/* * Returned cached ProtectionDomain for the specified CodeSource. */ private ProtectionDomain GetProtectionDomain(CodeSource cs) { if (cs == null) { return(null); } ProtectionDomain pd = null; lock (Pdcache) { pd = Pdcache[cs]; if (pd == null) { PermissionCollection perms = GetPermissions(cs); pd = new ProtectionDomain(cs, perms, this, null); Pdcache[cs] = pd; if (Debug != null) { Debug.println(" getPermissions " + pd); Debug.println(""); } } } return(pd); }
/* * Reads in a Hashtable of Class/PermissionCollections and saves them in the * permsMap field. Reads in allPermission. */ //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException private void ReadObject(ObjectInputStream @in) { // Don't call defaultReadObject() // Read in serialized fields ObjectInputStream.GetField gfields = @in.ReadFields(); // Get allPermission AllPermission = (PermissionCollection)gfields.Get("allPermission", null); // Get permissions // writeObject writes a Hashtable<Class<?>, PermissionCollection> for // the perms key, so this cast is safe, unless the data is corrupt. //JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @SuppressWarnings("unchecked") java.util.Hashtable<Class, PermissionCollection> perms = (java.util.Hashtable<Class, PermissionCollection>)gfields.get("perms", null); Dictionary <Class, PermissionCollection> perms = (Dictionary <Class, PermissionCollection>)gfields.Get("perms", null); PermsMap = new Dictionary <Class, PermissionCollection>(perms.Count * 2); //JAVA TO C# CONVERTER TODO TASK: There is no .NET Dictionary equivalent to the Java 'putAll' method: PermsMap.putAll(perms); // Set hasUnresolved UnresolvedPermissionCollection uc = (UnresolvedPermissionCollection)PermsMap[typeof(UnresolvedPermission)]; //JAVA TO C# CONVERTER TODO TASK: Java iterators are only converted within the context of 'while' and 'for' loops: HasUnresolved = (uc != null && uc.Elements().hasMoreElements()); }
/// <summary> /// Gets the PermissionCollection in this Permissions object for /// permissions whose type is the same as that of <i>p</i>. /// For example, if <i>p</i> is a FilePermission, /// the FilePermissionCollection /// stored in this Permissions object will be returned. /// /// If createEmpty is true, /// this method creates a new PermissionCollection object for the specified /// type of permission objects if one does not yet exist. /// To do so, it first calls the {@code newPermissionCollection} method /// on <i>p</i>. Subclasses of class Permission /// override that method if they need to store their permissions in a /// particular PermissionCollection object in order to provide the /// correct semantics when the {@code PermissionCollection.implies} /// method is called. /// If the call returns a PermissionCollection, that collection is stored /// in this Permissions object. If the call returns null and createEmpty /// is true, then /// this method instantiates and stores a default PermissionCollection /// that uses a hashtable to store its permission objects. /// /// createEmpty is ignored when creating empty PermissionCollection /// for unresolved permissions because of the overhead of determining the /// PermissionCollection to use. /// /// createEmpty should be set to false when this method is invoked from /// implies() because it incurs the additional overhead of creating and /// adding an empty PermissionCollection that will just return false. /// It should be set to true when invoked from add(). /// </summary> private PermissionCollection GetPermissionCollection(Permission p, bool createEmpty) { Class c = p.GetType(); PermissionCollection pc = PermsMap[c]; if (!HasUnresolved && !createEmpty) { return(pc); } else if (pc == null) { // Check for unresolved permissions pc = (HasUnresolved ? GetUnresolvedPermissions(p) : null); // if still null, create a new collection if (pc == null && createEmpty) { pc = p.NewPermissionCollection(); // still no PermissionCollection? // We'll give them a PermissionsHash. if (pc == null) { pc = new PermissionsHash(); } } if (pc != null) { PermsMap[c] = pc; } } return(pc); }
