/*
* Returned cached ProtectionDomain for the specified CodeSource.
*/
private ProtectionDomain GetProtectionDomain(CodeSource cs)
{
if (cs == null)
{
return(null);
}
ProtectionDomain pd = null;
lock (Pdcache)
{
pd = Pdcache[cs];
if (pd == null)
{
PermissionCollection perms = GetPermissions(cs);
pd = new ProtectionDomain(cs, perms, this, null);
Pdcache[cs] = pd;
if (Debug != null)
{
Debug.println(" getPermissions " + pd);
Debug.println("");
}
}
}
return(pd);
}
public static java.security.ProtectionDomain getProtectionDomain0(java.lang.Class thisClass)
{
#if FIRST_PASS
return(null);
#else
TypeWrapper wrapper = TypeWrapper.FromClass(thisClass);
if (wrapper.IsArray)
{
return(null);
}
java.security.ProtectionDomain pd = wrapper.ClassObject.pd;
if (pd == null)
{
// The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time),
// to work around boot strap issues.
AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader;
if (acl != null)
{
pd = acl.GetProtectionDomain();
}
else if (wrapper is AnonymousTypeWrapper)
{
// dynamically compiled intrinsified lamdba anonymous types end up here and should get their
// protection domain from the host class
pd = ClassLoaderWrapper.GetWrapperFromType(wrapper.TypeAsTBD.DeclaringType).ClassObject.pd;
}
}
return(pd);
#endif
}
private static bool GetProtectionDomains(List <java.security.ProtectionDomain> array, [email protected] callerID, StackTrace stack) { java.security.ProtectionDomain previous_protection_domain = null; for (int i = 0; i < stack.FrameCount; i++) { bool is_privileged = false; java.security.ProtectionDomain protection_domain; MethodBase method = stack.GetFrame(i).GetMethod(); if (method.DeclaringType == typeof(java.security.AccessController) && method.Name == "doPrivileged") { is_privileged = true; java.lang.Class caller = callerID.getCallerClass(); protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller); } else { protection_domain = GetProtectionDomainFromType(method.DeclaringType); } if (previous_protection_domain != protection_domain && protection_domain != null) { previous_protection_domain = protection_domain; array.Add(protection_domain); } if (is_privileged) { return(true); } } return(false); }
/// <summary>
/// Evaluates the global policy for the permissions granted to
/// the ProtectionDomain and tests whether the permission is
/// granted.
/// </summary>
/// <param name="domain"> the ProtectionDomain to test </param>
/// <param name="permission"> the Permission object to be tested for implication.
/// </param>
/// <returns> true if "permission" is a proper subset of a permission
/// granted to this ProtectionDomain.
/// </returns>
/// <seealso cref= java.security.ProtectionDomain
/// @since 1.4 </seealso>
public virtual bool Implies(ProtectionDomain domain, Permission permission)
{
PermissionCollection pc;
if (PdMapping == null)
{
InitPolicy(this);
}
lock (PdMapping)
{
pc = PdMapping.Get(domain.Key);
}
if (pc != null)
{
return(pc.Implies(permission));
}
pc = GetPermissions(domain);
if (pc == null)
{
return(false);
}
lock (PdMapping)
{
// cache it
PdMapping.Put(domain.Key, pc);
}
return(pc.Implies(permission));
}
private static bool GetProtectionDomains(List <java.security.ProtectionDomain> array, [email protected] callerID, StackTrace stack) { // first we have to skip all AccessController related frames, because we can be called from a doPrivileged implementation (not the privileged action) // in which case we should ignore the doPrivileged frame int skip = 0; for (; skip < stack.FrameCount; skip++) { Type type = stack.GetFrame(skip).GetMethod().DeclaringType; if (type != typeof(Java_java_security_AccessController) && type != typeof(java.security.AccessController)) { break; } } java.security.ProtectionDomain previous_protection_domain = null; for (int i = skip; i < stack.FrameCount; i++) { bool is_privileged = false; java.security.ProtectionDomain protection_domain; MethodBase method = stack.GetFrame(i).GetMethod(); if (method.DeclaringType == typeof(java.security.AccessController) && method.Name == "doPrivileged") { is_privileged = true; java.lang.Class caller = callerID.getCallerClass(); protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller); } else if (Java_sun_reflect_Reflection.IsHideFromStackWalk(method)) { continue; } else { protection_domain = GetProtectionDomainFromType(method.DeclaringType); } if (previous_protection_domain != protection_domain && protection_domain != null) { previous_protection_domain = protection_domain; array.Add(protection_domain); } if (is_privileged) { return(true); } } return(false); }
/// <summary>
/// Create a wrapper to contain the limited privilege scope data.
