1. /*
  2. * @(#)AccessControlContext.java 1.25 01/11/29
  3. *
  4. * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
  5. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  6. */
  7. package java.security;
  8. import java.util.Vector;
  9. import sun.security.util.Debug;
  10. /**
  11. * An AccessControlContext is used to make system resource access decisions
  12. * based on the context it encapsulates.
  13. *
  14. * <p>More specifically, it encapsulates a context and
  15. * has a single method, <code>checkPermission</code>,
  16. * that is equivalent to the <code>checkPermission</code> method
  17. * in the AccessController class, with one difference: The AccessControlContext
  18. * <code>checkPermission</code> method makes access decisions based on the
  19. * context it encapsulates,
  20. * rather than that of the current execution thread.
  21. *
  22. * <p>Thus, the purpose of AccessControlContext is for those situations where
  23. * a security check that should be made within a given context
  24. * actually needs to be done from within a
  25. * <i>different</i> context (for example, from within a worker thread).
  26. *
  27. * <p> An AccessControlContext is created by calling the
  28. * <code>AccessController.getContext</code> method.
  29. * The <code>getContext</code> method takes a "snapshot"
  30. * of the current calling context, and places
  31. * it in an AccessControlContext object, which it returns. A sample call is
  32. * the following:
  33. *
  34. * <pre>
  35. *
  36. * AccessControlContext acc = AccessController.getContext()
  37. *
  38. * </pre>
  39. *
  40. * <p>
  41. * Code within a different context can subsequently call the
  42. * <code>checkPermission</code> method on the
  43. * previously-saved AccessControlContext object. A sample call is the
  44. * following:
  45. *
  46. * <pre>
  47. *
  48. * acc.checkPermission(permission)
  49. *
  50. * </pre>
  51. *
  52. * @see AccessController
  53. *
  54. * @author Roland Schemers
  55. */
  56. public final class AccessControlContext {
  57. private ProtectionDomain context[];
  58. private boolean isPrivileged;
  59. private AccessControlContext privilegedContext;
  60. private static boolean debugInit = false;
  61. private static Debug debug = null;
  62. static Debug getDebug()
  63. {
  64. if (debugInit)
  65. return debug;
  66. else {
  67. if (Policy.isSet()) {
  68. debug = Debug.getInstance("access");
  69. debugInit = true;
  70. }
  71. return debug;
  72. }
  73. }
  74. /**
  75. * Create an AccessControlContext with the given set of ProtectionDomains.
  76. * Context must not be null. Duplicate domains will be removed from the
  77. * context.
  78. *
  79. * @param context the ProtectionDomains associated with this context.
  80. */
  81. public AccessControlContext(ProtectionDomain context[])
  82. {
  83. if (context.length == 1) {
  84. this.context = (ProtectionDomain[])context.clone();
  85. } else {
  86. Vector v = new Vector(context.length);
  87. for (int i =0; i< context.length; i++) {
  88. if ((context[i] != null) && (!v.contains(context[i])))
  89. v.addElement(context[i]);
  90. }
  91. this.context = new ProtectionDomain[v.size()];
  92. v.copyInto(this.context);
  93. }
  94. }
  95. /**
  96. * package private constructor for AccessController.getContext()
  97. */
  98. AccessControlContext(ProtectionDomain context[],
  99. boolean isPrivileged)
  100. {
  101. this.context = context;
  102. this.isPrivileged = isPrivileged;
  103. }
  104. /**
  105. * Returns true if this context is privileged.
  106. */
  107. boolean isPrivileged()
  108. {
  109. return isPrivileged;
  110. }
  111. /**
  112. * Determines whether the access request indicated by the
  113. * specified permission should be allowed or denied, based on
  114. * the security policy currently in effect, and the context in
  115. * this object.
  116. * <p>
  117. * This method quietly returns if the access request
  118. * is permitted, or throws a suitable AccessControlException otherwise.
  119. *
  120. * @param perm the requested permission.
  121. *
  122. * @exception AccessControlException if the specified permission
  123. * is not permitted, based on the current security policy and the
  124. * context encapsulated by this object.
  125. */
  126. public void checkPermission(Permission perm)
  127. throws AccessControlException
  128. {
  129. if (getDebug() != null) {
  130. if (Debug.isOn("stack"))
  131. Thread.currentThread().dumpStack();
  132. if (Debug.isOn("domain")) {
  133. if (context == null) {
  134. debug.println("domain (context is null)");
  135. } else {
  136. for (int i=0; i< context.length; i++) {
  137. debug.println("domain "+i+" "+context[i]);
  138. }
  139. }
  140. }
  141. }
  142. /*
  143. * iterate through the ProtectionDomains in the context.
