15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.lang.ref.Reference;
29 import java.lang.ref.ReferenceQueue;
30 import java.lang.ref.SoftReference;
31 import java.lang.ref.WeakReference;
32 import java.util.ArrayList;
33 import java.util.Enumeration;
34 import java.util.List;
35 import java.util.Map;
36 import java.util.concurrent.ConcurrentHashMap;
37 import jdk.internal.misc.JavaSecurityAccess;
38 import jdk.internal.misc.JavaSecurityProtectionDomainAccess;
39 import static jdk.internal.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
40 import jdk.internal.misc.SharedSecrets;
41 import sun.security.util.Debug;
42 import sun.security.util.SecurityConstants;
43
44 /**
45 * The ProtectionDomain class encapsulates the characteristics of a domain,
46 * which encloses a set of classes whose instances are granted a set
47 * of permissions when being executed on behalf of a given set of Principals.
48 * <p>
49 * A static set of permissions can be bound to a ProtectionDomain when it is
50 * constructed; such permissions are granted to the domain regardless of the
51 * Policy in force. However, to support dynamic security policies, a
52 * ProtectionDomain can also be constructed such that it is dynamically
53 * mapped to a set of permissions by the current Policy whenever a permission
54 * is checked.
55 *
56 * @author Li Gong
57 * @author Roland Schemers
58 * @author Gary Ellison
59 */
60
61 public class ProtectionDomain {
286 * true, then the permission will only be checked against the
287 * PermissionCollection supplied at construction.
288 * <p>
289 * Otherwise, the permission will be checked against the combination
290 * of the PermissionCollection supplied at construction and
291 * the current Policy binding.
292 *
293 * @param perm the Permission object to check.
294 *
295 * @return true if {@code perm} is implied by this ProtectionDomain.
296 */
297 public boolean implies(Permission perm) {
298
299 if (hasAllPerm) {
300 // internal permission collection already has AllPermission -
301 // no need to go to policy
302 return true;
303 }
304
305 if (!staticPermissions &&
306 Policy.getPolicyNoCheck().implies(this, perm))
307 return true;
308 if (permissions != null)
309 return permissions.implies(perm);
310
311 return false;
312 }
313
314 // called by the VM -- do not remove
315 boolean impliesCreateAccessControlContext() {
316 return implies(SecurityConstants.CREATE_ACC_PERMISSION);
317 }
318
319 /**
320 * Convert a ProtectionDomain to a String.
321 */
322 @Override public String toString() {
323 String pals = "<no principals>";
324 if (principals != null && principals.length > 0) {
325 StringBuilder palBuf = new StringBuilder("(principals ");
326
327 for (int i = 0; i < principals.length; i++) {
328 palBuf.append(principals[i].getClass().getName() +
329 " \"" + principals[i].getName() +
330 "\"");
|
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.lang.ref.Reference;
29 import java.lang.ref.ReferenceQueue;
30 import java.lang.ref.SoftReference;
31 import java.lang.ref.WeakReference;
32 import java.util.ArrayList;
33 import java.util.Enumeration;
34 import java.util.List;
35 import java.util.concurrent.ConcurrentHashMap;
36 import jdk.internal.misc.JavaSecurityAccess;
37 import jdk.internal.misc.JavaSecurityProtectionDomainAccess;
38 import static jdk.internal.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
39 import jdk.internal.misc.SharedSecrets;
40 import sun.security.provider.PolicyFile;
41 import sun.security.util.Debug;
42 import sun.security.util.FilePermCompat;
43 import sun.security.util.SecurityConstants;
44
45 /**
46 * The ProtectionDomain class encapsulates the characteristics of a domain,
47 * which encloses a set of classes whose instances are granted a set
48 * of permissions when being executed on behalf of a given set of Principals.
49 * <p>
50 * A static set of permissions can be bound to a ProtectionDomain when it is
51 * constructed; such permissions are granted to the domain regardless of the
52 * Policy in force. However, to support dynamic security policies, a
53 * ProtectionDomain can also be constructed such that it is dynamically
54 * mapped to a set of permissions by the current Policy whenever a permission
55 * is checked.
56 *
57 * @author Li Gong
58 * @author Roland Schemers
59 * @author Gary Ellison
60 */
61
62 public class ProtectionDomain {
287 * true, then the permission will only be checked against the
288 * PermissionCollection supplied at construction.
289 * <p>
290 * Otherwise, the permission will be checked against the combination
291 * of the PermissionCollection supplied at construction and
292 * the current Policy binding.
293 *
294 * @param perm the Permission object to check.
295 *
296 * @return true if {@code perm} is implied by this ProtectionDomain.
297 */
298 public boolean implies(Permission perm) {
299
300 if (hasAllPerm) {
301 // internal permission collection already has AllPermission -
302 // no need to go to policy
303 return true;
304 }
305
306 if (!staticPermissions &&
307 Policy.getPolicyNoCheck().implies(this, perm)) {
308 return true;
309 }
310 if (permissions != null) {
311 return permissions.implies(perm);
312 }
313
314 return false;
315 }
316
317 /**
318 * This method has the same logic flow as {@link #implies} except that
319 * when the {@link FilePermCompat#compat} flag is on it ensures
320 * FilePermission compatibility after JDK-8164705. {@code implies()}
321 * is called when compat flag is not on or user has extended
322 * {@code ProtectionDomain}.
323 *
324 * This method is called by {@link AccessControlContext#checkPermission}
325 * and not intended to be called by an application.
326 */
327 boolean impliesWithAltFilePerm(Permission perm) {
328
329 // If this is a subclass of ProtectionDomain. Call the old method.
330 if (!FilePermCompat.compat || getClass() != ProtectionDomain.class) {
331 return implies(perm);
332 }
333
334 if (hasAllPerm) {
335 // internal permission collection already has AllPermission -
336 // no need to go to policy
337 return true;
338 }
339
340 Permission p2 = null;
341 boolean p2Calculated = false;
342
343 if (!staticPermissions) {
344 Policy policy = Policy.getPolicyNoCheck();
345 if (policy instanceof PolicyFile) {
346 // The PolicyFile implementation supports compatibility
347 // inside and it also covers the static permissions.
348 return policy.implies(this, perm);
349 } else {
350 if (policy.implies(this, perm)) {
351 return true;
352 }
353 p2 = FilePermCompat.newPermUsingAltPath(perm);
354 p2Calculated = true;
355 if (p2 != null && policy.implies(this, p2)) {
356 return true;
357 }
358 }
359 }
360 if (permissions != null) {
361 if (permissions.implies(perm)) {
362 return true;
363 } else {
364 if (!p2Calculated) {
365 p2 = FilePermCompat.newPermUsingAltPath(perm);
366 }
367 if (p2 != null) {
368 return permissions.implies(p2);
369 }
370 }
371 }
372 return false;
373 }
374
375 // called by the VM -- do not remove
376 boolean impliesCreateAccessControlContext() {
377 return implies(SecurityConstants.CREATE_ACC_PERMISSION);
378 }
379
380 /**
381 * Convert a ProtectionDomain to a String.
382 */
383 @Override public String toString() {
384 String pals = "<no principals>";
385 if (principals != null && principals.length > 0) {
386 StringBuilder palBuf = new StringBuilder("(principals ");
387
388 for (int i = 0; i < principals.length; i++) {
389 palBuf.append(principals[i].getClass().getName() +
390 " \"" + principals[i].getName() +
391 "\"");
|