1 /*
   2  * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 
  27 package java.security;
  28 
  29 import java.util.Enumeration;
  30 import java.util.WeakHashMap;
  31 import java.util.concurrent.atomic.AtomicReference;
  32 import java.util.Objects;
  33 import sun.security.jca.GetInstance;
  34 import sun.security.util.Debug;
  35 import sun.security.util.SecurityConstants;
  36 
  37 
  38 /**
  39  * A Policy object is responsible for determining whether code executing
  40  * in the Java runtime environment has permission to perform a
  41  * security-sensitive operation.
  42  *
  43  * <p> There is only one Policy object installed in the runtime at any
  44  * given time.  A Policy object can be installed by calling the
  45  * {@code setPolicy} method.  The installed Policy object can be
  46  * obtained by calling the {@code getPolicy} method.
  47  *
  48  * <p> If no Policy object has been installed in the runtime, a call to
  49  * {@code getPolicy} installs an instance of the default Policy
  50  * implementation (a default subclass implementation of this abstract class).
  51  * The default Policy implementation can be changed by setting the value
  52  * of the {@code policy.provider} security property to the fully qualified
  53  * name of the desired Policy subclass implementation. The system class loader
  54  * is used to load this class.
  55  *
  56  * <p> Application code can directly subclass Policy to provide a custom
  57  * implementation.  In addition, an instance of a Policy object can be
  58  * constructed by invoking one of the {@code getInstance} factory methods
  59  * with a standard type.  The default policy type is "JavaPolicy".
  60  *
  61  * <p> Once a Policy instance has been installed (either by default, or by
  62  * calling {@code setPolicy}), the Java runtime invokes its
  63  * {@code implies} method when it needs to
  64  * determine whether executing code (encapsulated in a ProtectionDomain)
  65  * can perform SecurityManager-protected operations.  How a Policy object
  66  * retrieves its policy data is up to the Policy implementation itself.
  67  * The policy data may be stored, for example, in a flat ASCII file,
  68  * in a serialized binary file of the Policy class, or in a database.
  69  *
  70  * <p> The {@code refresh} method causes the policy object to
  71  * refresh/reload its data.  This operation is implementation-dependent.
  72  * For example, if the policy object stores its data in configuration files,
  73  * calling {@code refresh} will cause it to re-read the configuration
  74  * policy files.  If a refresh operation is not supported, this method does
  75  * nothing.  Note that refreshed policy may not have an effect on classes
  76  * in a particular ProtectionDomain. This is dependent on the Policy
  77  * provider's implementation of the {@code implies}
  78  * method and its PermissionCollection caching strategy.
  79  *
  80  * @author Roland Schemers
  81  * @author Gary Ellison
  82  * @see java.security.Provider
  83  * @see java.security.ProtectionDomain
  84  * @see java.security.Permission
  85  * @see java.security.Security security properties
  86  */
  87 
  88 public abstract class Policy {
  89 
  90     /**
  91      * A read-only empty PermissionCollection instance.
  92      * @since 1.6
  93      */
  94     public static final PermissionCollection UNSUPPORTED_EMPTY_COLLECTION =
  95                         new UnsupportedEmptyCollection();
  96 
  97     // Information about the system-wide policy.
  98     private static class PolicyInfo {
  99         // the system-wide policy
 100         final Policy policy;
 101         // a flag indicating if the system-wide policy has been initialized
 102         final boolean initialized;
 103 
 104         PolicyInfo(Policy policy, boolean initialized) {
 105             this.policy = policy;
 106             this.initialized = initialized;
 107         }
 108     }
 109 
 110     // PolicyInfo is stored in an AtomicReference
 111     private static AtomicReference<PolicyInfo> policy =
 112         new AtomicReference<>(new PolicyInfo(null, false));
 113 
 114     private static final Debug debug = Debug.getInstance("policy");
 115 
 116     // Default policy provider
 117     private static final String DEFAULT_POLICY =
 118         "sun.security.provider.PolicyFile";
 119 
 120     // Cache mapping ProtectionDomain.Key to PermissionCollection
 121     private WeakHashMap<ProtectionDomain.Key, PermissionCollection> pdMapping;
 122 
 123     /** package private for AccessControlContext and ProtectionDomain */
 124     static boolean isSet()
 125     {
 126         PolicyInfo pi = policy.get();
 127         return pi.policy != null && pi.initialized == true;
 128     }
 129 
 130     private static void checkPermission(String type) {
 131         SecurityManager sm = System.getSecurityManager();
 132         if (sm != null) {
 133             sm.checkPermission(new SecurityPermission("createPolicy." + type));
 134         }
 135     }
 136 
 137     /**
 138      * Returns the installed Policy object. This value should not be cached,
 139      * as it may be changed by a call to {@code setPolicy}.
