the rights this protection domain is granted */
128 private PermissionCollection permissions;
129
130 /* if the permissions object has AllPermission */
131 private boolean hasAllPerm = false;
132
133 /* the PermissionCollection is static (pre 1.4 constructor)
134 or dynamic (via a policy refresh) */
135 private boolean staticPermissions;
136
137 /*
138 * An object used as a key when the ProtectionDomain is stored in a Map.
139 */
140 final Key key = new Key();
141
142 /**
143 * Creates a new ProtectionDomain with the given CodeSource and
144 * Permissions. If the permissions object is not null, then
145 * {@code setReadOnly())} will be called on the passed in
146 * Permissions object. The only permissions granted to this domain
147 * are the ones specified; the current Policy will not be consulted.
148 *
149 * @param codesource the codesource associated with this domain
150 * @param permissions the permissions granted to this domain
151 */
152 public ProtectionDomain(CodeSource codesource,
153 PermissionCollection permissions) {
154 this.codesource = codesource;
155 if (permissions != null) {
156 this.permissions = permissions;
157 this.permissions.setReadOnly();
158 if (permissions instanceof Permissions &&
159 ((Permissions)permissions).allPermission != null) {
160 hasAllPerm = true;
161 }
319 palBuf.append(",\n");
320 else
321 palBuf.append(")\n");
322 }
323 pals = palBuf.toString();
324 }
325
326 // Check if policy is set; we don't want to load
327 // the policy prematurely here
328 PermissionCollection pc = Policy.isSet() && seeAllp() ?
329 mergePermissions():
330 getPermissions();
331
332 return "ProtectionDomain "+
333 " "+codesource+"\n"+
334 " "+classloader+"\n"+
335 " "+pals+"\n"+
336 " "+pc+"\n";
337 }
338
339 /*
340 * holder class for the static field "debug" to delay its initialization
341 */
342 private static class DebugHolder {
343 private static final Debug debug = Debug.getInstance("domain");
344 }
345
346 /**
347 * Return true (merge policy permissions) in the following cases:
348 *
349 * . SecurityManager is null
350 *
351 * . SecurityManager is not null,
352 * debug is not null,
353 * SecurityManager impelmentation is in bootclasspath,
354 * Policy implementation is in bootclasspath
355 * (the bootclasspath restrictions avoid recursion)
356 *
357 * . SecurityManager is not null,
358 * debug is null,
359 * caller has Policy.getPolicy permission
360 */
361 private static boolean seeAllp() {
362 SecurityManager sm = System.getSecurityManager();
363
364 if (sm == null) {
365 return true;
366 } else {
367 if (DebugHolder.debug != null) {
368 if (sm.getClass().getClassLoader() == null &&
369 Policy.getPolicyNoCheck().getClass().getClassLoader()
370 == null) {
371 return true;
372 }
373 } else {
374 try {
375 sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
376 return true;
377 } catch (SecurityException se) {
378 // fall thru and return false
379 }
380 }
381 }
382
383 return false;
384 }
385
386 private PermissionCollection mergePermissions() {
387 if (staticPermissions)
|