boolean checkPermission(Permission permission, BundlePermissions bundlePermissions) { // check permissions by location PermissionInfoCollection locationCollection; SecurityTable curCondAdminTable; PermissionInfoCollection curPermAdminDefaults; // save off the current state of the world while holding the lock synchronized (lock) { // get location the hard way to avoid permission check Bundle bundle = bundlePermissions.getBundle(); locationCollection = bundle instanceof AbstractBundle ? permAdminTable.getCollection( ((AbstractBundle) bundle).getBundleData().getLocation()) : null; curCondAdminTable = condAdminTable; curPermAdminDefaults = permAdminDefaults; } if (locationCollection != null) return locationCollection.implies(permission); // if conditional admin table is empty the fall back to defaults if (curCondAdminTable.isEmpty()) return curPermAdminDefaults != null ? curPermAdminDefaults.implies(permission) : DEFAULT_DEFAULT.implies(permission); // check the condition table int result = curCondAdminTable.evaluate(bundlePermissions, permission); if ((result & SecurityTable.GRANTED) != 0) return true; if ((result & SecurityTable.DENIED) != 0) return false; if ((result & SecurityTable.POSTPONED) != 0) return true; return false; }
private ConditionalPermissionInfo setConditionalPermissionInfo( String name, ConditionInfo[] conds, PermissionInfo[] perms, boolean firstTry) { ConditionalPermissionUpdate update = newConditionalPermissionUpdate(); List rows = update.getConditionalPermissionInfos(); ConditionalPermissionInfo newInfo = newConditionalPermissionInfo(name, conds, perms, ConditionalPermissionInfo.ALLOW); int index = -1; if (name != null) { for (int i = 0; i < rows.size() && index < 0; i++) { ConditionalPermissionInfo info = (ConditionalPermissionInfo) rows.get(i); if (name.equals(info.getName())) { index = i; } } } if (index < 0) { // must always add to the beginning (bug 303930) rows.add(0, newInfo); index = 0; } else { rows.set(index, newInfo); } synchronized (lock) { if (!update.commit()) { if (firstTry) // try again setConditionalPermissionInfo(name, conds, perms, false); } return condAdminTable.getRow(index); } }
/** @deprecated */ public Enumeration getConditionalPermissionInfos() { // could implement our own Enumeration, but we don't care about performance here. Just do // something simple: synchronized (lock) { SecurityRow[] rows = condAdminTable.getRows(); Vector vRows = new Vector(rows.length); for (int i = 0; i < rows.length; i++) vRows.add(rows[i]); return vRows.elements(); } }
public void clearCaches() { PermissionInfoCollection[] permAdminCollections; SecurityRow[] condAdminRows; synchronized (lock) { permAdminCollections = permAdminTable.getCollections(); condAdminRows = condAdminTable.getRows(); } for (int i = 0; i < permAdminCollections.length; i++) permAdminCollections[i].clearPermissionCache(); for (int i = 0; i < condAdminRows.length; i++) condAdminRows[i].clearCaches(); }
private SecurityAdmin getSnapShot() { SecurityAdmin sa; synchronized (lock) { sa = new SecurityAdmin( supportedSecurityManager, framework, impliedPermissionInfos, permAdminDefaults); SecurityRow[] rows = condAdminTable.getRows(); SecurityRow[] rowsSnapShot = new SecurityRow[rows.length]; for (int i = 0; i < rows.length; i++) rowsSnapShot[i] = new SecurityRow( sa, rows[i].getName(), rows[i].getConditionInfos(), rows[i].getPermissionInfos(), rows[i].getAccessDecision()); sa.condAdminTable = new SecurityTable(sa, rowsSnapShot); } return sa; }
boolean commit(List rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection names = new ArrayList(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException( "Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException( "Duplicate name \"" + name + "\" at row: " + i); // $NON-NLS-1$//$NON-NLS-2$ newRows[i] = new SecurityRow( this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); try { permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); } catch (IOException e) { // TODO log e.printStackTrace(); } timeStamp += 1; return true; } }
/** @deprecated */ public ConditionalPermissionInfo getConditionalPermissionInfo(String name) { synchronized (lock) { return condAdminTable.getRow(name); } }
public ConditionalPermissionUpdate newConditionalPermissionUpdate() { synchronized (lock) { return new SecurityTableUpdate(this, condAdminTable.getRows(), timeStamp); } }