Наследование: java.lang.Object
Пример #1
0
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled and restricted by the specified
        /// {@code AccessControlContext} and with a privilege scope limited by
        /// specified {@code Permission} arguments.
        ///
        /// The action is performed with the intersection of the permissions
        /// possessed by the caller's protection domain, and those possessed
        /// by the domains represented by the specified
        /// {@code AccessControlContext}.
        /// <para>
        /// If the action's {@code run} method throws an (unchecked) exception,
        /// it will propagate through this method.
        /// </para>
        /// <para>
        /// If a security manager is installed and the specified
        /// {@code AccessControlContext} was not created by system code and the
        /// caller's {@code ProtectionDomain} has not been granted the
        /// {@literal "createAccessControlContext"}
        /// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
        /// with no permissions.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method. </param>
        /// <param name="action"> the action to be performed. </param>
        /// <param name="context"> an <i>access control context</i>
        ///                representing the restriction to be applied to the
        ///                caller's domain's privileges before performing
        ///                the specified action.  If the context is
        ///                {@code null},
        ///                then no additional restriction is applied. </param>
        /// <param name="perms"> the {@code Permission} arguments which limit the
        ///              scope of the caller's privileges. The number of arguments
        ///              is variable.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method.
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if action or perms or any element of
        ///         perms is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext)
        ///
        /// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivileged <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
        {
            AccessControlContext parent = Context;

            if (perms == null)
            {
                throw new NullPointerException("null permissions parameter");
            }
            Class caller = Reflection.CallerClass;

            return(AccessController.doPrivileged(action, CreateWrapper(null, caller, parent, context, perms)));
        }
Пример #2
0
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled.  The action is performed with <i>all</i> of the
        /// permissions possessed by the caller's protection domain.
        ///
        /// <para> If the action's {@code run} method throws an <i>unchecked</i>
        /// exception, it will propagate through this method.
        ///
        /// </para>
        /// <para> This method preserves the current AccessControlContext's
        /// DomainCombiner (which may be null) while the action is performed.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method.
        /// </param>
        /// <param name="action"> the action to be performed.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if the action is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedExceptionAction,AccessControlContext) </seealso>
        /// <seealso cref= java.security.DomainCombiner
        ///
        /// @since 1.6 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action)
        {
            AccessControlContext acc = StackAccessControlContext;

            if (acc == null)
            {
                return(AccessController.doPrivileged(action));
            }
            DomainCombiner dc = acc.AssignedCombiner;

            return(AccessController.doPrivileged(action, PreserveCombiner(dc, Reflection.CallerClass)));
        }
Пример #3
0
        /// <summary>
        /// Performs the specified {@code PrivilegedExceptionAction} with
        /// privileges enabled and restricted by the specified
        /// {@code AccessControlContext} and with a privilege scope limited by
        /// specified {@code Permission} arguments.
        ///
        /// The action is performed with the intersection of the permissions
        /// possessed by the caller's protection domain, and those possessed
        /// by the domains represented by the specified
        /// {@code AccessControlContext}.
        /// <para>
        /// If the action's {@code run} method throws an (unchecked) exception,
        /// it will propagate through this method.
        ///
        /// </para>
        /// <para> This method preserves the current AccessControlContext's
        /// DomainCombiner (which may be null) while the action is performed.
        /// </para>
        /// <para>
        /// If a security manager is installed and the specified
        /// {@code AccessControlContext} was not created by system code and the
        /// caller's {@code ProtectionDomain} has not been granted the
        /// {@literal "createAccessControlContext"}
        /// <seealso cref="java.security.SecurityPermission"/>, then the action is performed
        /// with no permissions.
        ///
        /// </para>
        /// </summary>
        /// @param <T> the type of the value returned by the
        ///                  PrivilegedExceptionAction's {@code run} method. </param>
        /// <param name="action"> the action to be performed. </param>
        /// <param name="context"> an <i>access control context</i>
        ///                representing the restriction to be applied to the
        ///                caller's domain's privileges before performing
        ///                the specified action.  If the context is
        ///                {@code null},
        ///                then no additional restriction is applied. </param>
        /// <param name="perms"> the {@code Permission} arguments which limit the
        ///              scope of the caller's privileges. The number of arguments
        ///              is variable.
        /// </param>
        /// <returns> the value returned by the action's {@code run} method.
        /// </returns>
        /// <exception cref="PrivilegedActionException"> if the specified action's
        ///         {@code run} method threw a <i>checked</i> exception </exception>
        /// <exception cref="NullPointerException"> if action or perms or any element of
        ///         perms is {@code null}
        /// </exception>
        /// <seealso cref= #doPrivileged(PrivilegedAction) </seealso>
        /// <seealso cref= #doPrivileged(PrivilegedAction,AccessControlContext) </seealso>
        /// <seealso cref= java.security.DomainCombiner
        ///
        /// @since 1.8 </seealso>
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @CallerSensitive public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action, AccessControlContext context, Permission... perms) throws PrivilegedActionException
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
        public static T doPrivilegedWithCombiner <T>(PrivilegedExceptionAction <T> action, AccessControlContext context, params Permission[] perms)
        {
            AccessControlContext parent = Context;
            DomainCombiner       dc     = parent.Combiner;