  144. * Stop at the first one that doesn't allow the
  145. * requested permission (throwing an exception).
  146. *
  147. */
  148. /* if ctxt is null, all we had on the stack were system domains,
  149. or the first domain was a Privileged system domain. This
  150. is to make the common case for system code very fast */
  151. if (context == null)
  152. return;
  153. for (int i=0; i< context.length; i++) {
  154. if (context[i] != null && !context[i].implies(perm)) {
  155. if (debug != null) {
  156. debug.println("access denied "+perm);
  157. if (Debug.isOn("failure")) {
  158. Thread.currentThread().dumpStack();
  159. final ProtectionDomain pd = context[i];
  160. final Debug db = debug;
  161. AccessController.doPrivileged (new PrivilegedAction() {
  162. public Object run() {
  163. db.println("domain that failed "+pd);
  164. return null;
  165. }
  166. });
  167. }
  168. }
  169. throw new AccessControlException("access denied "+perm, perm);
  170. }
  171. }
  172. // allow if all of them allowed access
  173. if (debug != null)
  174. debug.println("access allowed "+perm);
  175. return;
  176. }
  177. /**
  178. * Take the stack-based context (this) and combine it with
  179. * the privileged context. this method will only be called
  180. * if privilegedContext is non-null.
  181. */
  182. AccessControlContext combineWithPrivilegedContext()
  183. {
  184. // this.context could be null if only system code is on the stack
  185. // in that case, ignore the stack context
  186. boolean skipStack = (context == null);
  187. AccessControlContext pacc = privilegedContext;
  188. boolean skipPrivileged = (pacc.context == null);
  189. if (skipPrivileged && skipStack) {
  190. return this;
  191. }
  192. int slen = (skipStack) ? 0 : context.length;
  193. // optimization: if the length is less then or equal to two,
  194. // there is no reason to compress the stack context, it already is
  195. if (skipPrivileged && slen <= 2)
  196. return this;
  197. int plen = (skipPrivileged) ? 0 : pacc.context.length;
  198. // optimization: if the length is less then or equal to two,
  199. // there is no reason to compress the priv context, it already is
  200. if (skipStack && plen <= 2)
  201. return pacc;
  202. // optimization: case where we have a length of 1 and
  203. // protection domains for priv context and stack are equal
  204. if ((slen == 1) && (plen == 1) && (context[0] == pacc.context[0]))
  205. return this;
  206. // now we combine both of them, and create a new context.
  207. ProtectionDomain pd[] = new ProtectionDomain[slen + plen];
  208. int i, j, n;
  209. n = 0;
  210. // first add all the protection domains from the stack context,
  211. // throwing out nulls and duplicates
  212. if (!skipStack) {
  213. for (i = 0; i < context.length; i++) {
  214. boolean add = true;
  215. for (j= 0; (j < n) && add; j++) {
  216. add = (context[i] != null) && (context[i] != pd[j]);
  217. }
  218. if (add) {
  219. pd[n++] = context[i];
  220. }
  221. }
  222. }
  223. // now add all the protection domains from the priv context,
  224. // throwing out nulls and duplicates
  225. if (!skipPrivileged) {
  226. for (i = 0; i < pacc.context.length; i++) {
  227. boolean add = true;
  228. for (j= 0; (j < n) && add; j++) {
  229. add = (pacc.context[i] != null) &&
  230. (pacc.context[i] != pd[j]);
  231. }
  232. if (add) {
  233. pd[n++] = pacc.context[i];
  234. }
  235. }
  236. }
  237. // if length isn't equal, we need to shorten the array
  238. if (n != pd.length) {
  239. // if all we had were system domains, context is null
  240. if (n == 0) {
  241. pd = null;
  242. } else {
  243. ProtectionDomain tmp[] = new ProtectionDomain[n];
  244. System.arraycopy(pd, 0, tmp, 0, n);
  245. pd = tmp;
  246. }
  247. }
  248. return new AccessControlContext(pd, true);
  249. }
  250. /**
  251. * Take the stack-based context (this) and combine it with
  252. * the inherited context, if need be.
