1 /* Policy.java --- Policy Manager Class 2 Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. 3 4 This file is part of GNU Classpath. 5 6 GNU Classpath is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2, or (at your option) 9 any later version. 10 11 GNU Classpath is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with GNU Classpath; see the file COPYING. If not, write to the 18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19 02110-1301 USA. 20 21 Linking this library statically or dynamically with other modules is 22 making a combined work based on this library. Thus, the terms and 23 conditions of the GNU General Public License cover the whole 24 combination. 25 26 As a special exception, the copyright holders of this library give you 27 permission to link this library with independent modules to produce an 28 executable, regardless of the license terms of these independent 29 modules, and to copy and distribute the resulting executable under 30 terms of your choice, provided that you also meet, for each linked 31 independent module, the terms and conditions of the license of that 32 module. An independent module is a module which is not derived from 33 or based on this library. If you modify this library, you may extend 34 this exception to your version of the library, but you are not 35 obligated to do so. If you do not wish to do so, delete this 36 exception statement from your version. */ 37 38 package java.security; 39 40 import java.util.Collections; 41 import java.util.Enumeration; 42 import java.util.LinkedHashMap; 43 import java.util.Map; 44 45 /** 46 * <code>Policy</code> is an abstract class for managing the system security 47 * policy for the Java application environment. It specifies which permissions 48 * are available for code from various sources. The security policy is 49 * represented through a subclass of <code>Policy</code>. 50 * 51 * <p>Only one <code>Policy</code> is in effect at any time. A 52 * {@link ProtectionDomain} initializes itself with information from this class 53 * on the set of permssions to grant.</p> 54 * 55 * <p>The location for the actual <code>Policy</code> could be anywhere in any 56 * form because it depends on the Policy implementation. The default system is 57 * in a flat ASCII file or it could be in a database.</p> 58 * 59 * <p>The current installed <code>Policy</code> can be accessed with 60 * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code 61 * has the correct permissions.</p> 62 * 63 * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to 64 * refresh/reload its configuration. The method used to refresh depends on the 65 * <code>Policy</code> implementation.</p> 66 * 67 * <p>When a protection domain initializes its permissions, it uses code like 68 * the following:</p> 69 * 70 * <code> 71 * policy = Policy.getPolicy(); 72 * PermissionCollection perms = policy.getPermissions(myCodeSource); 73 * </code> 74 * 75 * <p>The protection domain passes the <code>Policy</code> handler a 76 * {@link CodeSource} instance which contains the codebase URL and a public key. 77 * The <code>Policy</code> implementation then returns the proper set of 78 * permissions for that {@link CodeSource}.</p> 79 * 80 * <p>The default <code>Policy</code> implementation can be changed by setting 81 * the "policy.provider" security provider in the "java.security" file to the 82 * correct <code>Policy</code> implementation class.</p> 83 * 84 * @author Mark Benvenuto 85 * @see CodeSource 86 * @see PermissionCollection 87 * @see SecureClassLoader 88 * @since 1.2 89 */ 90 public abstract class Policy 91 { 92 private static Policy currentPolicy; 93 94 /** Map of ProtectionDomains to PermissionCollections for this instance. */ 95 private Map pd2pc = null; 96 97 /** Constructs a new <code>Policy</code> object. */ Policy()98 public Policy() 99 { 100 } 101 102 /** 103 * Returns the currently installed <code>Policy</code> handler. The value 104 * should not be cached as it can be changed any time by 105 * {@link #setPolicy(Policy)}. 106 * 107 * @return the current <code>Policy</code>. 108 * @throws SecurityException 109 * if a {@link SecurityManager} is installed which disallows this 110 * operation. 111 */ getPolicy()112 public static Policy getPolicy() 113 { 114 SecurityManager sm = System.getSecurityManager(); 115 if (sm != null) 116 sm.checkPermission(new SecurityPermission("getPolicy")); 117 118 return getCurrentPolicy(); 119 } 120 121 /** 122 * Sets the <code>Policy</code> handler to a new value. 123 * 124 * @param policy 125 * the new <code>Policy</code> to use. 126 * @throws SecurityException 127 * if a {@link SecurityManager} is installed which disallows this 128 * operation. 