permissions.java
来自「This is a resource based on j2me embedde」· Java 代码 · 共 1,249 行 · 第 1/3 页
JAVA
1,249 行
* Except for NEVER the lower the int value the higher * the permission level. */ if (levels[i] < maxLevel || maxLevel == NEVER) { maxLevel = levels[i]; } } } /** * For Read Message Group, consider group level is OneShot if maximum * permission level is Blanket. */ if ((group == READ_MESSAGE_GROUP || group == READ_RESTRICTED_MESSAGE_GROUP) && (maxLevel == BLANKET)) { if (currentLevels) { maxLevel = ONESHOT; } } return maxLevel; } /** * Find the max level of all the current permissions in the group. * * This is a policy dependent function for permission grouping. * * @param levels array of permission levels * @param group desired permission group * * @return permission level */ public static byte getPermissionGroupLevel(byte[] levels, PermissionGroup group) { return getPermissionGroupLevelImpl(levels, group, true); } /** * Find the max level of all the maximum allowed permissions in the group. * * This is a policy dependent function for permission grouping. * * @param levels array of permission levels * @param group desired permission group * * @return permission level */ public static byte getMaximumPermissionGroupLevel(byte[] levels, PermissionGroup group) { return getPermissionGroupLevelImpl(levels, group, false); } /** * Set the level of all the permissions in the same group as this * permission to the given level. * <p> * This is a policy dependent function for permission grouping.</p> * * The following combinations of permissions are mutually exclusive: * <ul> * <li> Any of Net Access, Messaging or Local Connectivity set to Blanket * in combination with any of Multimedia recording or Read User Data * Access set to Blanket</li> * <li> Application Auto Invocation (or push interrupt level) set to * Blanket and Net Access set to Blanket</li> * </ul> * * @param current current permission levels * @param pushInterruptLevel Push interrupt level * @param group desired permission group * @param level permission level * * @exception SecurityException if the change would produce a mutually * exclusive combination */ public static void setPermissionGroup(byte[] current, byte pushInterruptLevel, PermissionGroup group, byte level) throws SecurityException { PermissionGroup[] pg = checkForMutuallyExclusiveCombination(current, pushInterruptLevel, group, level); if (pg != null) { throw new SecurityException( createMutuallyExclusiveErrorMessage(pg[0], pg[1])); } for (int i = 0; i < permissionSpecs.length; i++) { if (permissionSpecs[i].group == group) { setPermission(current, i, level); } } /* * For some reason specs do not want separate send and * receive message groups, but want the questions and interrupt * level to be different for send, so internally we have 2 groups * that must be kept in synch. The setting dialog only presents * the send message group, see the getSettingGroups method. */ PermissionGroup readGroup = null; if (group == SEND_MESSAGE_GROUP) { readGroup = READ_MESSAGE_GROUP; } else if (group == SEND_RESTRICTED_MESSAGE_GROUP) { readGroup = READ_RESTRICTED_MESSAGE_GROUP; } if (readGroup != null) { /* * Since the send group have a max level of oneshot, this method * will only code get used by the settings dialog, when a user * changes the send group from blanket denied to oneshot. */ if (level != BLANKET_DENIED) { /* * If send is set to to any thing but blanket denied * then receive is set to blanket. */ level = BLANKET_GRANTED; } for (int i = 0; i < permissionSpecs.length; i++) { if (permissionSpecs[i].group == readGroup) { setPermission(current, i, level); } } return; } PermissionGroup sendGroup = null; if (group == READ_MESSAGE_GROUP) { sendGroup = SEND_MESSAGE_GROUP; } else if (group == READ_RESTRICTED_MESSAGE_GROUP) { sendGroup = SEND_RESTRICTED_MESSAGE_GROUP; } if (sendGroup != null) { if (level == ONESHOT) { for (int i = 0; i < permissionSpecs.length; i++) { if (permissionSpecs[i].group == group) { setPermission(current, i, BLANKET); } } } /* * Keep both subgoups in synch when READ_[RESTRICTED_]MESSAGE_GROUP is * changed. */ if (level != BLANKET_GRANTED) { for (int i = 0; i < permissionSpecs.length; i++) { if (permissionSpecs[i].group == sendGroup) { setPermission(current, i, level); } } } } } /** * Grant or deny of a permission and all of the other permissions in * it group. * <p> * This is a policy dependent function for permission grouping.</p> * * This method must only be used when not changing the interaction level * (blanket, session, one shot). * * @param current current permission levels * @param permission permission ID from the group * @param level permission level * @exception SecurityException if the change would produce a mutually * exclusive combination */ public static void setPermissionGroup(byte[] current, int permission, byte level) throws SecurityException { if (permission < 0 || permission >= permissionSpecs.length) { return; } PermissionGroup group = permissionSpecs[permission].group; setPermissionGroup(current, NEVER, group, level); } /** * Check to see if a given push interrupt level would produce a mutually * exclusive combination for the current security policy. If so, throw * an exception. * <p> * This is a policy dependent function for permission grouping.