1: /* Policy.java --- Policy Manager Class 2: Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: package java.security; 39: 40: import java.util.Collections; 41: import java.util.Enumeration; 42: import java.util.LinkedHashMap; 43: import java.util.Map; 44: 45: /** 46: * <code>Policy</code> is an abstract class for managing the system security 47: * policy for the Java application environment. It specifies which permissions 48: * are available for code from various sources. The security policy is 49: * represented through a subclass of <code>Policy</code>. 50: * 51: * <p>Only one <code>Policy</code> is in effect at any time. A 52: * {@link ProtectionDomain} initializes itself with information from this class 53: * on the set of permssions to grant.</p> 54: * 55: * <p>The location for the actual <code>Policy</code> could be anywhere in any 56: * form because it depends on the Policy implementation. The default system is 57: * in a flat ASCII file or it could be in a database.</p> 58: * 59: * <p>The current installed <code>Policy</code> can be accessed with 60: * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code 61: * has the correct permissions.</p> 62: * 63: * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to 64: * refresh/reload its configuration. The method used to refresh depends on the 65: * <code>Policy</code> implementation.</p> 66: * 67: * <p>When a protection domain initializes its permissions, it uses code like 68: * the following:</p> 69: * 70: * <code> 71: * policy = Policy.getPolicy(); 72: * PermissionCollection perms = policy.getPermissions(myCodeSource); 73: * </code> 74: * 75: * <p>The protection domain passes the <code>Policy</code> handler a 76: * {@link CodeSource} instance which contains the codebase URL and a public key. 77: * The <code>Policy</code> implementation then returns the proper set of 78: * permissions for that {@link CodeSource}.</p> 79: * 80: * <p>The default <code>Policy</code> implementation can be changed by setting 81: * the "policy.provider" security provider in the "java.security" file to the 82: * correct <code>Policy</code> implementation class.</p> 83: * 84: * @author Mark Benvenuto 85: * @see CodeSource 86: * @see PermissionCollection 87: * @see SecureClassLoader 88: * @since 1.2 89: */ 90: public abstract class Policy 91: { 92: private static Policy currentPolicy; 93: 94: /** Map of ProtectionDomains to PermissionCollections for this instance. */ 95: private Map pd2pc = null; 96: 97: /** Constructs a new <code>Policy</code> object. */ 98: public Policy() 99: { 100: } 101: 102: /** 103: * Returns the currently installed <code>Policy</code> handler. The value 104: * should not be cached as it can be changed any time by 105: * {@link #setPolicy(Policy)}. 106: * 107: * @return the current <code>Policy</code>. 108: * @throws SecurityException 109: * if a {@link SecurityManager} is installed which disallows this 110: * operation. 111: */ 112: public static Policy getPolicy() 113: { 114: SecurityManager sm = System.getSecurityManager(); 115: if (sm != null) 116: sm.checkPermission(new SecurityPermission("getPolicy")); 117: 118: return getCurrentPolicy(); 119: } 120: 121: /** 122: * Sets the <code>Policy</code> handler to a new value. 123: * 124: * @param policy 125: * the new <code>Policy</code> to use. 126: * @throws SecurityException 127: * if a {@link SecurityManager} is installed which disallows this 128: * operation. 129: */ 130: public static void setPolicy(Policy policy) 131: { 132: SecurityManager sm = System.getSecurityManager(); 133: if (sm != null) 134: sm.checkPermission(new SecurityPermission("setPolicy")); 135: 136: setup(policy); 137: currentPolicy = policy; 138: } 139: 140: private static void setup(final Policy policy) 141: { 142: if (policy.pd2pc == null) 143: policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap()); 144: 145: ProtectionDomain pd = policy.getClass().getProtectionDomain(); 146: if (pd.getCodeSource() != null) 147: { 148: PermissionCollection pc = null; 149: if (currentPolicy != null) 150: pc = currentPolicy.getPermissions(pd); 151: 152: if (pc == null) // assume it has all 153: { 154: pc = new Permissions(); 155: pc.add(new AllPermission()); 156: } 157: 158: policy.pd2pc.put(pd, pc); // add the mapping pd -> pc 159: } 160: } 161: 162: /** 163: * Ensures/forces loading of the configured policy provider, while bypassing 164: * the {@link SecurityManager} checks for <code>"getPolicy"</code> security 165: * permission. Needed by {@link ProtectionDomain}. 