public boolean isSatisfied(Condition[] conds, Dictionary<Object, Object> context) { for (int i = 0, length = conds.length; i < length; i++) { if (!conds[i].isSatisfied()) return false; } return true; } }
/** * Checks whether the condition may change during the lifetime of the UserPromptCondition object. * This depends on the permission level given in * {@link UserPromptCondition#getCondition(Bundle, ConditionInfo)}. * <ul> * <li>ONESHOT - true</li> * <li>SESSION - true, if the application model's session lifetime is * shorter than the UserPromptCondition object lifetime</li> * <li>BLANKET - false</li> * </ul> * If the system supports separately accessible permission management GUI, * then this function may also return true for SESSION and BLANKET. * * @return True, if the condition can change. */ public boolean isMutable() { lookForImplementation(); if (realUserPromptCondition!=null) { return realUserPromptCondition.isMutable(); } else { // since we don't know what the actual status is, we cannot say // "the condition cannot change anymore" return true; } }
/** * Checks if the {@link #isSatisfied()} method needs to prompt the user, thus cannot * give results instantly. * This depends on the permission level given in * {@link UserPromptCondition#getCondition(Bundle, ConditionInfo)}. * <ul> * <li>ONESHOT - isPostponed always returns true. The user is prompted for question every time.</li> * <li>SESSION - isPostponed returns true until the user decides either yes or no for the current session.</li> * <li>BLANKET - isPostponed returns true until the user decides either always or never.</li> * </ul> * Regardless of the session level, the user is always given the option to reject the prompt * permanently, as if BLANKET/never was chosen. In this case, the question is not postponed * anymore, and {@link #isSatisfied()} returns false.<br/> * If the system supports an separately accessible permission management GUI, * that may reset the condition * to its initial state. * * @return True, if user interaction is needed. */ public boolean isPostponed() { lookForImplementation(); if (realUserPromptCondition!=null) { return realUserPromptCondition.isPostponed(); } else { return true; } }
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<Object, Object>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<Class<?>>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
if (checkPostponed || !c.isPostponed()) { final boolean mutable = c.isMutable(); if (c.isSatisfied()) { if (!mutable) {
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
if (condition.isPostponed()) boolean mutable = condition.isMutable(); boolean result = condition.isSatisfied();
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<Object, Object>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<Class<?>>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
/** * Checks an array of UserPrompt conditions. * * @param conds The array containing the UserPrompt conditions to evaluate. * @param context Storage area for evaluation. The {@link org.osgi.service.condpermadmin.ConditionalPermissionAdmin} * may evaluate a condition several times for one permission check, so this context * will be used to store results of ONESHOT questions. This way asking the same question * twice in a row can be avoided. If context is null, temporary results will not be stored. * @return True, if all conditions are satisfied. * @throws NullPointerException if conds is null. */ public boolean isSatisfied(Condition[] conds, Dictionary context) { lookForImplementation(); if (realUserPromptCondition!=null) { return realUserPromptCondition.isSatisfied(conds,context); } else { // paranoid security option return false; } } }
if (!c.isMutable()) { if (!c.isPostponed() /* || debug.tck401compat */) { if (c.isSatisfied()) { if (debug.permissions) { debug.println(me + "Immutable condition ok, continue");
private boolean isPostponed(Condition condition) { // postponed checks can only happen if we are using a supported security manager return condition.isPostponed() && securityAdmin.getSupportedSecurityManager() != null; }
private boolean checkMutable(BundlePermissions bundlePermissions, EvaluationCacheKey evaluationCacheKey, SecurityRow row) { Condition[] conditions = row.getConditions(bundlePermissions); if (conditions != null) { for (Condition condition : conditions) { if (condition != null && condition.isMutable()) { evaluationCache.put(evaluationCacheKey, MUTABLE); return true; } } } return false; }
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<Object, Object>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<Class<?>>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
/** * Displays the prompt string to * the user and returns true if the user accepts. Depending on the * amount of levels the condition is assigned to, the prompt may have * multiple accept buttons and one of them can be selected by default (see * default level parameter at {@link UserPromptCondition#getCondition(Bundle, ConditionInfo)}). * It must always be possible for the user * to stop further prompting of this question, even with ONESHOT and SESSION levels. * In case of BLANKET * and SESSION levels, it is possible that the user has already answered the question, * in this case there will be no prompting, but immediate return with the previous answer. * * @return True if the user accepts the prompt (or accepts any prompt in * case there are multiple permission levels). */ public boolean isSatisfied() { lookForImplementation(); if (realUserPromptCondition!=null) { return realUserPromptCondition.isSatisfied(); } else { // paranoid security option return false; } }
void handleImmutable(Condition condition, boolean isSatisfied, boolean mutable) { if (mutable || !condition.isPostponed()) return; // do nothing if (isSatisfied) { synchronized (row.bundleConditions) { Condition[] rowConditions = row.bundleConditions.get(bundlePermissions); boolean isEmpty = true; for (int i = 0; i < rowConditions.length; i++) { if (rowConditions[i] == condition) if (isSatisfied) rowConditions[i] = null; isEmpty &= rowConditions[i] == null; } if (isEmpty) row.bundleConditions.put(bundlePermissions, SATISFIED_LIST); } } else { synchronized (row.bundleConditions) { row.bundleConditions.put(bundlePermissions, ABSTAIN_LIST); } } } }
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<Object, Object>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<Class<?>>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
@Override public boolean isSatisfied(Condition[] conds, Dictionary<Object, Object> context) { for (int i = 0, length = conds.length; i < length; i++) { if (!conds[i].isSatisfied()) return false; } return true; } }
private boolean isPostponed(Condition condition) { // postponed checks can only happen if we are using a supported security manager return condition.isPostponed() && securityAdmin.getSupportedSecurityManager() != null; }
private int getPostponedDecision(Decision decision, Map<Class<? extends Condition>, Dictionary<Object, Object>> conditionDictionaries, CheckContext cc) { Condition[] postponed = decision.postponed; for (int i = 0; i < postponed.length; i++) { Dictionary<Object, Object> condContext = conditionDictionaries.get(postponed[i].getClass()); if (condContext == null) { condContext = new Hashtable<Object, Object>(); conditionDictionaries.put(postponed[i].getClass(), condContext); } // prevent recursion into Condition if (cc.CondClassSet == null) cc.CondClassSet = new ArrayList<Class<?>>(2); if (cc.CondClassSet.contains(postponed[i].getClass())) return SecurityTable.ABSTAIN; cc.CondClassSet.add(postponed[i].getClass()); try { // must call isMutable before calling isSatisfied according to the specification boolean mutable = postponed[i].isMutable(); boolean isSatisfied = postponed[i].isSatisfied(new Condition[] {postponed[i]}, condContext); decision.handleImmutable(postponed[i], isSatisfied, mutable); if (!isSatisfied) return SecurityTable.ABSTAIN; } finally { cc.CondClassSet.remove(postponed[i].getClass()); } } // call postponed conditions are satisfied return the decision return decision.decision; }
public boolean isSatisfied(Condition[] conds, Dictionary<Object, Object> context) { for (int i = 0, length = conds.length; i < length; i++) { if (!conds[i].isSatisfied()) return false; } return true; } }