 140      * This method first calls
 141      * {@code SecurityManager.checkPermission} with a
 142      * {@code SecurityPermission("getPolicy")} permission
 143      * to ensure it's ok to get the Policy object.
 144      *
 145      * @return the installed Policy.
 146      *
 147      * @throws SecurityException
 148      *        if a security manager exists and its
 149      *        {@code checkPermission} method doesn't allow
 150      *        getting the Policy object.
 151      *
 152      * @see SecurityManager#checkPermission(Permission)
 153      * @see #setPolicy(java.security.Policy)
 154      */
 155     public static Policy getPolicy()
 156     {
 157         SecurityManager sm = System.getSecurityManager();
 158         if (sm != null)
 159             sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
 160         return getPolicyNoCheck();
 161     }
 162 
 163     /**
 164      * Returns the installed Policy object, skipping the security check.
 165      * Used by ProtectionDomain and getPolicy.
 166      *
 167      * @return the installed Policy.
 168      */
 169     static Policy getPolicyNoCheck()
 170     {
 171         PolicyInfo pi = policy.get();
 172         // Use double-check idiom to avoid locking if system-wide policy is
 173         // already initialized
 174         if (pi.initialized == false || pi.policy == null) {
 175             synchronized (Policy.class) {
 176                 PolicyInfo pinfo = policy.get();
 177                 if (pinfo.policy == null) {
 178                     return loadPolicyProvider();
 179                 }
 180                 return pinfo.policy;
 181             }
 182         }
 183         return pi.policy;
 184     }
 185 
 186     /**
 187      * Loads and instantiates a Policy implementation specified by the
 188      * policy.provider security property. Note that this method should only
 189      * be called by getPolicyNoCheck and from within a synchronized block with
 190      * an intrinsic lock on the Policy.class.
 191      */
 192     private static Policy loadPolicyProvider() {
 193         String policyProvider =
 194             AccessController.doPrivileged(new PrivilegedAction<>() {
 195                 @Override
 196                 public String run() {
 197                     return Security.getProperty("policy.provider");
 198                 }
 199             });
 200 
 201         /*
 202          * If policy.provider is not set or is set to the default provider,
 203          * simply instantiate it and return.
 204          */
 205         if (policyProvider == null || policyProvider.isEmpty() ||
 206             policyProvider.equals(DEFAULT_POLICY))
 207         {
 208             Policy polFile = new sun.security.provider.PolicyFile();
 209             policy.set(new PolicyInfo(polFile, true));
 210             return polFile;
 211         }
 212 
 213         /*
 214          * Locate, load, and instantiate the policy.provider impl using
 215          * the system class loader. While doing so, install the bootstrap
 216          * provider to avoid potential recursion.
 217          */
 218         Policy polFile = new sun.security.provider.PolicyFile();
 219         policy.set(new PolicyInfo(polFile, false));
 220 
 221         Policy pol = AccessController.doPrivileged(new PrivilegedAction<>() {
 222             @Override
 223             public Policy run() {
 224                 try {
 225                     ClassLoader scl = ClassLoader.getSystemClassLoader();
 226                     @SuppressWarnings("deprecation")
 227                     Object o = Class.forName(policyProvider, true, scl).newInstance();
 228                     return (Policy)o;
 229                 } catch (Exception e) {
 230                     if (debug != null) {
 231                         debug.println("policy provider " + policyProvider +
 232                                       " not available");
 233                         e.printStackTrace();
 234                     }
 235                     return null;
 236                 }
 237             }
 238         });
 239 
 240         if (pol == null) {
 241             // Fallback and use the system default implementation
 242             if (debug != null) {
 243                 debug.println("using " + DEFAULT_POLICY);
 244             }
 245             pol = polFile;
 246         }
 247         policy.set(new PolicyInfo(pol, true));
 248         return pol;
 249     }
 250 
 251     /**
 252      * Sets the system-wide Policy object. This method first calls
 253      * {@code SecurityManager.checkPermission} with a
 254      * {@code SecurityPermission("setPolicy")}
 255      * permission to ensure it's ok to set the Policy.