            if (dc == null && context != null)
            {
                dc = context.Combiner;
            }
            if (perms == null)
            {
                throw new NullPointerException("null permissions parameter");
            }
            Class caller = Reflection.CallerClass;

            return(AccessController.doPrivileged(action, CreateWrapper(dc, caller, parent, context, perms)));
        }
Пример #4
0
        // initialize the system scope
        private static void InitializeSystemScope()
        {
            String classname = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper());

            if (classname == null)
            {
                return;
            }
            else
            {
                try
                {
                    Class.ForName(classname);
                }
                catch (ClassNotFoundException e)
                {
                    //Security.error("unable to establish a system scope from " +
                    //             classname);
                    Console.WriteLine(e.ToString());
                    Console.Write(e.StackTrace);
                }
            }
        }
Пример #5
0
        /// <summary>
        /// Determines whether the access request indicated by the
        /// specified permission should be allowed or denied, based on
        /// the security policy currently in effect, and the context in
        /// this object. The request is allowed only if every ProtectionDomain
        /// in the context implies the permission. Otherwise the request is
        /// denied.
        ///
        /// <para>
        /// This method quietly returns if the access request
        /// is permitted, or throws a suitable AccessControlException otherwise.
        ///
        /// </para>
        /// </summary>
        /// <param name="perm"> the requested permission.
        /// </param>
        /// <exception cref="AccessControlException"> if the specified permission
        /// is not permitted, based on the current security policy and the
        /// context encapsulated by this object. </exception>
        /// <exception cref="NullPointerException"> if the permission to check for is null. </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void checkPermission(Permission perm) throws AccessControlException
        public void CheckPermission(Permission perm)
        {
            bool dumpDebug = false;

            if (perm == null)
            {
                throw new NullPointerException("permission can't be null");
            }
            if (Debug != null)
            {
                // If "codebase" is not specified, we dump the info by default.
                dumpDebug = !Debug.isOn("codebase=");
                if (!dumpDebug)
                {
                    // If "codebase" is specified, only dump if the specified code
                    // value is in the stack.
                    for (int i = 0; Context_Renamed != null && i < Context_Renamed.Length; i++)
                    {
                        if (Context_Renamed[i].CodeSource != null && Context_Renamed[i].CodeSource.Location != null && Debug.isOn("codebase=" + Context_Renamed[i].CodeSource.Location.ToString()))
                        {
                            dumpDebug = true;
                            break;
                        }
                    }
                }

