/* * Returned cached ProtectionDomain for the specified CodeSource. */ private ProtectionDomain GetProtectionDomain(CodeSource cs) { if (cs == null) { return(null); } ProtectionDomain pd = null; lock (Pdcache) { pd = Pdcache[cs]; if (pd == null) { PermissionCollection perms = GetPermissions(cs); pd = new ProtectionDomain(cs, perms, this, null); Pdcache[cs] = pd; if (Debug != null) { Debug.println(" getPermissions " + pd); Debug.println(""); } } } return(pd); }
public static java.security.ProtectionDomain getProtectionDomain0(java.lang.Class thisClass) { #if FIRST_PASS return(null); #else TypeWrapper wrapper = TypeWrapper.FromClass(thisClass); if (wrapper.IsArray) { return(null); } java.security.ProtectionDomain pd = wrapper.ClassObject.pd; if (pd == null) { // The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time), // to work around boot strap issues. AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader; if (acl != null) { pd = acl.GetProtectionDomain(); } else if (wrapper is AnonymousTypeWrapper) { // dynamically compiled intrinsified lamdba anonymous types end up here and should get their // protection domain from the host class pd = ClassLoaderWrapper.GetWrapperFromType(wrapper.TypeAsTBD.DeclaringType).ClassObject.pd; } } return(pd); #endif }
private static bool GetProtectionDomains(List <java.security.ProtectionDomain> array, [email protected] callerID, StackTrace stack) { java.security.ProtectionDomain previous_protection_domain = null; for (int i = 0; i < stack.FrameCount; i++) { bool is_privileged = false; java.security.ProtectionDomain protection_domain; MethodBase method = stack.GetFrame(i).GetMethod(); if (method.DeclaringType == typeof(java.security.AccessController) && method.Name == "doPrivileged") { is_privileged = true; java.lang.Class caller = callerID.getCallerClass(); protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller); } else { protection_domain = GetProtectionDomainFromType(method.DeclaringType); } if (previous_protection_domain != protection_domain && protection_domain != null) { previous_protection_domain = protection_domain; array.Add(protection_domain); } if (is_privileged) { return(true); } } return(false); }
/// <summary> /// Evaluates the global policy for the permissions granted to /// the ProtectionDomain and tests whether the permission is /// granted. /// </summary> /// <param name="domain"> the ProtectionDomain to test </param> /// <param name="permission"> the Permission object to be tested for implication. /// </param> /// <returns> true if "permission" is a proper subset of a permission /// granted to this ProtectionDomain. /// </returns> /// <seealso cref= java.security.ProtectionDomain /// @since 1.4 </seealso> public virtual bool Implies(ProtectionDomain domain, Permission permission) { PermissionCollection pc; if (PdMapping == null) { InitPolicy(this); } lock (PdMapping) { pc = PdMapping.Get(domain.Key); } if (pc != null) { return(pc.Implies(permission)); } pc = GetPermissions(domain); if (pc == null) { return(false); } lock (PdMapping) { // cache it PdMapping.Put(domain.Key, pc); } return(pc.Implies(permission)); }
private static bool GetProtectionDomains(List <java.security.ProtectionDomain> array, [email protected] callerID, StackTrace stack) { // first we have to skip all AccessController related frames, because we can be called from a doPrivileged implementation (not the privileged action) // in which case we should ignore the doPrivileged frame int skip = 0; for (; skip < stack.FrameCount; skip++) { Type type = stack.GetFrame(skip).GetMethod().DeclaringType; if (type != typeof(Java_java_security_AccessController) && type != typeof(java.security.AccessController)) { break; } } java.security.ProtectionDomain previous_protection_domain = null; for (int i = skip; i < stack.FrameCount; i++) { bool is_privileged = false; java.security.ProtectionDomain protection_domain; MethodBase method = stack.GetFrame(i).GetMethod(); if (method.DeclaringType == typeof(java.security.AccessController) && method.Name == "doPrivileged") { is_privileged = true; java.lang.Class caller = callerID.getCallerClass(); protection_domain = caller == null ? null : Java_java_lang_Class.getProtectionDomain0(caller); } else if (Java_sun_reflect_Reflection.IsHideFromStackWalk(method)) { continue; } else { protection_domain = GetProtectionDomainFromType(method.DeclaringType); } if (previous_protection_domain != protection_domain && protection_domain != null) { previous_protection_domain = protection_domain; array.Add(protection_domain); } if (is_privileged) { return(true); } } return(false); }
/// <summary> /// Create a wrapper to contain the limited privilege scope data. /// </summary> private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms) { ProtectionDomain callerPD = GetCallerPD(caller); // check if caller is authorized to create context if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext()) { ProtectionDomain nullPD = new ProtectionDomain(null, null); return(new AccessControlContext(new ProtectionDomain[] { nullPD })); } else { return(new AccessControlContext(callerPD, combiner, parent, context, perms)); } }
