1f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/* 2f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * this work for additional information regarding copyright ownership. 5f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * (the "License"); you may not use this file except in compliance with 7f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * the License. You may obtain a copy of the License at 8f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 9f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 11f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * See the License for the specific language governing permissions and 15f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * limitations under the License. 16f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 17f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 18f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/** 19f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project* @author Alexey V. Varlamov 20f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project* @version $Revision$ 21f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project*/ 22f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 23f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectpackage org.apache.harmony.security; 24f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 25e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughesimport java.net.URL; 26e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughesimport java.security.CodeSigner; 27f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.security.CodeSource; 28f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.security.Permission; 29f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.security.Principal; 30f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.util.Collection; 31f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.util.Collections; 32f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 33f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport org.apache.harmony.security.fortress.PolicyUtils; 34f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 35f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/** 36f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * This class represents an elementary block of a security policy. It associates 37f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * a CodeSource of an executable code, Principals allowed to execute the code, 38f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * and a set of granted Permissions. 39f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 40f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * @see org.apache.harmony.security.fortress.DefaultPolicy 41f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 42f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectpublic class PolicyEntry { 43f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 44f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // Store CodeSource 45f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project private final CodeSource cs; 46f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 47f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // Array of principals 48f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project private final Principal[] principals; 49f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 50f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // Permissions collection 51f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project private final Collection<Permission> permissions; 52f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 53f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 54f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Constructor with initialization parameters. Passed collections are not 55f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * referenced directly, but copied. 56f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 57f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public PolicyEntry(CodeSource cs, Collection<? extends Principal> prs, 58f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project Collection<? extends Permission> permissions) { 59e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes this.cs = (cs != null) ? normalizeCodeSource(cs) : null; 60f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project this.principals = (prs == null || prs.isEmpty()) ? null 61f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project : (Principal[]) prs.toArray(new Principal[prs.size()]); 62f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project this.permissions = (permissions == null || permissions.isEmpty()) ? null 63f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project : Collections.unmodifiableCollection(permissions); 64f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 65f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 66f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 67f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Checks if passed CodeSource matches this PolicyEntry. Null CodeSource of 68f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * PolicyEntry implies any CodeSource; non-null CodeSource forwards to its 69f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * imply() method. 70f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 71f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public boolean impliesCodeSource(CodeSource codeSource) { 72e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes if (cs == null) { 73e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes return true; 74e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } 75e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes 76e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes if (codeSource == null) { 77e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes return false; 78e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } 79e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes return cs.implies(normalizeCodeSource(codeSource)); 80e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } 81e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes 82e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes private CodeSource normalizeCodeSource(CodeSource codeSource) { 83e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes URL codeSourceURL = PolicyUtils.normalizeURL(codeSource.getLocation()); 84e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes CodeSource result = codeSource; 85e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes 86e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes if (codeSourceURL != codeSource.getLocation()) { 87e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes // URL was normalized - recreate codeSource with new URL 88e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes CodeSigner[] signers = codeSource.getCodeSigners(); 89e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes if (signers == null) { 90e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes result = new CodeSource(codeSourceURL, codeSource 91e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes .getCertificates()); 92e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } else { 93e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes result = new CodeSource(codeSourceURL, signers); 94e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } 95e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes } 96e7637fe9734c4e3bece51db6773505c04e49fabaElliott Hughes return result; 97f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 98f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 99f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 100f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Checks if specified Principals match this PolicyEntry. Null or empty set 101f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * of Principals of PolicyEntry implies any Principals; otherwise specified 102f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * array must contain all Principals of this PolicyEntry. 103f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 104f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public boolean impliesPrincipals(Principal[] prs) { 105f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project return PolicyUtils.matchSubset(principals, prs); 106f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 107f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 108f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 109f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Returns unmodifiable collection of permissions defined by this 110f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * PolicyEntry, may be <code>null</code>. 111f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 112f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public Collection<Permission> getPermissions() { 113f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project return permissions; 114f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 115f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 116f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 117f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Returns true if this PolicyEntry defines no Permissions, false otherwise. 118f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 119f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public boolean isVoid() { 120f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project return permissions == null || permissions.size() == 0; 121f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 122f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project} 123