129 */ setPolicy(Policy policy)130 public static void setPolicy(Policy policy) 131 { 132 SecurityManager sm = System.getSecurityManager(); 133 if (sm != null) 134 sm.checkPermission(new SecurityPermission("setPolicy")); 135 136 setup(policy); 137 currentPolicy = policy; 138 } 139 setup(final Policy policy)140 private static void setup(final Policy policy) 141 { 142 if (policy.pd2pc == null) 143 policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap()); 144 145 ProtectionDomain pd = policy.getClass().getProtectionDomain(); 146 if (pd.getCodeSource() != null) 147 { 148 PermissionCollection pc = null; 149 if (currentPolicy != null) 150 pc = currentPolicy.getPermissions(pd); 151 152 if (pc == null) // assume it has all 153 { 154 pc = new Permissions(); 155 pc.add(new AllPermission()); 156 } 157 158 policy.pd2pc.put(pd, pc); // add the mapping pd -> pc 159 } 160 } 161 162 /** 163 * Ensures/forces loading of the configured policy provider, while bypassing 164 * the {@link SecurityManager} checks for <code>"getPolicy"</code> security 165 * permission. Needed by {@link ProtectionDomain}. 166 */ getCurrentPolicy()167 static Policy getCurrentPolicy() 168 { 169 // FIXME: The class name of the Policy provider should really be sourced 170 // from the "java.security" configuration file. For now, just hard-code 171 // a stub implementation. 172 if (currentPolicy == null) 173 { 174 String pp = System.getProperty ("policy.provider"); 175 if (pp != null) 176 try 177 { 178 currentPolicy = (Policy) Class.forName(pp).newInstance(); 179 } 180 catch (Exception e) 181 { 182 // Ignored. 183 } 184 185 if (currentPolicy == null) 186 currentPolicy = new gnu.java.security.provider.DefaultPolicy(); 187 } 188 return currentPolicy; 189 } 190 191 /** 192 * Tests if <code>currentPolicy</code> is not <code>null</code>, 193 * thus allowing clients to not force loading of any policy 194 * provider; needed by {@link ProtectionDomain}. 195 */ isLoaded()196 static boolean isLoaded() 197 { 198 return currentPolicy != null; 199 } 200 201 /** 202 * Returns the set of Permissions allowed for a given {@link CodeSource}. 203 * 204 * @param codesource 205 * the {@link CodeSource} for which, the caller needs to find the 206 * set of granted permissions. 207 * @return a set of permissions for {@link CodeSource} specified by the 208 * current <code>Policy</code>. 209 * @throws SecurityException 210 * if a {@link SecurityManager} is installed which disallows this 211 * operation. 212 */ getPermissions(CodeSource codesource)213 public abstract PermissionCollection getPermissions(CodeSource codesource); 214 215 /** 216 * Returns the set of Permissions allowed for a given {@link ProtectionDomain}. 217 * 218 * @param domain 219 * the {@link ProtectionDomain} for which, the caller needs to find 220 * the set of granted permissions. 221 * @return a set of permissions for {@link ProtectionDomain} specified by the 222 * current <code>Policy.</code>. 223 * @since 1.4 224 * @see ProtectionDomain 225 * @see SecureClassLoader 226 */ getPermissions(ProtectionDomain domain)227 public PermissionCollection getPermissions(ProtectionDomain domain) 228 { 229 if (domain == null) 230 return new Permissions(); 231 232 if (pd2pc == null) 233 setup(this); 234 235 PermissionCollection result = (PermissionCollection) pd2pc.get(domain); 236 if (result != null) 237 { 238 Permissions realResult = new Permissions(); 239 for (Enumeration e = result.elements(); e.hasMoreElements(); ) 240 realResult.add((Permission) e.nextElement()); 241 242 return realResult; 243 } 244 245 result = getPermissions(domain.getCodeSource()); 246 if (result == null) 247 result = new Permissions(); 248 249 PermissionCollection pc = domain.getPermissions(); 250 if (pc != null) 251 for (Enumeration e = pc.elements(); e.hasMoreElements(); ) 252 result.add((Permission) e.nextElement()); 253 254 return result; 255 } 256 257 /** 258 * Checks if the designated {@link Permission} is granted to a designated 259 * {@link ProtectionDomain}. 260 * 261 * @param domain 262 * the {@link ProtectionDomain} to test. 263 * @param permission 264 * the {@link Permission} to check. 265 * @return <code>true</code> if <code>permission</code> is implied by a 266 * permission granted to this {@link ProtectionDomain}. Returns 267 * <code>false</code> otherwise. 268 * @since 1.4 269 * @see ProtectionDomain 270 */ implies(ProtectionDomain domain, Permission permission)271 public boolean implies(ProtectionDomain domain, Permission permission) 272 { 273 if (pd2pc == null) 274 setup(this); 275 276 PermissionCollection pc = (PermissionCollection) pd2pc.get(domain); 277 if (pc != null) 278 return pc.implies(permission); 279 280 boolean result = false; 281 pc = getPermissions(domain); 282 if (pc != null) 283 { 284 result = pc.implies(permission); 285 pd2pc.put(domain, pc); 286 } 287 288 return result; 289 } 290 291 /** 292 * Causes this <code>Policy</code> instance to refresh / reload its 293 * configuration. The method used to refresh depends on the concrete 294 * implementation. 295 */ refresh()296 public abstract void refresh(); 297 } 298