2 * Copyright (C) 2014, United States Government, as represented by the
3 * Administrator of the National Aeronautics and Space Administration.
6 * The Java Pathfinder core (jpf-core) platform is licensed under the
7 * Apache License, Version 2.0 (the "License"); you may not use this file except
8 * in compliance with the License. You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0.
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
18 package java.security;
20 import java.util.ArrayList;
21 import java.util.Enumeration;
22 import java.util.List;
23 import sun.security.util.Debug;
24 import sun.security.util.SecurityConstants;
26 // TODO: Fix for Groovy's model-checking
27 // TODO: This model class is a placeholder for future implementation
29 * MJI model class for java.security.ProtectionDomain library abstraction
31 public class ProtectionDomain {
33 private CodeSource codesource ;
35 private ClassLoader classloader;
37 private Principal[] principals;
39 private PermissionCollection permissions;
41 private boolean hasAllPerm = false;
43 private boolean staticPermissions;
45 final Key key = new Key();
47 private Debug debug = Debug.getInstance("domain");
49 public ProtectionDomain(CodeSource codesource,
50 PermissionCollection permissions) {
51 this.codesource = codesource;
52 if (permissions != null) {
53 this.permissions = permissions;
54 this.permissions.setReadOnly();
55 if (permissions instanceof Permissions &&
56 ((Permissions)permissions).allPermission != null) {
60 this.classloader = null;
61 this.principals = new Principal[0];
62 staticPermissions = true;
65 public ProtectionDomain(CodeSource codesource,
66 PermissionCollection permissions,
67 ClassLoader classloader,
68 Principal[] principals) {
69 this.codesource = codesource;
70 if (permissions != null) {
71 this.permissions = permissions;
72 this.permissions.setReadOnly();
73 if (permissions instanceof Permissions &&
74 ((Permissions)permissions).allPermission != null) {
78 this.classloader = classloader;
79 this.principals = (principals != null ? principals.clone():
81 staticPermissions = false;
84 public final CodeSource getCodeSource() {
85 return this.codesource;
88 public final ClassLoader getClassLoader() {
89 return this.classloader;
92 public final Principal[] getPrincipals() {
93 return this.principals.clone();
96 public final PermissionCollection getPermissions() {
100 public boolean implies(Permission permission) {
103 // internal permission collection already has AllPermission -
104 // no need to go to policy
108 if (!staticPermissions &&
109 Policy.getPolicyNoCheck().implies(this, permission))
111 if (permissions != null)
112 return permissions.implies(permission);
117 boolean impliesCreateAccessControlContext() {
118 return implies(SecurityConstants.CREATE_ACC_PERMISSION);
121 @Override public String toString() {
122 String pals = "<no principals>";
123 if (principals != null && principals.length > 0) {
124 StringBuilder palBuf = new StringBuilder("(principals ");
126 for (int i = 0; i < principals.length; i++) {
127 palBuf.append(principals[i].getClass().getName() +
128 " \"" + principals[i].getName() +
130 if (i < principals.length-1)
131 palBuf.append(",\n");
133 palBuf.append(")\n");
135 pals = palBuf.toString();
138 // Check if policy is set; we don't want to load
139 // the policy prematurely here
140 PermissionCollection pc = Policy.isSet() && seeAllp() ?
144 return "ProtectionDomain "+
146 " "+classloader+"\n"+
151 private boolean seeAllp() {
152 SecurityManager sm = System.getSecurityManager();
158 if (sm.getClass().getClassLoader() == null &&
159 Policy.getPolicyNoCheck().getClass().getClassLoader()
165 sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
167 } catch (SecurityException se) {
168 // fall thru and return false
176 private PermissionCollection mergePermissions() {
177 if (staticPermissions)
180 PermissionCollection perms =
181 java.security.AccessController.doPrivileged
182 (new java.security.PrivilegedAction<PermissionCollection>() {
183 public PermissionCollection run() {
184 Policy p = Policy.getPolicyNoCheck();
185 return p.getPermissions(ProtectionDomain.this);
189 Permissions mergedPerms = new Permissions();
192 Enumeration<Permission> e;
193 List<Permission> pdVector = new ArrayList<>(vcap);
194 List<Permission> plVector = new ArrayList<>(swag);
197 // Build a vector of domain permissions for subsequent merge
198 if (permissions != null) {
199 synchronized (permissions) {
200 e = permissions.elements();
201 while (e.hasMoreElements()) {
202 pdVector.add(e.nextElement());
208 // Build a vector of Policy permissions for subsequent merge
210 synchronized (perms) {
211 e = perms.elements();
212 while (e.hasMoreElements()) {
213 plVector.add(e.nextElement());
219 if (perms != null && permissions != null) {
221 // Weed out the duplicates from the policy. Unless a refresh
222 // has occurred since the pd was consed this should result in
224 synchronized (permissions) {
225 e = permissions.elements(); // domain vs policy
226 while (e.hasMoreElements()) {
227 Permission pdp = e.nextElement();
228 Class<?> pdpClass = pdp.getClass();
229 String pdpActions = pdp.getActions();
230 String pdpName = pdp.getName();
231 for (int i = 0; i < plVector.size(); i++) {
232 Permission pp = plVector.get(i);
233 if (pdpClass.isInstance(pp)) {
234 // The equals() method on some permissions
235 // have some side effects so this manual
236 // comparison is sufficient.
237 if (pdpName.equals(pp.getName()) &&
238 pdpActions.equals(pp.getActions())) {
249 // the order of adding to merged perms and permissions
250 // needs to preserve the bugfix 4301064
252 for (int i = plVector.size()-1; i >= 0; i--) {
253 mergedPerms.add(plVector.get(i));
256 if (permissions != null) {
257 for (int i = pdVector.size()-1; i >= 0; i--) {
258 mergedPerms.add(pdVector.get(i));