/// <summary>
/// package private to allow calls from ProtectionDomain without performing
/// the security check for <seealso cref="SecurityConstants.CREATE_ACC_PERMISSION"/>
/// permission
/// </summary>
internal AccessControlContext(AccessControlContext acc, DomainCombiner combiner, bool preauthorized)
{
if (!preauthorized)
{
SecurityManager sm = System.SecurityManager;
if (sm != null)
{
sm.CheckPermission(SecurityConstants.CREATE_ACC_PERMISSION);
this.IsAuthorized = true;
}
}
else
{
this.IsAuthorized = true;
}
this.Context_Renamed = acc.Context_Renamed;
// we do not need to run the combine method on the
// provided ACC. it was already "combined" when the
// context was originally retrieved.
//
// at this point in time, we simply throw away the old
// combiner and use the newly provided one.
this.Combiner_Renamed = combiner;
}
public static object getInheritedAccessControlContext()
{
#if FIRST_PASS
return(null);
#else
#if false
object inheritedAccessControlContext = java.lang.Thread.currentThread().inheritedAccessControlContext;
java.security.AccessControlContext acc = inheritedAccessControlContext as java.security.AccessControlContext;
if (acc != null)
{
return(acc);
}
java.security.AccessController.LazyContext lc = inheritedAccessControlContext as java.security.AccessController.LazyContext;
if (lc == null)
{
return(null);
}
List <java.security.ProtectionDomain> list = new List <java.security.ProtectionDomain>();
while (lc != null)
{
if (GetProtectionDomains(list, lc.callerID, lc.stackTrace))
{
return(CreateAccessControlContext(list, true, lc.context));
}
lc = lc.parent;
}
return(CreateAccessControlContext(list, false, null));
#else
throw new NotImplementedException();
#endif
#endif
}
private bool ContainsAllLimits(AccessControlContext that)
{
bool match = false;
Permission thisPerm;
if (this.Permissions == null && that.Permissions == null)
{
return(true);
}
for (int i = 0; i < this.Permissions.Length; i++)
{
Permission limit = this.Permissions[i];
Class limitClass = limit.GetType();
match = false;
for (int j = 0; (j < that.Permissions.Length) && !match; j++)
{
Permission perm = that.Permissions[j];
match = (limitClass.Equals(perm.GetType()) && limit.Equals(perm));
}
if (!match)
{
return(false);
}
}
return(match);
}
/// <summary>
/// Checks two AccessControlContext objects for equality.
/// Checks that <i>obj</i> is
/// an AccessControlContext and has the same set of ProtectionDomains
/// as this context.
/// <P> </summary>
/// <param name="obj"> the object we are testing for equality with this object. </param>
/// <returns> true if <i>obj</i> is an AccessControlContext, and has the
/// same set of ProtectionDomains as this context, false otherwise. </returns>
public override bool Equals(Object obj)
{
if (obj == this)
{
return(true);
}
if (!(obj is AccessControlContext))
{
return(false);
}
AccessControlContext that = (AccessControlContext)obj;
if (!EqualContext(that))
{
return(false);
}
if (!EqualLimitedContext(that))
{
return(false);
}
return(true);
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled and restricted by the specified
/// {@code AccessControlContext} and with a privilege scope limited by
/// specified {@code Permission} arguments.
///
/// The action is performed with the intersection of the permissions
/// possessed by the caller's protection domain, and those possessed
/// by the domains represented by the specified
/// {@code AccessControlContext}.
/// <para>
/// If the action's {@code run} method throws an (unchecked) exception,
/// it will propagate through this method.
/// </para>
/// <para>
/// If a security manager is installed and the specified
/// {@code AccessControlContext} was not created by system code and the
/// caller's {@code ProtectionDomain} has not been granted the
/// {@literal "createAccessControlContext"}
/// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
/// with no permissions.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method. </param>
/// <param name="action"> the action to be performed. </param>
/// <param name="context"> an <i>access control context</i>
/// representing the restriction to be applied to the
/// caller's domain's privileges before performing
/// the specified action. If the context is
/// {@code null},
/// then no additional restriction is applied. </param>
/// <param name="perms"> the {@code Permission} arguments which limit the
/// scope of the caller's privileges. The number of arguments
/// is variable.