166: */ 167: static Policy getCurrentPolicy() 168: { 169: // FIXME: The class name of the Policy provider should really be sourced 170: // from the "java.security" configuration file. For now, just hard-code 171: // a stub implementation. 172: if (currentPolicy == null) 173: { 174: String pp = System.getProperty ("policy.provider"); 175: if (pp != null) 176: try 177: { 178: currentPolicy = (Policy) Class.forName(pp).newInstance(); 179: } 180: catch (Exception e) 181: { 182: // Ignored. 183: } 184: 185: if (currentPolicy == null) 186: currentPolicy = new gnu.java.security.provider.DefaultPolicy(); 187: } 188: return currentPolicy; 189: } 190: 191: /** 192: * Tests if <code>currentPolicy</code> is not <code>null</code>, 193: * thus allowing clients to not force loading of any policy 194: * provider; needed by {@link ProtectionDomain}. 195: */ 196: static boolean isLoaded() 197: { 198: return currentPolicy != null; 199: } 200: 201: /** 202: * Returns the set of Permissions allowed for a given {@link CodeSource}. 203: * 204: * @param codesource 205: * the {@link CodeSource} for which, the caller needs to find the 206: * set of granted permissions. 207: * @return a set of permissions for {@link CodeSource} specified by the 208: * current <code>Policy</code>. 209: * @throws SecurityException 210: * if a {@link SecurityManager} is installed which disallows this 211: * operation. 212: */ 213: public abstract PermissionCollection getPermissions(CodeSource codesource); 214: 215: /** 216: * Returns the set of Permissions allowed for a given {@link ProtectionDomain}. 217: * 218: * @param domain 219: * the {@link ProtectionDomain} for which, the caller needs to find 220: * the set of granted permissions. 221: * @return a set of permissions for {@link ProtectionDomain} specified by the 222: * current <code>Policy.</code>. 223: * @since 1.4 224: * @see ProtectionDomain 225: * @see SecureClassLoader 226: */ 227: public PermissionCollection getPermissions(ProtectionDomain domain) 228: { 229: if (domain == null) 230: return new Permissions(); 231: 232: if (pd2pc == null) 233: setup(this); 234: 235: PermissionCollection result = (PermissionCollection) pd2pc.get(domain); 236: if (result != null) 237: { 238: Permissions realResult = new Permissions(); 239: for (Enumeration e = result.elements(); e.hasMoreElements(); ) 240: realResult.add((Permission) e.nextElement()); 241: 242: return realResult; 243: } 244: 245: result = getPermissions(domain.getCodeSource()); 246: if (result == null) 247: result = new Permissions(); 248: 249: PermissionCollection pc = domain.getPermissions(); 250: if (pc != null) 251: for (Enumeration e = pc.elements(); e.hasMoreElements(); ) 252: result.add((Permission) e.nextElement()); 253: 254: return result; 255: } 256: 257: /** 258: * Checks if the designated {@link Permission} is granted to a designated 259: * {@link ProtectionDomain}. 260: * 261: * @param domain 262: * the {@link ProtectionDomain} to test. 263: * @param permission 264: * the {@link Permission} to check. 265: * @return <code>true</code> if <code>permission</code> is implied by a 266: * permission granted to this {@link ProtectionDomain}. Returns 267: * <code>false</code> otherwise. 268: * @since 1.4 269: * @see ProtectionDomain 270: */ 271: public boolean implies(ProtectionDomain domain, Permission permission) 272: { 273: if (pd2pc == null) 274: setup(this); 275: 276: PermissionCollection pc = (PermissionCollection) pd2pc.get(domain); 277: if (pc != null) 278: return pc.implies(permission); 279: 280: boolean result = false; 281: pc = getPermissions(domain); 282: if (pc != null) 283: { 284: result = pc.implies(permission); 285: pd2pc.put(domain, pc); 286: } 287: 288: return result; 289: } 290: 291: /** 292: * Causes this <code>Policy</code> instance to refresh / reload its 293: * configuration. The method used to refresh depends on the concrete 294: * implementation. 295: */ 296: public abstract void refresh(); 297: }