/// </summary>
private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
ProtectionDomain callerPD = GetCallerPD(caller);
// check if caller is authorized to create context
if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext())
{
ProtectionDomain nullPD = new ProtectionDomain(null, null);
return(new AccessControlContext(new ProtectionDomain[] { nullPD }));
}
else
{
return(new AccessControlContext(callerPD, combiner, parent, context, perms));
}
}
/// <summary>
/// Return a PermissionCollection object containing the set of
/// permissions granted to the specified ProtectionDomain.
///
/// <para> Applications are discouraged from calling this method
/// since this operation may not be supported by all policy implementations.
/// Applications should rely on the {@code implies} method
/// to perform policy checks.
///
/// </para>
/// <para> The default implementation of this method first retrieves
/// the permissions returned via {@code getPermissions(CodeSource)}
/// (the CodeSource is taken from the specified ProtectionDomain),
/// as well as the permissions located inside the specified ProtectionDomain.
/// All of these permissions are then combined and returned in a new
/// PermissionCollection object. If {@code getPermissions(CodeSource)}
/// returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
/// returns the permissions contained inside the specified ProtectionDomain
/// in a new PermissionCollection object.
///
/// </para>
/// <para> This method can be overridden if the policy implementation
/// supports returning a set of permissions granted to a ProtectionDomain.
///
/// </para>
/// </summary>
/// <param name="domain"> the ProtectionDomain to which the returned
/// PermissionCollection has been granted.
/// </param>
/// <returns> a set of permissions granted to the specified ProtectionDomain.
/// If this operation is supported, the returned
/// set of permissions must be a new mutable instance
/// and it must support heterogeneous Permission types.
/// If this operation is not supported,
/// Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
///
/// @since 1.4 </returns>
public virtual PermissionCollection GetPermissions(ProtectionDomain domain)
{
PermissionCollection pc = null;
if (domain == null)
{
return(new Permissions());
}
if (PdMapping == null)
{
InitPolicy(this);
}
lock (PdMapping)
{
pc = PdMapping.Get(domain.Key);
}
if (pc != null)
{
Permissions perms = new Permissions();
lock (pc)
{
for (IEnumerator <Permission> e = pc.Elements(); e.MoveNext();)
{
perms.Add(e.Current);
}
}
return(perms);
}
pc = GetPermissions(domain.CodeSource);
if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION)
{
pc = new Permissions();
}
AddStaticPerms(pc, domain.Permissions);
return(pc);
}
public static java.security.ProtectionDomain getProtectionDomain0(java.lang.Class thisClass)
{
#if FIRST_PASS
return(null);
#else
TypeWrapper wrapper = TypeWrapper.FromClass(thisClass);
while (wrapper.IsArray)
{
wrapper = wrapper.ElementTypeWrapper;
}
java.security.ProtectionDomain pd = wrapper.ClassObject.pd;
if (pd == null)
{
// The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time),
// to work around boot strap issues.
AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader;
if (acl != null)
{
pd = acl.GetProtectionDomain();
}
}
return(pd);
#endif
}
/// <summary>
/// Initialize superclass state such that a legacy provider can
/// handle queries for itself.
///
/// @since 1.4
/// </summary>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static void initPolicy(final Policy p)
private static void InitPolicy(Policy p)
{
/*
* A policy provider not on the bootclasspath could trigger
* security checks fulfilling a call to either Policy.implies
* or Policy.getPermissions. If this does occur the provider
* must be able to answer for it's own ProtectionDomain
* without triggering additional security checks, otherwise
* the policy implementation will end up in an infinite
* recursion.
*
* To mitigate this, the provider can collect it's own
* ProtectionDomain and associate a PermissionCollection while
* it is being installed. The currently installed policy
* provider (if there is one) will handle calls to
* Policy.implies or Policy.getPermissions during this
* process.
*
* This Policy superclass caches away the ProtectionDomain and
* statically binds permissions so that legacy Policy
* implementations will continue to function.
*/
ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p));
/*
* Collect the permissions granted to this protection domain
* so that the provider can be security checked while processing
* calls to Policy.implies or Policy.getPermissions.
*/
PermissionCollection policyPerms = null;
lock (p)
{
if (p.PdMapping == null)
{
p.PdMapping = new WeakHashMap <>();
}
}
if (policyDomain.CodeSource != null)
{
Policy pol = Policy_Renamed.Get().policy;
if (pol != null)
{
policyPerms = pol.GetPermissions(policyDomain);
}
if (policyPerms == null) // assume it has all
{
policyPerms = new Permissions();
policyPerms.Add(SecurityConstants.ALL_PERMISSION);
}
lock (p.PdMapping)
{
// cache of pd to permissions
p.PdMapping.Put(policyDomain.Key, policyPerms);
}
}
return;
}
public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, java.security.ProtectionDomain pd)
{
#if FIRST_PASS
return(null);
#else
return(cl.defineClass(name, buf, offset, length, pd));
#endif
}
public static java.lang.Class defineClass2(java.lang.ClassLoader thisClassLoader, string name, java.nio.ByteBuffer bb, int off, int len, java.security.ProtectionDomain pd, string source)
{
#if FIRST_PASS
return(null);
#else
byte[] buf = new byte[bb.remaining()];
bb.get(buf);
return(defineClass1(thisClassLoader, name, buf, 0, buf.Length, pd, source));
#endif
}
public static java.lang.Class defineClass1(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, java.security.ProtectionDomain pd, string source)
{
// it appears the source argument is only used for trace messages in HotSpot. We'll just ignore it for now.
