Inheritance: java.lang.Object
Esempio n. 1
         * Returned cached ProtectionDomain for the specified CodeSource.
        private ProtectionDomain GetProtectionDomain(CodeSource cs)
            if (cs == null)

            ProtectionDomain pd = null;

            lock (Pdcache)
                pd = Pdcache[cs];
                if (pd == null)
                    PermissionCollection perms = GetPermissions(cs);
                    pd          = new ProtectionDomain(cs, perms, this, null);
                    Pdcache[cs] = pd;
                    if (Debug != null)
                        Debug.println(" getPermissions " + pd);
Esempio n. 2
    public static getProtectionDomain0(java.lang.Class thisClass)
        TypeWrapper wrapper = TypeWrapper.FromClass(thisClass);
        if (wrapper.IsArray)
        } pd = wrapper.ClassObject.pd;
        if (pd == null)
            // The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time),
            // to work around boot strap issues.
            AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader;
            if (acl != null)
                pd = acl.GetProtectionDomain();
            else if (wrapper is AnonymousTypeWrapper)
                // dynamically compiled intrinsified lamdba anonymous types end up here and should get their
                // protection domain from the host class
                pd = ClassLoaderWrapper.GetWrapperFromType(wrapper.TypeAsTBD.DeclaringType).ClassObject.pd;
Esempio n. 3
    private static bool GetProtectionDomains(List <> array, [email protected] callerID, StackTrace stack)
    { previous_protection_domain = null;
        for (int i = 0; i < stack.FrameCount; i++)
            bool is_privileged = false;
            MethodBase method = stack.GetFrame(i).GetMethod();
            if (method.DeclaringType == typeof( &&
                method.Name == "doPrivileged")
                is_privileged = true;
                java.lang.Class caller = callerID.getCallerClass();
                protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller);
                protection_domain = GetProtectionDomainFromType(method.DeclaringType);

            if (previous_protection_domain != protection_domain && protection_domain != null)
                previous_protection_domain = protection_domain;

            if (is_privileged)
Esempio n. 4
        /// <summary>
        /// Evaluates the global policy for the permissions granted to
        /// the ProtectionDomain and tests whether the permission is
        /// granted.
        /// </summary>
        /// <param name="domain"> the ProtectionDomain to test </param>
        /// <param name="permission"> the Permission object to be tested for implication.
        /// </param>
        /// <returns> true if "permission" is a proper subset of a permission
        /// granted to this ProtectionDomain.
        /// </returns>
        /// <seealso cref=
        /// @since 1.4 </seealso>
        public virtual bool Implies(ProtectionDomain domain, Permission permission)
            PermissionCollection pc;

            if (PdMapping == null)

            lock (PdMapping)
                pc = PdMapping.Get(domain.Key);

            if (pc != null)

            pc = GetPermissions(domain);
            if (pc == null)

            lock (PdMapping)
                // cache it
                PdMapping.Put(domain.Key, pc);

Esempio n. 5
    private static bool GetProtectionDomains(List <> array, [email protected] callerID, StackTrace stack)
        // first we have to skip all AccessController related frames, because we can be called from a doPrivileged implementation (not the privileged action)
        // in which case we should ignore the doPrivileged frame
        int skip = 0;

        for (; skip < stack.FrameCount; skip++)
            Type type = stack.GetFrame(skip).GetMethod().DeclaringType;
            if (type != typeof(Java_java_security_AccessController) && type != typeof(
        } previous_protection_domain = null;
        for (int i = skip; i < stack.FrameCount; i++)
            bool is_privileged = false;
            MethodBase method = stack.GetFrame(i).GetMethod();
            if (method.DeclaringType == typeof( &&
                method.Name == "doPrivileged")
                is_privileged = true;
                java.lang.Class caller = callerID.getCallerClass();
                protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller);
            else if (Java_sun_reflect_Reflection.IsHideFromStackWalk(method))
                protection_domain = GetProtectionDomainFromType(method.DeclaringType);

            if (previous_protection_domain != protection_domain && protection_domain != null)
                previous_protection_domain = protection_domain;

            if (is_privileged)
Esempio n. 6
        /// <summary>
        /// Create a wrapper to contain the limited privilege scope data.
        /// </summary>
        private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms)
            ProtectionDomain callerPD = GetCallerPD(caller);

            // check if caller is authorized to create context
            if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext())
                ProtectionDomain nullPD = new ProtectionDomain(null, null);
                return(new AccessControlContext(new ProtectionDomain[] { nullPD }));
                return(new AccessControlContext(callerPD, combiner, parent, context, perms));
Esempio n. 7
        /// <summary>
        /// Return a PermissionCollection object containing the set of
        /// permissions granted to the specified ProtectionDomain.
        /// <para> Applications are discouraged from calling this method
        /// since this operation may not be supported by all policy implementations.
        /// Applications should rely on the {@code implies} method
        /// to perform policy checks.
        /// </para>
        /// <para> The default implementation of this method first retrieves
        /// the permissions returned via {@code getPermissions(CodeSource)}
        /// (the CodeSource is taken from the specified ProtectionDomain),
        /// as well as the permissions located inside the specified ProtectionDomain.
        /// All of these permissions are then combined and returned in a new
        /// PermissionCollection object.  If {@code getPermissions(CodeSource)}
        /// returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
        /// returns the permissions contained inside the specified ProtectionDomain
        /// in a new PermissionCollection object.
        /// </para>
        /// <para> This method can be overridden if the policy implementation
        /// supports returning a set of permissions granted to a ProtectionDomain.
        /// </para>
        /// </summary>
        /// <param name="domain"> the ProtectionDomain to which the returned
        ///          PermissionCollection has been granted.
        /// </param>
        /// <returns> a set of permissions granted to the specified ProtectionDomain.
        ///          If this operation is supported, the returned
        ///          set of permissions must be a new mutable instance
        ///          and it must support heterogeneous Permission types.
        ///          If this operation is not supported,
        ///          Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
        /// @since 1.4 </returns>
        public virtual PermissionCollection GetPermissions(ProtectionDomain domain)
            PermissionCollection pc = null;

            if (domain == null)
                return(new Permissions());

            if (PdMapping == null)

            lock (PdMapping)
                pc = PdMapping.Get(domain.Key);

            if (pc != null)
                Permissions perms = new Permissions();
                lock (pc)
                    for (IEnumerator <Permission> e = pc.Elements(); e.MoveNext();)

            pc = GetPermissions(domain.CodeSource);
            if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION)
                pc = new Permissions();

            AddStaticPerms(pc, domain.Permissions);
Esempio n. 8
    public static getProtectionDomain0(java.lang.Class thisClass)
        TypeWrapper wrapper = TypeWrapper.FromClass(thisClass);
        while (wrapper.IsArray)
            wrapper = wrapper.ElementTypeWrapper;
        } pd = wrapper.ClassObject.pd;
        if (pd == null)
            // The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time),
            // to work around boot strap issues.
            AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader;
            if (acl != null)
                pd = acl.GetProtectionDomain();
Esempio n. 9
        /// <summary>
        /// Initialize superclass state such that a legacy provider can
        /// handle queries for itself.
        /// @since 1.4
        /// </summary>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static void initPolicy(final Policy p)
        private static void InitPolicy(Policy p)
             * A policy provider not on the bootclasspath could trigger
             * security checks fulfilling a call to either Policy.implies
             * or Policy.getPermissions. If this does occur the provider
             * must be able to answer for it's own ProtectionDomain
             * without triggering additional security checks, otherwise
             * the policy implementation will end up in an infinite
             * recursion.
             * To mitigate this, the provider can collect it's own
             * ProtectionDomain and associate a PermissionCollection while
             * it is being installed. The currently installed policy
             * provider (if there is one) will handle calls to
             * Policy.implies or Policy.getPermissions during this
             * process.
             * This Policy superclass caches away the ProtectionDomain and
             * statically binds permissions so that legacy Policy
             * implementations will continue to function.

            ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p));

             * Collect the permissions granted to this protection domain
             * so that the provider can be security checked while processing
             * calls to Policy.implies or Policy.getPermissions.
            PermissionCollection policyPerms = null;

            lock (p)
                if (p.PdMapping == null)
                    p.PdMapping = new WeakHashMap <>();

            if (policyDomain.CodeSource != null)
                Policy pol = Policy_Renamed.Get().policy;
                if (pol != null)
                    policyPerms = pol.GetPermissions(policyDomain);

                if (policyPerms == null)                 // assume it has all
                    policyPerms = new Permissions();

                lock (p.PdMapping)
                    // cache of pd to permissions
                    p.PdMapping.Put(policyDomain.Key, policyPerms);
Esempio n. 10
    public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, pd)
        return(cl.defineClass(name, buf, offset, length, pd));
Esempio n. 11
    public static java.lang.Class defineClass2(java.lang.ClassLoader thisClassLoader, string name, java.nio.ByteBuffer bb, int off, int len, pd, string source)
        byte[] buf = new byte[bb.remaining()];
        return(defineClass1(thisClassLoader, name, buf, 0, buf.Length, pd, source));
Esempio n. 12
    public static java.lang.Class defineClass1(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, pd, string source)
        // it appears the source argument is only used for trace messages in HotSpot. We'll just ignore it for now.
                ClassLoaderWrapper classLoaderWrapper = ClassLoaderWrapper.GetClassLoaderWrapper(thisClassLoader);
                ClassFile          classFile          = new ClassFile(b, off, len, name, classLoaderWrapper.ClassFileParseOptions, null);
                if (name != null && classFile.Name != name)
                    throw new java.lang.NoClassDefFoundError(name + " (wrong name: " + classFile.Name + ")");
                TypeWrapper type = classLoaderWrapper.DefineClass(classFile, pd);
            catch (RetargetableJavaException x)
                throw x.ToJava();
Esempio n. 13
 public static java.lang.Class defineClass0(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, pd)
     return(defineClass1(thisClassLoader, name, b, off, len, pd, null));
Esempio n. 14
 public override PermissionCollection GetPermissions(ProtectionDomain domain)
         * Combine the current (stack) and assigned domains.
        private static ProtectionDomain[] Combine(ProtectionDomain[] current, ProtectionDomain[] assigned)
            // current could be null if only system code is on the stack;
            // in that case, ignore the stack context
            bool skipStack = (current == null);

            // assigned could be null if only system code was involved;
            // in that case, ignore the assigned context
            bool skipAssigned = (assigned == null);

            int slen = (skipStack) ? 0 : current.Length;

            // optimization: if there is no assigned context and the stack length
            // is less then or equal to two; there is no reason to compress the
            // stack context, it already is
            if (skipAssigned && slen <= 2)

            int n = (skipAssigned) ? 0 : assigned.Length;

            // now we combine both of them, and create a new context
            ProtectionDomain[] pd = new ProtectionDomain[slen + n];

            // first copy in the assigned context domains, no need to compress
            if (!skipAssigned)
                System.Array.Copy(assigned, 0, pd, 0, n);

            // now add the stack context domains, discarding nulls and duplicates
            for (int i = 0; i < slen; i++)
                ProtectionDomain sd = current[i];
                if (sd != null)
                    for (int j = 0; j < n; j++)
                        if (sd == pd[j])
                            goto outerContinue;
                    pd[n++] = sd;
                outerContinue :;
            outerBreak :

            // if length isn't equal, we need to shorten the array
            if (n != pd.Length)
                // optimization: if we didn't really combine anything
                if (!skipAssigned && n == assigned.Length)
                else if (skipAssigned && n == slen)
                ProtectionDomain[] tmp = new ProtectionDomain[n];
                System.Array.Copy(pd, 0, tmp, 0, n);
                pd = tmp;

        /// <summary>
        /// Determines whether the access request indicated by the
        /// specified permission should be allowed or denied, based on
        /// the security policy currently in effect, and the context in
        /// this object. The request is allowed only if every ProtectionDomain
        /// in the context implies the permission. Otherwise the request is
        /// denied.
        /// <para>
        /// This method quietly returns if the access request
        /// is permitted, or throws a suitable AccessControlException otherwise.
        /// </para>
        /// </summary>
        /// <param name="perm"> the requested permission.
        /// </param>
        /// <exception cref="AccessControlException"> if the specified permission
        /// is not permitted, based on the current security policy and the
        /// context encapsulated by this object. </exception>
        /// <exception cref="NullPointerException"> if the permission to check for is null. </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void checkPermission(Permission perm) throws AccessControlException
        public void CheckPermission(Permission perm)
            bool dumpDebug = false;

            if (perm == null)
                throw new NullPointerException("permission can't be null");
            if (Debug != null)
                // If "codebase" is not specified, we dump the info by default.
                dumpDebug = !Debug.isOn("codebase=");
                if (!dumpDebug)
                    // If "codebase" is specified, only dump if the specified code
                    // value is in the stack.
                    for (int i = 0; Context_Renamed != null && i < Context_Renamed.Length; i++)
                        if (Context_Renamed[i].CodeSource != null && Context_Renamed[i].CodeSource.Location != null && Debug.isOn("codebase=" + Context_Renamed[i].CodeSource.Location.ToString()))
                            dumpDebug = true;

//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
                dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);

                if (dumpDebug && Debug.isOn("stack"))

                if (dumpDebug && Debug.isOn("domain"))
                    if (Context_Renamed == null)
                        Debug_Renamed.println("domain (context is null)");
                        for (int i = 0; i < Context_Renamed.Length; i++)
                            Debug_Renamed.println("domain " + i + " " + Context_Renamed[i]);

             * iterate through the ProtectionDomains in the context.
             * Stop at the first one that doesn't allow the
             * requested permission (throwing an exception).

            /* if ctxt is null, all we had on the stack were system domains,
             * or the first domain was a Privileged system domain. This
             * is to make the common case for system code very fast */

            if (Context_Renamed == null)

            for (int i = 0; i < Context_Renamed.Length; i++)
                if (Context_Renamed[i] != null && !Context_Renamed[i].Implies(perm))
                    if (dumpDebug)
                        Debug_Renamed.println("access denied " + perm);

                    if (Debug.isOn("failure") && Debug_Renamed != null)
                        // Want to make sure this is always displayed for failure,
                        // but do not want to display again if already displayed
                        // above.
                        if (!dumpDebug)
                            Debug_Renamed.println("access denied " + perm);
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final ProtectionDomain pd = context[i];
                        ProtectionDomain pd = Context_Renamed[i];
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final db = debug;
                        Debug db = Debug_Renamed;
                        AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, pd, db));
                    throw new AccessControlException("access denied " + perm, perm);

            // allow if all of them allowed access
            if (dumpDebug)
                Debug_Renamed.println("access allowed " + perm);

        /// <summary>
        /// package private for AccessController
        /// This "argument wrapper" context will be passed as the actual context
        /// parameter on an internal doPrivileged() call used in the implementation.
        /// </summary>
        internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)
             * Combine the domains from the doPrivileged() context into our
             * wrapper context, if necessary.
            ProtectionDomain[] callerPDs = null;
            if (caller != null)
                callerPDs = new ProtectionDomain[] { caller };
            if (context != null)
                if (combiner != null)
                    this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed);
                    this.Context_Renamed = Combine(callerPDs, context.Context_Renamed);
                 * Call combiner even if there is seemingly nothing to combine.
                if (combiner != null)
                    this.Context_Renamed = combiner.Combine(callerPDs, null);
                    this.Context_Renamed = Combine(callerPDs, null);
            this.Combiner_Renamed = combiner;

            Permission[] tmp = null;
            if (perms != null)
                tmp = new Permission[perms.Length];
                for (int i = 0; i < perms.Length; i++)
                    if (perms[i] == null)
                        throw new NullPointerException("permission can't be null");

                     * An AllPermission argument is equivalent to calling
                     * doPrivileged() without any limit permissions.
                    if (perms[i].GetType() == typeof(AllPermission))
                        parent = null;
                    tmp[i] = perms[i];

             * For a doPrivileged() with limited privilege scope, initialize
             * the relevant fields.
             * The limitedContext field contains the union of all domains which
             * are enclosed by this limited privilege scope. In other words,
             * it contains all of the domains which could potentially be checked
             * if none of the limiting permissions implied a requested permission.
            if (parent != null)
                this.LimitedContext    = Combine(parent.Context_Renamed, parent.LimitedContext);
                this.IsLimited         = true;
                this.IsWrapped         = true;
                this.Permissions       = tmp;
                this.Parent            = parent;
                this.PrivilegedContext = context;                 // used in checkPermission2()
            this.IsAuthorized = true;
Esempio n. 18
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static ProtectionDomain getCallerPD(final Class  caller)
        private static ProtectionDomain GetCallerPD(Class caller)
            ProtectionDomain callerPd = doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(caller));

Esempio n. 19
 public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, pd)
     return(Java_java_lang_ClassLoader.defineClass1(cl, name.Replace('/', '.'), buf, offset, length, pd, null));
Esempio n. 20
 public override bool Implies(ProtectionDomain domain, Permission perm)
     return(Spi.EngineImplies(domain, perm));
Esempio n. 21
    public static void setProtectionDomain0(java.lang.Class thisClass, pd)
        thisClass.pd = pd;
Esempio n. 22
 /// <summary>
 /// Converts an array of bytes into an instance of class <tt>Class</tt>, with an optional <tt>ProtectionDomain</tt>.
 /// </summary>
 protected Class defineClass(string name, sbyte[] b, int off, int len, ProtectionDomain protectionDomain)
     return default(Class);