| The Android Open Source Project | 0eec464 | 2012-04-01 00:00:00 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | * contributor license agreements. See the NOTICE file distributed with |
| 4 | * this work for additional information regarding copyright ownership. |
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | * (the "License"); you may not use this file except in compliance with |
| 7 | * the License. You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | */ |
| 17 | |
| 18 | /** |
| 19 | * @author Alexey V. Varlamov |
| 20 | * @version $Revision$ |
| 21 | */ |
| 22 | |
| 23 | package org.apache.harmony.security; |
| 24 | |
| 25 | import java.net.URL; |
| 26 | import java.security.CodeSigner; |
| 27 | import java.security.CodeSource; |
| 28 | import java.security.Permission; |
| 29 | import java.security.Principal; |
| 30 | import java.util.Collection; |
| 31 | import java.util.Collections; |
| 32 | import org.apache.harmony.security.fortress.PolicyUtils; |
| 33 | |
| 34 | /** |
| 35 | * This class represents an elementary block of a security policy. It associates |
| 36 | * a CodeSource of an executable code, Principals allowed to execute the code, |
| 37 | * and a set of granted Permissions. |
| 38 | * |
| 39 | * @see org.apache.harmony.security.fortress.DefaultPolicy |
| 40 | */ |
| 41 | public class PolicyEntry { |
| 42 | |
| 43 | // Store CodeSource |
| 44 | private final CodeSource cs; |
| 45 | |
| 46 | // Array of principals |
| 47 | private final Principal[] principals; |
| 48 | |
| 49 | // Permissions collection |
| 50 | private final Collection<Permission> permissions; |
| 51 | |
| 52 | /** |
| 53 | * Constructor with initialization parameters. Passed collections are not |
| 54 | * referenced directly, but copied. |
| 55 | */ |
| 56 | public PolicyEntry(CodeSource cs, Collection<? extends Principal> prs, |
| 57 | Collection<? extends Permission> permissions) { |
| 58 | this.cs = (cs != null) ? normalizeCodeSource(cs) : null; |
| 59 | this.principals = (prs == null || prs.isEmpty()) ? null |
| 60 | : (Principal[]) prs.toArray(new Principal[prs.size()]); |
| 61 | this.permissions = (permissions == null || permissions.isEmpty()) ? null |
| 62 | : Collections.unmodifiableCollection(permissions); |
| 63 | } |
| 64 | |
| 65 | /** |
| 66 | * Checks if passed CodeSource matches this PolicyEntry. Null CodeSource of |
| 67 | * PolicyEntry implies any CodeSource; non-null CodeSource forwards to its |
| 68 | * imply() method. |
| 69 | */ |
| 70 | public boolean impliesCodeSource(CodeSource codeSource) { |
| 71 | if (cs == null) { |
| 72 | return true; |
| 73 | } |
| 74 | |
| 75 | if (codeSource == null) { |
| 76 | return false; |
| 77 | } |
| 78 | return cs.implies(normalizeCodeSource(codeSource)); |
| 79 | } |
| 80 | |
| 81 | private CodeSource normalizeCodeSource(CodeSource codeSource) { |
| 82 | URL codeSourceURL = PolicyUtils.normalizeURL(codeSource.getLocation()); |
| 83 | CodeSource result = codeSource; |
| 84 | |
| 85 | if (codeSourceURL != codeSource.getLocation()) { |
| 86 | // URL was normalized - recreate codeSource with new URL |
| 87 | CodeSigner[] signers = codeSource.getCodeSigners(); |
| 88 | if (signers == null) { |
| 89 | result = new CodeSource(codeSourceURL, codeSource |
| 90 | .getCertificates()); |
| 91 | } else { |
| 92 | result = new CodeSource(codeSourceURL, signers); |
| 93 | } |
| 94 | } |
| 95 | return result; |
| 96 | } |
| 97 | |
| 98 | /** |
| 99 | * Checks if specified Principals match this PolicyEntry. Null or empty set |
| 100 | * of Principals of PolicyEntry implies any Principals; otherwise specified |
| 101 | * array must contain all Principals of this PolicyEntry. |
| 102 | */ |
| 103 | public boolean impliesPrincipals(Principal[] prs) { |
| 104 | return PolicyUtils.matchSubset(principals, prs); |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * Returns unmodifiable collection of permissions defined by this |
| 109 | * PolicyEntry, may be <code>null</code>. |
| 110 | */ |
| 111 | public Collection<Permission> getPermissions() { |
| 112 | return permissions; |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Returns true if this PolicyEntry defines no Permissions, false otherwise. |
| 117 | */ |
| 118 | public boolean isVoid() { |
| 119 | return permissions == null || permissions.size() == 0; |
| 120 | } |
| 121 | } |