Profiler.Enter("ClassLoader.defineClass");
try
{
try
{
ClassLoaderWrapper classLoaderWrapper = ClassLoaderWrapper.GetClassLoaderWrapper(thisClassLoader);
ClassFile classFile = new ClassFile(b, off, len, name, classLoaderWrapper.ClassFileParseOptions, null);
if (name != null && classFile.Name != name)
{
#if !FIRST_PASS
throw new java.lang.NoClassDefFoundError(name + " (wrong name: " + classFile.Name + ")");
#endif
}
TypeWrapper type = classLoaderWrapper.DefineClass(classFile, pd);
return(type.ClassObject);
}
catch (RetargetableJavaException x)
{
throw x.ToJava();
}
}
finally
{
Profiler.Leave("ClassLoader.defineClass");
}
}
public static java.lang.Class defineClass0(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, java.security.ProtectionDomain pd)
{
return(defineClass1(thisClassLoader, name, b, off, len, pd, null));
}
public override PermissionCollection GetPermissions(ProtectionDomain domain)
{
return(Spi.EngineGetPermissions(domain));
}
/*
* Combine the current (stack) and assigned domains.
*/
private static ProtectionDomain[] Combine(ProtectionDomain[] current, ProtectionDomain[] assigned)
{
// current could be null if only system code is on the stack;
// in that case, ignore the stack context
bool skipStack = (current == null);
// assigned could be null if only system code was involved;
// in that case, ignore the assigned context
bool skipAssigned = (assigned == null);
int slen = (skipStack) ? 0 : current.Length;
// optimization: if there is no assigned context and the stack length
// is less then or equal to two; there is no reason to compress the
// stack context, it already is
if (skipAssigned && slen <= 2)
{
return(current);
}
int n = (skipAssigned) ? 0 : assigned.Length;
// now we combine both of them, and create a new context
ProtectionDomain[] pd = new ProtectionDomain[slen + n];
// first copy in the assigned context domains, no need to compress
if (!skipAssigned)
{
System.Array.Copy(assigned, 0, pd, 0, n);
}
// now add the stack context domains, discarding nulls and duplicates
for (int i = 0; i < slen; i++)
{
ProtectionDomain sd = current[i];
if (sd != null)
{
for (int j = 0; j < n; j++)
{
if (sd == pd[j])
{
goto outerContinue;
}
}
pd[n++] = sd;
}
outerContinue :;
}
outerBreak :
// if length isn't equal, we need to shorten the array
if (n != pd.Length)
{
// optimization: if we didn't really combine anything
if (!skipAssigned && n == assigned.Length)
{
return(assigned);
}
else if (skipAssigned && n == slen)
{
return(current);
}
ProtectionDomain[] tmp = new ProtectionDomain[n];
System.Array.Copy(pd, 0, tmp, 0, n);
pd = tmp;
}
return(pd);
}
/// <summary>
/// Determines whether the access request indicated by the
/// specified permission should be allowed or denied, based on
/// the security policy currently in effect, and the context in
/// this object. The request is allowed only if every ProtectionDomain
/// in the context implies the permission. Otherwise the request is
/// denied.
///
/// <para>
/// This method quietly returns if the access request
/// is permitted, or throws a suitable AccessControlException otherwise.
///
/// </para>
/// </summary>
/// <param name="perm"> the requested permission.
/// </param>
/// <exception cref="AccessControlException"> if the specified permission
/// is not permitted, based on the current security policy and the
/// context encapsulated by this object. </exception>
/// <exception cref="NullPointerException"> if the permission to check for is null. </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void checkPermission(Permission perm) throws AccessControlException
public void CheckPermission(Permission perm)
{
bool dumpDebug = false;
if (perm == null)
{
throw new NullPointerException("permission can't be null");
}
if (Debug != null)
{
// If "codebase" is not specified, we dump the info by default.
dumpDebug = !Debug.isOn("codebase=");
if (!dumpDebug)
{
// If "codebase" is specified, only dump if the specified code
// value is in the stack.
for (int i = 0; Context_Renamed != null && i < Context_Renamed.Length; i++)
{
if (Context_Renamed[i].CodeSource != null && Context_Renamed[i].CodeSource.Location != null && Debug.isOn("codebase=" + Context_Renamed[i].CodeSource.Location.ToString()))
{
dumpDebug = true;
break;
}
}
}
//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);
if (dumpDebug && Debug.isOn("stack"))
{
Thread.DumpStack();
}
if (dumpDebug && Debug.isOn("domain"))
{
if (Context_Renamed == null)
{
Debug_Renamed.println("domain (context is null)");
}
else
{
for (int i = 0; i < Context_Renamed.Length; i++)
{
Debug_Renamed.println("domain " + i + " " + Context_Renamed[i]);
}
}
}
}
/*
* iterate through the ProtectionDomains in the context.
