Inheritance: java.lang.Object
        /// <summary>
        /// package private to allow calls from ProtectionDomain without performing
        /// the security check for <seealso cref="SecurityConstants.CREATE_ACC_PERMISSION"/>
        /// permission
        /// </summary>
        internal AccessControlContext(AccessControlContext acc, DomainCombiner combiner, bool preauthorized)
        {
            if (!preauthorized)
            {
                SecurityManager sm = System.SecurityManager;
                if (sm != null)
                {
                    sm.CheckPermission(SecurityConstants.CREATE_ACC_PERMISSION);
                    this.IsAuthorized = true;
                }
            }
            else
            {
                this.IsAuthorized = true;
            }

            this.Context_Renamed = acc.Context_Renamed;

            // we do not need to run the combine method on the
            // provided ACC.  it was already "combined" when the
            // context was originally retrieved.
            //
            // at this point in time, we simply throw away the old
            // combiner and use the newly provided one.
            this.Combiner_Renamed = combiner;
        }
    public static object getInheritedAccessControlContext()
    {
#if FIRST_PASS
        return(null);
#else
#if false
        object inheritedAccessControlContext   = java.lang.Thread.currentThread().inheritedAccessControlContext;
        java.security.AccessControlContext acc = inheritedAccessControlContext as java.security.AccessControlContext;
        if (acc != null)
        {
            return(acc);
        }
        java.security.AccessController.LazyContext lc = inheritedAccessControlContext as java.security.AccessController.LazyContext;
        if (lc == null)
        {
            return(null);
        }
        List <java.security.ProtectionDomain> list = new List <java.security.ProtectionDomain>();
        while (lc != null)
        {
            if (GetProtectionDomains(list, lc.callerID, lc.stackTrace))
            {
                return(CreateAccessControlContext(list, true, lc.context));
            }
            lc = lc.parent;
        }
        return(CreateAccessControlContext(list, false, null));
#else
        throw new NotImplementedException();
#endif
#endif
    }
        private bool ContainsAllLimits(AccessControlContext that)
        {
            bool       match = false;
            Permission thisPerm;

            if (this.Permissions == null && that.Permissions == null)
            {
                return(true);
            }

            for (int i = 0; i < this.Permissions.Length; i++)
            {
                Permission limit      = this.Permissions[i];
                Class      limitClass = limit.GetType();
                match = false;
                for (int j = 0; (j < that.Permissions.Length) && !match; j++)
                {
                    Permission perm = that.Permissions[j];
                    match = (limitClass.Equals(perm.GetType()) && limit.Equals(perm));
                }
                if (!match)
                {
                    return(false);
                }
            }
            return(match);
        }
        /// <summary>
        /// Checks two AccessControlContext objects for equality.
        /// Checks that <i>obj</i> is
        /// an AccessControlContext and has the same set of ProtectionDomains
        /// as this context.
        /// <P> </summary>
        /// <param name="obj"> the object we are testing for equality with this object. </param>
        /// <returns> true if <i>obj</i> is an AccessControlContext, and has the
        /// same set of ProtectionDomains as this context, false otherwise. </returns>
        public override bool Equals(Object obj)
        {
            if (obj == this)
            {
                return(true);
            }

            if (!(obj is AccessControlContext))
            {
                return(false);
            }

            AccessControlContext that = (AccessControlContext)obj;

            if (!EqualContext(that))
            {
                return(false);
            }

            if (!EqualLimitedContext(that))
            {
                return(false);
            }

            return(true);
        }
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled and restricted by the specified
        /// {@code AccessControlContext} and with a privilege scope limited by
        /// specified {@code Permission} arguments.
        ///
        /// The action is performed with the intersection of the permissions
        /// possessed by the caller's protection domain, and those possessed
        /// by the domains represented by the specified
        /// {@code AccessControlContext}.
        /// <para>
        /// If the action's {@code run} method throws an (unchecked) exception,
        /// it will propagate through this method.
        /// </para>
        /// <para>
        /// If a security manager is installed and the specified
        /// {@code AccessControlContext} was not created by system code and the
        /// caller's {@code ProtectionDomain} has not been granted the
        /// {@literal "createAccessControlContext"}
        /// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
        /// with no permissions.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method. </param>
        /// <param name="action"> the action to be performed. </param>
        /// <param name="context"> an <i>access control context</i>
        ///                representing the restriction to be applied to the
        ///                caller's domain's privileges before performing
        ///                the specified action.  If the context is
        ///                {@code null},
        ///                then no additional restriction is applied. </param>
        /// <param name="perms"> the {@code Permission} arguments which limit the
        ///              scope of the caller's privileges. The number of arguments
        ///              is variable.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method.
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if action or perms or any element of
        ///         perms is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext)
        ///
        /// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivileged <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
        {
            AccessControlContext parent = Context;

