1. /*

  2.  * @(#)AccessControlContext.java	1.30 00/02/02

  3.  *

  4.  * Copyright 1997-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10.  

  11. package java.security;

  12. 

  13. import java.util.Vector;

  14. import sun.security.util.Debug;

  15. 

  16. /** 

  17.  * An AccessControlContext is used to make system resource access decisions

  18.  * based on the context it encapsulates.

  19.  * 

  20.  * <p>More specifically, it encapsulates a context and

  21.  * has a single method, <code>checkPermission</code>,

  22.  * that is equivalent to the <code>checkPermission</code> method

  23.  * in the AccessController class, with one difference: The AccessControlContext

  24.  * <code>checkPermission</code> method makes access decisions based on the 

  25.  * context it encapsulates,

  26.  * rather than that of the current execution thread.

  27.  * 

  28.  * <p>Thus, the purpose of AccessControlContext is for those situations where

  29.  * a security check that should be made within a given context

  30.  * actually needs to be done from within a

  31.  * <i>different</i> context (for example, from within a worker thread).

  32.  * 

  33.  * <p> An AccessControlContext is created by calling the 

  34.  * <code>AccessController.getContext</code> method. 

  35.  * The <code>getContext</code> method takes a "snapshot"

  36.  * of the current calling context, and places

  37.  * it in an AccessControlContext object, which it returns. A sample call is

  38.  * the following:

  39.  * 

  40.  * <pre>

  41.  * 

  42.  *   AccessControlContext acc = AccessController.getContext()

  43.  * 

  44.  * </pre>

  45.  * 

  46.  * <p>

  47.  * Code within a different context can subsequently call the

  48.  * <code>checkPermission</code> method on the

  49.  * previously-saved AccessControlContext object. A sample call is the

  50.  * following:

  51.  * 

  52.  * <pre>

  53.  * 

  54.  *   acc.checkPermission(permission)

  55.  * 

  56.  * </pre> 

  57.  * 

  58.  * @see AccessController

  59.  *

  60.  * @author Roland Schemers

  61.  */

  62. 

  63. public final class AccessControlContext {

  64. 

  65.     private ProtectionDomain context[];

  66.     private boolean isPrivileged;

  67.     private AccessControlContext privilegedContext;

  68.     private DomainCombiner combiner;

  69. 

  70.     private static boolean debugInit = false;

  71.     private static Debug debug = null;

  72. 

  73.     static Debug getDebug()

  74.     {

  75. 	if (debugInit)

  76. 	    return debug;

  77. 	else {

  78. 	    if (Policy.isSet()) {

  79. 		debug = Debug.getInstance("access");

  80. 		debugInit = true;

  81. 	    }

  82. 	    return debug;

  83. 	}

  84.     }

  85. 

  86.     /**

  87.      * Create an AccessControlContext with the given set of ProtectionDomains.

  88.      * Context must not be null. Duplicate domains will be removed from the

  89.      * context.

  90.      *

  91.      * @param context the ProtectionDomains associated with this context.

  92.      */

  93. 

  94.     public AccessControlContext(ProtectionDomain context[])

  95.     {

  96. 	if (context.length == 1) {

  97. 	    this.context = (ProtectionDomain[])context.clone();

  98. 	} else {

  99. 	    Vector v = new Vector(context.length);

  100. 	    for (int i =0; i< context.length; i++) {

  101. 		if ((context[i] != null) &&  (!v.contains(context[i])))

  102. 		    v.addElement(context[i]);

  103. 	    }

  104. 	    this.context = new ProtectionDomain[v.size()];

  105. 	    v.copyInto(this.context);

  106. 	}

  107.     }

  108. 

  109.     /**

  110.      * Create a new <code>AccessControlContext</code> with the given

  111.      * <code>AccessControlContext</code> and <code>DomainCombiner</code>.

  112.      * This constructor associates the provided

  113.      * <code>DomainCombiner</code> with the provided

  114.      * <code>AccessControlContext</code>.

  115.      *

  116.      * <p>

  117.      *

  118.      * @param acc the <code>AccessControlContext</code> associated

  119.      *		with the provided <code>DomainCombiner</code>. <p>

  120.      *

  121.      * @param combiner the <code>DomainCombiner</code> to be associated

  122.      *		with the provided <code>AccessControlContext</code>.

  123.      *

  124.      * @exception NullPointerException if either the provided

  125.      *		<code>context</code> or the provided

  126.      *		<code>combiner</code> are <code>null</code>. <p>

  127.      *

  128.      * @exception SecurityException if the caller does not have permission

  129.      *		to invoke this constructor.

