/* * Checks whether the calling thread is allowed to access the resource being * guarded by the specified permission object. * * @param permission * the permission to check. * @throws SecurityException * if the requested {@code permission} is denied according to * the current security policy. */ public void checkPermission(java.security.Permission permission) { try { inCheck = true; java.security.AccessController.checkPermission(permission); } finally { inCheck = false; } }
/** * Add a permission object to the permission collection. * * @param permission * the FilePermission object to add to the collection. * @throws IllegalArgumentException * if {@code permission} is not an instance of * {@code FilePermission}. * @throws IllegalStateException * if this collection is read-only. * @see java.security.PermissionCollection#add(java.security.Permission) */ public override void add(java.security.Permission permission) { if (isReadOnly()) { throw new java.lang.IllegalStateException(); } if (permission is FilePermission) { permissions.addElement(permission); } else { throw new java.lang.IllegalArgumentException(permission.toString()); } }
/** * Indicates whether this permissions collection implies a specific * {@code permission}. * * @param permission * the permission to check. * @see java.security.PermissionCollection#implies(java.security.Permission) */ public override bool implies(java.security.Permission permission) { if (permission is FilePermission) { FilePermission fp = (FilePermission)permission; int matchedMask = 0; int i = 0; while (i < permissions.size() && ((matchedMask & fp.mask) != fp.mask)) { // Cast will not fail since we added it matchedMask |= ((FilePermission)permissions.elementAt(i)) .impliesMask(permission); i++; } return((matchedMask & fp.mask) == fp.mask); } return(false); }
/** * Returns an int describing what masks are implied by a specific * permission. * * @param p * the permission * @return the mask applied to the given permission */ internal int impliesMask(java.security.Permission p) { if (!(p is FilePermission)) { return(0); } FilePermission fp = (FilePermission)p; int matchedMask = mask & fp.mask; // Can't match any bits? if (matchedMask == 0) { return(0); } // Is this permission <<ALL FILES>> if (includeAll) { return(matchedMask); } // We can't imply all files if (fp.includeAll) { return(0); } // Scan the length of p checking all match possibilities // \- implies everything except \ int thisLength = canonPath.length(); if (allSubdir && thisLength == 2 && !fp.canonPath.equals(File.separator)) { return(matchedMask); } // need /- to imply /- if (fp.allSubdir && !allSubdir) { return(0); } // need /- or /* to imply /* if (fp.allDir && !allSubdir && !allDir) { return(0); } bool includeDir = false; int pLength = fp.canonPath.length(); // do not compare the * or - if (allDir || allSubdir) { thisLength--; } if (fp.allDir || fp.allSubdir) { pLength--; } for (int i = 0; i < pLength; i++) { char pChar = fp.canonPath.charAt(i); // Is p longer than this permissions canonLength? if (i >= thisLength) { if (i == thisLength) { // Is this permission include all? (must have matched up // until this point). if (allSubdir) { return(matchedMask); } // Is this permission include a dir? Continue the check // afterwards. if (allDir) { includeDir = true; } } // If not includeDir then is has to be a mismatch. if (!includeDir) { return(0); } /** * If we have * for this and find a separator it is invalid. IE: * this is '/a/*' and p is '/a/b/c' we should fail on the * separator after the b. Except for root, canonical paths do * not end in a separator. */ if (pChar == File.separatorChar) { return(0); } } else { // Are the characters matched? if (canonPath.charAt(i) != pChar) { return(0); } } } // Must have matched up to this point or it's a valid file in an include // all directory if (pLength == thisLength) { if (allSubdir) { // /- implies /- or /* return(fp.allSubdir || fp.allDir ? matchedMask : 0); } return(allDir == fp.allDir ? matchedMask : 0); } return(includeDir ? matchedMask : 0); }
/** * Indicates whether the permission {@code p} is implied by this file * permission. This is the case if {@code p} is an instance of * {@code FilePermission}, if {@code p}'s actions are a subset of this * file permission's actions and if {@code p}'s path is implied by this * file permission's path. * * @param p * the permission to check. * @return {@code true} if the argument permission is implied by the * receiver, and {@code false} if it is not. */ public override bool implies(java.security.Permission p) { int match = impliesMask(p); return(match != 0 && match == ((FilePermission)p).mask); }