            if (perms == null)
            {
                throw new NullPointerException("null permissions parameter");
            }
            Class caller = Reflection.CallerClass;

            return(AccessController.doPrivileged(action, CreateWrapper(null, caller, parent, context, perms)));
        }
 /*
  * Follow the privilegedContext link making our best effort to skip
  * through any wrapper contexts.
  */
 private static AccessControlContext GetNextPC(AccessControlContext acc)
 {
     while (acc != null && acc.PrivilegedContext != null)
     {
         acc = acc.PrivilegedContext;
         if (!acc.IsWrapped)
         {
             return(acc);
         }
     }
     return(null);
 }
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled.  The action is performed with <i>all</i> of the
        /// permissions possessed by the caller's protection domain.
        ///
        /// <para> If the action's {@code run} method throws an <i>unchecked</i>
        /// exception, it will propagate through this method.
        ///
        /// </para>
        /// <para> This method preserves the current AccessControlContext's
        /// DomainCombiner (which may be null) while the action is performed.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method.
        /// </param>
        /// <param name="action"> the action to be performed.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if the action is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedExceptionAction,AccessControlContext) </seealso>
        /// <seealso cref= java.security.DomainCombiner
        ///
        /// @since 1.6 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action)
        {
            AccessControlContext acc = StackAccessControlContext;

            if (acc == null)
            {
                return(AccessController.doPrivileged(action));
            }
            DomainCombiner dc = acc.AssignedCombiner;

            return(AccessController.doPrivileged(action, PreserveCombiner(dc, Reflection.CallerClass)));
        }
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled and restricted by the specified
        /// {@code AccessControlContext} and with a privilege scope limited by
        /// specified {@code Permission} arguments.
        ///
        /// The action is performed with the intersection of the permissions
        /// possessed by the caller's protection domain, and those possessed
        /// by the domains represented by the specified
        /// {@code AccessControlContext}.
        /// <para>
        /// If the action's {@code run} method throws an (unchecked) exception,
        /// it will propagate through this method.
        ///
        /// </para>
        /// <para> This method preserves the current AccessControlContext's
        /// DomainCombiner (which may be null) while the action is performed.
        /// </para>
        /// <para>
        /// If a security manager is installed and the specified
        /// {@code AccessControlContext} was not created by system code and the
        /// caller's {@code ProtectionDomain} has not been granted the
        /// {@literal "createAccessControlContext"}
        /// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
        /// with no permissions.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method. </param>
        /// <param name="action"> the action to be performed. </param>
        /// <param name="context"> an <i>access control context</i>
        ///                representing the restriction to be applied to the
        ///                caller's domain's privileges before performing
        ///                the specified action.  If the context is
        ///                {@code null},
        ///                then no additional restriction is applied. </param>
        /// <param name="perms"> the {@code Permission} arguments which limit the
        ///              scope of the caller's privileges. The number of arguments
        ///              is variable.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method.
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if action or perms or any element of
        ///         perms is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext) </seealso>
        /// <seealso cref= java.security.DomainCombiner
        ///
        /// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
        {
            AccessControlContext parent = Context;
            DomainCombiner       dc     = parent.Combiner;

            if (dc == null && context != null)
            {
                dc = context.Combiner;
            }
            if (perms == null)
            {
                throw new NullPointerException("null permissions parameter");
            }
            Class caller = Reflection.CallerClass;

            return(AccessController.doPrivileged(action, CreateWrapper(dc, caller, parent, context, perms)));
        }
Beispiel #9
0
    public static object getStackAccessControlContext(java.security.AccessControlContext context, [email protected] callerID)
    {
#if FIRST_PASS
        return(null);
#else
        List <java.security.ProtectionDomain> array = new List <java.security.ProtectionDomain>();
        bool is_privileged = GetProtectionDomains(array, callerID, new StackTrace(1));
        if (array.Count == 0)
        {
            if (is_privileged && context == null)
            {
                return(null);
            }
        }
        return(CreateAccessControlContext(array, is_privileged, context));
#endif
    }
        /// <summary>
        /// Determines whether the access request indicated by the
        /// specified permission should be allowed or denied, based on
        /// the current AccessControlContext and security policy.
        /// This method quietly returns if the access request
        /// is permitted, or throws an AccessControlException otherwise. The
        /// getPermission method of the AccessControlException returns the
        /// {@code perm} Permission object instance.
        /// </summary>
        /// <param name="perm"> the requested permission.
        /// </param>
        /// <exception cref="AccessControlException"> if the specified permission
        ///            is not permitted, based on the current security policy. </exception>
        /// <exception cref="NullPointerException"> if the specified permission
        ///            is {@code null} and is checked based on the
        ///            security policy currently in effect. </exception>