/// </param>
/// <returns> the value returned by the action's {@code run} method.
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if action or perms or any element of
/// perms is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext)
///
/// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivileged <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
{
AccessControlContext parent = Context;
if (perms == null)
{
throw new NullPointerException("null permissions parameter");
}
Class caller = Reflection.CallerClass;
return(AccessController.doPrivileged(action, CreateWrapper(null, caller, parent, context, perms)));
}
/*
* Follow the privilegedContext link making our best effort to skip
* through any wrapper contexts.
*/
private static AccessControlContext GetNextPC(AccessControlContext acc)
{
while (acc != null && acc.PrivilegedContext != null)
{
acc = acc.PrivilegedContext;
if (!acc.IsWrapped)
{
return(acc);
}
}
return(null);
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled. The action is performed with <i>all</i> of the
/// permissions possessed by the caller's protection domain.
///
/// <para> If the action's {@code run} method throws an <i>unchecked</i>
/// exception, it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method.
/// </param>
/// <param name="action"> the action to be performed.
/// </param>
/// <returns> the value returned by the action's {@code run} method
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if the action is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedExceptionAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.6 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action)
{
AccessControlContext acc = StackAccessControlContext;
if (acc == null)
{
return(AccessController.doPrivileged(action));
}
DomainCombiner dc = acc.AssignedCombiner;
return(AccessController.doPrivileged(action, PreserveCombiner(dc, Reflection.CallerClass)));
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled and restricted by the specified
/// {@code AccessControlContext} and with a privilege scope limited by
/// specified {@code Permission} arguments.
///
/// The action is performed with the intersection of the permissions
/// possessed by the caller's protection domain, and those possessed
/// by the domains represented by the specified
/// {@code AccessControlContext}.
/// <para>
/// If the action's {@code run} method throws an (unchecked) exception,
/// it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
/// </para>
/// <para>
/// If a security manager is installed and the specified
/// {@code AccessControlContext} was not created by system code and the
/// caller's {@code ProtectionDomain} has not been granted the
/// {@literal "createAccessControlContext"}
/// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
/// with no permissions.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method. </param>
/// <param name="action"> the action to be performed. </param>
/// <param name="context"> an <i>access control context</i>
/// representing the restriction to be applied to the
/// caller's domain's privileges before performing
/// the specified action. If the context is
/// {@code null},
/// then no additional restriction is applied. </param>
/// <param name="perms"> the {@code Permission} arguments which limit the
/// scope of the caller's privileges. The number of arguments
/// is variable.
/// </param>
/// <returns> the value returned by the action's {@code run} method.
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if action or perms or any element of
/// perms is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
{
AccessControlContext parent = Context;
DomainCombiner dc = parent.Combiner;
if (dc == null && context != null)
{
dc = context.Combiner;
}
if (perms == null)
{
throw new NullPointerException("null permissions parameter");
}
Class caller = Reflection.CallerClass;
return(AccessController.doPrivileged(action, CreateWrapper(dc, caller, parent, context, perms)));
}
public static object getStackAccessControlContext(java.security.AccessControlContext context, [email protected] callerID) { #if FIRST_PASS return(null); #else List <java.security.ProtectionDomain> array = new List <java.security.ProtectionDomain>(); bool is_privileged = GetProtectionDomains(array, callerID, new StackTrace(1)); if (array.Count == 0) { if (is_privileged && context == null) { return(null); } } return(CreateAccessControlContext(array, is_privileged, context)); #endif }
/// <summary>
/// Determines whether the access request indicated by the
/// specified permission should be allowed or denied, based on
/// the current AccessControlContext and security policy.
/// This method quietly returns if the access request
/// is permitted, or throws an AccessControlException otherwise. The
/// getPermission method of the AccessControlException returns the
/// {@code perm} Permission object instance.
/// </summary>
/// <param name="perm"> the requested permission.
