10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.ArrayList;
29 import java.util.List;
30 import sun.security.util.Debug;
31 import sun.security.util.SecurityConstants;
32
33
34 /**
35 * An AccessControlContext is used to make system resource access decisions
36 * based on the context it encapsulates.
37 *
38 * <p>More specifically, it encapsulates a context and
39 * has a single method, {@code checkPermission},
40 * that is equivalent to the {@code checkPermission} method
41 * in the AccessController class, with one difference: The AccessControlContext
42 * {@code checkPermission} method makes access decisions based on the
43 * context it encapsulates,
44 * rather than that of the current execution thread.
45 *
46 * <p>Thus, the purpose of AccessControlContext is for those situations where
47 * a security check that should be made within a given context
48 * actually needs to be done from within a
49 * <i>different</i> context (for example, from within a worker thread).
50 *
158 *
159 * @param combiner the {@code DomainCombiner} to be associated
160 * with the provided {@code AccessControlContext}.
161 *
162 * @exception NullPointerException if the provided
163 * {@code context} is {@code null}.
164 *
165 * @exception SecurityException if a security manager is installed and the
166 * caller does not have the "createAccessControlContext"
167 * {@link SecurityPermission}
168 * @since 1.3
169 */
170 public AccessControlContext(AccessControlContext acc,
171 DomainCombiner combiner) {
172
173 this(acc, combiner, false);
174 }
175
176 /**
177 * package private to allow calls from ProtectionDomain without performing
178 * the security check for {@linkplain SecurityConstants.CREATE_ACC_PERMISSION}
179 * permission
180 */
181 AccessControlContext(AccessControlContext acc,
182 DomainCombiner combiner,
183 boolean preauthorized) {
184 if (!preauthorized) {
185 SecurityManager sm = System.getSecurityManager();
186 if (sm != null) {
187 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
188 this.isAuthorized = true;
189 }
190 } else {
191 this.isAuthorized = true;
192 }
193
194 this.context = acc.context;
195
196 // we do not need to run the combine method on the
197 // provided ACC. it was already "combined" when the
198 // context was originally retrieved.
236 this.context = combine(callerPDs, null);
237 }
238 }
239 this.combiner = combiner;
240
241 Permission[] tmp = null;
242 if (perms != null) {
243 tmp = new Permission[perms.length];
244 for (int i=0; i < perms.length; i++) {
245 if (perms[i] == null) {
246 throw new NullPointerException("permission can't be null");
247 }
248
249 /*
250 * An AllPermission argument is equivalent to calling
251 * doPrivileged() without any limit permissions.
252 */
253 if (perms[i].getClass() == AllPermission.class) {
254 parent = null;
255 }
256 tmp[i] = perms[i];
257 }
258 }
259
260 /*
261 * For a doPrivileged() with limited privilege scope, initialize
262 * the relevant fields.
263 *
264 * The limitedContext field contains the union of all domains which
265 * are enclosed by this limited privilege scope. In other words,
266 * it contains all of the domains which could potentially be checked
267 * if none of the limiting permissions implied a requested permission.
268 */
269 if (parent != null) {
270 this.limitedContext = combine(parent.context, parent.limitedContext);
271 this.isLimited = true;
272 this.isWrapped = true;
273 this.permissions = tmp;
274 this.parent = parent;
275 this.privilegedContext = context; // used in checkPermission2()
276 }
426 }
427 }
428
429 /*
430 * iterate through the ProtectionDomains in the context.
431 * Stop at the first one that doesn't allow the
432 * requested permission (throwing an exception).
433 *
434 */
435
436 /* if ctxt is null, all we had on the stack were system domains,
437 or the first domain was a Privileged system domain. This
438 is to make the common case for system code very fast */
439
440 if (context == null) {
441 checkPermission2(perm);
442 return;
443 }
444
445 for (int i=0; i< context.length; i++) {
446 if (context[i] != null && !context[i].implies(perm)) {
447 if (dumpDebug) {
448 debug.println("access denied " + perm);
449 }
450
451 if (Debug.isOn("failure") && debug != null) {
452 // Want to make sure this is always displayed for failure,
453 // but do not want to display again if already displayed
454 // above.
455 if (!dumpDebug) {
456 debug.println("access denied " + perm);
457 }
458 Thread.dumpStack();
459 final ProtectionDomain pd = context[i];
460 final Debug db = debug;
461 AccessController.doPrivileged (new PrivilegedAction<>() {
462 public Void run() {
463 db.println("domain that failed "+pd);
464 return null;
465 }
466 });
|
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.ArrayList;
29 import java.util.List;
30
31 import sun.security.util.Debug;
32 import sun.security.util.FilePermCompat;
33 import sun.security.util.SecurityConstants;
34
35
36 /**
37 * An AccessControlContext is used to make system resource access decisions
38 * based on the context it encapsulates.