//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public static void checkPermission(Permission perm) throws AccessControlException
        public static void CheckPermission(Permission perm)
        {
            //System.err.println("checkPermission "+perm);
            //Thread.currentThread().dumpStack();

            if (perm == null)
            {
                throw new NullPointerException("permission can't be null");
            }

            AccessControlContext stack = StackAccessControlContext;

            // if context is null, we had privileged system code on the stack.
            if (stack == null)
            {
                Debug debug     = AccessControlContext.Debug;
                bool  dumpDebug = false;
                if (debug != null)
                {
                    dumpDebug = !Debug.isOn("codebase=");
//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
                    dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);
                }

                if (dumpDebug && Debug.isOn("stack"))
                {
                    Thread.DumpStack();
                }

                if (dumpDebug && Debug.isOn("domain"))
                {
                    debug.println("domain (context is null)");
                }

                if (dumpDebug)
                {
                    debug.println("access allowed " + perm);
                }
                return;
            }

            AccessControlContext acc = stack.Optimize();

            acc.CheckPermission(perm);
        }
        /*
         * Compare for equality based on state that is free of limited
         * privilege complications.
         */
        private bool EqualContext(AccessControlContext that)
        {
            if (!EqualPDs(this.Context_Renamed, that.Context_Renamed))
            {
                return(false);
            }

            if (this.Combiner_Renamed == null && that.Combiner_Renamed != null)
            {
                return(false);
            }

            if (this.Combiner_Renamed != null && !this.Combiner_Renamed.Equals(that.Combiner_Renamed))
            {
                return(false);
            }

            return(true);
        }
        /*
         * Calculate the additional domains that could potentially be reached via
         * limited privilege scope. Mark the context as being subject to limited
         * privilege scope unless the reachable domains (if any) are already
         * contained in this domain context (in which case any limited
         * privilege scope checking would be redundant).
         */
        private void CalculateFields(AccessControlContext assigned, AccessControlContext parent, Permission[] permissions)
        {
            ProtectionDomain[] parentLimit   = null;
            ProtectionDomain[] assignedLimit = null;
            ProtectionDomain[] newLimit;

            parentLimit   = (parent != null)? parent.LimitedContext: null;
            assignedLimit = (assigned != null)? assigned.LimitedContext: null;
            newLimit      = Combine(parentLimit, assignedLimit);
            if (newLimit != null)
            {
                if (Context_Renamed == null || !ContainsAllPDs(newLimit, Context_Renamed))
                {
                    this.LimitedContext = newLimit;
                    this.Permissions    = permissions;
                    this.Parent         = parent;
                    this.IsLimited      = true;
                }
            }
        }
        /*
         * Compare for equality based on state that is captured during a
         * call to AccessController.getContext() when a limited privilege
         * scope is in effect.
         */
        private bool EqualLimitedContext(AccessControlContext that)
        {
            if (that == null)
            {
                return(false);
            }

            /*
             * If neither instance has limited privilege scope then we're done.
             */
            if (!this.IsLimited && !that.IsLimited)
            {
                return(true);
            }

            /*
             * If only one instance has limited privilege scope then we're done.
             */
            if (!(this.IsLimited && that.IsLimited))
            {
                return(false);
            }

            /*
             * Wrapped instances should never escape outside the implementation
             * this class and AccessController so this will probably never happen
             * but it only makes any sense to compare if they both have the same
             * isWrapped state.
             */
            if ((this.IsWrapped && !that.IsWrapped) || (!this.IsWrapped && that.IsWrapped))
            {
                return(false);
            }

            if (this.Permissions == null && that.Permissions != null)
            {
                return(false);
            }

            if (this.Permissions != null && that.Permissions == null)
            {
                return(false);
            }

            if (!(this.ContainsAllLimits(that) && that.ContainsAllLimits(this)))
            {
                return(false);
            }

            /*
             * Skip through any wrapped contexts.
             */
            AccessControlContext thisNextPC = GetNextPC(this);
            AccessControlContext thatNextPC = GetNextPC(that);

