permissions.java

用于移动设备上的java虚拟机源代码

/*
 * @(#)Permissions.java	1.29 02/08/15 @(#)
 *
 * Copyright (c) 2001-2002 Sun Microsystems, Inc.  All rights reserved.
 * PROPRIETARY/CONFIDENTIAL
 * Use is subject to license terms.
 */

package com.sun.midp.security;

import javax.microedition.io.Connector;

import java.io.InputStream;
import java.util.Vector;
import java.util.Hashtable;
import java.util.Enumeration;

import com.sun.midp.io.Util;
import com.sun.midp.io.j2me.storage.File;
import com.sun.midp.io.j2me.storage.RandomAccessStream;
import com.sun.midp.midletsuite.InvalidJadException;

/**
 * This class is a standard list of permissions that 
 * a suite can do and is used by all internal security
 * features. This class also builds a list of permission for each
 * security domain. This only class that would need to be updated in order to
 * add a new security domain.
 */
public final class Permissions {

    /** Name of the security policy file. */
    public static final String POLICY_FILENAME = "_policy.txt";

    /** Name of the internal domain. (all actions allowed) */
    public static final String INTERNAL_DOMAIN_NAME = "internal";

    /** Name of the untrusted domain. */
    public static final String UNTRUSTED_DOMAIN_NAME = "untrusted";

    /** Names to compare to JAD and policy file entries. */
    private static String[] names = {
        "com.sun.midp",
        "com.sun.midp.midletsuite.ams",
        "javax.microedition.io.Connector.http",
        "javax.microedition.io.Connector.socket",
        "javax.microedition.io.Connector.https",
        "javax.microedition.io.Connector.ssl",
        "javax.microedition.io.Connector.serversocket",
        "javax.microedition.io.Connector.datagram",
        "javax.microedition.io.Connector.datagramreceiver",
        "javax.microedition.io.Connector.comm",
        "javax.microedition.io.PushRegistry",
    };

    /** Common permission dialog title for client protocols. */
    static final String CLIENT_DIALOG_TITLE = "OK to Send Information?";

    /** Common permission question for client protocols. */
    static final String CLIENT_PERMISSION_QUESTION =
        "%1 wants to send information. This will require the use of " +
        "airtime which may cost you money. Is this OK? (%3)";

    /** Common permission dialog title for server protocols. */
    static final String SERVER_DIALOG_TITLE = "OK to Receive Information?";

    /** Common permission question for server protocols. */
    static final String SERVER_PERMISSION_QUESTION =
        "%1 wants to receive information. This will require the use of " +
        "airtime which may cost you money. Is this OK? (%3)";

    /**
     * Questions to use for the user permission form.
     * Any %1 in the question will be replaced with the suite name and
     * any %2 will be replaced with the resource name.
     */
    private static String[] questions = {
        "com.sun.midp",
        "com.sun.midp.midletsuite.ams",
        CLIENT_PERMISSION_QUESTION,
        CLIENT_PERMISSION_QUESTION,
        CLIENT_PERMISSION_QUESTION,
        CLIENT_PERMISSION_QUESTION,
        SERVER_PERMISSION_QUESTION,
        CLIENT_PERMISSION_QUESTION,
        SERVER_PERMISSION_QUESTION,
        "%1 wants to directly connect to a computer to exchange " +
        "information. Is that OK? (%3)",
        "To work properly, %1 will need to start itself periodically " +
        "to receive information. If there is already an application " +
        "running, %1 will interrupt and that application will exit. " +
        "Is that OK?",
    };

    /** Titles use for the user permission form. */
    private static String[] titles = {
        "com.sun.midp",
        "com.sun.midp.midletsuite.ams",
        CLIENT_DIALOG_TITLE,
        CLIENT_DIALOG_TITLE,
        CLIENT_DIALOG_TITLE,
        CLIENT_DIALOG_TITLE,
        SERVER_DIALOG_TITLE,
        CLIENT_DIALOG_TITLE,
        SERVER_DIALOG_TITLE,
        "OK to Connect?",
        "OK to Start-up Periodically?",
    };

    /**
     * The maximum levels are held in the first element of the permissions
     * array.
     */
    public static final int MAX_LEVELS = 0;
    /**
     * The current levels are held in the first element of the permissions
     * array.
     */
    public static final int CUR_LEVELS = 1;