//JAVA TO C# CONVERTER WARNING: The .NET Type.FullName property will not always yield results identical to the Java Class.getCanonicalName method:
                dumpDebug &= !Debug.isOn("permission=") || Debug.isOn("permission=" + perm.GetType().FullName);

                if (dumpDebug && Debug.isOn("stack"))
                {
                    Thread.DumpStack();
                }

                if (dumpDebug && Debug.isOn("domain"))
                {
                    if (Context_Renamed == null)
                    {
                        Debug_Renamed.println("domain (context is null)");
                    }
                    else
                    {
                        for (int i = 0; i < Context_Renamed.Length; i++)
                        {
                            Debug_Renamed.println("domain " + i + " " + Context_Renamed[i]);
                        }
                    }
                }
            }

            /*
             * iterate through the ProtectionDomains in the context.
             * Stop at the first one that doesn't allow the
             * requested permission (throwing an exception).
             *
             */

            /* if ctxt is null, all we had on the stack were system domains,
             * or the first domain was a Privileged system domain. This
             * is to make the common case for system code very fast */

            if (Context_Renamed == null)
            {
                CheckPermission2(perm);
                return;
            }

            for (int i = 0; i < Context_Renamed.Length; i++)
            {
                if (Context_Renamed[i] != null && !Context_Renamed[i].Implies(perm))
                {
                    if (dumpDebug)
                    {
                        Debug_Renamed.println("access denied " + perm);
                    }

                    if (Debug.isOn("failure") && Debug_Renamed != null)
                    {
                        // Want to make sure this is always displayed for failure,
                        // but do not want to display again if already displayed
                        // above.
                        if (!dumpDebug)
                        {
                            Debug_Renamed.println("access denied " + perm);
                        }
                        Thread.DumpStack();
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final ProtectionDomain pd = context[i];
                        ProtectionDomain pd = Context_Renamed[i];
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final sun.security.util.Debug db = debug;
                        Debug db = Debug_Renamed;
                        AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper(this, pd, db));
                    }
                    throw new AccessControlException("access denied " + perm, perm);
                }
            }

            // allow if all of them allowed access
            if (dumpDebug)
            {
                Debug_Renamed.println("access allowed " + perm);
            }

            CheckPermission2(perm);
        }
Пример #6
0
        /// <summary>
        /// Initialize superclass state such that a legacy provider can
        /// handle queries for itself.
        ///
        /// @since 1.4
        /// </summary>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static void initPolicy(final Policy p)
        private static void InitPolicy(Policy p)
        {
            /*
             * A policy provider not on the bootclasspath could trigger
             * security checks fulfilling a call to either Policy.implies
             * or Policy.getPermissions. If this does occur the provider
             * must be able to answer for it's own ProtectionDomain
             * without triggering additional security checks, otherwise
             * the policy implementation will end up in an infinite
             * recursion.
             *
             * To mitigate this, the provider can collect it's own
             * ProtectionDomain and associate a PermissionCollection while
             * it is being installed. The currently installed policy
             * provider (if there is one) will handle calls to
             * Policy.implies or Policy.getPermissions during this
             * process.
             *
             * This Policy superclass caches away the ProtectionDomain and
             * statically binds permissions so that legacy Policy
             * implementations will continue to function.
             */

            ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p));

            /*
             * Collect the permissions granted to this protection domain
             * so that the provider can be security checked while processing
             * calls to Policy.implies or Policy.getPermissions.
             */
            PermissionCollection policyPerms = null;

            lock (p)
            {
                if (p.PdMapping == null)
                {
                    p.PdMapping = new WeakHashMap <>();
                }
            }

            if (policyDomain.CodeSource != null)
            {
                Policy pol = Policy_Renamed.Get().policy;
                if (pol != null)
                {
                    policyPerms = pol.GetPermissions(policyDomain);
                }

                if (policyPerms == null)                 // assume it has all
                {
                    policyPerms = new Permissions();
                    policyPerms.Add(SecurityConstants.ALL_PERMISSION);
                }

                lock (p.PdMapping)
                {
                    // cache of pd to permissions
                    p.PdMapping.Put(policyDomain.Key, policyPerms);
                }
            }
            return;
        }