/// <summary> /// Adds a permission object to the PermissionCollection for the class the /// permission belongs to. For example, if <i>permission</i> is a /// FilePermission, it is added to the FilePermissionCollection stored /// in this Permissions object. /// /// This method creates /// a new PermissionCollection object (and adds the permission to it) /// if an appropriate collection does not yet exist. <para> /// /// </para> /// </summary> /// <param name="permission"> the Permission object to add. /// </param> /// <exception cref="SecurityException"> if this Permissions object is /// marked as readonly. /// </exception> /// <seealso cref= PermissionCollection#isReadOnly() </seealso> public override void Add(Permission permission) { if (ReadOnly) { throw new SecurityException("attempt to add a Permission to a readonly Permissions object"); } PermissionCollection pc; lock (this) { pc = GetPermissionCollection(permission, true); pc.Add(permission); } // No sync; staleness -> optimizations delayed, which is OK if (permission is AllPermission) { AllPermission = pc; } if (permission is UnresolvedPermission) { HasUnresolved = true; } }
/// <summary> /// add static permissions to provided permission collection /// </summary> private void AddStaticPerms(PermissionCollection perms, PermissionCollection statics) { if (statics != null) { lock (statics) { IEnumerator <Permission> e = statics.Elements(); while (e.MoveNext()) { perms.Add(e.Current); } } } }
/// <summary> /// Return a PermissionCollection object containing the set of /// permissions granted to the specified ProtectionDomain. /// /// <para> Applications are discouraged from calling this method /// since this operation may not be supported by all policy implementations. /// Applications should rely on the {@code implies} method /// to perform policy checks. /// /// </para> /// <para> The default implementation of this method first retrieves /// the permissions returned via {@code getPermissions(CodeSource)} /// (the CodeSource is taken from the specified ProtectionDomain), /// as well as the permissions located inside the specified ProtectionDomain. /// All of these permissions are then combined and returned in a new /// PermissionCollection object. If {@code getPermissions(CodeSource)} /// returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method /// returns the permissions contained inside the specified ProtectionDomain /// in a new PermissionCollection object. /// /// </para> /// <para> This method can be overridden if the policy implementation /// supports returning a set of permissions granted to a ProtectionDomain. /// /// </para> /// </summary> /// <param name="domain"> the ProtectionDomain to which the returned /// PermissionCollection has been granted. /// </param> /// <returns> a set of permissions granted to the specified ProtectionDomain. /// If this operation is supported, the returned /// set of permissions must be a new mutable instance /// and it must support heterogeneous Permission types. /// If this operation is not supported, /// Policy.UNSUPPORTED_EMPTY_COLLECTION is returned. /// /// @since 1.4 </returns> public virtual PermissionCollection GetPermissions(ProtectionDomain domain) { PermissionCollection pc = null; if (domain == null) { return(new Permissions()); } if (PdMapping == null) { InitPolicy(this); } lock (PdMapping) { pc = PdMapping.Get(domain.Key); } if (pc != null) { Permissions perms = new Permissions(); lock (pc) { for (IEnumerator <Permission> e = pc.Elements(); e.MoveNext();) { perms.Add(e.Current); } } return(perms); } pc = GetPermissions(domain.CodeSource); if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION) { pc = new Permissions(); } AddStaticPerms(pc, domain.Permissions); return(pc); }
/// <summary> /// Checks to see if this object's PermissionCollection for permissions of /// the specified permission's class implies the permissions /// expressed in the <i>permission</i> object. Returns true if the /// combination of permissions in the appropriate PermissionCollection /// (e.g., a FilePermissionCollection for a FilePermission) together /// imply the specified permission. /// /// <para>For example, suppose there is a FilePermissionCollection in this /// Permissions object, and it contains one FilePermission that specifies /// "read" access for all files in all subdirectories of the "/tmp" /// directory, and another FilePermission that specifies "write" access /// for all files in the "/tmp/scratch/foo" directory. /// Then if the {@code implies} method /// is called with a permission specifying both "read" and "write" access /// to files in the "/tmp/scratch/foo" directory, {@code true} is /// returned. /// /// </para> /// <para>Additionally, if this PermissionCollection contains the /// AllPermission, this