6361N/A * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * An AccessControlContext is used to make system resource access decisions 0N/A * based on the context it encapsulates. 0N/A * <p>More specifically, it encapsulates a context and 0N/A * has a single method, <code>checkPermission</code>, 0N/A * that is equivalent to the <code>checkPermission</code> method 0N/A * in the AccessController class, with one difference: The AccessControlContext 0N/A * <code>checkPermission</code> method makes access decisions based on the 0N/A * context it encapsulates, 0N/A * rather than that of the current execution thread. 0N/A * <p>Thus, the purpose of AccessControlContext is for those situations where 0N/A * a security check that should be made within a given context 0N/A * actually needs to be done from within a 0N/A * <i>different</i> context (for example, from within a worker thread). 0N/A * <p> An AccessControlContext is created by calling the 0N/A * <code>AccessController.getContext</code> method. 0N/A * The <code>getContext</code> method takes a "snapshot" 0N/A * of the current calling context, and places 0N/A * it in an AccessControlContext object, which it returns. A sample call is 0N/A * AccessControlContext acc = AccessController.getContext() 0N/A * Code within a different context can subsequently call the 0N/A * <code>checkPermission</code> method on the 0N/A * previously-saved AccessControlContext object. A sample call is the 0N/A * acc.checkPermission(permission) 0N/A * @see AccessController 0N/A * @author Roland Schemers 6361N/A // isPrivileged and isAuthorized are referenced by the VM - do not remove 0N/A // Note: This field is directly used by the virtual machine 0N/A // native codes. Don't touch it. 253N/A * Create an AccessControlContext with the given array of ProtectionDomains. 0N/A * Context must not be null. Duplicate domains will be removed from the 0N/A * @param context the ProtectionDomains associated with this context. 0N/A * The non-duplicate domains are copied from the array. Subsequent 0N/A * changes to the array will not affect this AccessControlContext. 253N/A * @throws NullPointerException if <code>context</code> is <code>null</code> 0N/A * Create a new <code>AccessControlContext</code> with the given 0N/A * <code>AccessControlContext</code> and <code>DomainCombiner</code>. 0N/A * This constructor associates the provided 0N/A * <code>DomainCombiner</code> with the provided 0N/A * <code>AccessControlContext</code>. 0N/A * @param acc the <code>AccessControlContext</code> associated 0N/A * with the provided <code>DomainCombiner</code>. 0N/A * @param combiner the <code>DomainCombiner</code> to be associated 0N/A * with the provided <code>AccessControlContext</code>. 0N/A * @exception NullPointerException if the provided 0N/A * <code>context</code> is <code>null</code>. 0N/A * @exception SecurityException if a security manager is installed and the 0N/A * caller does not have the "createAccessControlContext" 0N/A * {@link SecurityPermission} 0N/A // we do not need to run the combine method on the 0N/A // provided ACC. it was already "combined" when the 0N/A // context was originally retrieved. 0N/A // at this point in time, we simply throw away the old 0N/A // combiner and use the newly provided one. 0N/A * package private for AccessController 0N/A * package private constructor for AccessController.getContext() 3787N/A * Constructor for JavaSecurityAccess.doIntersectionPrivilege() 3787N/A * Returns this context's context. 0N/A * Returns true if this context is privileged. 0N/A * get the assigned combiner from the privileged or inherited context 0N/A * Get the <code>DomainCombiner</code> associated with this 0N/A * <code>AccessControlContext</code>. 0N/A * @return the <code>DomainCombiner</code> associated with this 0N/A * <code>AccessControlContext</code>, or <code>null</code> 0N/A * @exception SecurityException if a security manager is installed and 0N/A * the caller does not have the "getDomainCombiner" 0N/A * {@link SecurityPermission} 0N/A * Determines whether the access request indicated by the 0N/A * specified permission should be allowed or denied, based on 0N/A * the security policy currently in effect, and the context in 0N/A * this object. The request is allowed only if every ProtectionDomain 0N/A * in the context implies the permission. Otherwise the request is 0N/A * This method quietly returns if the access request 0N/A * is permitted, or throws a suitable AccessControlException otherwise. 0N/A * @param perm the requested permission. 0N/A * @exception AccessControlException if the specified permission 0N/A * is not permitted, based on the current security policy and the 0N/A * context encapsulated by this object. 0N/A * @exception NullPointerException if the permission to check for is null. 0N/A // If "codebase" is not specified, we dump the info by default. 0N/A // If "codebase" is specified, only dump if the specified code 0N/A // value is in the stack. 0N/A * iterate through the ProtectionDomains in the context. 0N/A * Stop at the first one that doesn't allow the 0N/A * requested permission (throwing an exception). 0N/A /* if ctxt is null, all we had on the stack were system domains, 0N/A or the first domain was a Privileged system domain. This 0N/A is to make the common case for system code very fast */ 0N/A // Want to make sure this is always displayed for failure, 0N/A // but do not want to display again if already displayed 0N/A // allow if all of them allowed access 0N/A * Take the stack-based context (this) and combine it with the 0N/A * privileged or inherited context, if need be. 0N/A // the assigned (privileged or inherited) context 0N/A // this.context could be null if only system code is on the stack; 0N/A // in that case, ignore the stack context 0N/A // acc.context could be null if only system code was involved; 0N/A // in that case, ignore the assigned context 0N/A // let the assigned acc's combiner do its thing 0N/A // optimization: if neither have contexts; return acc if possible 0N/A // rather than this, because acc might have a combiner 0N/A // optimization: if there is no stack context; there is no reason 0N/A // to compress the assigned context, it already is compressed 0N/A // optimization: if there is no assigned context and the stack length 0N/A // is less then or equal to two; there is no reason to compress the 0N/A // stack context, it already is 0N/A // optimization: if there is a single stack domain and that domain 0N/A // is already in the assigned context; no need to combine 0N/A // now we combine both of them, and create a new context 0N/A // first copy in the assigned context domains, no need to compress 0N/A // now add the stack context domains, discarding nulls and duplicates 0N/A for (
int j =
0; j < n; j++) {
0N/A // if length isn't equal, we need to shorten the array 0N/A // optimization: if we didn't really combine anything 0N/A // return new AccessControlContext(pd, false); 0N/A // Reuse existing ACC 0N/A // the assigned ACC's combiner is not null -- 0N/A // let the combiner do its thing 0N/A // XXX we could add optimizations to 'current' here ... 0N/A // No need to clone current and assigned.context 0N/A // combine() will not update them 0N/A // return new AccessControlContext(combinedPds, assigned.combiner); 0N/A // Reuse existing ACC 0N/A * Checks two AccessControlContext objects for equality. 0N/A * Checks that <i>obj</i> is 0N/A * an AccessControlContext and has the same set of ProtectionDomains 0N/A * @param obj the object we are testing for equality with this object. 0N/A * @return true if <i>obj</i> is an AccessControlContext, and has the 0N/A * same set of ProtectionDomains as this context, false otherwise. 0N/A // ProtectionDomains within an ACC currently cannot be null 0N/A // and this is enforced by the constructor and the various 0N/A // optimize methods. However, historically this logic made attempts 0N/A // to support the notion of a null PD and therefore this logic continues 0N/A // to support that notion. 0N/A // Class check required to avoid PD exposure (4285406) 0N/A * Returns the hash code value for this context. The hash code 0N/A * is computed by exclusive or-ing the hash code of all the protection 0N/A * domains in the context together. 0N/A * @return a hash code value for this context.