framework.security/src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java - felix - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.felix.framework.security.permissionadmin;

 import java.io.IOException;
 import java.security.AllPermission;
 import java.security.Permission;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;

 import org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl;
 import org.apache.felix.framework.security.util.Permissions;
 import org.apache.felix.framework.security.util.PropertiesCache;

 //import org.apache.felix.moduleloader.IContent;
 import org.apache.felix.framework.cache.Content;

 import org.osgi.framework.Bundle;
 import org.osgi.service.permissionadmin.PermissionAdmin;
 import org.osgi.service.permissionadmin.PermissionInfo;

 /**
  * This class is a relatively straight forward implementation of the
  * PermissionAdmin service. The only somewhat involved thing is that it respects
  * the presents of a conditionalpermissionadmin service as per spec.
  */
 // TODO: Do we need this class at all or can we just emulate it using the
 // condpermadmin?
 public final class PermissionAdminImpl implements PermissionAdmin
 {
     private static final PermissionInfo[] ALL_PERMISSION = new PermissionInfo[] { new PermissionInfo(
         AllPermission.class.getName(), "", "") };

     private final Map m_store = new HashMap();

     private final PropertiesCache m_cache;

     private final Permissions m_permissions;

     private PermissionInfo[] m_default = null;

     public PermissionAdminImpl(Permissions permissions, PropertiesCache cache)
         throws IOException
     {
         m_permissions = permissions;
         m_cache = cache;
         m_cache.read(PermissionInfo[].class, m_store);
     }

     public PermissionInfo[] getDefaultPermissions()
     {
         synchronized (m_store)
         {
             if (m_default == null)
             {
                 return null;
             }
             return (PermissionInfo[]) m_default.clone();
         }
     }

     public synchronized String[] getLocations()
     {
         synchronized (m_store)
         {
             if (m_store.isEmpty())
             {
                 return null;
             }

             return (String[]) m_store.keySet().toArray(
                 new String[m_store.size()]);
         }
     }

     public PermissionInfo[] getPermissions(String location)
     {
         synchronized (m_store)
         {
             if (m_store.containsKey(location))
             {
                 return (PermissionInfo[]) ((PermissionInfo[]) m_store
                     .get(location)).clone();
             }
             return null;
         }
     }

     /**
      * This will do the actual permission check as described in the core spec
      * 10.2 It will respect a present condpermadmin service as described in
      * 9.10.
      *
      * @param location
      *            the location of the bundle.
      * @param bundle
      *            the bundle in question.
      * @param permission
      *            the permission to check.
      * @param cpai
      *            A condpermadmin if one is present else null.
      * @param pd
      *            the protectiondomain
      * @return Boolean.TRUE if the location is bound and the permission is
      *         granted or if there is no cpa and the default permissions imply
      *         the permission Boolean.FALSE otherwise unless the location is not
      *         bound and their is a cpa in which case null is returned.
      */
     public Boolean hasPermission(String location, Bundle bundle,
         Permission permission, ConditionalPermissionAdminImpl cpai,
         ProtectionDomain pd, Content content)
     {
         PermissionInfo[] permissions = null;
         PermissionInfo[] defaults = null;
         boolean contains = false;
         synchronized (m_store)
         {
             contains = m_store.containsKey(location);
             permissions = (PermissionInfo[]) m_store.get(location);
             defaults = m_default;
         }
         if (contains)
         {
             if (check(permissions, permission, bundle))
             {
                 return Boolean.TRUE;
             }
             return check(m_permissions.getImplicit(bundle), permission, bundle) ? Boolean.TRUE
                 : Boolean.FALSE;
         }
         else if (cpai == null
             || (cpai.isEmpty() && cpai
                 .impliesLocal(bundle, content, permission)))
         {
             if (defaults != null)
             {
                 if (check(defaults, permission, null))
                 {
                     return Boolean.TRUE;
                 }
                 return check(m_permissions.getImplicit(bundle), permission,
                     bundle) ? Boolean.TRUE : Boolean.FALSE;
             }
             else
             {
                 return Boolean.TRUE;
             }
         }
         else
         {
             return null;
         }
     }

     private boolean check(PermissionInfo[] permissions, Permission permission,
         Bundle bundle)
     {
         Permissions permissionsObject = m_permissions
             .getPermissions(permissions);

         return permissionsObject.implies(permission, bundle);
     }

     public void setDefaultPermissions(PermissionInfo[] permissions)
     {
         Object sm = System.getSecurityManager();
         if (sm != null)
         {
             ((SecurityManager) sm).checkPermission(Permissions.ALL_PERMISSION);
         }

