permissions.java

来自「This is a resource based on j2me embedde」· Java 代码 · 共 1,249 行 · 第 1/3 页

/*
 *
 *
 * Copyright  1990-2007 Sun Microsystems, Inc. All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version
 * 2 only, as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License version 2 for more details (a copy is
 * included at /legal/license.txt).
 * 
 * You should have received a copy of the GNU General Public License
 * version 2 along with this work; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 * 
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
 * Clara, CA 95054 or visit www.sun.com if you need additional
 * information or have any questions.
 */

package com.sun.midp.security;

import java.util.Hashtable;
import java.util.Vector;

import com.sun.midp.i18n.Resource;
import com.sun.midp.i18n.ResourceConstants;
import java.io.IOException;

/**
 * This class is a standard list of permissions that
 * a suite can do and is used by all internal security
 * features. This class also builds a list of permission for each
 * security domain. This only class that would need to be updated in order to
 * add a new security domain.
 */
public final class Permissions {

    /** Name of the MIDP permission. */
    public static final String MIDP_PERMISSION_NAME = "com.sun.midp";

    /** Name of the AMS permission. */
    public static final String AMS_PERMISSION_NAME = "com.sun.midp.ams";

    /** Binding name of the Manufacturer domain. (all permissions allowed) */
    public static final String MANUFACTURER_DOMAIN_BINDING = "manufacturer";

    /** Binding name of the Operator domain. */
    public static final String OPERATOR_DOMAIN_BINDING = "operator";

    /** Binding name of the Third party Identified domain. */
    public static final String IDENTIFIED_DOMAIN_BINDING =
            "identified_third_party";

    /** Binding name of the Third party Unidentified domain. */
    public static final String UNIDENTIFIED_DOMAIN_BINDING =
            "unidentified_third_party";

    /**
     * Binding name of the Minimum domain for testing.
     * (all permissions denied)
     */
    public static final String MINIMUM_DOMAIN_BINDING = "minimum";

    /**
     * Binding name of the Maximum domain for testing.
     * (all public permissions allowed)
     */
    public static final String MAXIMUM_DOMAIN_BINDING = "maximum";

    /**
     * The maximum levels are held in the first element of the permissions
     * array.
     */
    public static final int MAX_LEVELS = 0;

    /**
     * The current levels are held in the first element of the permissions
     * array.
     */
    public static final int CUR_LEVELS = 1;

    /** com.sun.midp permission ID. */
    public static final int MIDP = 0;

    /** com.sun.midp.ams permission ID. */
    public static final int AMS = 1;

    /** Never allow the permission. */
    public static final byte NEVER = 0;

    /** Allow an permission with out asking the user. */
    public static final byte ALLOW = 1;

    /**
     * Permission granted by the user until the the user changes it in the
     * settings form.
     */
    public static final byte BLANKET_GRANTED = 2;

    /**
     * Allow a permission to be granted or denied by the user
     * until changed in the settings form.
     */
    public static final byte BLANKET = 4;

    /** Allow a permission to be granted only for the current session. */
    public static final byte SESSION = 8;

    /** Allow a permission to be granted only for one use. */
    public static final byte ONESHOT = 16;

    /**
     * Permission denied by the user until the user changes it in the
     * settings form.
     */
    public static final byte BLANKET_DENIED = -128;

    /** Third Party Never permission group. */
    static final PermissionGroup NEVER_GROUP =
        new PermissionGroup("", null, null, null, null, null);

    /** Permission to group map table. */
    static PermissionSpec[] permissionSpecs = null;

    /** Number of permissions. */
    public static int NUMBER_OF_PERMISSIONS;

    /* list of domains */
    private static DomainPolicy[] domainsAll = null;

    /* The domain name for unsigned midlets */
    private static String unsignedDomain = null;

    /* Permissions index lookup table */
    private static Hashtable permissionsHash;

    /* list of groups */
    private static PermissionGroup[] groupsAll = null;
    