/// </param>
/// <exception cref="AccessControlException"> if the specified permission
/// is not permitted, based on the current security policy. </exception>
/// <exception cref="NullPointerException"> if the specified permission
/// is {@code null} and is checked based on the
/// security policy currently in effect. </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public static void checkPermission(Permission perm) throws AccessControlException
public static void CheckPermission(Permission perm)
{
//System.err.println("checkPermission "+perm);
//Thread.currentThread().dumpStack();
if (perm == null)
{
throw new NullPointerException("permission can't be null");
}
AccessControlContext stack = StackAccessControlContext;
// if context is null, we had privileged system code on the stack.
if (stack == null)
{
Debug debug = AccessControlContext.Debug;
bool dumpDebug = false;
if (debug != null)
{
dumpDebug = !Debug.isOn("codebase=");
//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);
}
if (dumpDebug && Debug.isOn("stack"))
{
Thread.DumpStack();
}
if (dumpDebug && Debug.isOn("domain"))
{
debug.println("domain (context is null)");
}
if (dumpDebug)
{
debug.println("access allowed " + perm);
}
return;
}
AccessControlContext acc = stack.Optimize();
acc.CheckPermission(perm);
}
/*
* Compare for equality based on state that is free of limited
* privilege complications.
*/
private bool EqualContext(AccessControlContext that)
{
if (!EqualPDs(this.Context_Renamed, that.Context_Renamed))
{
return(false);
}
if (this.Combiner_Renamed == null && that.Combiner_Renamed != null)
{
return(false);
}
if (this.Combiner_Renamed != null && !this.Combiner_Renamed.Equals(that.Combiner_Renamed))
{
return(false);
}
return(true);
}
/*
* Calculate the additional domains that could potentially be reached via
* limited privilege scope. Mark the context as being subject to limited
* privilege scope unless the reachable domains (if any) are already
* contained in this domain context (in which case any limited
* privilege scope checking would be redundant).
*/
private void CalculateFields(AccessControlContext assigned, AccessControlContext parent, Permission[] permissions)
{
ProtectionDomain[] parentLimit = null;
ProtectionDomain[] assignedLimit = null;
ProtectionDomain[] newLimit;
parentLimit = (parent != null)? parent.LimitedContext: null;
assignedLimit = (assigned != null)? assigned.LimitedContext: null;
newLimit = Combine(parentLimit, assignedLimit);
if (newLimit != null)
{
if (Context_Renamed == null || !ContainsAllPDs(newLimit, Context_Renamed))
{
this.LimitedContext = newLimit;
this.Permissions = permissions;
this.Parent = parent;
this.IsLimited = true;
}
}
}
/*
* Compare for equality based on state that is captured during a
* call to AccessController.getContext() when a limited privilege
* scope is in effect.
*/
private bool EqualLimitedContext(AccessControlContext that)
{
if (that == null)
{
return(false);
}
/*
* If neither instance has limited privilege scope then we're done.
*/
if (!this.IsLimited && !that.IsLimited)
{
return(true);
}
/*
* If only one instance has limited privilege scope then we're done.
*/
if (!(this.IsLimited && that.IsLimited))
{
return(false);
}
/*
* Wrapped instances should never escape outside the implementation
* this class and AccessController so this will probably never happen
* but it only makes any sense to compare if they both have the same
* isWrapped state.
*/
if ((this.IsWrapped && !that.IsWrapped) || (!this.IsWrapped && that.IsWrapped))
{
return(false);
}
if (this.Permissions == null && that.Permissions != null)
{
return(false);
}
if (this.Permissions != null && that.Permissions == null)
{
return(false);
}
if (!(this.ContainsAllLimits(that) && that.ContainsAllLimits(this)))
{
return(false);
}
/*
* Skip through any wrapped contexts.
*/
AccessControlContext thisNextPC = GetNextPC(this);
AccessControlContext thatNextPC = GetNextPC(that);
/*
* The protection domains and combiner of a privilegedContext are
* not relevant because they have already been included in the context
* of this instance by optimize() so we only care about any limited
* privilege state they may have.