  130.      */

  131.     public AccessControlContext(AccessControlContext acc,

  132. 				DomainCombiner combiner) {

  133. 

  134. 	SecurityManager sm = System.getSecurityManager();

  135. 	if (sm != null) {

  136. 	    sm.checkPermission(new SecurityPermission

  137. 			("createAccessControlContext"));

  138. 	}

  139. 

  140. 	if (acc == null || combiner == null) {

  141. 	    throw new NullPointerException

  142. 		("null AccessControlContext or DomainCombiner was provided");

  143. 	}

  144. 

  145. 	this.context = acc.context;

  146. 

  147. 	// we do not need to run the combine method on the

  148. 	// provided ACC.  it was already "combined" when the

  149. 	// context was originally retrieved.

  150. 	//

  151. 	// at this point in time, we simply throw away the old

  152. 	// combiner and use the newly provided one.

  153. 	this.combiner = combiner;

  154.     }

  155. 

  156.     private AccessControlContext(ProtectionDomain context[], 

  157. 				DomainCombiner combiner) {

  158. 	this.context = (ProtectionDomain[])context.clone();

  159. 	this.combiner = combiner;

  160.     }

  161. 

  162.     /**

  163.      * package private constructor for AccessController.getContext()

  164.      */

  165. 

  166.     AccessControlContext(ProtectionDomain context[], 

  167. 				 boolean isPrivileged)

  168.     {

  169. 	this.context = context;

  170. 	this.isPrivileged = isPrivileged;

  171.     }

  172. 

  173.     /**

  174.      * Returns true if this context is privileged.

  175.      */

  176.     boolean isPrivileged() 

  177.     {

  178. 	return isPrivileged;

  179. 

  180.     }

  181. 

  182.     /**

  183.      * Get the <code>DomainCombiner</code> associated with this

  184.      * <code>AccessControlContext</code>.

  185.      *

  186.      * <p>

  187.      *

  188.      * @return the <code>DomainCombiner</code> associated with this

  189.      *		<code>AccessControlContext</code>, or <code>null</code>

  190.      *		if there is none.

  191.      *

  192.      * @exception SecurityException if the caller does not have permission

  193.      *		to get the <code>DomainCombiner</code> associated with this

  194.      *		<code>AccessControlContext</code>.

  195.      */

  196.     public DomainCombiner getDomainCombiner() {

  197. 

  198. 	SecurityManager sm = System.getSecurityManager();

  199. 	if (sm != null) {

  200. 	    sm.checkPermission(new SecurityPermission

  201. 			("getDomainCombiner"));

  202. 	}

  203. 	return combiner;

  204.     }

  205. 

  206.     /** 

  207.      * Determines whether the access request indicated by the

  208.      * specified permission should be allowed or denied, based on

  209.      * the security policy currently in effect, and the context in

  210.      * this object.

  211.      * <p>

  212.      * This method quietly returns if the access request

  213.      * is permitted, or throws a suitable AccessControlException otherwise. 

  214.      *

  215.      * @param perm the requested permission.

  216.      * 

  217.      * @exception AccessControlException if the specified permission

  218.      * is not permitted, based on the current security policy and the

  219.      * context encapsulated by this object.

  220.      * @exception NullPointerException if the permission to check for is null.

  221.      */

  222.     public void checkPermission(Permission perm)

  223. 	throws AccessControlException 

  224.     {

  225. 	if (perm == null) {

  226. 	    throw new NullPointerException("permission can't be null");

  227. 	}

  228. 	if (getDebug() != null) {

  229. 	    if (Debug.isOn("stack"))

  230. 			Thread.currentThread().dumpStack();

  231. 	    if (Debug.isOn("domain")) {

  232. 		if (context == null) {

  233. 			debug.println("domain (context is null)");

  234. 		} else {

  235. 		    for (int i=0; i< context.length; i++) {

  236. 			debug.println("domain "+i+" "+context[i]);

  237. 		    }

  238. 		}

  239. 	    }

  240. 	}

  241. 

  242. 	/*

  243. 	 * iterate through the ProtectionDomains in the context.

  244. 	 * Stop at the first one that doesn't allow the

  245. 	 * requested permission (throwing an exception).

  246. 	 *

  247. 	 */

  248. 

  249. 	/* if ctxt is null, all we had on the stack were system domains,

  250. 	   or the first domain was a Privileged system domain. This

  251. 	   is to make the common case for system code very fast */

  252. 

