/** * */ @Override public final boolean equals(Object obj) { if (obj == null) { return false; } if (obj == this) { return true; } final ConditionalPermissionInfo cpi = (ConditionalPermissionInfo)obj; if (name == null ? cpi.getName() != null : !name.equals(cpi.getName())) { return false; } // NYI, we should allow permuted arrays, also affects hashCode. if (!Arrays.equals(permissionInfos, cpi.getPermissionInfos())) { return false; } if (!Arrays.equals(conditionInfos, cpi.getConditionInfos())) { return false; } return access == cpi.getAccessDecision(); }
public boolean equals(Object obj) { // doing the simple (slow) thing for now if (obj == this) return true; if (!(obj instanceof ConditionalPermissionInfo)) return false; // we assume the encoded string provides a canonical (comparable) form return getEncoded().equals(((ConditionalPermissionInfo) obj).getEncoded()); }
/** * Delete all permissions from locally installed bundles */ private void deleteUserBundlePermissions() { Enumeration<ConditionalPermissionInfo> cpis = cpa.getConditionalPermissionInfos(); while (cpis.hasMoreElements()) { ConditionalPermissionInfo cpi = cpis.nextElement(); if (!NON_USER_CPI_NAMES.contains(cpi.getName())) { cpi.delete(); } } }
static boolean implies(ConditionalPermissionInfo implier, ConditionalPermissionInfo implied) { /* * Check Access decision */ if (!implier.getAccessDecision().equals(implied.getAccessDecision())) return false; /* * Check the PermisssionInfos */ Object rpinfos[] = implier.getPermissionInfos(); Object dpinfos[] = implied.getPermissionInfos(); boolean success = Util.containsAll(rpinfos, dpinfos); if (!success) return false; /* * Check the ConditionInfos */ rpinfos = implier.getConditionInfos(); dpinfos = implied.getConditionInfos(); if (dpinfos.length != rpinfos.length) return false; success = Util.containsAll(rpinfos, dpinfos); return success; }
void add(ConditionalPermissionInfo pInfo) { granted.put(pInfo.getName(), pInfo); }
pw.print(info.getName()); print(info.getConditionInfos(), pw); pw.println(" Permissions:"); print(info.getPermissionInfos(), pw);
systemPolicies: for (ConditionalPermissionInfo scpi : systemPermissions) { for (PermissionInfo spi : scpi.getPermissionInfos()) { Permission sp = createPermission(ctx, spi); if (scpi.getAccessDecision().equals("allow")) { if (sp.implies(lp)) { granted = true; System.out.printf("allowed: %s%n", lp); System.out.printf(" implied by '%s': %s%n", scpi.getName(), spi); break systemPolicies; if (lp.implies(sp)) { //XXX probably wrong, also ignores policy order System.out.printf("denied: %s%n", lp); System.out.printf(" denied by '%s': %s%n", scpi.getName(), spi); break systemPolicies; System.out.printf("not allowed: %s%n", lp); for (ConditionalPermissionInfo scpi : systemPermissions) { if (scpi.getAccessDecision().equals("deny")) { continue; for (PermissionInfo spi : scpi.getPermissionInfos()) { if (lp.implies(createPermission(ctx, spi))) { System.out.printf(" constrained effective permission: %s%n", spi);
ConditionInfo cinfos[] = cpi.getConditionInfos(); boolean wildcard = true; for (ConditionInfo ci : cinfos) { if (tmpcpi.getName().equals(name)) { if (Configuration.DEBUG) log.info("Removed Policy: " + tmpcpi.getEncoded()); piList.remove(tmpcpi); break;
ConditionInfo cia[] = pInfo.getConditionInfos(); if (cia.length == 0) // if no conditions are set, its a default result.put(pInfo.getName(), pInfo); result.put(pInfo.getName(), pInfo); continue; result.put(pInfo.getName(), pInfo);
PermissionInfo[] permInfo = cpi.getPermissionInfos(); for (PermissionInfo pi : permInfo) { if (allPerms.equals(pi.getType())) { if (cpi.getName() != null) { permissionName = cpi.getName(); appPermission.removePermission(permissionName);
