1 11 12 package org.eclipse.osgi.framework.internal.core; 13 14 import java.io.*; 15 import java.net.URL ; 16 import java.security.*; 17 import java.util.ArrayList ; 18 import org.eclipse.osgi.framework.adaptor.BundleProtectionDomain; 19 import org.eclipse.osgi.framework.adaptor.PermissionStorage; 20 import org.eclipse.osgi.framework.debug.Debug; 21 import org.osgi.framework.AdminPermission; 22 import org.osgi.framework.FrameworkEvent; 23 import org.osgi.service.permissionadmin.PermissionAdmin; 24 import org.osgi.service.permissionadmin.PermissionInfo; 25 26 65 public class PermissionAdminImpl implements PermissionAdmin { 66 private static final String ADMIN_IMPLIED_ACTIONS = AdminPermission.RESOURCE + ',' + AdminPermission.METADATA + ',' + AdminPermission.CLASS; 67 68 69 protected Framework framework; 70 71 72 protected PermissionStorage storage; 73 74 75 protected PermissionInfo[] defaultDefaultPermissionInfos; 76 77 78 protected PermissionInfo[] baseImpliedPermissionInfos; 79 80 81 protected BundleCombinedPermissions defaultAssignedPermissions; 82 83 88 protected PermissionAdminImpl(Framework framework, PermissionStorage storage) { 89 this.framework = framework; 90 this.storage = storage; 91 92 defaultDefaultPermissionInfos = getPermissionInfos(getClass().getResource(Constants.OSGI_DEFAULT_DEFAULT_PERMISSIONS)); 93 baseImpliedPermissionInfos = getPermissionInfos(getClass().getResource(Constants.OSGI_BASE_IMPLIED_PERMISSIONS)); 94 95 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 96 Debug.println("Default default assigned bundle permissions"); if (defaultDefaultPermissionInfos == null) { 98 Debug.println(" <none>"); } else { 100 for (int i = 0; i < defaultDefaultPermissionInfos.length; i++) { 101 Debug.println(" " + defaultDefaultPermissionInfos[i]); } 103 } 104 105 Debug.println("Base implied bundle permissions"); if (baseImpliedPermissionInfos == null) { 107 Debug.println(" <none>"); } else { 109 for (int i = 0; i < baseImpliedPermissionInfos.length; i++) { 110 Debug.println(" " + baseImpliedPermissionInfos[i]); } 112 } 113 } 114 115 defaultAssignedPermissions = new BundleCombinedPermissions(null); 116 defaultAssignedPermissions.setAssignedPermissions(createDefaultAssignedPermissions(getDefaultPermissions()), true); 117 } 118 119 130 public PermissionInfo[] getPermissions(String location) { 131 if (location == null) { 132 throw new NullPointerException (); 133 } 134 135 PermissionStorage storage = new org.eclipse.osgi.framework.internal.core.SecurePermissionStorage(this.storage); 136 137 try { 138 String [] data = storage.getPermissionData(location); 139 140 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 141 Debug.println("Getting permissions for location: " + location); if (data == null) { 143 Debug.println(" <none>"); } else { 145 for (int i = 0; i < data.length; i++) { 146 Debug.println(" " + data[i]); } 148 } 149 } 150 151 return makePermissionInfo(data); 152 } catch (IOException e) { 153 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, e); 154 155 return null; 156 } 157 } 158 159 170 public void setPermissions(String location, PermissionInfo[] permissions) { 171 SecurityManager sm = System.getSecurityManager(); 172 if (sm != null) 173 sm.checkPermission(new AllPermission()); 174 if (location == null) { 175 throw new NullPointerException (); 176 } 177 178 PermissionStorage storage = new org.eclipse.osgi.framework.internal.core.SecurePermissionStorage(this.storage); 179 180 try { 181 String [] data = makePermissionData(permissions); 182 183 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 184 Debug.println("Setting permissions for location: " + location); if (data == null) { 186 Debug.println(" <none>"); } else { 188 for (int i = 0; i < data.length; i++) { 189 Debug.println(" " + data[i]); } 191 } 192 } 193 194 storage.setPermissionData(location, data); 195 } catch (IOException