            /*
             * The protection domains and combiner of a privilegedContext are
             * not relevant because they have already been included in the context
             * of this instance by optimize() so we only care about any limited
             * privilege state they may have.
             */
            if (thisNextPC == null && thatNextPC != null && thatNextPC.IsLimited)
            {
                return(false);
            }

            if (thisNextPC != null && !thisNextPC.EqualLimitedContext(thatNextPC))
            {
                return(false);
            }

            if (this.Parent == null && that.Parent != null)
            {
                return(false);
            }

            if (this.Parent != null && !this.Parent.Equals(that.Parent))
            {
                return(false);
            }

            return(true);
        }
 public static extern <T> T doPrivileged(PrivilegedExceptionAction <T> action, AccessControlContext context);
        /// <summary>
        /// Take the stack-based context (this) and combine it with the
        /// privileged or inherited context, if need be. Any limited
        /// privilege scope is flagged regardless of whether the assigned
        /// context comes from an immediately enclosing limited doPrivileged().
        /// The limited privilege scope can indirectly flow from the inherited
        /// parent thread or an assigned context previously captured by getContext().
        /// </summary>
        internal AccessControlContext Optimize()
        {
            // the assigned (privileged or inherited) context
            AccessControlContext acc;
            DomainCombiner       combiner = null;
            AccessControlContext parent   = null;

            Permission[] permissions = null;

            if (IsPrivileged)
            {
                acc = PrivilegedContext;
                if (acc != null)
                {
                    /*
                     * If the context is from a limited scope doPrivileged() then
                     * copy the permissions and parent fields out of the wrapper
                     * context that was created to hold them.
                     */
                    if (acc.IsWrapped)
                    {
                        permissions = acc.Permissions;
                        parent      = acc.Parent;
                    }
                }
            }
            else
            {
                acc = AccessController.InheritedAccessControlContext;
                if (acc != null)
                {
                    /*
                     * If the inherited context is constrained by a limited scope
                     * doPrivileged() then set it as our parent so we will process
                     * the non-domain-related state.
                     */
                    if (acc.IsLimited)
                    {
                        parent = acc;
                    }
                }
            }

            // this.context could be null if only system code is on the stack;
            // in that case, ignore the stack context
            bool skipStack = (Context_Renamed == null);

            // acc.context could be null if only system code was involved;
            // in that case, ignore the assigned context
            bool skipAssigned = (acc == null || acc.Context_Renamed == null);

            ProtectionDomain[] assigned = (skipAssigned) ? null : acc.Context_Renamed;
            ProtectionDomain[] pd;

            // if there is no enclosing limited privilege scope on the stack or
            // inherited from a parent thread
            bool skipLimited = ((acc == null || !acc.IsWrapped) && parent == null);

            if (acc != null && acc.Combiner_Renamed != null)
            {
                // let the assigned acc's combiner do its thing
                if (Debug != null)
                {
                    Debug_Renamed.println("AccessControlContext invoking the Combiner");
                }

                // No need to clone current and assigned.context
                // combine() will not update them
                combiner = acc.Combiner_Renamed;
                pd       = combiner.Combine(Context_Renamed, assigned);
            }
            else
            {
                if (skipStack)
                {
                    if (skipAssigned)
                    {
                        CalculateFields(acc, parent, permissions);
                        return(this);
                    }
                    else if (skipLimited)
                    {
                        return(acc);
                    }
                }
                else if (assigned != null)
                {
                    if (skipLimited)
                    {
                        // optimization: if there is a single stack domain and
                        // that domain is already in the assigned context; no
                        // need to combine
                        if (Context_Renamed.Length == 1 && Context_Renamed[0] == assigned[0])
                        {
                            return(acc);
                        }
                    }
                }

                pd = Combine(Context_Renamed, assigned);
                if (skipLimited && !skipAssigned && pd == assigned)
                {
                    return(acc);
                }
                else if (skipAssigned && pd == Context_Renamed)
                {
                    CalculateFields(acc, parent, permissions);
                    return(this);
                }
            }

            // Reuse existing ACC
            this.Context_Renamed  = pd;
            this.Combiner_Renamed = combiner;
            this.IsPrivileged     = false;

            CalculateFields(acc, parent, permissions);
            return(this);
        }
 public PrivilegedActionAnonymousInnerClassHelper(AccessControlContext outerInstance, java.security.ProtectionDomain pd, Debug db)
 {
     this.OuterInstance = outerInstance;
     this.Pd            = pd;
     this.Db            = db;
 }
 /// <summary>
 /// Constructor for JavaSecurityAccess.doIntersectionPrivilege()
 /// </summary>
 internal AccessControlContext(ProtectionDomain[] context, AccessControlContext privilegedContext)
 {
     this.Context_Renamed   = context;
     this.PrivilegedContext = privilegedContext;
     this.IsPrivileged      = true;
 }
        /// <summary>
        /// Create a wrapper to contain the limited privilege scope data.
        /// </summary>
        private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms)
        {
            ProtectionDomain callerPD = GetCallerPD(caller);

