/// <summary>
/// package private to allow calls from ProtectionDomain without performing
/// the security check for <seealso cref="SecurityConstants.CREATE_ACC_PERMISSION"/>
/// permission
/// </summary>
internal AccessControlContext(AccessControlContext acc, DomainCombiner combiner, bool preauthorized)
{
if (!preauthorized)
{
SecurityManager sm = System.SecurityManager;
if (sm != null)
{
sm.CheckPermission(SecurityConstants.CREATE_ACC_PERMISSION);
this.IsAuthorized = true;
}
}
else
{
this.IsAuthorized = true;
}
this.Context_Renamed = acc.Context_Renamed;
// we do not need to run the combine method on the
// provided ACC. it was already "combined" when the
// context was originally retrieved.
//
// at this point in time, we simply throw away the old
// combiner and use the newly provided one.
this.Combiner_Renamed = combiner;
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled. The action is performed with <i>all</i> of the
/// permissions possessed by the caller's protection domain.
///
/// <para> If the action's {@code run} method throws an <i>unchecked</i>
/// exception, it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method.
/// </param>
/// <param name="action"> the action to be performed.
/// </param>
/// <returns> the value returned by the action's {@code run} method
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if the action is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedExceptionAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.6 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action)
{
AccessControlContext acc = StackAccessControlContext;
if (acc == null)
{
return(AccessController.doPrivileged(action));
}
DomainCombiner dc = acc.AssignedCombiner;
return(AccessController.doPrivileged(action, PreserveCombiner(dc, Reflection.CallerClass)));
}
/// <summary>
/// Create a wrapper to contain the limited privilege scope data.
/// </summary>
private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
ProtectionDomain callerPD = GetCallerPD(caller);
// check if caller is authorized to create context
if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext())
{
ProtectionDomain nullPD = new ProtectionDomain(null, null);
return(new AccessControlContext(new ProtectionDomain[] { nullPD }));
}
else
{
return(new AccessControlContext(callerPD, combiner, parent, context, perms));
}
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled and restricted by the specified
/// {@code AccessControlContext} and with a privilege scope limited by
/// specified {@code Permission} arguments.
///
/// The action is performed with the intersection of the permissions
/// possessed by the caller's protection domain, and those possessed
/// by the domains represented by the specified
/// {@code AccessControlContext}.
/// <para>
/// If the action's {@code run} method throws an (unchecked) exception,
/// it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
/// </para>
/// <para>
/// If a security manager is installed and the specified
/// {@code AccessControlContext} was not created by system code and the
/// caller's {@code ProtectionDomain} has not been granted the
/// {@literal "createAccessControlContext"}
/// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
/// with no permissions.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method. </param>
/// <param name="action"> the action to be performed. </param>
/// <param name="context"> an <i>access control context</i>
/// representing the restriction to be applied to the
/// caller's domain's privileges before performing
/// the specified action. If the context is
/// {@code null},
/// then no additional restriction is applied. </param>
/// <param name="perms"> the {@code Permission} arguments which limit the
/// scope of the caller's privileges. The number of arguments
/// is variable.
/// </param>
/// <returns> the value returned by the action's {@code run} method.
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if action or perms or any element of
/// perms is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
{
AccessControlContext parent = Context;
DomainCombiner dc = parent.Combiner;
if (dc == null && context != null)
{
dc = context.Combiner;
}
if (perms == null)
{
throw new NullPointerException("null permissions parameter");
}
Class caller = Reflection.CallerClass;
return(AccessController.doPrivileged(action, CreateWrapper(dc, caller, parent, context, perms)));
}
/// <summary>
/// Take the stack-based context (this) and combine it with the
/// privileged or inherited context, if need be. Any limited
/// privilege scope is flagged regardless of whether the assigned
/// context comes from an immediately enclosing limited doPrivileged().
/// The limited privilege scope can indirectly flow from the inherited
/// parent thread or an assigned context previously captured by getContext().
/// </summary>
internal AccessControlContext Optimize()
{
// the assigned (privileged or inherited) context
AccessControlContext acc;
DomainCombiner combiner = null;
AccessControlContext parent = null;
Permission[] permissions = null;
if (IsPrivileged)
{
acc = PrivilegedContext;
if (acc != null)
{
/*
* If the context is from a limited scope doPrivileged() then
* copy the permissions and parent fields out of the wrapper
* context that was created to hold them.
*/
if (acc.IsWrapped)
{
permissions = acc.Permissions;
parent = acc.Parent;
}
}
}
else
{
acc = AccessController.InheritedAccessControlContext;
if (acc != null)
{
/*
* If the inherited context is constrained by a limited scope
* doPrivileged() then set it as our parent so we will process
* the non-domain-related state.