void removeGranted(String name) { // First get the permissions table ConditionalPermissionUpdate cpu = cpa.newConditionalPermissionUpdate(); List<ConditionalPermissionInfo> piList = cpu.getConditionalPermissionInfos(); for (ConditionalPermissionInfo tmpcpi : piList) { // If a permission info exists in the table remove it if (tmpcpi.getName().equals(name)) { if (Configuration.DEBUG) log.info("Removed Policy: " + tmpcpi.getEncoded()); piList.remove(tmpcpi); break; } } cpu.commit(); }
static boolean isImplied(BundleContext ctx, PermissionInfo pi, List<ConditionalPermissionInfo> systemPolicies) { try { Permission localPerm = createPermission(ctx, pi); for (ConditionalPermissionInfo scpi : systemPolicies) { for (PermissionInfo spi : scpi.getPermissionInfos()) { Permission sp = createPermission(ctx, spi); if (sp.implies(localPerm)) { return true; } } } } catch (Exception ex) { System.err.printf("could not test local permission %s: %s%n", pi, ex.getMessage()); } return false; }
@Descriptor("list all system permissions applying to a bundle") public List<ConditionalPermissionInfo> bundlePermissions(Bundle b) { final ConditionalPermissionUpdate cpu = cpa.newConditionalPermissionUpdate(); List<ConditionalPermissionInfo> l = new ArrayList<>(); for (ConditionalPermissionInfo cpi : cpu.getConditionalPermissionInfos()) { ConditionInfo[] cis = cpi.getConditionInfos(); for (ConditionInfo ci : cis) { if (ci.getType().equals("org.osgi.service.condpermadmin.BundleLocationCondition")) { Condition blc = BundleLocationCondition.getCondition(b, ci); if (blc.isSatisfied()) { l.add(cpi); } } } if (cis.length == 0) { l.add(cpi); } } return l; }
/** * The function is called whenever a bundle changes its state. According to * the state, the bundle recieves permissions or loses all permissions. * @param event A specific <code>BundleEvent</code> according to the bundle state */ @Override public void bundleChanged(BundleEvent event) { logger.debug("Got bundle event {}", event.getType()); final String bundleLocation = event.getBundle().getLocation(); switch (event.getType()) { // give the bundle permissions according to the system graph case BundleEvent.INSTALLED: logger.debug("Bundle INSTALLED: {}", bundleLocation); if (bundleLocation.startsWith("userbundle:")) { updateFromSystemGraph(bundleLocation); } break; // delete all permissions of this bundle case BundleEvent.UNINSTALLED: logger.debug("Bundle UNINSTALLED: {}", bundleLocation); cpa.getConditionalPermissionInfo(bundleLocation).delete(); break; } } }
private int find(String name) { for (int i = 0; i < cpiTable.size(); i++) { if (((ConditionalPermissionInfo)cpiTable.get(i)).getName().equals(name)) { return i; } } return -1; }
pw.print(info.getName()); print(info.getConditionInfos(), pw); pw.println(" Permissions:"); print(info.getPermissionInfos(), pw);
@Override public boolean isDefaultPolicy(String permtype, String permname, String actions) { AppPermissionImpl ap = getDefaultPolicies(); ConcurrentHashMap<String, ConditionalPermissionInfo> granteds = ap.granted; Set<Entry<String, ConditionalPermissionInfo>> grantedsSet = granteds.entrySet(); for (Map.Entry<String, ConditionalPermissionInfo> entry : grantedsSet) { // Create new permission info object each new entry // Multiple entries with same name are not permitted. ConditionalPermissionInfo cpi = entry.getValue(); PermissionInfo perms[] = cpi.getPermissionInfos(); for (PermissionInfo pi : perms) { if (pi.getType().equals(permtype)) { String name = pi.getName(); if (permname != null && (name == null || name.equals(permname))) { String acts = pi.getActions(); if (actions != null && acts != null) { String[] tmpActions = acts.split(","); String[] actionsArr = actions.split(","); if (Util.containsAll(tmpActions, actionsArr)) return true; } } } } } return false; }
ConditionInfo cia[] = pInfo.getConditionInfos(); if (cia.length == 0) // if no conditions are set, its a
infos.nextElement().delete();
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }