/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled and restricted by the specified
/// {@code AccessControlContext} and with a privilege scope limited by
/// specified {@code Permission} arguments.
///
/// The action is performed with the intersection of the permissions
/// possessed by the caller's protection domain, and those possessed
/// by the domains represented by the specified
/// {@code AccessControlContext}.
/// <para>
/// If the action's {@code run} method throws an (unchecked) exception,
/// it will propagate through this method.
/// </para>
/// <para>
/// If a security manager is installed and the specified
/// {@code AccessControlContext} was not created by system code and the
/// caller's {@code ProtectionDomain} has not been granted the
/// {@literal "createAccessControlContext"}
/// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
/// with no permissions.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method. </param>
/// <param name="action"> the action to be performed. </param>
/// <param name="context"> an <i>access control context</i>
/// representing the restriction to be applied to the
/// caller's domain's privileges before performing
/// the specified action. If the context is
/// {@code null},
/// then no additional restriction is applied. </param>
/// <param name="perms"> the {@code Permission} arguments which limit the
/// scope of the caller's privileges. The number of arguments
/// is variable.
/// </param>
/// <returns> the value returned by the action's {@code run} method.
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if action or perms or any element of
/// perms is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext)
///
/// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivileged <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
{
AccessControlContext parent = Context;
if (perms == null)
{
throw new NullPointerException("null permissions parameter");
}
Class caller = Reflection.CallerClass;
return(AccessController.doPrivileged(action, CreateWrapper(null, caller, parent, context, perms)));
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled. The action is performed with <i>all</i> of the
/// permissions possessed by the caller's protection domain.
///
/// <para> If the action's {@code run} method throws an <i>unchecked</i>
/// exception, it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method.
/// </param>
/// <param name="action"> the action to be performed.
/// </param>
/// <returns> the value returned by the action's {@code run} method
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if the action is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedExceptionAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.6 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action)
{
AccessControlContext acc = StackAccessControlContext;
if (acc == null)
{
return(AccessController.doPrivileged(action));
}
DomainCombiner dc = acc.AssignedCombiner;
return(AccessController.doPrivileged(action, PreserveCombiner(dc, Reflection.CallerClass)));
}
/// <summary>
/// Performs the specified {@code PrivilegedExceptionAction} with
/// privileges enabled and restricted by the specified
/// {@code AccessControlContext} and with a privilege scope limited by
/// specified {@code Permission} arguments.
///
/// The action is performed with the intersection of the permissions
/// possessed by the caller's protection domain, and those possessed
/// by the domains represented by the specified
/// {@code AccessControlContext}.
/// <para>
/// If the action's {@code run} method throws an (unchecked) exception,
/// it will propagate through this method.
///
/// </para>
/// <para> This method preserves the current AccessControlContext's
/// DomainCombiner (which may be null) while the action is performed.
/// </para>
/// <para>
/// If a security manager is installed and the specified
/// {@code AccessControlContext} was not created by system code and the
/// caller's {@code ProtectionDomain} has not been granted the
/// {@literal "createAccessControlContext"}
/// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
/// with no permissions.
///
/// </para>
/// </summary>
/// @param <T> the type of the value returned by the
/// PrivilegedExceptionAction's {@code run} method. </param>
/// <param name="action"> the action to be performed. </param>
/// <param name="context"> an <i>access control context</i>
/// representing the restriction to be applied to the
/// caller's domain's privileges before performing
/// the specified action. If the context is
/// {@code null},
/// then no additional restriction is applied. </param>
/// <param name="perms"> the {@code Permission} arguments which limit the
/// scope of the caller's privileges. The number of arguments
/// is variable.
/// </param>
/// <returns> the value returned by the action's {@code run} method.
/// </returns>
/// <exception cref="PrivilegedActionException"> if the specified action's
/// {@code run} method threw a <i>checked</i> exception </exception>
/// <exception cref="NullPointerException"> if action or perms or any element of
/// perms is {@code null}
/// </exception>
/// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
/// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext) </seealso>
/// <seealso cref= java.security.DomainCombiner
///
/// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
{
AccessControlContext parent = Context;
DomainCombiner dc = parent.Combiner;
if (dc == null && context != null)
{
dc = context.Combiner;
}
if (perms == null)
{
throw new NullPointerException("null permissions parameter");
}
Class caller = Reflection.CallerClass;
return(AccessController.doPrivileged(action, CreateWrapper(dc, caller, parent, context, perms)));
}
// initialize the system scope
private static void InitializeSystemScope()
{
String classname = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper());
if (classname == null)
{
return;
}
else
{
try
{
Class.ForName(classname);
}
catch (ClassNotFoundException e)
{
//Security.error("unable to establish a system scope from " +
// classname);
Console.WriteLine(e.ToString());
Console.Write(e.StackTrace);
}
}
}
/// <summary>
/// Determines whether the access request indicated by the
/// specified permission should be allowed or denied, based on
/// the security policy currently in effect, and the context in
/// this object. The request is allowed only if every ProtectionDomain
/// in the context implies the permission. Otherwise the request is
/// denied.
