static boolean isImplied(BundleContext ctx, PermissionInfo pi, List<ConditionalPermissionInfo> systemPolicies) { try { Permission localPerm = createPermission(ctx, pi); for (ConditionalPermissionInfo scpi : systemPolicies) { for (PermissionInfo spi : scpi.getPermissionInfos()) { Permission sp = createPermission(ctx, spi); if (sp.implies(localPerm)) { return true; } } } } catch (Exception ex) { System.err.printf("could not test local permission %s: %s%n", pi, ex.getMessage()); } return false; }
@Override public boolean isDefaultPolicy(String permtype, String permname, String actions) { AppPermissionImpl ap = getDefaultPolicies(); ConcurrentHashMap<String, ConditionalPermissionInfo> granteds = ap.granted; Set<Entry<String, ConditionalPermissionInfo>> grantedsSet = granteds.entrySet(); for (Map.Entry<String, ConditionalPermissionInfo> entry : grantedsSet) { // Create new permission info object each new entry // Multiple entries with same name are not permitted. ConditionalPermissionInfo cpi = entry.getValue(); PermissionInfo perms[] = cpi.getPermissionInfos(); for (PermissionInfo pi : perms) { if (pi.getType().equals(permtype)) { String name = pi.getName(); if (permname != null && (name == null || name.equals(permname))) { String acts = pi.getActions(); if (actions != null && acts != null) { String[] tmpActions = acts.split(","); String[] actionsArr = actions.split(","); if (Util.containsAll(tmpActions, actionsArr)) return true; } } } } } return false; }
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
/** * */ @Override public final boolean equals(Object obj) { if (obj == null) { return false; } if (obj == this) { return true; } final ConditionalPermissionInfo cpi = (ConditionalPermissionInfo)obj; if (name == null ? cpi.getName() != null : !name.equals(cpi.getName())) { return false; } // NYI, we should allow permuted arrays, also affects hashCode. if (!Arrays.equals(permissionInfos, cpi.getPermissionInfos())) { return false; } if (!Arrays.equals(conditionInfos, cpi.getConditionInfos())) { return false; } return access == cpi.getAccessDecision(); }
throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision());
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
print(info.getConditionInfos(), pw); pw.println(" Permissions:"); print(info.getPermissionInfos(), pw);
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ names.add(name); newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); timeStamp += 1; return true; } }
Map<String, ConditionalPermissionInfo> grantedPerms = appPermission.getGrantedPerms(); for (ConditionalPermissionInfo cpi : grantedPerms.values()) { PermissionInfo[] permInfo = cpi.getPermissionInfos(); for (PermissionInfo pi : permInfo) { if (allPerms.equals(pi.getType())) {
static boolean implies(ConditionalPermissionInfo implier, ConditionalPermissionInfo implied) { /* * Check Access decision */ if (!implier.getAccessDecision().equals(implied.getAccessDecision())) return false; /* * Check the PermisssionInfos */ Object rpinfos[] = implier.getPermissionInfos(); Object dpinfos[] = implied.getPermissionInfos(); boolean success = Util.containsAll(rpinfos, dpinfos); if (!success) return false; /* * Check the ConditionInfos */ rpinfos = implier.getConditionInfos(); dpinfos = implied.getConditionInfos(); if (dpinfos.length != rpinfos.length) return false; success = Util.containsAll(rpinfos, dpinfos); return success; }
boolean commit(List<ConditionalPermissionInfo> rows, long updateStamp) { checkAllPermission(); synchronized (lock) { if (updateStamp != timeStamp) return false; SecurityRow[] newRows = new SecurityRow[rows.size()]; Collection<String> names = new ArrayList<String>(); for (int i = 0; i < newRows.length; i++) { Object rowObj = rows.get(i); if (!(rowObj instanceof ConditionalPermissionInfo)) throw new IllegalStateException("Invalid type \"" + rowObj.getClass().getName() + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj; String name = infoBaseRow.getName(); if (name == null) name = generateName(); if (names.contains(name)) throw new IllegalStateException("Duplicate name \"" + name + "\" at row: " + i); //$NON-NLS-1$//$NON-NLS-2$ newRows[i] = new SecurityRow(this, name, infoBaseRow.getConditionInfos(), infoBaseRow.getPermissionInfos(), infoBaseRow.getAccessDecision()); } condAdminTable = new SecurityTable(this, newRows); try { permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows()); } catch (IOException e) { // TODO log e.printStackTrace(); } timeStamp += 1; return true; } }
print(info.getConditionInfos(), pw); pw.println(" Permissions:"); print(info.getPermissionInfos(), pw);
systemPolicies: for (ConditionalPermissionInfo scpi : systemPermissions) { for (PermissionInfo spi : scpi.getPermissionInfos()) { Permission sp = createPermission(ctx, spi); if (scpi.getAccessDecision().equals("allow")) { continue; for (PermissionInfo spi : scpi.getPermissionInfos()) { if (lp.implies(createPermission(ctx, spi))) { System.out.printf(" constrained effective permission: %s%n", spi);
PermissionInfo[] permInfo = cpi.getPermissionInfos(); for (PermissionInfo pi : permInfo) { if (allPerms.equals(pi.getType())) {
PermissionInfo[] permissionInfoArray = cond.getPermissionInfos();
@Override public AppPermissionImpl setDefaultPolicies() { defaultPolicies = new AppPermissionImpl(cpa); /* * Scan permission table */ boolean match = false; // First get the permissions table ConditionalPermissionUpdate cpu = cpa.newConditionalPermissionUpdate(); List<ConditionalPermissionInfo> piList = cpu.getConditionalPermissionInfos(); for (ConditionalPermissionInfo pInfo : piList) { // Get the condition infos if its a BundleLocationCondition, in this // case its not a default policy ConditionInfo cia[] = pInfo.getConditionInfos(); if (cia.length != 0) for (ConditionInfo tmpci : cia) { if (tmpci.getType().equals(BUNDLE_LOCATION_CONDITION_NAME)) { match = true; break; } } if (!match) { ConditionalPermissionInfo pInfoAccess = cpa.newConditionalPermissionInfo(pInfo.getName(), pInfo.getConditionInfos(), pInfo.getPermissionInfos(), pInfo.getAccessDecision()); defaultPolicies.add(pInfoAccess); } match = false; } return defaultPolicies; }
PermissionInfo[] permissionInfoArray = cpi.getPermissionInfos();