/// <summary> /// Return a PermissionCollection object containing the set of /// permissions granted to the specified ProtectionDomain. /// /// <para> Applications are discouraged from calling this method /// since this operation may not be supported by all policy implementations. /// Applications should rely on the {@code implies} method /// to perform policy checks. /// /// </para> /// <para> The default implementation of this method first retrieves /// the permissions returned via {@code getPermissions(CodeSource)} /// (the CodeSource is taken from the specified ProtectionDomain), /// as well as the permissions located inside the specified ProtectionDomain. /// All of these permissions are then combined and returned in a new /// PermissionCollection object. If {@code getPermissions(CodeSource)} /// returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method /// returns the permissions contained inside the specified ProtectionDomain /// in a new PermissionCollection object. /// /// </para> /// <para> This method can be overridden if the policy implementation /// supports returning a set of permissions granted to a ProtectionDomain. /// /// </para> /// </summary> /// <param name="domain"> the ProtectionDomain to which the returned /// PermissionCollection has been granted. /// </param> /// <returns> a set of permissions granted to the specified ProtectionDomain. /// If this operation is supported, the returned /// set of permissions must be a new mutable instance /// and it must support heterogeneous Permission types. /// If this operation is not supported, /// Policy.UNSUPPORTED_EMPTY_COLLECTION is returned. /// /// @since 1.4 </returns> public virtual PermissionCollection GetPermissions(ProtectionDomain domain) { PermissionCollection pc = null; if (domain == null) { return(new Permissions()); } if (PdMapping == null) { InitPolicy(this); } lock (PdMapping) { pc = PdMapping.Get(domain.Key); } if (pc != null) { Permissions perms = new Permissions(); lock (pc) { for (IEnumerator <Permission> e = pc.Elements(); e.MoveNext();) { perms.Add(e.Current); } } return(perms); } pc = GetPermissions(domain.CodeSource); if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION) { pc = new Permissions(); } AddStaticPerms(pc, domain.Permissions); return(pc); }
public static java.security.ProtectionDomain getProtectionDomain0(java.lang.Class thisClass) { #if FIRST_PASS return(null); #else TypeWrapper wrapper = TypeWrapper.FromClass(thisClass); while (wrapper.IsArray) { wrapper = wrapper.ElementTypeWrapper; } java.security.ProtectionDomain pd = wrapper.ClassObject.pd; if (pd == null) { // The protection domain for statically compiled code is created lazily (not at java.lang.Class creation time), // to work around boot strap issues. AssemblyClassLoader acl = wrapper.GetClassLoader() as AssemblyClassLoader; if (acl != null) { pd = acl.GetProtectionDomain(); } } return(pd); #endif }
/// <summary> /// Initialize superclass state such that a legacy provider can /// handle queries for itself. /// /// @since 1.4 /// </summary> //JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET: //ORIGINAL LINE: private static void initPolicy(final Policy p) private static void InitPolicy(Policy p) { /* * A policy provider not on the bootclasspath could trigger * security checks fulfilling a call to either Policy.implies * or Policy.getPermissions. If this does occur the provider * must be able to answer for it's own ProtectionDomain * without triggering additional security checks, otherwise * the policy implementation will end up in an infinite * recursion. * * To mitigate this, the provider can collect it's own * ProtectionDomain and associate a PermissionCollection while * it is being installed. The currently installed policy * provider (if there is one) will handle calls to * Policy.implies or Policy.getPermissions during this * process. * * This Policy superclass caches away the ProtectionDomain and * statically binds permissions so that legacy Policy * implementations will continue to function. */ ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p)); /* * Collect the permissions granted to this protection domain * so that the provider can be security checked while processing * calls to Policy.implies or Policy.getPermissions. */ PermissionCollection policyPerms = null; lock (p) { if (p.PdMapping == null) { p.PdMapping = new WeakHashMap <>(); } } if (policyDomain.CodeSource != null) { Policy pol = Policy_Renamed.Get().policy; if (pol != null) { policyPerms = pol.GetPermissions(policyDomain); } if (policyPerms == null) // assume it has all { policyPerms = new Permissions(); policyPerms.Add(SecurityConstants.ALL_PERMISSION); } lock (p.PdMapping) { // cache of pd to permissions p.PdMapping.Put(policyDomain.Key, policyPerms); } } return; }