         synchronized (m_cache)
         {
             PermissionInfo[] def = null;
             Map store = null;
             synchronized (m_store)
             {
                 def = m_default;
                 store = new HashMap(m_store);

                 m_default = (permissions != null) ? notNull(permissions) : null;
             }

             try
             {
                 m_cache.write(setDefaults(store, def));
             }
             catch (IOException ex)
             {
                 synchronized (m_store)
                 {
                     m_default = def;
                 }

                 ex.printStackTrace();
                 // TODO: log this
                 throw new IllegalStateException(ex.getMessage());
             }
         }
     }

     public void setPermissions(String location, PermissionInfo[] permissions)
     {
         Object sm = System.getSecurityManager();
         if (sm != null)
         {
             ((SecurityManager) sm).checkPermission(Permissions.ALL_PERMISSION);
         }

         synchronized (m_cache)
         {
             if (location != null)
             {
                 Map store = null;
                 Map storeCopy = null;
                 PermissionInfo[] def = null;
                 synchronized (m_store)
                 {
                     storeCopy = new HashMap(m_store);
                     if (permissions != null)
                     {
                         m_store.put(location, notNull(permissions));
                     }
                     else
                     {
                         m_store.remove(location);
                     }
                     store = new HashMap(m_store);
                 }
                 try
                 {
                     m_cache.write(setDefaults(store, def));
                 }
                 catch (IOException ex)
                 {
                     synchronized (m_store)
                     {
                         m_store.clear();
                         m_store.putAll(storeCopy);
                     }

                     ex.printStackTrace();
                     // TODO: log this
                     throw new IllegalStateException(ex.getMessage());
                 }
             }
         }
     }

     private Map setDefaults(Map store, PermissionInfo[] def)
     {
         if (def != null)
         {
             store.put("DEFAULT", def);
         }
         else
         {
             store.remove("DEFAULT");
         }
         return store;
     }

     private PermissionInfo[] notNull(PermissionInfo[] permissions)
     {
         List result = new ArrayList();

         for (int i = 0; i < permissions.length; i++)
         {
             if (permissions[i] != null)
             {
                 result.add(permissions[i]);
             }
         }
         return (PermissionInfo[]) result.toArray(new PermissionInfo[result
             .size()]);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.felix.framework.security.permissionadmin;

	import java.io.IOException;
	import java.security.AllPermission;
	import java.security.Permission;
	import java.security.ProtectionDomain;
	import java.util.ArrayList;
	import java.util.HashMap;
	import java.util.List;
	import java.util.Map;

	import org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl;
	import org.apache.felix.framework.security.util.Permissions;
	import org.apache.felix.framework.security.util.PropertiesCache;

	//import org.apache.felix.moduleloader.IContent;
	import org.apache.felix.framework.cache.Content;

	import org.osgi.framework.Bundle;
	import org.osgi.service.permissionadmin.PermissionAdmin;
	import org.osgi.service.permissionadmin.PermissionInfo;

	/**
	* This class is a relatively straight forward implementation of the
	* PermissionAdmin service. The only somewhat involved thing is that it respects
	* the presents of a conditionalpermissionadmin service as per spec.
	*/
	// TODO: Do we need this class at all or can we just emulate it using the
	// condpermadmin?
	public final class PermissionAdminImpl implements PermissionAdmin
	{
	private static final PermissionInfo[] ALL_PERMISSION = new PermissionInfo[] { new PermissionInfo(
	AllPermission.class.getName(), "", "") };

	private final Map m_store = new HashMap();

	private final PropertiesCache m_cache;

	private final Permissions m_permissions;

	private PermissionInfo[] m_default = null;

	public PermissionAdminImpl(Permissions permissions, PropertiesCache cache)
	throws IOException
	{
	m_permissions = permissions;
	m_cache = cache;
	m_cache.read(PermissionInfo[].class, m_store);
	}

	public PermissionInfo[] getDefaultPermissions()
	{
	synchronized (m_store)
	{
	if (m_default == null)
	{
	return null;
	}
	return (PermissionInfo[]) m_default.clone();
	}
	}

	public synchronized String[] getLocations()
	{
	synchronized (m_store)
	{
	if (m_store.isEmpty())
	{
	return null;
	}

	return (String[]) m_store.keySet().toArray(
	new String[m_store.size()]);
	}
	}

	public PermissionInfo[] getPermissions(String location)
	{
	synchronized (m_store)
	{
	if (m_store.containsKey(location))
	{
	return (PermissionInfo[]) ((PermissionInfo[]) m_store
	.get(location)).clone();
	}
	return null;
	}
	}