* Stop at the first one that doesn't allow the
* requested permission (throwing an exception).
*
*/
/* if ctxt is null, all we had on the stack were system domains,
* or the first domain was a Privileged system domain. This
* is to make the common case for system code very fast */
if (Context_Renamed == null)
{
CheckPermission2(perm);
return;
}
for (int i = 0; i < Context_Renamed.Length; i++)
{
if (Context_Renamed[i] != null && !Context_Renamed[i].Implies(perm))
{
if (dumpDebug)
{
Debug_Renamed.println("access denied " + perm);
}
if (Debug.isOn("failure") && Debug_Renamed != null)
{
// Want to make sure this is always displayed for failure,
// but do not want to display again if already displayed
// above.
if (!dumpDebug)
{
Debug_Renamed.println("access denied " + perm);
}
Thread.DumpStack();
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final ProtectionDomain pd = context[i];
ProtectionDomain pd = Context_Renamed[i];
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final sun.security.util.Debug db = debug;
Debug db = Debug_Renamed;
AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, pd, db));
}
throw new AccessControlException("access denied " + perm, perm);
}
}
// allow if all of them allowed access
if (dumpDebug)
{
Debug_Renamed.println("access allowed " + perm);
}
CheckPermission2(perm);
}
/// <summary>
/// package private for AccessController
///
/// This "argument wrapper" context will be passed as the actual context
/// parameter on an internal doPrivileged() call used in the implementation.
/// </summary>
internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
/*
* Combine the domains from the doPrivileged() context into our
* wrapper context, if necessary.
*/
ProtectionDomain[] callerPDs = null;
if (caller != null)
{
callerPDs = new ProtectionDomain[] { caller };
}
if (context != null)
{
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed);
}
else
{
this.Context_Renamed = Combine(callerPDs, context.Context_Renamed);
}
}
else
{
/*
* Call combiner even if there is seemingly nothing to combine.
*/
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, null);
}
else
{
this.Context_Renamed = Combine(callerPDs, null);
}
}
this.Combiner_Renamed = combiner;
Permission[] tmp = null;
if (perms != null)
{
tmp = new Permission[perms.Length];
for (int i = 0; i < perms.Length; i++)
{
if (perms[i] == null)
{
throw new NullPointerException("permission can't be null");
}
/*
* An AllPermission argument is equivalent to calling
* doPrivileged() without any limit permissions.
*/
if (perms[i].GetType() == typeof(AllPermission))
{
parent = null;
}
tmp[i] = perms[i];
}
}
/*
* For a doPrivileged() with limited privilege scope, initialize
* the relevant fields.
*
* The limitedContext field contains the union of all domains which
* are enclosed by this limited privilege scope. In other words,
* it contains all of the domains which could potentially be checked
* if none of the limiting permissions implied a requested permission.
*/
if (parent != null)
{
this.LimitedContext = Combine(parent.Context_Renamed, parent.LimitedContext);
this.IsLimited = true;
this.IsWrapped = true;
this.Permissions = tmp;
this.Parent = parent;
this.PrivilegedContext = context; // used in checkPermission2()
}
this.IsAuthorized = true;
}
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static ProtectionDomain getCallerPD(final Class caller)
private static ProtectionDomain GetCallerPD(Class caller)
{
ProtectionDomain callerPd = doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(caller));
return(callerPd);
}
public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, java.security.ProtectionDomain pd)
{
return(Java_java_lang_ClassLoader.defineClass1(cl, name.Replace('/', '.'), buf, offset, length, pd, null));
}
public override bool Implies(ProtectionDomain domain, Permission perm)
{
return(Spi.EngineImplies(domain, perm));
}
public static void setProtectionDomain0(java.lang.Class thisClass, java.security.ProtectionDomain pd)
{
#if !FIRST_PASS
thisClass.pd = pd;
#endif
}
/// <summary>
/// Converts an array of bytes into an instance of class <tt>Class</tt>, with an optional <tt>ProtectionDomain</tt>.
/// </summary>
protected Class defineClass(string name, sbyte[] b, int off, int len, ProtectionDomain protectionDomain)
{
return default(Class);
}