    // Internal defined groups
    private static PermissionGroup NET_ACCESS_GROUP;
    private static PermissionGroup LOW_LEVEL_NET_ACCESS_GROUP;
    private static PermissionGroup SEND_MESSAGE_GROUP;
    private static PermissionGroup READ_MESSAGE_GROUP;
    private static PermissionGroup SEND_RESTRICTED_MESSAGE_GROUP;
    private static PermissionGroup READ_RESTRICTED_MESSAGE_GROUP;
    private static PermissionGroup AUTO_INVOCATION_GROUP;
    private static PermissionGroup READ_USER_DATA_GROUP;
    private static PermissionGroup MULTIMEDIA_GROUP;
    private static PermissionGroup LOCAL_CONN_GROUP;
    /** artificially constructed group for Push Interrupt Group. */
    private static PermissionGroup PUSH_INTERRUPT_GROUP;

    /**
     * Retuns artificially constructed group for Push Interrupt Group
     * @return Push Interrupt Group
     */
    public static PermissionGroup getPushInterruptGroup() {
        if (PUSH_INTERRUPT_GROUP == null) {
            PUSH_INTERRUPT_GROUP = new PermissionGroup(
                Resource.getString(ResourceConstants.AMS_MGR_INTRUPT),
                Resource.getString(ResourceConstants.AMS_MGR_INTRUPT_QUE),
                Resource.getString(ResourceConstants.AMS_MGR_INTRUPT_QUE_DONT),
                Resource.getString(ResourceConstants.PERMISSION_AUTO_START_DIALOG_TITLE),
                Resource.getString(ResourceConstants.PERMISSION_AUTO_START_QUE),
                null);
        }
        return PUSH_INTERRUPT_GROUP;
    }

    /**
     * Get the name of a permission.
     *
     * @param permission permission number
     *
     * @return permission name
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getName(int permission) {
    if (permission < 0 || permission >= permissionSpecs.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }
        return permissionSpecs[permission].name;
    }

    /**
     * Get the dialog title for a permission.
     *
     * @param permission permission number
     *
     * @return Resource constant for the permission dialog title
     * @exception SecurityException if the permission is invalid
     */
    public static String getTitle(int permission) {
        if (permission < 0 || permission >= permissionSpecs.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return permissionSpecs[permission].group.getRuntimeDialogTitle();
    }

    /**
     * Get the question for a permission.
     *
     * @param permission permission number
     *
     * @return Resource constant for the permission question
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getQuestion(int permission) {
        if (permission < 0 || permission >= permissionSpecs.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return permissionSpecs[permission].group.getRuntimeQuestion();
    }

    /**
     * Get the oneshot question for a permission.
     *
     * @param permission permission number
     *
     * @return Resource constant for the permission question
     *
     * @exception SecurityException if the permission is invalid
     */
    public static String getOneshotQuestion(int permission) {
        if (permission < 0 || permission >= permissionSpecs.length) {
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }

        return permissionSpecs[permission].group.getRuntimeOneshotQuestion();
    }

    /**
     * Get the ID of a permission.
     *
     * @param name permission name
     *
     * @return permission ID
     *
     * @exception SecurityException if the permission is invalid
     */
    public static int getId(String name) {
        int index;
        try {
            index = ((Integer)permissionsHash.get(name)).intValue();
            return index;
        } catch (Exception e){
            throw new SecurityException(SecurityToken.STD_EX_MSG);
        }
    }

    /**
     * Determine if a domain is a trusted domain.
     *
     * @param domain Binding name of a domain
     *
     * @return true if a domain is trusted, false if not
     */
    public static boolean isTrusted(String domain) {
        if (domainsAll == null) {
            init();
        }

        for (int i1 = 0; i1 < domainsAll.length;i1++) {
            if (domainsAll[i1].getName().equals(domain)) {
                return domainsAll[i1].isTrusted();
            }
        }

        return false;
    }

    /**
     * Returns domain for unsigned midlets.
     *
     * @return domain name
     */
    public static String getUnsignedDomain() {
        return unsignedDomain;
    }