39 *
40 * <p>More specifically, it encapsulates a context and
41 * has a single method, {@code checkPermission},
42 * that is equivalent to the {@code checkPermission} method
43 * in the AccessController class, with one difference: The AccessControlContext
44 * {@code checkPermission} method makes access decisions based on the
45 * context it encapsulates,
46 * rather than that of the current execution thread.
47 *
48 * <p>Thus, the purpose of AccessControlContext is for those situations where
49 * a security check that should be made within a given context
50 * actually needs to be done from within a
51 * <i>different</i> context (for example, from within a worker thread).
52 *
160 *
161 * @param combiner the {@code DomainCombiner} to be associated
162 * with the provided {@code AccessControlContext}.
163 *
164 * @exception NullPointerException if the provided
165 * {@code context} is {@code null}.
166 *
167 * @exception SecurityException if a security manager is installed and the
168 * caller does not have the "createAccessControlContext"
169 * {@link SecurityPermission}
170 * @since 1.3
171 */
172 public AccessControlContext(AccessControlContext acc,
173 DomainCombiner combiner) {
174
175 this(acc, combiner, false);
176 }
177
178 /**
179 * package private to allow calls from ProtectionDomain without performing
180 * the security check for {@linkplain SecurityConstants#CREATE_ACC_PERMISSION}
181 * permission
182 */
183 AccessControlContext(AccessControlContext acc,
184 DomainCombiner combiner,
185 boolean preauthorized) {
186 if (!preauthorized) {
187 SecurityManager sm = System.getSecurityManager();
188 if (sm != null) {
189 sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
190 this.isAuthorized = true;
191 }
192 } else {
193 this.isAuthorized = true;
194 }
195
196 this.context = acc.context;
197
198 // we do not need to run the combine method on the
199 // provided ACC. it was already "combined" when the
200 // context was originally retrieved.
238 this.context = combine(callerPDs, null);
239 }
240 }
241 this.combiner = combiner;
242
243 Permission[] tmp = null;
244 if (perms != null) {
245 tmp = new Permission[perms.length];
246 for (int i=0; i < perms.length; i++) {
247 if (perms[i] == null) {
248 throw new NullPointerException("permission can't be null");
249 }
250
251 /*
252 * An AllPermission argument is equivalent to calling
253 * doPrivileged() without any limit permissions.
254 */
255 if (perms[i].getClass() == AllPermission.class) {
256 parent = null;
257 }
258 // Add altPath into permission for compatibility.
259 tmp[i] = FilePermCompat.newPermPlusAltPath(perms[i]);
260 }
261 }
262
263 /*
264 * For a doPrivileged() with limited privilege scope, initialize
265 * the relevant fields.
266 *
267 * The limitedContext field contains the union of all domains which
268 * are enclosed by this limited privilege scope. In other words,
269 * it contains all of the domains which could potentially be checked
270 * if none of the limiting permissions implied a requested permission.
271 */
272 if (parent != null) {
273 this.limitedContext = combine(parent.context, parent.limitedContext);
274 this.isLimited = true;
275 this.isWrapped = true;
276 this.permissions = tmp;
277 this.parent = parent;
278 this.privilegedContext = context; // used in checkPermission2()
279 }
429 }
430 }
431
432 /*
433 * iterate through the ProtectionDomains in the context.
434 * Stop at the first one that doesn't allow the
435 * requested permission (throwing an exception).
436 *
437 */
438
439 /* if ctxt is null, all we had on the stack were system domains,
440 or the first domain was a Privileged system domain. This
441 is to make the common case for system code very fast */
442
443 if (context == null) {
444 checkPermission2(perm);
445 return;
446 }
447
448 for (int i=0; i< context.length; i++) {
449 if (context[i] != null && !context[i].impliesWithAltFilePerm(perm)) {
450 if (dumpDebug) {
451 debug.println("access denied " + perm);
452 }
453
454 if (Debug.isOn("failure") && debug != null) {
455 // Want to make sure this is always displayed for failure,
456 // but do not want to display again if already displayed
457 // above.
458 if (!dumpDebug) {
459 debug.println("access denied " + perm);
460 }
461 Thread.dumpStack();
462 final ProtectionDomain pd = context[i];
463 final Debug db = debug;
464 AccessController.doPrivileged (new PrivilegedAction<>() {
465 public Void run() {
466 db.println("domain that failed "+pd);
467 return null;
468 }
469 });
|