public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, java.security.ProtectionDomain pd) { #if FIRST_PASS return(null); #else return(cl.defineClass(name, buf, offset, length, pd)); #endif }
public static java.lang.Class defineClass2(java.lang.ClassLoader thisClassLoader, string name, java.nio.ByteBuffer bb, int off, int len, java.security.ProtectionDomain pd, string source) { #if FIRST_PASS return(null); #else byte[] buf = new byte[bb.remaining()]; bb.get(buf); return(defineClass1(thisClassLoader, name, buf, 0, buf.Length, pd, source)); #endif }
public static java.lang.Class defineClass1(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, java.security.ProtectionDomain pd, string source) { // it appears the source argument is only used for trace messages in HotSpot. We'll just ignore it for now. Profiler.Enter("ClassLoader.defineClass"); try { try { ClassLoaderWrapper classLoaderWrapper = ClassLoaderWrapper.GetClassLoaderWrapper(thisClassLoader); ClassFile classFile = new ClassFile(b, off, len, name, classLoaderWrapper.ClassFileParseOptions, null); if (name != null && classFile.Name != name) { #if !FIRST_PASS throw new java.lang.NoClassDefFoundError(name + " (wrong name: " + classFile.Name + ")"); #endif } TypeWrapper type = classLoaderWrapper.DefineClass(classFile, pd); return(type.ClassObject); } catch (RetargetableJavaException x) { throw x.ToJava(); } } finally { Profiler.Leave("ClassLoader.defineClass"); } }
public static java.lang.Class defineClass0(java.lang.ClassLoader thisClassLoader, string name, byte[] b, int off, int len, java.security.ProtectionDomain pd) { return(defineClass1(thisClassLoader, name, b, off, len, pd, null)); }
public override PermissionCollection GetPermissions(ProtectionDomain domain) { return(Spi.EngineGetPermissions(domain)); }
/* * Combine the current (stack) and assigned domains. */ private static ProtectionDomain[] Combine(ProtectionDomain[] current, ProtectionDomain[] assigned) { // current could be null if only system code is on the stack; // in that case, ignore the stack context bool skipStack = (current == null); // assigned could be null if only system code was involved; // in that case, ignore the assigned context bool skipAssigned = (assigned == null); int slen = (skipStack) ? 0 : current.Length; // optimization: if there is no assigned context and the stack length // is less then or equal to two; there is no reason to compress the // stack context, it already is if (skipAssigned && slen <= 2) { return(current); } int n = (skipAssigned) ? 0 : assigned.Length; // now we combine both of them, and create a new context ProtectionDomain[] pd = new ProtectionDomain[slen + n]; // first copy in the assigned context domains, no need to compress if (!skipAssigned) { System.Array.Copy(assigned, 0, pd, 0, n); } // now add the stack context domains, discarding nulls and duplicates for (int i = 0; i < slen; i++) { ProtectionDomain sd = current[i]; if (sd != null) { for (int j = 0; j < n; j++) { if (sd == pd[j]) { goto outerContinue; } } pd[n++] = sd; } outerContinue :; } outerBreak : // if length isn't equal, we need to shorten the array if (n != pd.Length) { // optimization: if we didn't really combine anything if (!skipAssigned && n == assigned.Length) { return(assigned); } else if (skipAssigned && n == slen) { return(current); } ProtectionDomain[] tmp = new ProtectionDomain[n]; System.Array.Copy(pd, 0, tmp, 0, n); pd = tmp; } return(pd); }
/// <summary> /// Determines whether the access request indicated by the /// specified permission should be allowed or denied, based on /// the security policy currently in effect, and the context in /// this object. The request is allowed only if every ProtectionDomain /// in the context implies the permission. Otherwise the request is /// denied. /// /// <para> /// This method quietly returns if the access request /// is permitted, or throws a suitable AccessControlException otherwise. /// /// </para> /// </summary> /// <param name="perm"> the requested permission. /// </param> /// <exception cref="AccessControlException"> if the specified permission /// is not permitted, based on the current security policy and the /// context encapsulated by this object. </exception> /// <exception cref="NullPointerException"> if the permission to check for is null. </exception> //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void checkPermission(Permission perm) throws AccessControlException public void CheckPermission(Permission perm) { bool dumpDebug = false; if (perm == null) { throw new NullPointerException("permission can't be null"); } if (Debug != null) { // If "codebase" is not specified, we dump the info by default. dumpDebug = !Debug.isOn("codebase="); if (!dumpDebug) { // If "codebase" is specified, only dump if the specified code // value is in the stack. for (int i = 0; Context_Renamed != null && i < Context_Renamed.Length; i++) { if (Context_Renamed[i].CodeSource != null && Context_Renamed[i].CodeSource.Location != null && Debug.isOn("codebase=" + Context_Renamed[i].CodeSource.Location.ToString())) { dumpDebug = true; break; } } } //JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method: dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName); if (dumpDebug && Debug.isOn("stack")) { Thread.DumpStack(); } if (dumpDebug && Debug.isOn("domain")) { if (Context_Renamed == null) { Debug_Renamed.println("domain (context is null)"); } else { for (int i = 0; i < Context_Renamed.Length; i++) { Debug_Renamed.println("domain " + i + " " + Context_Renamed[i]); } } } } /* * iterate through the ProtectionDomains in the context. * Stop at the first one that doesn't allow the * requested permission (throwing an exception). * */ /* if ctxt is null, all we had on the stack were system domains, * or the first domain was a Privileged system domain. This * is to make the common case for system code very fast */ if (Context_Renamed == null) { CheckPermission2(perm); return; } for (int i = 0; i < Context_Renamed.Length; i++) { if (Context_Renamed[i] != null && !Context_Renamed[i].Implies(perm)) { if (dumpDebug) { Debug_Renamed.println("access denied " + perm); } if (Debug.isOn("failure") && Debug_Renamed != null) { // Want to make sure this is always displayed for failure, // but do not want to display again if already displayed // above. if (!dumpDebug) { Debug_Renamed.println("access denied " + perm); } Thread.DumpStack(); //JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final': //ORIGINAL LINE: final ProtectionDomain pd = context[i]; ProtectionDomain pd = Context_Renamed[i]; //JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final': //ORIGINAL LINE: final sun.security.util.Debug db = debug; Debug db = Debug_Renamed; AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, pd, db)); } throw new AccessControlException("access denied " + perm, perm); } } // allow if all of them allowed access if (dumpDebug) { Debug_Renamed.println("access allowed " + perm); } CheckPermission2(perm); }
/// <summary> /// package private for AccessController /// /// This "argument wrapper" context will be passed as the actual context /// parameter on an internal doPrivileged() call used in the implementation. /// </summary> internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms) { /* * Combine the domains from the doPrivileged() context into our * wrapper context, if necessary. */ ProtectionDomain[] callerPDs = null; if (caller != null) { callerPDs = new ProtectionDomain[] { caller }; } if (context != null) { if (combiner != null) { this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed); } else { this.Context_Renamed = Combine(callerPDs, context.Context_Renamed); } } else { /* * Call combiner even if there is seemingly nothing to combine. */ if (combiner != null) { this.Context_Renamed = combiner.Combine(callerPDs, null); } else { this.Context_Renamed = Combine(callerPDs, null); } } this.Combiner_Renamed = combiner; Permission[] tmp = null; if (perms != null) { tmp = new Permission[perms.Length]; for (int i = 0; i < perms.Length; i++) { if (perms[i] == null) { throw new NullPointerException("permission can't be null"); } /* * An AllPermission argument is equivalent to calling * doPrivileged() without any limit permissions. */ if (perms[i].GetType() == typeof(AllPermission)) { parent = null; } tmp[i] = perms[i]; } } /* * For a doPrivileged() with limited privilege scope, initialize * the relevant fields. * * The limitedContext field contains the union of all domains which * are enclosed by this limited privilege scope. In other words, * it contains all of the domains which could potentially be checked * if none of the limiting permissions implied a requested permission. */ if (parent != null) { this.LimitedContext = Combine(parent.Context_Renamed, parent.LimitedContext); this.IsLimited = true; this.IsWrapped = true; this.Permissions = tmp; this.Parent = parent; this.PrivilegedContext = context; // used in checkPermission2() } this.IsAuthorized = true; }
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET: //ORIGINAL LINE: private static ProtectionDomain getCallerPD(final Class caller) private static ProtectionDomain GetCallerPD(Class caller) { ProtectionDomain callerPd = doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(caller)); return(callerPd); }
public static java.lang.Class defineClass(object thisUnsafe, string name, byte[] buf, int offset, int length, java.lang.ClassLoader cl, java.security.ProtectionDomain pd) { return(Java_java_lang_ClassLoader.defineClass1(cl, name.Replace('/', '.'), buf, offset, length, pd, null)); }
public override bool Implies(ProtectionDomain domain, Permission perm) { return(Spi.EngineImplies(domain, perm)); }
public static void setProtectionDomain0(java.lang.Class thisClass, java.security.ProtectionDomain pd) { #if !FIRST_PASS thisClass.pd = pd; #endif }
/// <summary> /// Converts an array of bytes into an instance of class <tt>Class</tt>, with an optional <tt>ProtectionDomain</tt>. /// </summary> protected Class defineClass(string name, sbyte[] b, int off, int len, ProtectionDomain protectionDomain) { return default(Class); }