 256      *
 257      * @param p the new system Policy object.
 258      *
 259      * @throws SecurityException
 260      *        if a security manager exists and its
 261      *        {@code checkPermission} method doesn't allow
 262      *        setting the Policy.
 263      *
 264      * @see SecurityManager#checkPermission(Permission)
 265      * @see #getPolicy()
 266      *
 267      */
 268     public static void setPolicy(Policy p)
 269     {
 270         SecurityManager sm = System.getSecurityManager();
 271         if (sm != null) sm.checkPermission(
 272                                  new SecurityPermission("setPolicy"));
 273         if (p != null) {
 274             initPolicy(p);
 275         }
 276         synchronized (Policy.class) {
 277             policy.set(new PolicyInfo(p, p != null));
 278         }
 279     }
 280 
 281     /**
 282      * Initialize superclass state such that a legacy provider can
 283      * handle queries for itself.
 284      *
 285      * @since 1.4
 286      */
 287     private static void initPolicy (final Policy p) {
 288         /*
 289          * A policy provider not on the bootclasspath could trigger
 290          * security checks fulfilling a call to either Policy.implies
 291          * or Policy.getPermissions. If this does occur the provider
 292          * must be able to answer for it's own ProtectionDomain
 293          * without triggering additional security checks, otherwise
 294          * the policy implementation will end up in an infinite
 295          * recursion.
 296          *
 297          * To mitigate this, the provider can collect it's own
 298          * ProtectionDomain and associate a PermissionCollection while
 299          * it is being installed. The currently installed policy
 300          * provider (if there is one) will handle calls to
 301          * Policy.implies or Policy.getPermissions during this
 302          * process.
 303          *
 304          * This Policy superclass caches away the ProtectionDomain and
 305          * statically binds permissions so that legacy Policy
 306          * implementations will continue to function.
 307          */
 308 
 309         ProtectionDomain policyDomain =
 310         AccessController.doPrivileged(new PrivilegedAction<>() {
 311             public ProtectionDomain run() {
 312                 return p.getClass().getProtectionDomain();
 313             }
 314         });
 315 
 316         /*
 317          * Collect the permissions granted to this protection domain
 318          * so that the provider can be security checked while processing
 319          * calls to Policy.implies or Policy.getPermissions.
 320          */
 321         PermissionCollection policyPerms = null;
 322         synchronized (p) {
 323             if (p.pdMapping == null) {
 324                 p.pdMapping = new WeakHashMap<>();
 325            }
 326         }
 327 
 328         if (policyDomain.getCodeSource() != null) {
 329             Policy pol = policy.get().policy;
 330             if (pol != null) {
 331                 policyPerms = pol.getPermissions(policyDomain);
 332             }
 333 
 334             if (policyPerms == null) { // assume it has all
 335                 policyPerms = new Permissions();
 336                 policyPerms.add(SecurityConstants.ALL_PERMISSION);
 337             }
 338 
 339             synchronized (p.pdMapping) {
 340                 // cache of pd to permissions
 341                 p.pdMapping.put(policyDomain.key, policyPerms);
 342             }
 343         }
 344         return;
 345     }
 346 
 347 
 348     /**
 349      * Returns a Policy object of the specified type.
 350      *
 351      * <p> This method traverses the list of registered security providers,
 352      * starting with the most preferred Provider.
 353      * A new Policy object encapsulating the
 354      * PolicySpi implementation from the first
 355      * Provider that supports the specified type is returned.
 356      *
 357      * <p> Note that the list of registered providers may be retrieved via
 358      * the {@link Security#getProviders() Security.getProviders()} method.
 359      *
 360      * @implNote
 361      * The JDK Reference Implementation additionally uses the
 362      * {@code jdk.security.provider.preferred}
 363      * {@link Security#getProperty(String) Security} property to determine
 364      * the preferred provider order for the specified algorithm. This
 365      * may be different than the order of providers returned by
 366      * {@link Security#getProviders() Security.getProviders()}.