*/
if (thisNextPC == null && thatNextPC != null && thatNextPC.IsLimited)
{
return(false);
}
if (thisNextPC != null && !thisNextPC.EqualLimitedContext(thatNextPC))
{
return(false);
}
if (this.Parent == null && that.Parent != null)
{
return(false);
}
if (this.Parent != null && !this.Parent.Equals(that.Parent))
{
return(false);
}
return(true);
}
public static extern <T> T doPrivileged(PrivilegedExceptionAction <T> action, AccessControlContext context);
/// <summary>
/// Take the stack-based context (this) and combine it with the
/// privileged or inherited context, if need be. Any limited
/// privilege scope is flagged regardless of whether the assigned
/// context comes from an immediately enclosing limited doPrivileged().
/// The limited privilege scope can indirectly flow from the inherited
/// parent thread or an assigned context previously captured by getContext().
/// </summary>
internal AccessControlContext Optimize()
{
// the assigned (privileged or inherited) context
AccessControlContext acc;
DomainCombiner combiner = null;
AccessControlContext parent = null;
Permission[] permissions = null;
if (IsPrivileged)
{
acc = PrivilegedContext;
if (acc != null)
{
/*
* If the context is from a limited scope doPrivileged() then
* copy the permissions and parent fields out of the wrapper
* context that was created to hold them.
*/
if (acc.IsWrapped)
{
permissions = acc.Permissions;
parent = acc.Parent;
}
}
}
else
{
acc = AccessController.InheritedAccessControlContext;
if (acc != null)
{
/*
* If the inherited context is constrained by a limited scope
* doPrivileged() then set it as our parent so we will process
* the non-domain-related state.
*/
if (acc.IsLimited)
{
parent = acc;
}
}
}
// this.context could be null if only system code is on the stack;
// in that case, ignore the stack context
bool skipStack = (Context_Renamed == null);
// acc.context could be null if only system code was involved;
// in that case, ignore the assigned context
bool skipAssigned = (acc == null || acc.Context_Renamed == null);
ProtectionDomain[] assigned = (skipAssigned) ? null : acc.Context_Renamed;
ProtectionDomain[] pd;
// if there is no enclosing limited privilege scope on the stack or
// inherited from a parent thread
bool skipLimited = ((acc == null || !acc.IsWrapped) && parent == null);
if (acc != null && acc.Combiner_Renamed != null)
{
// let the assigned acc's combiner do its thing
if (Debug != null)
{
Debug_Renamed.println("AccessControlContext invoking the Combiner");
}
// No need to clone current and assigned.context
// combine() will not update them
combiner = acc.Combiner_Renamed;
pd = combiner.Combine(Context_Renamed, assigned);
}
else
{
if (skipStack)
{
if (skipAssigned)
{
CalculateFields(acc, parent, permissions);
return(this);
}
else if (skipLimited)
{
return(acc);
}
}
else if (assigned != null)
{
if (skipLimited)
{
// optimization: if there is a single stack domain and
// that domain is already in the assigned context; no
// need to combine
if (Context_Renamed.Length == 1 && Context_Renamed[0] == assigned[0])
{
return(acc);
}
}
}
pd = Combine(Context_Renamed, assigned);
if (skipLimited && !skipAssigned && pd == assigned)
{
return(acc);
}
else if (skipAssigned && pd == Context_Renamed)
{
CalculateFields(acc, parent, permissions);
return(this);
}
}
// Reuse existing ACC
this.Context_Renamed = pd;
this.Combiner_Renamed = combiner;
this.IsPrivileged = false;
CalculateFields(acc, parent, permissions);
return(this);
}
public PrivilegedActionAnonymousInnerClassHelper(AccessControlContext outerInstance, java.security.ProtectionDomain pd, Debug db)
{
this.OuterInstance = outerInstance;
this.Pd = pd;
this.Db = db;
}
/// <summary>
/// Constructor for JavaSecurityAccess.doIntersectionPrivilege()
/// </summary>
internal AccessControlContext(ProtectionDomain[] context, AccessControlContext privilegedContext)
{
this.Context_Renamed = context;
this.PrivilegedContext = privilegedContext;
this.IsPrivileged = true;
}
/// <summary>
/// Create a wrapper to contain the limited privilege scope data.
/// </summary>
private static AccessControlContext CreateWrapper(DomainCombiner combiner, Class caller, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
ProtectionDomain callerPD = GetCallerPD(caller);
// check if caller is authorized to create context
if (context != null && !context.Authorized && System.SecurityManager != null && !callerPD.ImpliesCreateAccessControlContext())
{
ProtectionDomain nullPD = new ProtectionDomain(null, null);
return(new AccessControlContext(new ProtectionDomain[] { nullPD }));
}
else
{
return(new AccessControlContext(callerPD, combiner, parent, context, perms));
}
}
private static object CreateAccessControlContext(List <java.security.ProtectionDomain> context, bool is_privileged, java.security.AccessControlContext privileged_context)
{
java.security.AccessControlContext acc = new java.security.AccessControlContext(context == null || context.Count == 0 ? null : context.ToArray(), is_privileged);
acc._privilegedContext(privileged_context);
return(acc);
}
/// <summary>
/// Create a new {@code AccessControlContext} with the given
/// {@code AccessControlContext} and {@code DomainCombiner}.
/// This constructor associates the provided
/// {@code DomainCombiner} with the provided
/// {@code AccessControlContext}.
///
/// <para>
///
/// </para>
/// </summary>
/// <param name="acc"> the {@code AccessControlContext} associated
/// with the provided {@code DomainCombiner}.
/// </param>
/// <param name="combiner"> the {@code DomainCombiner} to be associated
/// with the provided {@code AccessControlContext}.
/// </param>
/// <exception cref="NullPointerException"> if the provided
/// {@code context} is {@code null}.
/// </exception>
/// <exception cref="SecurityException"> if a security manager is installed and the
/// caller does not have the "createAccessControlContext"
/// <seealso cref="SecurityPermission"/>
/// @since 1.3 </exception>
public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) : this(acc, combiner, false)
{
}
private static object CreateAccessControlContext(List<java.security.ProtectionDomain> context, bool is_privileged, java.security.AccessControlContext privileged_context)
{
java.security.AccessControlContext acc = new java.security.AccessControlContext(context == null || context.Count == 0 ? null : context.ToArray(), is_privileged);
acc._privilegedContext(privileged_context);
return acc;
}
/// <summary>
/// package private for AccessController
///
/// This "argument wrapper" context will be passed as the actual context
/// parameter on an internal doPrivileged() call used in the implementation.
/// </summary>
internal AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)
{
/*
* Combine the domains from the doPrivileged() context into our
* wrapper context, if necessary.
*/
ProtectionDomain[] callerPDs = null;
if (caller != null)
{
callerPDs = new ProtectionDomain[] { caller };
}
if (context != null)
{
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, context.Context_Renamed);
}
else
{
this.Context_Renamed = Combine(callerPDs, context.Context_Renamed);
}
}
else
{
/*
* Call combiner even if there is seemingly nothing to combine.
*/
if (combiner != null)
{
this.Context_Renamed = combiner.Combine(callerPDs, null);
}
else
{
this.Context_Renamed = Combine(callerPDs, null);
}
}
this.Combiner_Renamed = combiner;
Permission[] tmp = null;
if (perms != null)
{
tmp = new Permission[perms.Length];
for (int i = 0; i < perms.Length; i++)
{
if (perms[i] == null)
{
throw new NullPointerException("permission can't be null");
}
/*
* An AllPermission argument is equivalent to calling
* doPrivileged() without any limit permissions.
*/
if (perms[i].GetType() == typeof(AllPermission))
{
parent = null;
}
tmp[i] = perms[i];
}
}
/*
* For a doPrivileged() with limited privilege scope, initialize
* the relevant fields.
*
* The limitedContext field contains the union of all domains which
* are enclosed by this limited privilege scope. In other words,
* it contains all of the domains which could potentially be checked
* if none of the limiting permissions implied a requested permission.
*/
if (parent != null)
{
this.LimitedContext = Combine(parent.Context_Renamed, parent.LimitedContext);
this.IsLimited = true;
this.IsWrapped = true;
this.Permissions = tmp;
this.Parent = parent;
this.PrivilegedContext = context; // used in checkPermission2()
}
this.IsAuthorized = true;
}