*/
if (acc.IsLimited)
{
parent = acc;
}
}
}
// this.context could be null if only system code is on the stack;
// in that case, ignore the stack context
bool skipStack = (Context_Renamed == null);
// acc.context could be null if only system code was involved;
// in that case, ignore the assigned context
bool skipAssigned = (acc == null || acc.Context_Renamed == null);
ProtectionDomain[] assigned = (skipAssigned) ? null : acc.Context_Renamed;
ProtectionDomain[] pd;
// if there is no enclosing limited privilege scope on the stack or
// inherited from a parent thread
bool skipLimited = ((acc == null || !acc.IsWrapped) && parent == null);
if (acc != null && acc.Combiner_Renamed != null)
{
// let the assigned acc's combiner do its thing
if (Debug != null)
{
Debug_Renamed.println("AccessControlContext invoking the Combiner");
}
// No need to clone current and assigned.context
// combine() will not update them
combiner = acc.Combiner_Renamed;
pd = combiner.Combine(Context_Renamed, assigned);
}
else
{
if (skipStack)
{
if (skipAssigned)
{
CalculateFields(acc, parent, permissions);
return(this);
}
else if (skipLimited)
{
return(acc);
}
}
else if (assigned != null)
{
if (skipLimited)
{
// optimization: if there is a single stack domain and
// that domain is already in the assigned context; no
// need to combine
if (Context_Renamed.Length == 1 && Context_Renamed[0] == assigned[0])
{
return(acc);
}
}
}
pd = Combine(Context_Renamed, assigned);
if (skipLimited && !skipAssigned && pd == assigned)
{
return(acc);
}
else if (skipAssigned && pd == Context_Renamed)
{
CalculateFields(acc, parent, permissions);
return(this);
}
}
// Reuse existing ACC
this.Context_Renamed = pd;
this.Combiner_Renamed = combiner;
this.IsPrivileged = false;
CalculateFields(acc, parent, permissions);
return(this);
}
/// <summary>
/// package private for AccessController
///
/// This "argument wrapper" context will be passed as the actual context
/// parameter on an internal doPrivileged() call used in the implementation.
/// </summary>
internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
/*
* Combine the domains from the doPrivileged() context into our
* wrapper context, if necessary.
*/
ProtectionDomain[] callerPDs = null;
if (caller != null)
{
callerPDs = new ProtectionDomain[] { caller };
}
if (context != null)
{
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed);
}
else
{
this.Context_Renamed = Combine(callerPDs, context.Context_Renamed);
}
}
else
{
/*
* Call combiner even if there is seemingly nothing to combine.
*/
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, null);
}
else
{
this.Context_Renamed = Combine(callerPDs, null);
}
}
this.Combiner_Renamed = combiner;
Permission[] tmp = null;
if (perms != null)
{
tmp = new Permission[perms.Length];
for (int i = 0; i < perms.Length; i++)
{
if (perms[i] == null)
{
throw new NullPointerException("permission can't be null");
}
/*
* An AllPermission argument is equivalent to calling
* doPrivileged() without any limit permissions.
*/
if (perms[i].GetType() == typeof(AllPermission))
{
parent = null;
}
tmp[i] = perms[i];
}
}
/*
* For a doPrivileged() with limited privilege scope, initialize
* the relevant fields.
*
* The limitedContext field contains the union of all domains which
* are enclosed by this limited privilege scope. In other words,
* it contains all of the domains which could potentially be checked
* if none of the limiting permissions implied a requested permission.
*/
if (parent != null)
{
this.LimitedContext = Combine(parent.Context_Renamed, parent.LimitedContext);
this.IsLimited = true;
this.IsWrapped = true;
this.Permissions = tmp;
this.Parent = parent;
this.PrivilegedContext = context; // used in checkPermission2()
}
this.IsAuthorized = true;
}
/// <summary>
/// Create a new {@code AccessControlContext} with the given
/// {@code AccessControlContext} and {@code DomainCombiner}.
/// This constructor associates the provided
/// {@code DomainCombiner} with the provided
/// {@code AccessControlContext}.
///
/// <para>
///
/// </para>
/// </summary>
/// <param name="acc"> the {@code AccessControlContext} associated
/// with the provided {@code DomainCombiner}.
/// </param>
/// <param name="combiner"> the {@code DomainCombiner} to be associated
/// with the provided {@code AccessControlContext}.
/// </param>
/// <exception cref="NullPointerException"> if the provided
/// {@code context} is {@code null}.
/// </exception>
/// <exception cref="SecurityException"> if a security manager is installed and the
/// caller does not have the "createAccessControlContext"
/// <seealso cref="SecurityPermission"/>
/// @since 1.3 </exception>
public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) : this(acc, combiner, false)
{
}
/// <summary>
/// preserve the combiner across the doPrivileged call
/// </summary>
private static AccessControlContext PreserveCombiner(DomainCombiner combiner, Class caller)
{
return(CreateWrapper(combiner, caller, null, null, null));
}