 367      *
 368      * @param type the specified Policy type.  See the Policy section in the
 369      *    <a href=
 370      *    "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
 371      *    Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 372      *    for a list of standard Policy types.
 373      *
 374      * @param params parameters for the Policy, which may be null.
 375      *
 376      * @return the new {@code Policy} object
 377      *
 378      * @throws IllegalArgumentException if the specified parameters
 379      *         are not understood by the {@code PolicySpi} implementation
 380      *         from the selected {@code Provider}
 381      *
 382      * @throws NoSuchAlgorithmException if no {@code Provider} supports
 383      *         a {@code PolicySpi} implementation for the specified type
 384      *
 385      * @throws NullPointerException if {@code type} is {@code null}
 386      *
 387      * @throws SecurityException if the caller does not have permission
 388      *         to get a {@code Policy} instance for the specified type.
 389      *
 390      * @see Provider
 391      * @since 1.6
 392      */
 393     public static Policy getInstance(String type, Policy.Parameters params)
 394                 throws NoSuchAlgorithmException {
 395         Objects.requireNonNull(type, "null type name");
 396         checkPermission(type);
 397         try {
 398             GetInstance.Instance instance = GetInstance.getInstance("Policy",
 399                                                         PolicySpi.class,
 400                                                         type,
 401                                                         params);
 402             return new PolicyDelegate((PolicySpi)instance.impl,
 403                                                         instance.provider,
 404                                                         type,
 405                                                         params);
 406         } catch (NoSuchAlgorithmException nsae) {
 407             return handleException(nsae);
 408         }
 409     }
 410 
 411     /**
 412      * Returns a Policy object of the specified type.
 413      *
 414      * <p> A new Policy object encapsulating the
 415      * PolicySpi implementation from the specified provider
 416      * is returned.   The specified provider must be registered
 417      * in the provider list.
 418      *
 419      * <p> Note that the list of registered providers may be retrieved via
 420      * the {@link Security#getProviders() Security.getProviders()} method.
 421      *
 422      * @param type the specified Policy type.  See the Policy section in the
 423      *    <a href=
 424      *    "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
 425      *    Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 426      *    for a list of standard Policy types.
 427      *
 428      * @param params parameters for the Policy, which may be null.
 429      *
 430      * @param provider the provider.
 431      *
 432      * @return the new {@code Policy} object
 433      *
 434      * @throws IllegalArgumentException if the specified provider
 435      *         is {@code null} or empty, or if the specified parameters are
 436      *         not understood by the {@code PolicySpi} implementation from
 437      *         the specified provider
 438      *
 439      * @throws NoSuchAlgorithmException if the specified provider does not
 440      *         support a {@code PolicySpi} implementation for the specified
 441      *         type
 442      *
 443      * @throws NoSuchProviderException if the specified provider is not
 444      *         registered in the security provider list
 445      *
 446      * @throws NullPointerException if {@code type} is {@code null}
 447      *
 448      * @throws SecurityException if the caller does not have permission
 449      *         to get a {@code Policy} instance for the specified type
 450      *
 451      * @see Provider
 452      * @since 1.6
 453      */
 454     public static Policy getInstance(String type,
 455                                 Policy.Parameters params,
 456                                 String provider)
 457                 throws NoSuchProviderException, NoSuchAlgorithmException {
 458 
 459         Objects.requireNonNull(type, "null type name");
 460         if (provider == null || provider.length() == 0) {
 461             throw new IllegalArgumentException("missing provider");
 462         }
 463 
 464         checkPermission(type);
 465         try {
 466             GetInstance.Instance instance = GetInstance.getInstance("Policy",
 467                                                         PolicySpi.class,
 468                                                         type,
 469                                                         params,
 470                                                         provider);
 471             return new PolicyDelegate((PolicySpi)instance.impl,
 472                                                         instance.provider,
 473                                                         type,
 474                                                         params);
 475         } catch (NoSuchAlgorithmException nsae) {
 476             return handleException(nsae);
 477         }
 478     }
 479 
 480     /**
 481      * Returns a Policy object of the specified type.