    /**
     * Create a list of permission groups a domain is permitted to perform.
     *
     * @param name binding name of domain
     *
     * @return 2 arrays, the first containing the maximum level for each
     *     permission, the second containing the default or starting level
     *     for each permission supported
     */
    public static byte[][] forDomain(String name) {
        if (domainsAll == null) {
            init();
        }
                
        byte[] maximums = new byte[NUMBER_OF_PERMISSIONS];
        byte[] defaults = new byte[NUMBER_OF_PERMISSIONS];
        byte[][] permissions = {maximums, defaults};

        if (MANUFACTURER_DOMAIN_BINDING.equals(name)) {
            for (int i1 = 0; i1 < NUMBER_OF_PERMISSIONS; i1 ++) {
                maximums[i1] = ALLOW;
                defaults[i1] = ALLOW;
            }
            return permissions;
        }

        for (int i1 = 0; i1 < domainsAll.length; i1++) {
            if (domainsAll[i1].getName().equals(name)) {
                domainsAll[i1].getPermissionlevels(defaults, CUR_LEVELS);
                domainsAll[i1].getPermissionlevels(maximums, MAX_LEVELS);
            }
        }
        
        return permissions;
    }

    /**
     * Create an empty list of permission groups.
     *
     * @return array containing the empty permission groups
     */
    public static byte[] getEmptySet() {
        byte[] permissions = new byte[NUMBER_OF_PERMISSIONS];

        // Assume perms array is non-null
        for (int i = 0; i < permissions.length; i++) {
            // This is default permission
            permissions[i] = Permissions.NEVER;
        }

        return permissions;
    }

    /**
     * Get a list of all permission groups for the settings dialog.
     *
     * @return array of permission groups
     */
    static PermissionGroup[] getSettingGroups() {
        return groupsAll;
    }

    /**
     * Get a list of all permission groups for the settings dialog.
     *
     * @param levels current permission levels
     * 
     * @return array of permission groups
     */
    public static PermissionGroup[] getSettingGroups(byte[] levels) {
        PermissionGroup[] groups = null;

        if (groupsAll != null) {
            // merge two SEND/READ_[RESTRICTED_]MESSAGE_GROUP groups into one
            // for each of two pairs (messaging/restricted messaging)
            groups = new PermissionGroup[groupsAll.length - 2];
            int n = 0;

            for (int i = 0; i < groupsAll.length; i++) {
                if (groupsAll[i] == READ_MESSAGE_GROUP ||
                    groupsAll[i] == READ_RESTRICTED_MESSAGE_GROUP) {
                    continue;
                } if (groupsAll[i] == SEND_MESSAGE_GROUP) {
                    if (getPermissionGroupLevel(levels,
                                                SEND_MESSAGE_GROUP) != NEVER) {
                        groups[n++] = SEND_MESSAGE_GROUP;
                    } else {
                        groups[n++] = READ_MESSAGE_GROUP;
                    }
                } else if (groupsAll[i] == SEND_RESTRICTED_MESSAGE_GROUP) {
                    if (getPermissionGroupLevel(levels,
                            SEND_RESTRICTED_MESSAGE_GROUP) != NEVER) {
                        groups[n++] = SEND_RESTRICTED_MESSAGE_GROUP;
                    } else {
                        groups[n++] = READ_RESTRICTED_MESSAGE_GROUP;
                    }
                } else {
                    groups[n++] = groupsAll[i];
                }
            }
        }

        return groups;
    }

    /**
     * Find the max level of all the permissions in the same group.
     *
     * This is a policy dependent function for permission grouping.
     *
     * @param levels array of permission levels
     * @param group desired permission group
     * @param currentLevels true if the levels is the current permission levels,
     *                      false if the levels is an array of maximum allowed
     *                      permission levels.
     *
     * @return permission level
     */
    private static byte getPermissionGroupLevelImpl(byte[] levels,
            PermissionGroup group, boolean currentLevels) {
        byte maxLevel = NEVER;

        for (int i = 0; i < permissionSpecs.length; i++) {
            if (permissionSpecs[i].group == group && levels[i] != NEVER) {
                /*