e) { 196 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, e); 197 198 return; 199 } 200 201 AbstractBundle bundle = framework.getBundleByLocation(location); 202 203 if ((bundle != null) && (bundle.getBundleId() != 0)) { 204 ProtectionDomain domain = bundle.getProtectionDomain(); 205 206 if (domain != null) { 207 BundleCombinedPermissions combined = (BundleCombinedPermissions) domain.getPermissions(); 208 209 if (permissions == null) { 210 combined.setAssignedPermissions(defaultAssignedPermissions, true); 211 } else { 212 combined.setAssignedPermissions(createPermissions(permissions, bundle, false), false); 213 } 214 } 215 } 216 } 217 218 226 public String [] getLocations() { 227 PermissionStorage storage = new org.eclipse.osgi.framework.internal.core.SecurePermissionStorage(this.storage); 228 229 try { 230 String [] locations = storage.getLocations(); 231 232 return locations; 233 } catch (IOException e) { 234 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, e); 235 236 return null; 237 } 238 } 239 240 249 public PermissionInfo[] getDefaultPermissions() { 250 PermissionStorage storage = new org.eclipse.osgi.framework.internal.core.SecurePermissionStorage(this.storage); 251 252 try { 253 String [] data = storage.getPermissionData(null); 254 255 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 256 Debug.println("Getting default permissions"); if (data == null) { 258 Debug.println(" <none>"); } else { 260 for (int i = 0; i < data.length; i++) { 261 Debug.println(" " + data[i]); } 263 } 264 } 265 266 return makePermissionInfo(data); 267 } catch (IOException e) { 268 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, e); 269 270 return null; 271 } 272 } 273 274 284 public void setDefaultPermissions(PermissionInfo[] permissions) { 285 SecurityManager sm = System.getSecurityManager(); 286 if (sm != null) 287 sm.checkPermission(new AllPermission()); 288 PermissionStorage storage = new org.eclipse.osgi.framework.internal.core.SecurePermissionStorage(this.storage); 289 290 try { 291 String [] data = makePermissionData(permissions); 292 293 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 294 Debug.println("Setting default permissions"); if (data == null) { 296 Debug.println(" <none>"); } else { 298 for (int i = 0; i < data.length; i++) { 299 Debug.println(" " + data[i]); } 301 } 302 } 303 304 storage.setPermissionData(null, data); 305 } catch (IOException e) { 306 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, e); 307 308 return; 309 } 310 311 defaultAssignedPermissions.setAssignedPermissions(createDefaultAssignedPermissions(permissions), true); 312 } 313 314 320 protected PermissionInfo[] makePermissionInfo(String [] data) { 321 if (data == null) { 322 return null; 323 } 324 325 int size = data.length; 326 327 PermissionInfo[] permissions = new PermissionInfo[size]; 328 329 for (int i = 0; i < size; i++) { 330 permissions[i] = new PermissionInfo(data[i]); 331 } 332 333 return permissions; 334 } 335 336 342 protected String [] makePermissionData(PermissionInfo[] permissions) { 343 if (permissions == null) { 344 return null; 345 } 346 347 int size = permissions.length; 348 349 String [] data = new String [size]; 350 351 for (int i = 0; i < size; i++) { 352 data[i] = permissions[i].getEncoded(); 353 } 354 355 return data; 356 } 357 358 366 protected BundleProtectionDomain createProtectionDomain(AbstractBundle bundle) { 367 BundlePermissionCollection implied = getImpliedPermissions(bundle); 368 369 BundleCombinedPermissions combined = new BundleCombinedPermissions(implied); 370 371 BundlePermissionCollection assigned = getAssignedPermissions(bundle); 372 373 combined.setAssignedPermissions(assigned, assigned == defaultAssignedPermissions); 374 375 combined.setConditionalPermissions(new ConditionalPermissions(bundle, framework.condPermAdmin)); 376 377 379 PermissionInfo[] permInfos = getPermissionInfos(bundle.getEntry("OSGI-INF/permissions.perm")); if (permInfos != null) { 381 ConditionalPermissionInfoImpl cpiArray[] = new ConditionalPermissionInfoImpl[1]; 382 cpiArray[0] = new ConditionalPermissionInfoImpl(null, ConditionalPermissionAdminImpl.EMPTY_COND_INFO, permInfos); 383 ConditionalPermissionSet cps = new ConditionalPermissionSet(bundle, cpiArray, ConditionalPermissionAdminImpl.EMPTY_COND); 384 combined.setRestrictedPermissions(cps); 385 } 386 387 return new BundleProtectionDomainImpl(bundle, combined); 388 } 389 390 398 protected BundlePermissionCollection createDefaultAssignedPermissions(PermissionInfo[] info) { 399 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 400 Debug.println("Creating default assigned permissions"); } 402 403 if (info == null) { 404 info = defaultDefaultPermissionInfos; 405 } 406 407 return createPermissions(info, null, false); 408 } 409 410 418 protected BundlePermissionCollection getAssignedPermissions(AbstractBundle bundle) { 419 String location = bundle.getLocation(); 420 421 PermissionInfo[] info = getPermissions(location); 422 423 if (info == null) { 424 return defaultAssignedPermissions; 425 } 426 427 if (Debug.DEBUG && Debug.DEBUG_SECURITY) { 428 Debug.println("Creating assigned permissions for " + bundle); } 430 431 return createPermissions(info, bundle, false); 432 } 433 434 441 protected BundlePermissionCollection getImpliedPermissions(AbstractBundle bundle) { 442 if (Debug.DEBUG && Debug.DEBUG_SECURITY) 443 Debug.println("Creating implied permissions for " + bundle); 445 return createPermissions(baseImpliedPermissionInfos, bundle, true); 446 } 447 448 454 protected PermissionInfo[] getPermissionInfos(URL resource) { 455 if (resource == null) 456 return null; 457 PermissionInfo[] info = ConditionalPermissionAdminImpl.EMPTY_PERM_INFO; 458 DataInputStream in = null; 459 try { 460 in = new DataInputStream(resource.openStream()); 461 ArrayList permissions = new ArrayList (); 462 BufferedReader reader; 463 try { 464 reader = new BufferedReader(new InputStreamReader(in, "UTF8")); } catch (UnsupportedEncodingException e) { 466 reader = new BufferedReader(new InputStreamReader(in)); 467 } 468 469 while (true) { 470 String line = reader.readLine(); 471 if (line == null) 472 break; 473 line = line.trim(); 474 if ((line.length() == 0) || line.startsWith("#") || line.startsWith("//")) continue; 476 477 try { 478 permissions.add(new PermissionInfo(line)); 479 } catch (IllegalArgumentException iae) { 480 481 framework.publishFrameworkEvent(FrameworkEvent.ERROR, framework.systemBundle, iae); 482 } 483 } 484 int size = permissions.size(); 485 if (size > 0) 486 info = (PermissionInfo[]) permissions.toArray(new PermissionInfo[size]); 487 } catch (IOException e) { 488 } finally { 490 try { 491 if (in != null) 492 in.close(); 493 } catch (IOException ee) { 494 } 496 } 497 return info; 498 } 499 500 507 protected BundlePermissionCollection createPermissions(PermissionInfo[] info, final AbstractBundle bundle, boolean implied) { 508 if (info == null) 509 info = new PermissionInfo[0]; 510 if (implied) { 511 PermissionInfo impliedInfo = new PermissionInfo(AdminPermission.class.getName(), "(id=" + bundle.getBundleId() + ")", ADMIN_IMPLIED_ACTIONS); if (Debug.DEBUG && Debug.DEBUG_SECURITY) 514 Debug.println("Created permission: " + impliedInfo); PermissionInfo[] impliedInfos = new PermissionInfo[info.length + 1]; 516 System.arraycopy(info, 0, impliedInfos, 0, info.length); 517 impliedInfos[info.length] = impliedInfo; 518 info = impliedInfos; 519 } 520 ConditionalPermissionInfoImpl cpiArray[] = new ConditionalPermissionInfoImpl[1]; 521 cpiArray[0] = new ConditionalPermissionInfoImpl(null, ConditionalPermissionAdminImpl.EMPTY_COND_INFO, info); 522 return new ConditionalPermissionSet(bundle, cpiArray, ConditionalPermissionAdminImpl.EMPTY_COND); 523 } 524 525 } 526 | Popular Tags |