 482      *
 483      * <p> A new Policy object encapsulating the
 484      * PolicySpi implementation from the specified Provider
 485      * object is returned.  Note that the specified Provider object
 486      * does not have to be registered in the provider list.
 487      *
 488      * @param type the specified Policy type.  See the Policy section in the
 489      *    <a href=
 490      *    "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
 491      *    Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 492      *    for a list of standard Policy types.
 493      *
 494      * @param params parameters for the Policy, which may be null.
 495      *
 496      * @param provider the Provider.
 497      *
 498      * @return the new {@code Policy} object
 499      *
 500      * @throws IllegalArgumentException if the specified {@code Provider}
 501      *         is {@code null}, or if the specified parameters are not
 502      *         understood by the {@code PolicySpi} implementation from the
 503      *         specified {@code Provider}
 504      *
 505      * @throws NoSuchAlgorithmException if the specified {@code Provider}
 506      *         does not support a {@code PolicySpi} implementation for
 507      *         the specified type
 508      *
 509      * @throws NullPointerException if {@code type} is {@code null}
 510      *
 511      * @throws SecurityException if the caller does not have permission
 512      *         to get a {@code Policy} instance for the specified type
 513      *
 514      * @see Provider
 515      * @since 1.6
 516      */
 517     public static Policy getInstance(String type,
 518                                 Policy.Parameters params,
 519                                 Provider provider)
 520                 throws NoSuchAlgorithmException {
 521 
 522         Objects.requireNonNull(type, "null type name");
 523         if (provider == null) {
 524             throw new IllegalArgumentException("missing provider");
 525         }
 526 
 527         checkPermission(type);
 528         try {
 529             GetInstance.Instance instance = GetInstance.getInstance("Policy",
 530                                                         PolicySpi.class,
 531                                                         type,
 532                                                         params,
 533                                                         provider);
 534             return new PolicyDelegate((PolicySpi)instance.impl,
 535                                                         instance.provider,
 536                                                         type,
 537                                                         params);
 538         } catch (NoSuchAlgorithmException nsae) {
 539             return handleException(nsae);
 540         }
 541     }
 542 
 543     private static Policy handleException(NoSuchAlgorithmException nsae)
 544                 throws NoSuchAlgorithmException {
 545         Throwable cause = nsae.getCause();
 546         if (cause instanceof IllegalArgumentException) {
 547             throw (IllegalArgumentException)cause;
 548         }
 549         throw nsae;
 550     }
 551 
 552     /**
 553      * Return the Provider of this Policy.
 554      *
 555      * <p> This Policy instance will only have a Provider if it
 556      * was obtained via a call to {@code Policy.getInstance}.
 557      * Otherwise this method returns null.
 558      *
 559      * @return the Provider of this Policy, or null.
 560      *
 561      * @since 1.6
 562      */
 563     public Provider getProvider() {
 564         return null;
 565     }
 566 
 567     /**
 568      * Return the type of this Policy.
 569      *
 570      * <p> This Policy instance will only have a type if it
 571      * was obtained via a call to {@code Policy.getInstance}.
 572      * Otherwise this method returns null.
 573      *
 574      * @return the type of this Policy, or null.
 575      *
 576      * @since 1.6
 577      */
 578     public String getType() {
 579         return null;
 580     }
 581 
 582     /**
 583      * Return Policy parameters.
 584      *
 585      * <p> This Policy instance will only have parameters if it
 586      * was obtained via a call to {@code Policy.getInstance}.
 587      * Otherwise this method returns null.
 588      *
 589      * @return Policy parameters, or null.
 590      *
 591      * @since 1.6
 592      */
 593     public Policy.Parameters getParameters() {
 594         return null;
 595     }
 596 
 597     /**
 598      * Return a PermissionCollection object containing the set of
 599      * permissions granted to the specified CodeSource.
 600      *
 601      * <p> Applications are discouraged from calling this method
 602      * since this operation may not be supported by all policy implementations.
 603      * Applications should solely rely on the {@code implies} method
 604      * to perform policy checks.  If an application absolutely must call
 605      * a getPermissions method, it should call
 606      * {@code getPermissions(ProtectionDomain)}.
 607      *
 608      * <p> The default implementation of this method returns
 609      * Policy.UNSUPPORTED_EMPTY_COLLECTION.  This method can be
 610      * overridden if the policy implementation can return a set of
 611      * permissions granted to a CodeSource.