    /** com.sun.midp permission ID. */
    public static final int MIDP = 0;
    /** com.sun.midp.midletsuite.ams permission ID. */
    public static final int AMS = 1;
    /** javax.microedition.io.Connector.http permission ID. */
    public static final int HTTP = 2;
    /** javax.microedition.io.Connector.socket permission ID. */
    public static final int TCP = 3;
    /** javax.microedition.io.Connector.https permission ID. */
    public static final int HTTPS = 4;
    /** javax.microedition.io.Connector.ssl permission ID. */
    public static final int SSL = 5;
    /** javax.microedition.io.Connector.serversocket permission ID. */
    public static final int TCP_SERVER = 6;
    /** javax.microedition.io.Connector.datagram permission ID. */
    public static final int UDP = 7;
    /** javax.microedition.io.Connector.datagramreceiver permission ID. */
    public static final int UDP_SERVER = 8;
    /** javax.microedition.io.Connector.comm permission ID. */
    public static final int COMM = 9;
    /** javax.microedition.io.PushRegistry permission ID. */
    public static final int PUSH = 10;
    /** Number of permissions. */
    public static final int NUMBER_OF_PERMISSIONS = 11;

    /** Never allowed an permission. */
    public static final byte NEVER = 0;
    /** Allow an permission with out asking the user. */
    public static final byte ALLOW = 1;
    /** Allow permission until the the user changes it in the settings form. */
    public static final byte BLANKET_GRANTED = 2;
    /** Allow a permission after asking the user once. */
    public static final byte BLANKET = 4;
    /** Allow an permission after asking the user once a session. */
    public static final byte SESSION = 8;
    /** Allow an permission after asking the user every use. */
    public static final byte ONE_SHOT = 16;
    /** Denied by the user, until next session. */
    public static final byte DENY_SESSION = 32;
    /** Ask the user to Deny by default. */
    public static final byte DENY = 64;
    /** Deny by the user, until the user changes it in the settings form. */
    public static final byte USER_DENIED = -128;

    /** Table to save all permissions; keyed by the domain */
    private static Hashtable permissionsTable = null;

    /**
     * Get the name of a permission.
     *
     * @param permission permission number
     *
     * @return permission name
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getName(int permission) {
        if (permission < 0 || permission >= names.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return names[permission];
    }

    /**
     * Get the dialog title for a permission.
     *
     * @param permission permission number
     *
     * @return permission dialog title
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getTitle(int permission) {
        if (permission < 0 || permission >= titles.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return titles[permission];
    }

    /**
     * Get the question for a permission.
     *
     * @param permission permission number
     *
     * @return permission question
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getQuestion(int permission) {
        if (permission < 0 || permission >= questions.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return questions[permission];
    }

    /**
     * Create a list of permission groups a domain is permitted to perform.
     *
     * @param token security token of the calling class, can be null for
     *              built-in classes.
     * @param name name of domain
     *
     * @return 2 arrays, the first containing the maxium level for each
     *     permission, the second containing the default or starting level
     *     for each permission supported
     */
    public static byte[][] forDomain(SecurityToken token, String name) {
        byte [] maximums = new byte[NUMBER_OF_PERMISSIONS];
        byte [] defaults = new byte[NUMBER_OF_PERMISSIONS];
        byte[][] permissions = {maximums, defaults};

        if (INTERNAL_DOMAIN_NAME.equals(name)) {
            for (int i = 0; i < maximums.length; i++) {
                maximums[i] = ALLOW;
                defaults[i] = ALLOW;
            }

            return permissions;
        }

        /*
         * Get permissions from the permissions file
         */
        if (getPermissions(token, name, maximums, defaults)) {
            return permissions;
        }            

        // unknown is the same as untrusted
        if (getPermissions(token, "untrusted", maximums, defaults)) {
            return permissions;
        }

        throw new SecurityException("untrusted domain is not configured");
    }

    /**
     * Create an empty list of permission groups.
     *
     * @return array containing the empty permission groups
     */
    public static byte[] getEmptySet() {
        byte[] permissions = new byte[NUMBER_OF_PERMISSIONS];

        clearPerms(permissions);  // Set permissions to default values
        return permissions;
    }

    /**
     * Expand all alias names in the given API list to their constituent
     * APIs.
     *
     * @param apiList a list of APIs that may or may not contain alias
     *                names.
     * @param aliasTable a table that contains all known aliases.
     *
     * @return Vector a list of APIs with all aliases fully expanded.
     */
    private static Vector expandAlias(Vector apiList, Hashtable aliasTable) {
        boolean aliasMatch = false;
        Vector  returnList;
        int     aliasIdx;
        int     apiIdx;

        /* Exit if there are no APIs or aliases defined */
        if ((aliasTable == null) || (apiList == null)) {
            return apiList;
        }

        /* We will have at leave apiList.size() elements in the return list */
        returnList = new Vector(apiList.size());