            // check if caller is authorized to create context
            if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext())
            {
                ProtectionDomain nullPD = new ProtectionDomain(null, null);
                return(new AccessControlContext(new ProtectionDomain[] { nullPD }));
            }
            else
            {
                return(new AccessControlContext(callerPD, combiner, parent, context, perms));
            }
        }
 private static object CreateAccessControlContext(List <java.security.ProtectionDomain> context, bool is_privileged, java.security.AccessControlContext privileged_context)
 {
     java.security.AccessControlContext acc = new java.security.AccessControlContext(context == null || context.Count == 0 ? null : context.ToArray(), is_privileged);
     acc._privilegedContext(privileged_context);
     return(acc);
 }
 /// <summary>
 /// Create a new {@code AccessControlContext} with the given
 /// {@code AccessControlContext} and {@code DomainCombiner}.
 /// This constructor associates the provided
 /// {@code DomainCombiner} with the provided
 /// {@code AccessControlContext}.
 ///
 /// <para>
 ///
 /// </para>
 /// </summary>
 /// <param name="acc"> the {@code AccessControlContext} associated
 ///          with the provided {@code DomainCombiner}.
 /// </param>
 /// <param name="combiner"> the {@code DomainCombiner} to be associated
 ///          with the provided {@code AccessControlContext}.
 /// </param>
 /// <exception cref="NullPointerException"> if the provided
 ///          {@code context} is {@code null}.
 /// </exception>
 /// <exception cref="SecurityException"> if a security manager is installed and the
 ///          caller does not have the "createAccessControlContext"
 ///          <seealso cref="SecurityPermission"/>
 /// @since 1.3 </exception>
 public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) : this(acc, combiner, false)
 {
 }
Beispiel #21
0
 private static object CreateAccessControlContext(List<java.security.ProtectionDomain> context, bool is_privileged, java.security.AccessControlContext privileged_context)
 {
     java.security.AccessControlContext acc = new java.security.AccessControlContext(context == null || context.Count == 0 ? null : context.ToArray(), is_privileged);
     acc._privilegedContext(privileged_context);
     return acc;
 }
        /// <summary>
        /// package private for AccessController
        ///
        /// This "argument wrapper" context will be passed as the actual context
        /// parameter on an internal doPrivileged() call used in the implementation.
        /// </summary>
        internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)
        {
            /*
             * Combine the domains from the doPrivileged() context into our
             * wrapper context, if necessary.
             */
            ProtectionDomain[] callerPDs = null;
            if (caller != null)
            {
                callerPDs = new ProtectionDomain[] { caller };
            }
            if (context != null)
            {
                if (combiner != null)
                {
                    this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed);
                }
                else
                {
                    this.Context_Renamed = Combine(callerPDs, context.Context_Renamed);
                }
            }
            else
            {
                /*
                 * Call combiner even if there is seemingly nothing to combine.
                 */
                if (combiner != null)
                {
                    this.Context_Renamed = combiner.Combine(callerPDs, null);
                }
                else
                {
                    this.Context_Renamed = Combine(callerPDs, null);
                }
            }
            this.Combiner_Renamed = combiner;

            Permission[] tmp = null;
            if (perms != null)
            {
                tmp = new Permission[perms.Length];
                for (int i = 0; i < perms.Length; i++)
                {
                    if (perms[i] == null)
                    {
                        throw new NullPointerException("permission can't be null");
                    }

                    /*
                     * An AllPermission argument is equivalent to calling
                     * doPrivileged() without any limit permissions.
                     */
                    if (perms[i].GetType() == typeof(AllPermission))
                    {
                        parent = null;
                    }
                    tmp[i] = perms[i];
                }
            }

            /*
             * For a doPrivileged() with limited privilege scope, initialize
             * the relevant fields.
             *
             * The limitedContext field contains the union of all domains which
             * are enclosed by this limited privilege scope. In other words,
             * it contains all of the domains which could potentially be checked
             * if none of the limiting permissions implied a requested permission.
             */
            if (parent != null)
            {
                this.LimitedContext    = Combine(parent.Context_Renamed, parent.LimitedContext);
                this.IsLimited         = true;
                this.IsWrapped         = true;
                this.Permissions       = tmp;
                this.Parent            = parent;
                this.PrivilegedContext = context;                 // used in checkPermission2()
            }
            this.IsAuthorized = true;
        }