 612      *
 613      * @param codesource the CodeSource to which the returned
 614      *          PermissionCollection has been granted.
 615      *
 616      * @return a set of permissions granted to the specified CodeSource.
 617      *          If this operation is supported, the returned
 618      *          set of permissions must be a new mutable instance
 619      *          and it must support heterogeneous Permission types.
 620      *          If this operation is not supported,
 621      *          Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
 622      */
 623     public PermissionCollection getPermissions(CodeSource codesource) {
 624         return Policy.UNSUPPORTED_EMPTY_COLLECTION;
 625     }
 626 
 627     /**
 628      * Return a PermissionCollection object containing the set of
 629      * permissions granted to the specified ProtectionDomain.
 630      *
 631      * <p> Applications are discouraged from calling this method
 632      * since this operation may not be supported by all policy implementations.
 633      * Applications should rely on the {@code implies} method
 634      * to perform policy checks.
 635      *
 636      * <p> The default implementation of this method first retrieves
 637      * the permissions returned via {@code getPermissions(CodeSource)}
 638      * (the CodeSource is taken from the specified ProtectionDomain),
 639      * as well as the permissions located inside the specified ProtectionDomain.
 640      * All of these permissions are then combined and returned in a new
 641      * PermissionCollection object.  If {@code getPermissions(CodeSource)}
 642      * returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
 643      * returns the permissions contained inside the specified ProtectionDomain
 644      * in a new PermissionCollection object.
 645      *
 646      * <p> This method can be overridden if the policy implementation
 647      * supports returning a set of permissions granted to a ProtectionDomain.
 648      *
 649      * @param domain the ProtectionDomain to which the returned
 650      *          PermissionCollection has been granted.
 651      *
 652      * @return a set of permissions granted to the specified ProtectionDomain.
 653      *          If this operation is supported, the returned
 654      *          set of permissions must be a new mutable instance
 655      *          and it must support heterogeneous Permission types.
 656      *          If this operation is not supported,
 657      *          Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
 658      *
 659      * @since 1.4
 660      */
 661     public PermissionCollection getPermissions(ProtectionDomain domain) {
 662         PermissionCollection pc = null;
 663 
 664         if (domain == null)
 665             return new Permissions();
 666 
 667         if (pdMapping == null) {
 668             initPolicy(this);
 669         }
 670 
 671         synchronized (pdMapping) {
 672             pc = pdMapping.get(domain.key);
 673         }
 674 
 675         if (pc != null) {
 676             Permissions perms = new Permissions();
 677             synchronized (pc) {
 678                 for (Enumeration<Permission> e = pc.elements() ; e.hasMoreElements() ;) {
 679                     perms.add(e.nextElement());
 680                 }
 681             }
 682             return perms;
 683         }
 684 
 685         pc = getPermissions(domain.getCodeSource());
 686         if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION) {
 687             pc = new Permissions();
 688         }
 689 
 690         addStaticPerms(pc, domain.getPermissions());
 691         return pc;
 692     }
 693 
 694     /**
 695      * add static permissions to provided permission collection
 696      */
 697     private void addStaticPerms(PermissionCollection perms,
 698                                 PermissionCollection statics) {
 699         if (statics != null) {
 700             synchronized (statics) {
 701                 Enumeration<Permission> e = statics.elements();
 702                 while (e.hasMoreElements()) {
 703                     perms.add(e.nextElement());
 704                 }
 705             }
 706         }
 707     }
 708 
 709     /**
 710      * Evaluates the global policy for the permissions granted to
 711      * the ProtectionDomain and tests whether the permission is
 712      * granted.
 713      *
 714      * @param domain the ProtectionDomain to test
 715      * @param permission the Permission object to be tested for implication.
 716      *
 717      * @return true if "permission" is a proper subset of a permission
 718      * granted to this ProtectionDomain.