  253. 	if (context == null)

  254. 	    return;

  255. 

  256. 	for (int i=0; i< context.length; i++) {

  257. 	    if (context[i] != null &&  !context[i].implies(perm)) {

  258. 		if (debug != null) {

  259. 		    debug.println("access denied "+perm);

  260. 		    if (Debug.isOn("failure")) {

  261. 			Thread.currentThread().dumpStack();

  262. 			final ProtectionDomain pd = context[i];

  263. 			final Debug db = debug;

  264. 			AccessController.doPrivileged (new PrivilegedAction() {

  265. 			    public Object run() {

  266. 				db.println("domain that failed "+pd);

  267. 				return null;

  268. 			    }

  269. 			});

  270. 		    }

  271. 		}

  272. 		throw new AccessControlException("access denied "+perm, perm);

  273. 	    }

  274. 	}

  275. 

  276. 	// allow if all of them allowed access

  277. 	if (debug != null)

  278. 	    debug.println("access allowed "+perm);

  279. 

  280. 	return;	

  281.     }

  282. 

  283.     /**

  284.      * Take the stack-based context (this) and combine it with

  285.      * the privileged context. this method will only be called

  286.      * if privilegedContext is non-null.

  287.      */

  288.     AccessControlContext combineWithPrivilegedContext()

  289.     {

  290. 	// this.context could be null if only system code is on the stack

  291. 	// in that case, ignore the stack context

  292. 	boolean skipStack = (context == null);

  293. 

  294. 	AccessControlContext pacc = privilegedContext;

  295. 	boolean skipPrivileged = (pacc.context == null);

  296. 

  297. 	if (skipPrivileged && skipStack && pacc.combiner == null) {

  298. 	    return this;

  299. 	}

  300. 

  301. 	if (pacc.combiner != null) {

  302. 

  303. 	    // the Privileged AccessControlContext's combiner is not null --

  304. 	    // let the combiner do its thing

  305. 	    return goCombiner(context, pacc, true);

  306. 

  307. 	} else {

  308. 

  309. 	    int slen = (skipStack) ? 0 : context.length;

  310. 

  311. 	    // optimization: if the length is less then or equal to two,

  312. 	    // there is no reason to compress the stack context, it already is

  313. 	    if (skipPrivileged && slen <= 2)

  314. 		return this;

  315. 

  316. 	    int plen = (skipPrivileged) ? 0 : pacc.context.length;

  317. 

  318. 

  319. 	    // optimization: if the length is less then or equal to two,

  320. 	    // there is no reason to compress the priv context, it already is

  321. 	    if (skipStack && plen <= 2)

  322. 		return pacc;

  323. 

  324. 	    // optimization: case where we have a length of 1 and

  325. 	    // protection domains for priv context and stack are equal

  326. 	    if ((slen == 1) && (plen == 1) && (context[0] == pacc.context[0]))

  327. 		return this;

  328. 

  329. 	    // now we combine both of them, and create a new context.

  330. 	    ProtectionDomain pd[] = new ProtectionDomain[slen + plen];

  331. 

  332. 	    int i, j, n;

  333. 

  334. 	    n = 0;

  335. 

  336. 	    // first add all the protection domains from the stack context,

  337. 	    // throwing out nulls and duplicates

  338. 

  339. 	    if (!skipStack) {

  340. 		for (i = 0; i < context.length; i++) {

  341. 		    boolean add = true;

  342. 		    for (j= 0; (j < n) && add; j++) {

  343. 			add = (context[i] != null) && (context[i] != pd[j]);

  344. 		    }

  345. 		    if (add) {

  346. 			pd[n++] = context[i];

  347. 		    }

  348. 		}

  349. 	    }

  350. 

  351. 	    // now add all the protection domains from the priv context,

  352. 	    // throwing out nulls and duplicates

  353. 

  354. 	    if (!skipPrivileged) {

  355. 		for (i = 0; i < pacc.context.length; i++) {

  356. 		    boolean add = true;

  357. 		    for (j= 0; (j < n) && add; j++) {

  358. 			add = (pacc.context[i] != null) &&

  359. 				(pacc.context[i] != pd[j]);

  360. 		    }

  361. 		    if (add) {

  362. 			pd[n++] = pacc.context[i];

  363. 		    }

  364. 		}

  365. 	    }

  366. 