///
/// <para>
/// This method quietly returns if the access request
/// is permitted, or throws a suitable AccessControlException otherwise.
///
/// </para>
/// </summary>
/// <param name="perm"> the requested permission.
/// </param>
/// <exception cref="AccessControlException"> if the specified permission
/// is not permitted, based on the current security policy and the
/// context encapsulated by this object. </exception>
/// <exception cref="NullPointerException"> if the permission to check for is null. </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void checkPermission(Permission perm) throws AccessControlException
public void CheckPermission(Permission perm)
{
bool dumpDebug = false;
if (perm == null)
{
throw new NullPointerException("permission can't be null");
}
if (Debug != null)
{
// If "codebase" is not specified, we dump the info by default.
dumpDebug = !Debug.isOn("codebase=");
if (!dumpDebug)
{
// If "codebase" is specified, only dump if the specified code
// value is in the stack.
for (int i = 0; Context_Renamed != null && i < Context_Renamed.Length; i++)
{
if (Context_Renamed[i].CodeSource != null && Context_Renamed[i].CodeSource.Location != null && Debug.isOn("codebase=" + Context_Renamed[i].CodeSource.Location.ToString()))
{
dumpDebug = true;
break;
}
}
}
//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);
if (dumpDebug && Debug.isOn("stack"))
{
Thread.DumpStack();
}
if (dumpDebug && Debug.isOn("domain"))
{
if (Context_Renamed == null)
{
Debug_Renamed.println("domain (context is null)");
}
else
{
for (int i = 0; i < Context_Renamed.Length; i++)
{
Debug_Renamed.println("domain " + i + " " + Context_Renamed[i]);
}
}
}
}
/*
* iterate through the ProtectionDomains in the context.
* Stop at the first one that doesn't allow the
* requested permission (throwing an exception).
*
*/
/* if ctxt is null, all we had on the stack were system domains,
* or the first domain was a Privileged system domain. This
* is to make the common case for system code very fast */
if (Context_Renamed == null)
{
CheckPermission2(perm);
return;
}
for (int i = 0; i < Context_Renamed.Length; i++)
{
if (Context_Renamed[i] != null && !Context_Renamed[i].Implies(perm))
{
if (dumpDebug)
{
Debug_Renamed.println("access denied " + perm);
}
if (Debug.isOn("failure") && Debug_Renamed != null)
{
// Want to make sure this is always displayed for failure,
// but do not want to display again if already displayed
// above.
if (!dumpDebug)
{
Debug_Renamed.println("access denied " + perm);
}
Thread.DumpStack();
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final ProtectionDomain pd = context[i];
ProtectionDomain pd = Context_Renamed[i];
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final sun.security.util.Debug db = debug;
Debug db = Debug_Renamed;
AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, pd, db));
}
throw new AccessControlException("access denied " + perm, perm);
}
}
// allow if all of them allowed access
if (dumpDebug)
{
Debug_Renamed.println("access allowed " + perm);
}
CheckPermission2(perm);
}
/// <summary>
/// Initialize superclass state such that a legacy provider can
/// handle queries for itself.
///
/// @since 1.4
/// </summary>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static void initPolicy(final Policy p)
private static void InitPolicy(Policy p)
{
/*
* A policy provider not on the bootclasspath could trigger
* security checks fulfilling a call to either Policy.implies
* or Policy.getPermissions. If this does occur the provider
* must be able to answer for it's own ProtectionDomain
* without triggering additional security checks, otherwise
* the policy implementation will end up in an infinite
* recursion.
*
* To mitigate this, the provider can collect it's own
* ProtectionDomain and associate a PermissionCollection while
* it is being installed. The currently installed policy
* provider (if there is one) will handle calls to
* Policy.implies or Policy.getPermissions during this
* process.
*
* This Policy superclass caches away the ProtectionDomain and
* statically binds permissions so that legacy Policy
* implementations will continue to function.
*/
ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p));
/*
* Collect the permissions granted to this protection domain
* so that the provider can be security checked while processing
* calls to Policy.implies or Policy.getPermissions.
*/
PermissionCollection policyPerms = null;
lock (p)
{
if (p.PdMapping == null)
{
p.PdMapping = new WeakHashMap <>();
}
}
if (policyDomain.CodeSource != null)
{
Policy pol = Policy_Renamed.Get().policy;
if (pol != null)
{
policyPerms = pol.GetPermissions(policyDomain);
}
if (policyPerms == null) // assume it has all
{
policyPerms = new Permissions();
policyPerms.Add(SecurityConstants.ALL_PERMISSION);
}
lock (p.PdMapping)
{
// cache of pd to permissions
p.PdMapping.Put(policyDomain.Key, policyPerms);
}
}
return;
}