 719      *
 720      * @see java.security.ProtectionDomain
 721      * @since 1.4
 722      */
 723     public boolean implies(ProtectionDomain domain, Permission permission) {
 724         PermissionCollection pc;
 725 
 726         if (pdMapping == null) {
 727             initPolicy(this);
 728         }
 729 
 730         synchronized (pdMapping) {
 731             pc = pdMapping.get(domain.key);
 732         }
 733 
 734         if (pc != null) {
 735             return pc.implies(permission);
 736         }
 737 
 738         pc = getPermissions(domain);
 739         if (pc == null) {
 740             return false;
 741         }
 742 
 743         synchronized (pdMapping) {
 744             // cache it
 745             pdMapping.put(domain.key, pc);
 746         }
 747 
 748         return pc.implies(permission);
 749     }
 750 
 751     /**
 752      * Refreshes/reloads the policy configuration. The behavior of this method
 753      * depends on the implementation. For example, calling {@code refresh}
 754      * on a file-based policy will cause the file to be re-read.
 755      *
 756      * <p> The default implementation of this method does nothing.
 757      * This method should be overridden if a refresh operation is supported
 758      * by the policy implementation.
 759      */
 760     public void refresh() { }
 761 
 762     /**
 763      * This subclass is returned by the getInstance calls.  All Policy calls
 764      * are delegated to the underlying PolicySpi.
 765      */
 766     private static class PolicyDelegate extends Policy {
 767 
 768         private PolicySpi spi;
 769         private Provider p;
 770         private String type;
 771         private Policy.Parameters params;
 772 
 773         private PolicyDelegate(PolicySpi spi, Provider p,
 774                         String type, Policy.Parameters params) {
 775             this.spi = spi;
 776             this.p = p;
 777             this.type = type;
 778             this.params = params;
 779         }
 780 
 781         @Override public String getType() { return type; }
 782 
 783         @Override public Policy.Parameters getParameters() { return params; }
 784 
 785         @Override public Provider getProvider() { return p; }
 786 
 787         @Override
 788         public PermissionCollection getPermissions(CodeSource codesource) {
 789             return spi.engineGetPermissions(codesource);
 790         }
 791         @Override
 792         public PermissionCollection getPermissions(ProtectionDomain domain) {
 793             return spi.engineGetPermissions(domain);
 794         }
 795         @Override
 796         public boolean implies(ProtectionDomain domain, Permission perm) {
 797             return spi.engineImplies(domain, perm);
 798         }
 799         @Override
 800         public void refresh() {
 801             spi.engineRefresh();
 802         }
 803     }
 804 
 805     /**
 806      * This represents a marker interface for Policy parameters.
 807      *
 808      * @since 1.6
 809      */
 810     public static interface Parameters { }
 811 
 812     /**
 813      * This class represents a read-only empty PermissionCollection object that
 814      * is returned from the {@code getPermissions(CodeSource)} and
 815      * {@code getPermissions(ProtectionDomain)}
 816      * methods in the Policy class when those operations are not
 817      * supported by the Policy implementation.
 818      */
 819     private static class UnsupportedEmptyCollection
 820         extends PermissionCollection {
 821 
 822         private static final long serialVersionUID = -8492269157353014774L;
 823 
 824         private Permissions perms;
 825 
 826         /**
 827          * Create a read-only empty PermissionCollection object.
 828          */
 829         public UnsupportedEmptyCollection() {
 830             this.perms = new Permissions();
 831             perms.setReadOnly();
 832         }
 833 
 834         /**
 835          * Adds a permission object to the current collection of permission
 836          * objects.
 837          *
 838          * @param permission the Permission object to add.
 839          *
 840          * @exception SecurityException - if this PermissionCollection object
 841          *                                has been marked readonly
 842          */
 843         @Override public void add(Permission permission) {
 844             perms.add(permission);
 845         }
 846 
 847         /**
 848          * Checks to see if the specified permission is implied by the
 849          * collection of Permission objects held in this PermissionCollection.
 850          *
 851          * @param permission the Permission object to compare.
 852          *
 853          * @return true if "permission" is implied by the permissions in
 854          * the collection, false if not.
 855          */
 856         @Override public boolean implies(Permission permission) {
 857             return perms.implies(permission);
 858         }
 859 
 860         /**
 861          * Returns an enumeration of all the Permission objects in the
 862          * collection.
 863          *
 864          * @return an enumeration of all the Permissions.
 865          */
 866         @Override public Enumeration<Permission> elements() {
 867             return perms.elements();
 868         }
 869     }
 870 }