  367. 	    // if length isn't equal, we need to shorten the array

  368. 	    if (n != pd.length) {

  369. 		// if all we had were system domains, context is null

  370. 		if (n == 0) {

  371. 		    pd = null;

  372. 		} else {

  373. 		    ProtectionDomain tmp[] = new ProtectionDomain[n];

  374. 		    System.arraycopy(pd, 0, tmp, 0, n);

  375. 		    pd = tmp;

  376. 		}

  377. 	    }

  378. 

  379. 	    return new AccessControlContext(pd, true);

  380. 	}

  381.     }

  382. 

  383. 

  384.     /**

  385.      * Take the stack-based context (this) and combine it with

  386.      * the inherited context, if need be.

  387.      */

  388.     AccessControlContext optimize()

  389.     {

  390. 	// this.context could be null if only system code is on the stack

  391. 	// in that case, ignore the stack context

  392. 

  393. 	boolean skipStack = (context == null);

  394. 

  395. 	// if this context is privileged, 

  396. 	// or if tacc is null, or if tacc.context is null,

  397. 	// don't do the thread context

  398. 

  399. 	boolean skipThread;

  400. 	AccessControlContext tacc;

  401. 

  402. 	if (isPrivileged) {

  403. 	    if (privilegedContext != null)

  404. 		return combineWithPrivilegedContext();

  405. 	    else {

  406. 		skipThread = true;

  407. 		tacc = null;

  408. 	    }

  409. 	} else {

  410. 	    tacc = AccessController.getInheritedAccessControlContext();

  411. 	    skipThread = (tacc == null) ||

  412. 			(tacc.context == null && tacc.combiner == null);

  413. 	}

  414. 

  415. 	if (skipThread && skipStack) {

  416. 	    return this;

  417. 	}

  418. 

  419. 	if (tacc != null && tacc.combiner != null) {

  420. 

  421. 	    // the inherited Thread AccessControlContext's combiner

  422. 	    // is not null -- let the combiner do its thing

  423. 	    return goCombiner(context, tacc, false);

  424. 

  425. 	} else {

  426. 

  427. 	    int slen = (skipStack) ? 0 : context.length;

  428. 

  429. 	    // optimization: if the length is less then or equal to two,

  430. 	    // there is no reason to compress the stack context, it already is

  431. 	    if (skipThread && slen <= 2)

  432. 		return this;

  433. 

  434. 	    int tlen = (skipThread) ? 0 : tacc.context.length;

  435. 

  436. 	    // optimization: if the length is less then or equal to two,

  437. 	    // there is no reason to compress the thread context, it already is

  438. 	    if (skipStack && tlen <= 2)

  439. 		return tacc;

  440. 

  441. 	    // optimization: case where we have a length of 1 and

  442. 	    // protection domains for thread and stack are equal

  443. 	    if ((slen == 1) && (tlen == 1) && (context[0] == tacc.context[0]))

  444. 		return this;

  445. 

  446. 	    // now we combine both of them, and create a new context.

  447. 	    ProtectionDomain pd[] = new ProtectionDomain[slen + tlen];

  448. 

  449. 	    int i, j, n;

  450. 

  451. 	    n = 0;

  452. 

  453. 	    // first add all the protection domains from the stack context,

  454. 	    // throwing out nulls and duplicates

  455. 

  456. 	    if (!skipStack) {

  457. 		for (i = 0; i < context.length; i++) {

  458. 		    boolean add = true;

  459. 		    for (j= 0; (j < n) && add; j++) {

  460. 			add = (context[i] != null) && (context[i] != pd[j]);

  461. 		    }

  462. 		    if (add) {

  463. 			pd[n++] = context[i];

  464. 		    }

  465. 		}

  466. 	    }

  467. 

  468. 	    // now add all the protection domains from the inherited context,

  469. 	    // throwing out nulls and duplicates

  470. 

  471. 	    // only do if stack context is not privileged, and the thread

  472. 	    // context is not null.

  473. 

  474. 	    if (!skipThread) {

  475. 		for (i = 0; i < tacc.context.length; i++) {

  476. 		    boolean add = true;

  477. 		    for (j= 0; (j < n) && add; j++) {

  478. 			add = (tacc.context[i] != null) &&

  479. 				(tacc.context[i] != pd[j]);

  480. 		    }

  481. 		    if (add) {

  482. 			pd[n++] = tacc.context[i];

  483. 		    }

  484. 		}

  485. 	    }

  486. 

  487. 	    // if length isn't equal, we need to shorten the array

  488. 	    if (n != pd.length) {

  489. 		// if all we had were system domains, context is null

  490. 		if (n == 0) {

  491. 		    pd = null;

  492. 		} else {

  493. 		    ProtectionDomain tmp[] = new ProtectionDomain[n];

  494. 		    System.arraycopy(pd, 0, tmp, 0, n);

  495. 		    pd = tmp;

  496. 		}

  497. 	    }

  498. 

  499. 	    return new AccessControlContext(pd, isPrivileged);

  500. 	}

  501.     }

  502. 

  503.     private AccessControlContext goCombiner(ProtectionDomain[] current,

  504. 					AccessControlContext assigned,

  505. 					boolean doPriv) {

  506. 

  507. 	// the assigned ACC's combiner is not null --

  508. 	// let the combiner do its thing

  509. 

  510. 	// XXX we could add optimizations to 'current' here ...

  511. 

  512. 	if (getDebug() != null) {

  513. 	    debug.println("AccessControlContext invoking the Combiner");

  514. 	}

  515. 

  516. 	ProtectionDomain[] combinedPds = assigned.combiner.combine

  517. 		(current == null ?

  518. 			null :

  519. 			(ProtectionDomain[])current.clone(),

  520. 		assigned.context == null ?

  521. 			null :

  522. 			(ProtectionDomain[])assigned.context.clone());

  523. 

  524. 	// return the new ACC

  525. 	return new AccessControlContext(combinedPds, assigned.combiner);

  526.     }

  527. 

  528.     /**

  529.      * Checks two AccessControlContext objects for equality. 

  530.      * Checks that <i>obj</i> is

  531.      * an AccessControlContext and has the same set of ProtectionDomains

  532.      * as this context.

  533.      * <P>

  534.      * @param obj the object we are testing for equality with this object.

  535.      * @return true if <i>obj</i> is an AccessControlContext, and has the 

  536.      * same set of ProtectionDomains as this context, false otherwise.

  537.      */

  538.     public boolean equals(Object obj) {

  539. 	if (obj == this)

  540. 	    return true;

  541. 

  542. 	if (! (obj instanceof AccessControlContext))

  543. 	    return false;

  544. 

  545. 	AccessControlContext that = (AccessControlContext) obj;

  546. 

  547. 

  548. 	if (context == null) {

  549. 	    return (that.context == null);

  550. 	}

  551. 

  552. 	if (that.context == null)

  553. 	    return false;

  554. 

  555. 	if (!(this.containsAllPDs(that) && that.containsAllPDs(this)))

  556. 	    return false;

  557. 

  558. 	if (this.combiner == null)

  559. 	    return (that.combiner == null);

  560. 

  561. 	if (that.combiner == null)

  562. 	    return false;

  563. 

  564. 	if (!this.combiner.equals(that.combiner))

  565. 	    return false;

  566. 

  567. 	return true;

  568. 

  569.     }

  570. 

  571.     private boolean containsAllPDs(AccessControlContext that) {

  572. 	boolean match = false;

  573. 	//

  574. 	// ProtectionDomains within an ACC currently cannot be null

  575. 	// and this is enforced by the contructor and the various

  576. 	// optimize methods. However, historically this logic made attempts

  577. 	// to support the notion of a null PD and therefore this logic continues

  578. 	// to support that notion.

  579. 	for (int i = 0; i < context.length; i++) {

  580. 	    match = false;

  581. 	    if (context[i] == null) {

  582. 		for (int j = 0; (j < that.context.length) && !match; j++) {

  583. 		    match = (that.context[j] == null);

  584. 		}

  585. 	    } else {

  586. 		for (int j = 0; (j < that.context.length) && !match; j++) {

  587. 		    if (that.context[j] != null) {

  588. 			match =

  589. 			    ((context[i].getClass()==that.context[j].getClass()) &&

  590. 			     (context[i].equals(that.context[j])));

  591. 		    }

  592. 		}

  593. 	    }

  594. 	    if (!match) return false;

  595. 	}

  596. 	return match;

  597.     }

  598.     /**

  599.      * Returns the hash code value for this context. The hash code

  600.      * is computed by exclusive or-ing the hash code of all the protection

  601.      * domains in the context together.

  602.      * 

  603.      * @return a hash code value for this context.

  604.      */

  605. 

  606.     public int hashCode() {

  607. 	int hashCode = 0;

  608. 

  609. 	if (context == null)

  610. 	    return hashCode;

  611. 

  612. 	for (int i =0; i < context.length; i++) {

  613. 	    if (context[i] != null)

  614. 		hashCode ^= context[i].hashCode();

  615. 	}

  616. 	return hashCode;

  617.     }

  618. }