AccessControlContext.java revision f6c387128427e121477c1b32ad35cdcaa5101ba3 
1/*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements.  See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License.  You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17/*
18 * Copyright (C) 2008 The Android Open Source Project
19 *
20 * Licensed under the Apache License, Version 2.0 (the "License");
21 * you may not use this file except in compliance with the License.
22 * You may obtain a copy of the License at
23 *
24 *      http://www.apache.org/licenses/LICENSE-2.0
25 *
26 * Unless required by applicable law or agreed to in writing, software
27 * distributed under the License is distributed on an "AS IS" BASIS,
28 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29 * See the License for the specific language governing permissions and
30 * limitations under the License.
31 */
32
33package java.security;
34
35import org.apache.harmony.security.fortress.PolicyUtils;
36
37import java.util.ArrayList;
38
39/**
40 * {@code AccessControlContext} encapsulates the {@code ProtectionDomain}s on
41 * which access control decisions are based.
42 */
43public final class AccessControlContext {
44
45    // List of ProtectionDomains wrapped by the AccessControlContext
46    // It has the following characteristics:
47    //     - 'context' can not be null
48    //     - never contains null(s)
49    //     - all elements are unique (no dups)
50    ProtectionDomain[] context;
51
52    DomainCombiner combiner;
53
54    // An AccessControlContext inherited by the current thread from its parent
55    private AccessControlContext inherited;
56
57    /**
58     * Constructs a new instance of {@code AccessControlContext} with the
59     * specified {@code AccessControlContext} and {@code DomainCombiner}.
60     * <p>
61     * If a {@code SecurityManager} is installed, code calling this constructor
62     * need the {@code SecurityPermission} {@code createAccessControlContext} to
63     * be granted, otherwise a {@code SecurityException} will be thrown.
64     *
65     * @param acc
66     *            the {@code AccessControlContext} related to the given {@code
67     *            DomainCombiner}
68     * @param combiner
69     *            the {@code DomainCombiner} related to the given {@code
70     *            AccessControlContext}
71     * @throws SecurityException
72     *             if a {@code SecurityManager} is installed and the caller does
73     *             not have permission to invoke this constructor
74     * @throws NullPointerException
75     *             if {@code acc} is {@code null}
76     * @since Android 1.0
77     */
78    public AccessControlContext(AccessControlContext acc,
79            DomainCombiner combiner) {
80        SecurityManager sm = System.getSecurityManager();
81        if (sm != null) {
82            sm.checkPermission(new SecurityPermission(
83                    "createAccessControlContext"));
84        }
85        // no need to clone() here as ACC is immutable
86        this.context = acc.context;
87        this.combiner = combiner;
88    }
89
90    /**
91     * Constructs a new instance of {@code AccessControlContext} with the
92     * specified array of {@code ProtectionDomain}s.
93     *
94     * @param context
95     *            the {@code ProtectionDomain}s that are used to perform access
96     *            checks in the context of this {@code AccessControlContext}
97     * @throws NullPointerException
98     *             if {@code context} is {@code null}
99     * @since Android 1.0
100     */
101    public AccessControlContext(ProtectionDomain[] context) {
102        if (context == null) {
103            throw new NullPointerException("context can not be null");
104        }
105        if (context.length != 0) {
106            // remove dup entries
107            ArrayList<ProtectionDomain> a = new ArrayList<ProtectionDomain>();
108            for (int i = 0; i < context.length; i++) {
109                if (context[i] != null && !a.contains(context[i])) {
110                    a.add(context[i]);
111                }
112            }
113            if (a.size() != 0) {
114                this.context = new ProtectionDomain[a.size()];
115                a.toArray(this.context);
116            }
117        }
118        if (this.context == null) {
119            // Prevent numerous checks for 'context==null'
120            this.context = new ProtectionDomain[0];
121        }
122    }
123
124    /**
125     * Package-level ctor which is used in AccessController.<br>
126     * ProtectionDomains passed as <code>stack</code> is then passed into
127     * {@link #AccessControlContext(ProtectionDomain[])}, therefore:<br>
128     * <il>
129     * <li>it must not be null
130     * <li>duplicates will be removed
131     * <li>null-s will be removed
132     * </li>
133     *
134     * @param stack - array of ProtectionDomains
135     * @param inherited - inherited context, which may be null
136     */
137    AccessControlContext(ProtectionDomain[] stack,
138            AccessControlContext inherited) {
139        this(stack); // removes dups, removes nulls, checks for stack==null
140        this.inherited = inherited;
141    }
142
143    /**
144     * Package-level ctor which is used in AccessController.<br>
145     * ProtectionDomains passed as <code>stack</code> is then passed into
146     * {@link #AccessControlContext(ProtectionDomain[])}, therefore:<br>
147     * <il>
148     * <li>it must not be null
149     * <li>duplicates will be removed
150     * <li>null-s will be removed
151     * </li>
152     *
153     * @param stack - array of ProtectionDomains
154     * @param combiner - combiner
155     */
156    AccessControlContext(ProtectionDomain[] stack,
157            DomainCombiner combiner) {
158        this(stack); // removes dups, removes nulls, checks for stack==null
159        this.combiner = combiner;
160    }
161
162    /**
163     * Checks the specified permission against the vm's current security policy.
164     * The check is based on this {@code AccessControlContext} as opposed to the
165     * {@link AccessController#checkPermission(Permission)} method which
166     * performs access checks based on the context of the current thread. This
167     * method returns silently if the permission is granted, otherwise an
168     * {@code AccessControlException} is thrown.
169     * <p>
170     * A permission is considered granted if every {@link ProtectionDomain} in
171     * this context has been granted the specified permission.
172     * <p>
173     * If privileged operations are on the call stack, only the {@code
174     * ProtectionDomain}s from the last privileged operation are taken into
175     * account.
176     * <p>
177     * If inherited methods are on the call stack, the protection domains of the
178     * declaring classes are checked, not the protection domains of the classes
179     * on which the method is invoked.
180     *
181     * @param perm
182     *            the permission to check against the policy
183     * @throws AccessControlException
184     *             if the specified permission is not granted
185     * @throws NullPointerException
186     *             if the specified permission is {@code null}
187     * @see AccessController#checkPermission(Permission)
188     * @since Android 1.0
189     */
190    public void checkPermission(Permission perm) throws AccessControlException {
191        if (perm == null) {
192            throw new NullPointerException("Permission cannot be null");
193        }
194        for (int i = 0; i < context.length; i++) {
195            if (!context[i].implies(perm)) {
196                throw new AccessControlException("Permission check failed "
197                        + perm, perm);
198            }
199        }
200        if (inherited != null) {
201            inherited.checkPermission(perm);
202        }
203    }
204
205
206    /**
207     * Compares the specified object with this {@code AccessControlContext} for
208     * equality. Returns {@code true} if the specified object is also an
209     * instance of {@code AccessControlContext}, and the two contexts
210     * encapsulate the same {@code ProtectionDomain}s. The order of the {@code
211     * ProtectionDomain}s is ignored by this method.
212     *
213     * @param obj
214     *            object to be compared for equality with this {@code
215     *            AccessControlContext}
216     * @return {@code true} if the specified object is equal to this {@code
217     *         AccessControlContext}, otherwise {@code false}
218     * @since Android 1.0
219     */
220    @Override
221    public boolean equals(Object obj) {
222        if (this == obj) {
223            return true;
224        }
225        if (obj instanceof AccessControlContext) {
226            AccessControlContext that = (AccessControlContext) obj;
227            if (!(PolicyUtils.matchSubset(context, that.context) && PolicyUtils
228                    .matchSubset(that.context, context))) {
229                return false;
230            }
231            // BEGIN android-changed
232            if(combiner != null) {
233                return combiner.equals(that.combiner);
234            }
235            return that.combiner == null;
236            // END android-changed
237        }
238        return false;
239    }
240
241    /**
242     * Returns the {@code DomainCombiner} associated with this {@code
243     * AccessControlContext}.
244     * <p>
245     * If a {@code SecurityManager} is installed, code calling this method needs
246     * the {@code SecurityPermission} {@code getDomainCombiner} to be granted,
247     * otherwise a {@code SecurityException} will be thrown.
248     *
249     * @return the {@code DomainCombiner} associated with this {@code
250     *         AccessControlContext}
251     * @throws SecurityException
252     *             if a {@code SecurityManager} is installed and the caller does
253     *             not have permission to invoke this method
254     * @since Android 1.0
255     */
256    public DomainCombiner getDomainCombiner() {
257        SecurityManager sm = System.getSecurityManager();
258        if (sm != null) {
259            sm.checkPermission(new SecurityPermission("getDomainCombiner"));
260        }
261        return combiner;
262    }
263
264
265    /**
266     * Returns the hash code value for this {@code AccessControlContext}.
267     * Returns the same hash code for {@code AccessControlContext}s that are
268     * equal to each other as required by the general contract of
269     * {@link Object#hashCode}.
270     *
271     * @return the hash code value for this {@code AccessControlContext}
272     * @see Object#equals(Object)
273     * @see AccessControlContext#equals(Object)
274     * @since Android 1.0
275     */
276    public int hashCode() {
277        int hash = 0;
278        for (int i = 0; i < context.length; i++) {
279            hash ^= context[i].hashCode();
280        }
281        return hash;
282    }
283
284}
285