  253. */
  254. AccessControlContext optimize()
  255. {
  256. // this.context could be null if only system code is on the stack
  257. // in that case, ignore the stack context
  258. boolean skipStack = (context == null);
  259. // if this context is privileged,
  260. // or if tacc is null, or if tacc.context is null,
  261. // don't do the thread context
  262. boolean skipThread;
  263. AccessControlContext tacc;
  264. if (isPrivileged) {
  265. if (privilegedContext != null)
  266. return combineWithPrivilegedContext();
  267. else {
  268. skipThread = true;
  269. tacc = null;
  270. }
  271. } else {
  272. tacc = AccessController.getInheritedAccessControlContext();
  273. skipThread = (tacc == null) || (tacc.context == null);
  274. }
  275. if (skipThread && skipStack) {
  276. return this;
  277. }
  278. int slen = (skipStack) ? 0 : context.length;
  279. // optimization: if the length is less then or equal to two,
  280. // there is no reason to compress the stack context, it already is
  281. if (skipThread && slen <= 2)
  282. return this;
  283. int tlen = (skipThread) ? 0 : tacc.context.length;
  284. // optimization: if the length is less then or equal to two,
  285. // there is no reason to compress the thread context, it already is
  286. if (skipStack && tlen <= 2)
  287. return tacc;
  288. // optimization: case where we have a length of 1 and
  289. // protection domains for thread and stack are equal
  290. if ((slen == 1) && (tlen == 1) && (context[0] == tacc.context[0]))
  291. return this;
  292. // now we combine both of them, and create a new context.
  293. ProtectionDomain pd[] = new ProtectionDomain[slen + tlen];
  294. int i, j, n;
  295. n = 0;
  296. // first add all the protection domains from the stack context,
  297. // throwing out nulls and duplicates
  298. if (!skipStack) {
  299. for (i = 0; i < context.length; i++) {
  300. boolean add = true;
  301. for (j= 0; (j < n) && add; j++) {
  302. add = (context[i] != null) && (context[i] != pd[j]);
  303. }
  304. if (add) {
  305. pd[n++] = context[i];
  306. }
  307. }
  308. }
  309. // now add all the protection domains from the inherited context,
  310. // throwing out nulls and duplicates
  311. // only do if stack context is not privileged, and the thread context
  312. // is not null.
  313. if (!skipThread) {
  314. for (i = 0; i < tacc.context.length; i++) {
  315. boolean add = true;
  316. for (j= 0; (j < n) && add; j++) {
  317. add = (tacc.context[i] != null) &&
  318. (tacc.context[i] != pd[j]);
  319. }
  320. if (add) {
  321. pd[n++] = tacc.context[i];
  322. }
  323. }
  324. }
  325. // if length isn't equal, we need to shorten the array
  326. if (n != pd.length) {
  327. // if all we had were system domains, context is null
  328. if (n == 0) {
  329. pd = null;
  330. } else {
  331. ProtectionDomain tmp[] = new ProtectionDomain[n];
  332. System.arraycopy(pd, 0, tmp, 0, n);
  333. pd = tmp;
  334. }
  335. }
  336. return new AccessControlContext(pd, isPrivileged);
  337. }
  338. /**
  339. * Checks two AccessControlContext objects for equality.
  340. * Checks that <i>obj</i> is
  341. * an AccessControlContext and has the same set of ProtectionDomains
  342. * as this context.
  343. * <P>
  344. * @param obj the object we are testing for equality with this object.
  345. * @return true if <i>obj</i> is an AccessControlContext, and has the
  346. * same set of ProtectionDomains as this context, false otherwise.
  347. */
  348. public boolean equals(Object obj) {
  349. if (obj == this)
  350. return true;
  351. if (! (obj instanceof AccessControlContext))
  352. return false;
  353. AccessControlContext that = (AccessControlContext) obj;
  354. if (context == null) {
  355. return (that.context == null);
  356. }
  357. if (that.context == null)
  358. return false;
  359. boolean match;
  360. for (int i = 0; i < this.context.length; i++) {
  361. match = false;
  362. for (int j = 0; (j < that.context.length) && !match; j++) {
  363. match =
  364. ((this.context[i] == null) && (that.context[j] == null)) ||
  365. (this.context[i].equals(that.context[j]));
  366. }
  367. if (!match) return false;
  368. }
  369. match = false;
  370. for (int i = 0; i < that.context.length; i++) {
  371. match = false;
  372. for (int j = 0; (j < this.context.length) && !match; j++) {
  373. match =
  374. ((that.context[i] == null) && (this.context[j] == null)) ||
  375. (that.context[i].equals(this.context[j]));
  376. }
  377. if (!match) return false;
  378. }
  379. return true;
  380. }
  381. /**
  382. * Returns the hash code value for this context. The hash code
  383. * is computed by exclusive or-ing the hash code of all the protection
  384. * domains in the context together.
  385. *
  386. * @return a hash code value for this context.
  387. */
  388. public int hashCode() {
  389. int hashCode = 0;
  390. if (context == null)
  391. return hashCode;
  392. for (int i =0; i < context.length; i++) {
  393. if (context[i] != null)
  394. hashCode ^= context[i].hashCode();
  395. }
  396. return hashCode;
  397. }
  398. }