001/* Policy.java --- Policy Manager Class
002   Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
003
004This file is part of GNU Classpath.
005
006GNU Classpath is free software; you can redistribute it and/or modify
007it under the terms of the GNU General Public License as published by
008the Free Software Foundation; either version 2, or (at your option)
009any later version.
010
011GNU Classpath is distributed in the hope that it will be useful, but
012WITHOUT ANY WARRANTY; without even the implied warranty of
013MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014General Public License for more details.
015
016You should have received a copy of the GNU General Public License
017along with GNU Classpath; see the file COPYING.  If not, write to the
018Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
01902110-1301 USA.
020
021Linking this library statically or dynamically with other modules is
022making a combined work based on this library.  Thus, the terms and
023conditions of the GNU General Public License cover the whole
024combination.
025
026As a special exception, the copyright holders of this library give you
027permission to link this library with independent modules to produce an
028executable, regardless of the license terms of these independent
029modules, and to copy and distribute the resulting executable under
030terms of your choice, provided that you also meet, for each linked
031independent module, the terms and conditions of the license of that
032module.  An independent module is a module which is not derived from
033or based on this library.  If you modify this library, you may extend
034this exception to your version of the library, but you are not
035obligated to do so.  If you do not wish to do so, delete this
036exception statement from your version. */
037
038package java.security;
039
040import java.util.Collections;
041import java.util.Enumeration;
042import java.util.LinkedHashMap;
043import java.util.Map;
044
045/**
046 * <code>Policy</code> is an abstract class for managing the system security
047 * policy for the Java application environment. It specifies which permissions
048 * are available for code from various sources. The security policy is
049 * represented through a subclass of <code>Policy</code>.
050 * 
051 * <p>Only one <code>Policy</code> is in effect at any time. A
052 * {@link ProtectionDomain} initializes itself with information from this class
053 * on the set of permssions to grant.</p>
054 * 
055 * <p>The location for the actual <code>Policy</code> could be anywhere in any
056 * form because it depends on the Policy implementation. The default system is
057 * in a flat ASCII file or it could be in a database.</p>
058 * 
059 * <p>The current installed <code>Policy</code> can be accessed with
060 * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code
061 * has the correct permissions.</p>
062 * 
063 * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to
064 * refresh/reload its configuration. The method used to refresh depends on the
065 * <code>Policy</code> implementation.</p>
066 * 
067 * <p>When a protection domain initializes its permissions, it uses code like
068 * the following:</p>
069 * 
070 * <code>
071 * policy = Policy.getPolicy();
072 * PermissionCollection perms = policy.getPermissions(myCodeSource);
073 * </code>
074 * 
075 * <p>The protection domain passes the <code>Policy</code> handler a
076 * {@link CodeSource} instance which contains the codebase URL and a public key.
077 * The <code>Policy</code> implementation then returns the proper set of
078 * permissions for that {@link CodeSource}.</p>
079 * 
080 * <p>The default <code>Policy</code> implementation can be changed by setting
081 * the "policy.provider" security provider in the "java.security" file to the
082 * correct <code>Policy</code> implementation class.</p>
083 *
084 * @author Mark Benvenuto
085 * @see CodeSource
086 * @see PermissionCollection
087 * @see SecureClassLoader
088 * @since 1.2
089 */
090public abstract class Policy
091{
092  private static Policy currentPolicy;
093
094  /** Map of ProtectionDomains to PermissionCollections for this instance. */
095  private Map pd2pc = null;
096
097  /** Constructs a new <code>Policy</code> object. */
098  public Policy()
099  {
100  }
101
102  /**
103   * Returns the currently installed <code>Policy</code> handler. The value
104   * should not be cached as it can be changed any time by
105   * {@link #setPolicy(Policy)}.
106   * 
107   * @return the current <code>Policy</code>.
108   * @throws SecurityException
109   *           if a {@link SecurityManager} is installed which disallows this
110   *           operation.
111   */
112  public static Policy getPolicy()
113  {
114    SecurityManager sm = System.getSecurityManager();
115    if (sm != null)
116      sm.checkPermission(new SecurityPermission("getPolicy"));
117
118    return getCurrentPolicy();
119  }
120
121  /**
122   * Sets the <code>Policy</code> handler to a new value.
123   * 
124   * @param policy
125   *          the new <code>Policy</code> to use.
126   * @throws SecurityException
127   *           if a {@link SecurityManager} is installed which disallows this
128   *           operation.
129   */
130  public static void setPolicy(Policy policy)
131  {
132    SecurityManager sm = System.getSecurityManager();
133    if (sm != null)
134      sm.checkPermission(new SecurityPermission("setPolicy"));
135
136    setup(policy);
137    currentPolicy = policy;
138  }
139
140  private static void setup(final Policy policy)
141  {
142    if (policy.pd2pc == null)
143      policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap());
144
145    ProtectionDomain pd = policy.getClass().getProtectionDomain();
146    if (pd.getCodeSource() != null)
147      {
148        PermissionCollection pc = null;
149        if (currentPolicy != null)
150          pc = currentPolicy.getPermissions(pd);
151
152        if (pc == null) // assume it has all
153          {
154            pc = new Permissions();
155            pc.add(new AllPermission());
156          }
157
158        policy.pd2pc.put(pd, pc); // add the mapping pd -> pc
159      }
160  }
161
162  /**
163   * Ensures/forces loading of the configured policy provider, while bypassing
164   * the {@link SecurityManager} checks for <code>"getPolicy"</code> security
165   * permission.  Needed by {@link ProtectionDomain}.
166   */
167  static Policy getCurrentPolicy()
168  {
169    // FIXME: The class name of the Policy provider should really be sourced
170    // from the "java.security" configuration file. For now, just hard-code
171    // a stub implementation.
172    if (currentPolicy == null)
173      {
174        String pp = System.getProperty ("policy.provider");
175        if (pp != null)
176          try
177            {
178              currentPolicy = (Policy) Class.forName(pp).newInstance();
179            }
180          catch (Exception e)
181            {
182              // Ignored.
183            }
184
185        if (currentPolicy == null)
186          currentPolicy = new gnu.java.security.provider.DefaultPolicy();
187      }
188    return currentPolicy;
189  }
190
191  /**
192   * Tests if <code>currentPolicy</code> is not <code>null</code>,
193   * thus allowing clients to not force loading of any policy
194   * provider; needed by {@link ProtectionDomain}.
195   */
196  static boolean isLoaded()
197  {
198    return currentPolicy != null;
199  }
200
201  /**
202   * Returns the set of Permissions allowed for a given {@link CodeSource}.
203   * 
204   * @param codesource
205   *          the {@link CodeSource} for which, the caller needs to find the
206   *          set of granted permissions.
207   * @return a set of permissions for {@link CodeSource} specified by the
208   *         current <code>Policy</code>.
209   * @throws SecurityException
210   *           if a {@link SecurityManager} is installed which disallows this
211   *           operation.
212   */
213  public abstract PermissionCollection getPermissions(CodeSource codesource);
214
215  /**
216   * Returns the set of Permissions allowed for a given {@link ProtectionDomain}.
217   * 
218   * @param domain
219   *          the {@link ProtectionDomain} for which, the caller needs to find
220   *          the set of granted permissions.
221   * @return a set of permissions for {@link ProtectionDomain} specified by the
222   *         current <code>Policy.</code>.
223   * @since 1.4
224   * @see ProtectionDomain
225   * @see SecureClassLoader
226   */
227  public PermissionCollection getPermissions(ProtectionDomain domain)
228  {
229    if (domain == null)
230      return new Permissions();
231
232    if (pd2pc == null)
233      setup(this);
234
235    PermissionCollection result = (PermissionCollection) pd2pc.get(domain);
236    if (result != null)
237      {
238        Permissions realResult = new Permissions();
239        for (Enumeration e = result.elements(); e.hasMoreElements(); )
240          realResult.add((Permission) e.nextElement());
241
242        return realResult;
243      }
244
245    result = getPermissions(domain.getCodeSource());
246    if (result == null)
247      result = new Permissions();
248
249    PermissionCollection pc = domain.getPermissions();
250    if (pc != null)
251      for (Enumeration e = pc.elements(); e.hasMoreElements(); )
252        result.add((Permission) e.nextElement());
253
254    return result;
255  }
256
257  /**
258   * Checks if the designated {@link Permission} is granted to a designated
259   * {@link ProtectionDomain}.
260   * 
261   * @param domain
262   *          the {@link ProtectionDomain} to test.
263   * @param permission
264   *          the {@link Permission} to check.
265   * @return <code>true</code> if <code>permission</code> is implied by a
266   *         permission granted to this {@link ProtectionDomain}. Returns
267   *         <code>false</code> otherwise.
268   * @since 1.4
269   * @see ProtectionDomain
270   */
271  public boolean implies(ProtectionDomain domain, Permission permission)
272  {
273    if (pd2pc == null)
274      setup(this);
275
276    PermissionCollection pc = (PermissionCollection) pd2pc.get(domain);
277    if (pc != null)
278      return pc.implies(permission);
279
280    boolean result = false;
281    pc = getPermissions(domain);
282    if (pc != null)
283      {
284        result = pc.implies(permission);
285        pd2pc.put(domain, pc);
286      }
287
288    return result;
289  }
290
291  /**
292   * Causes this <code>Policy</code> instance to refresh / reload its
293   * configuration. The method used to refresh depends on the concrete
294   * implementation.
295   */
296  public abstract void refresh();
297}