SecurityUtils.java revision f6c387128427e121477c1b32ad35cdcaa5101ba3
1f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/* 2f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * this work for additional information regarding copyright ownership. 5f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * (the "License"); you may not use this file except in compliance with 7f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * the License. You may obtain a copy of the License at 8f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 9f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 11f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * See the License for the specific language governing permissions and 15f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * limitations under the License. 16f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 17f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 18f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/** 19f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project* @author Alexander V. Astapchuk 20f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project* @version $Revision$ 21f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project*/ 22f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 23f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectpackage org.apache.harmony.security.fortress; 24f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 25f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.security.AccessControlContext; 26f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport java.util.WeakHashMap; 27f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 28f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectimport org.apache.harmony.security.internal.nls.Messages; 29f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 30f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project//FIXME: move this class under umbrella of protected packages - 31f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project// see lib/java.security: property 'package.access', 32f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project// so only trusted classes like Thread and AccessController will 33f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project// have an access to this class. 34f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project// This is to remove dependency on VMStack, to reduce number 35f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project// of VM2API-dependent classes. 36f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 37f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project/** 38f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The class is used to perform an exchange of information between 39f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * java.lang.Thread and java.security.AccessController.<br> 40f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The data to exchange is inherited contexts for the Thread-s. 41f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 42f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 43f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Projectpublic final class SecurityUtils { 44f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 45f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // A map used to store inherited contexts.<br> 46f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // A thread is used as a key for the map and AccessControlContext 47f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // passed to the putContext is used as a value. 48f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project private static final WeakHashMap<Thread, AccessControlContext> ACC_CACHE = new WeakHashMap<Thread, AccessControlContext>(); 49f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 50f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 51f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * This method to be invoked in the Thread's constructor. The first argument 52f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * (thread) must be Thread's this and the second must be a snapshot of the 53f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * current AccessControlContext: 54f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * <p> 55f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * <code> 56f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Thread() {<br> 57f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * SecurityUtils.putContext(this,AccessController.getContext());<br> 58f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * ...do the stuff you need...<br> 59f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * }<br> 60f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * </code> 61f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 62f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The method throws SecurityException if the method is called more than 63f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * once for a given thread. The first call to <code>putContext</code> is 64f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * always performed in the Thread's constructor so this effectively means 65f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * that no one can replace the snapshot taken. 66f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * 67f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * @throws SecurityException if a context for the passed 68f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * <code>thread</code> already exists in the map. 69f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * @throws NullPointerException if thread is null 70f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * @throws Error if context is null AND if null context is already stored 71f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * in the map 72f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 73f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public static void putContext(Thread thread, AccessControlContext context) 74f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throws SecurityException { 75f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project if (thread == null) { 76f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throw new NullPointerException(Messages.getString("security.140")); //$NON-NLS-1$ 77f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 78f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project synchronized (ACC_CACHE) { 79f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project if (ACC_CACHE.containsKey(thread)) { 80f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throw new SecurityException(Messages.getString("security.141")); //$NON-NLS-1$ 81f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 82f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project if (context == null) { 83f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // this only allowed once - for the very first thread. 84f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project if (ACC_CACHE.containsValue(null)) { 85f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throw new Error(Messages.getString("security.142")); //$NON-NLS-1$ 86f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 87f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 88f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project ACC_CACHE.put(thread, context); 89f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 90f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 91f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 92f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /** 93f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * Returns the AccessControlContext stored for a given thread.<br> 94f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * The method may return null - for the very first thread created 95f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * by the VM which does not have inherited context.<br> 96f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * It may also return null if no Thread found in the map - that seems 97f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project * possible during VM startup process. 98f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 99f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project public static AccessControlContext getContext(Thread thread) 100f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throws SecurityException { 101f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 102f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project // ~fixme: see 'fixme' at the top of the file 103f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project /* 104f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project Class cl = VMStack.getCallerClass(0); 105f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project if (cl != AccessController.class) { 106f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project throw new SecurityException("You ["+cl+"] do not have access to this resource."); 107f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 108f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project */ 109f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project 110f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project synchronized (ACC_CACHE) { 111f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project return ACC_CACHE.get(thread); 112f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 113f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project } 114f6c387128427e121477c1b32ad35cdcaa5101ba3The Android Open Source Project} 115