boolean checkPermission(Permission permission, BundlePermissions bundlePermissions) {
// check permissions by location
PermissionInfoCollection locationCollection;
SecurityTable curCondAdminTable;
PermissionInfoCollection curPermAdminDefaults;
// save off the current state of the world while holding the lock
synchronized (lock) {
// get location the hard way to avoid permission check
Bundle bundle = bundlePermissions.getBundle();
locationCollection =
bundle instanceof AbstractBundle
? permAdminTable.getCollection(
((AbstractBundle) bundle).getBundleData().getLocation())
: null;
curCondAdminTable = condAdminTable;
curPermAdminDefaults = permAdminDefaults;
}
if (locationCollection != null) return locationCollection.implies(permission);
// if conditional admin table is empty the fall back to defaults
if (curCondAdminTable.isEmpty())
return curPermAdminDefaults != null
? curPermAdminDefaults.implies(permission)
: DEFAULT_DEFAULT.implies(permission);
// check the condition table
int result = curCondAdminTable.evaluate(bundlePermissions, permission);
if ((result & SecurityTable.GRANTED) != 0) return true;
if ((result & SecurityTable.DENIED) != 0) return false;
if ((result & SecurityTable.POSTPONED) != 0) return true;
return false;
}
public void clearCaches() {
PermissionInfoCollection[] permAdminCollections;
SecurityRow[] condAdminRows;
synchronized (lock) {
permAdminCollections = permAdminTable.getCollections();
condAdminRows = condAdminTable.getRows();
}
for (int i = 0; i < permAdminCollections.length; i++)
permAdminCollections[i].clearPermissionCache();
for (int i = 0; i < condAdminRows.length; i++) condAdminRows[i].clearCaches();
}
public void setPermissions(String location, PermissionInfo[] permissions) {
checkAllPermission();
synchronized (lock) {
permAdminTable.setPermissions(location, permissions);
try {
permissionStorage.setPermissionData(location, getEncodedPermissionInfos(permissions));
} catch (IOException e) {
// TODO log
e.printStackTrace();
}
}
}
public SecurityAdmin(
EquinoxSecurityManager supportedSecurityManager,
Framework framework,
PermissionStorage permissionStorage)
throws IOException {
this.supportedSecurityManager = supportedSecurityManager;
this.framework = framework;
this.permissionStorage = new SecurePermissionStorage(permissionStorage);
this.impliedPermissionInfos =
SecurityAdmin.getPermissionInfos(
getClass().getResource(Constants.OSGI_BASE_IMPLIED_PERMISSIONS), framework);
String[] encodedDefaultInfos = permissionStorage.getPermissionData(null);
PermissionInfo[] defaultInfos = getPermissionInfos(encodedDefaultInfos);
if (defaultInfos != null) permAdminDefaults = new PermissionInfoCollection(defaultInfos);
String[] locations = permissionStorage.getLocations();
if (locations != null) {
for (int i = 0; i < locations.length; i++) {
String[] encodedLocationInfos = permissionStorage.getPermissionData(locations[i]);
if (encodedLocationInfos != null) {
PermissionInfo[] locationInfos = getPermissionInfos(encodedLocationInfos);
permAdminTable.setPermissions(locations[i], locationInfos);
}
}
}
String[] encodedCondPermInfos = permissionStorage.getConditionalPermissionInfos();
if (encodedCondPermInfos == null) condAdminTable = new SecurityTable(this, new SecurityRow[0]);
else {
SecurityRow[] rows = new SecurityRow[encodedCondPermInfos.length];
try {
for (int i = 0; i < rows.length; i++)
rows[i] = SecurityRow.createSecurityRow(this, encodedCondPermInfos[i]);
} catch (IllegalArgumentException e) {
// TODO should log
// bad format persisted in storage; start clean
rows = new SecurityRow[0];
}
condAdminTable = new SecurityTable(this, rows);
}
}
public PermissionInfo[] getPermissions(String location) {
synchronized (lock) {
return permAdminTable.getPermissions(location);
}
}
public String[] getLocations() {
synchronized (lock) {
String[] results = permAdminTable.getLocations();
return results.length == 0 ? null : results;
}
}