method will always return true. /// </para> /// <para> /// </para> /// </summary> /// <param name="permission"> the Permission object to check. /// </param> /// <returns> true if "permission" is implied by the permissions in the /// PermissionCollection it /// belongs to, false if not. </returns> public override bool Implies(Permission permission) { // No sync; staleness -> skip optimization, which is OK if (AllPermission != null) { return(true); // AllPermission has already been added } else { lock (this) { PermissionCollection pc = GetPermissionCollection(permission, false); if (pc != null) { return(pc.Implies(permission)); } else { // none found return(false); } } } }
/// <summary> /// Creates a new Permissions object containing no PermissionCollections. /// </summary> public Permissions() { PermsMap = new Dictionary <Class, PermissionCollection>(11); AllPermission = null; }
/// <summary> /// Resolves any unresolved permissions of type p. /// </summary> /// <param name="p"> the type of unresolved permission to resolve /// </param> /// <returns> PermissionCollection containing the unresolved permissions, /// or null if there were no unresolved permissions of type p. /// </returns> private PermissionCollection GetUnresolvedPermissions(Permission p) { // Called from within synchronized method so permsMap doesn't need lock UnresolvedPermissionCollection uc = (UnresolvedPermissionCollection)PermsMap[typeof(UnresolvedPermission)]; // we have no unresolved permissions if uc is null if (uc == null) { return(null); } IList <UnresolvedPermission> unresolvedPerms = uc.GetUnresolvedPermissions(p); // we have no unresolved permissions of this type if unresolvedPerms is null if (unresolvedPerms == null) { return(null); } java.security.cert.Certificate[] certs = null; Object[] signers = p.GetType().Signers; int n = 0; if (signers != null) { for (int j = 0; j < signers.Length; j++) { if (signers[j] is java.security.cert.Certificate) { n++; } } certs = new java.security.cert.Certificate[n]; n = 0; for (int j = 0; j < signers.Length; j++) { if (signers[j] is java.security.cert.Certificate) { certs[n++] = (java.security.cert.Certificate)signers[j]; } } } PermissionCollection pc = null; lock (unresolvedPerms) { int len = unresolvedPerms.Count; for (int i = 0; i < len; i++) { UnresolvedPermission up = unresolvedPerms[i]; Permission perm = up.Resolve(p, certs); if (perm != null) { if (pc == null) { pc = p.NewPermissionCollection(); if (pc == null) { pc = new PermissionsHash(); } } pc.Add(perm); } } } return(pc); }
/// <summary> /// Initialize superclass state such that a legacy provider can /// handle queries for itself. /// /// @since 1.4 /// </summary> //JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET: //ORIGINAL LINE: private static void initPolicy(final Policy p) private static void InitPolicy(Policy p) { /* * A policy provider not on the bootclasspath could trigger * security checks fulfilling a call to either Policy.implies * or Policy.getPermissions. If this does occur the provider * must be able to answer for it's own ProtectionDomain * without triggering additional security checks, otherwise * the policy implementation will end up in an infinite * recursion. * * To mitigate this, the provider can collect it's own * ProtectionDomain and associate a PermissionCollection while * it is being installed. The currently installed policy * provider (if there is one) will handle calls to * Policy.implies or Policy.getPermissions during this * process. * * This Policy superclass caches away the ProtectionDomain and * statically binds permissions so that legacy Policy * implementations will continue to function. */ ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p)); /* * Collect the permissions granted to this protection domain * so that the provider can be security checked while processing * calls to Policy.implies or Policy.getPermissions. */ PermissionCollection policyPerms = null; lock (p) { if (p.PdMapping == null) { p.PdMapping = new WeakHashMap <>(); } } if (policyDomain.CodeSource != null) { Policy pol = Policy_Renamed.Get().policy; if (pol != null) { policyPerms = pol.GetPermissions(policyDomain); } if (policyPerms == null) // assume it has all { policyPerms = new Permissions(); policyPerms.Add(SecurityConstants.ALL_PERMISSION); } lock (p.PdMapping) { // cache of pd to permissions p.PdMapping.Put(policyDomain.Key, policyPerms); } } return; }