	/**
	* This will do the actual permission check as described in the core spec
	* 10.2 It will respect a present condpermadmin service as described in
	* 9.10.
	*
	* @param location
	* the location of the bundle.
	* @param bundle
	* the bundle in question.
	* @param permission
	* the permission to check.
	* @param cpai
	* A condpermadmin if one is present else null.
	* @param pd
	* the protectiondomain
	* @return Boolean.TRUE if the location is bound and the permission is
	* granted or if there is no cpa and the default permissions imply
	* the permission Boolean.FALSE otherwise unless the location is not
	* bound and their is a cpa in which case null is returned.
	*/
	public Boolean hasPermission(String location, Bundle bundle,
	Permission permission, ConditionalPermissionAdminImpl cpai,
	ProtectionDomain pd, Content content)
	{
	PermissionInfo[] permissions = null;
	PermissionInfo[] defaults = null;
	boolean contains = false;
	synchronized (m_store)
	{
	contains = m_store.containsKey(location);
	permissions = (PermissionInfo[]) m_store.get(location);
	defaults = m_default;
	}
	if (contains)
	{
	if (check(permissions, permission, bundle))
	{
	return Boolean.TRUE;
	}
	return check(m_permissions.getImplicit(bundle), permission, bundle) ? Boolean.TRUE
	: Boolean.FALSE;
	}
	else if (cpai == null
	\|\| (cpai.isEmpty() && cpai
	.impliesLocal(bundle, content, permission)))
	{
	if (defaults != null)
	{
	if (check(defaults, permission, null))
	{
	return Boolean.TRUE;
	}
	return check(m_permissions.getImplicit(bundle), permission,
	bundle) ? Boolean.TRUE : Boolean.FALSE;
	}
	else
	{
	return Boolean.TRUE;
	}
	}
	else
	{
	return null;
	}
	}

	private boolean check(PermissionInfo[] permissions, Permission permission,
	Bundle bundle)
	{
	Permissions permissionsObject = m_permissions
	.getPermissions(permissions);

	return permissionsObject.implies(permission, bundle);
	}

	public void setDefaultPermissions(PermissionInfo[] permissions)
	{
	Object sm = System.getSecurityManager();
	if (sm != null)
	{
	((SecurityManager) sm).checkPermission(Permissions.ALL_PERMISSION);
	}

	synchronized (m_cache)
	{
	PermissionInfo[] def = null;
	Map store = null;
	synchronized (m_store)
	{
	def = m_default;
	store = new HashMap(m_store);

	m_default = (permissions != null) ? notNull(permissions) : null;
	}

	try
	{
	m_cache.write(setDefaults(store, def));
	}
	catch (IOException ex)
	{
	synchronized (m_store)
	{
	m_default = def;
	}

	ex.printStackTrace();
	// TODO: log this
	throw new IllegalStateException(ex.getMessage());
	}
	}
	}

	public void setPermissions(String location, PermissionInfo[] permissions)
	{
	Object sm = System.getSecurityManager();
	if (sm != null)
	{
	((SecurityManager) sm).checkPermission(Permissions.ALL_PERMISSION);
	}

	synchronized (m_cache)
	{
	if (location != null)
	{
	Map store = null;
	Map storeCopy = null;
	PermissionInfo[] def = null;
	synchronized (m_store)
	{
	storeCopy = new HashMap(m_store);
	if (permissions != null)
	{
	m_store.put(location, notNull(permissions));
	}
	else
	{
	m_store.remove(location);
	}
	store = new HashMap(m_store);
	}
	try
	{
	m_cache.write(setDefaults(store, def));
	}
	catch (IOException ex)
	{
	synchronized (m_store)
	{
	m_store.clear();
	m_store.putAll(storeCopy);
	}

	ex.printStackTrace();
	// TODO: log this
	throw new IllegalStateException(ex.getMessage());
	}
	}
	}
	}

	private Map setDefaults(Map store, PermissionInfo[] def)
	{
	if (def != null)
	{
	store.put("DEFAULT", def);
	}
	else
	{
	store.remove("DEFAULT");
	}
	return store;
	}

	private PermissionInfo[] notNull(PermissionInfo[] permissions)
	{
	List result = new ArrayList();

	for (int i = 0; i < permissions.length; i++)
	{
	if (permissions[i] != null)
	{
	result.add(permissions[i]);
	}
	}
	return (PermissionInfo[]) result.toArray(new PermissionInfo[result
	.size()]);
	}
	}