</p> * * The mutually combination is the push interrupt level set to Blanket and * Net Access set to Blanket. * * @param current current permission levels * @param pushInterruptLevel Push interrupt level * * @exception SecurityException if the change would produce a mutually * exclusive combination */ public static void checkPushInterruptLevel(byte[] current, byte pushInterruptLevel) throws SecurityException { byte level; if (pushInterruptLevel != BLANKET_GRANTED) { return; } final PermissionGroup[] netGroups = { NET_ACCESS_GROUP, LOW_LEVEL_NET_ACCESS_GROUP }; for (int i = 0; i < netGroups.length; i++) { level = getPermissionGroupLevel(current, netGroups[i]); if (level == BLANKET_GRANTED || level == BLANKET) { throw new SecurityException(createMutuallyExclusiveErrorMessage( Resource.getString(ResourceConstants.AMS_MGR_INTRUPT), netGroups[i].getName())); } } } /** * Check to see if a given push interrupt level would produce a mutually * exclusive combination for the current security policy. If so, throw * an exception. * <p> * This is a policy dependent function for permission grouping.</p> * * The mutually combination is the push interrupt level set to Blanket and * Net Access set to Blanket. * * @param current current permission levels * @param pushInterruptLevel Push interrupt level * @return mutually exclusive groups */ public static PermissionGroup[] checkForMutuallyExclusiveCombination(byte[] current, byte pushInterruptLevel) { byte level; if (pushInterruptLevel != BLANKET_GRANTED) { return null; } level = getPermissionGroupLevel(current, NET_ACCESS_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { PermissionGroup[] ret = new PermissionGroup[2]; ret[0] = PUSH_INTERRUPT_GROUP; ret[1] = NET_ACCESS_GROUP; return ret; } return null; } /** * Set the level the permission if the permission is not set to NEVER * or ALLOW. * * @param current current permission levels * @param permission permission ID for permission to set * @param level permission level */ private static void setPermission(byte[] current, int permission, byte level) { if (current[permission] != NEVER || current[permission] != ALLOW) { current[permission] = level; } } /** * Check to see if a given level for a group would produce a mutually * exclusive combination for the current security policy. If so, * return mutually exclusive groups. * <p> * This is a policy dependent function for permission grouping.</p> * * The following combinations of permissions are mutually exclusive: * <ul> * <li> Any of Net Access, Messaging or Local Connectivity set to Blanket * in combination with any of Multimedia recording or Read User Data * Access set to Blanket</li> * <li> Application Auto Invocation set to Blanket and Net Access set to * Blanket</li> * </ul> * * @param current current permission levels * @param pushInterruptLevel Push interrupt level * @param group desired permission group * @param newLevel permission level * @return mutually exclusive groups */ public static PermissionGroup[] checkForMutuallyExclusiveCombination(byte[] current, byte pushInterruptLevel, PermissionGroup group, byte newLevel) { byte level; if (newLevel != BLANKET_GRANTED) { return null; } if (group == NET_ACCESS_GROUP) { if (pushInterruptLevel == BLANKET_GRANTED || pushInterruptLevel == BLANKET) { PermissionGroup[] ret = new PermissionGroup[2]; ret[0] = NET_ACCESS_GROUP; ret[1] = PUSH_INTERRUPT_GROUP; return ret; } level = getPermissionGroupLevel(current, AUTO_INVOCATION_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { PermissionGroup[] ret = new PermissionGroup[2]; ret[0] = NET_ACCESS_GROUP; ret[1] = AUTO_INVOCATION_GROUP; return ret; } return null; } if (group == AUTO_INVOCATION_GROUP) { level = getPermissionGroupLevel(current, NET_ACCESS_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { PermissionGroup[] ret = new PermissionGroup[2]; ret[0] = AUTO_INVOCATION_GROUP; ret[1] = NET_ACCESS_GROUP; return ret; } } return null; } /** * Check to see if a given level for a group would produce a potentially * dangerous combination for the current security policy. If so, * return a warning message, else - null. * <p> * This is a policy dependent function for permission grouping.</p> * * The following combinations of permissions are potentially dangerous: * <ul> * <li> Any of Net Access, Messaging or Local Connectivity set to Blanket * in combination with any of Multimedia recording or Read User Data * Access set to Blanket</li> * </ul> * * @param current current permission levels * @param pushInterruptLevel Push interrupt level * @param group desired permission group * @param newLevel permission level * * @return warning message if the change would produce a potentially * dangerous combination or null otherwise */ public static String getInsecureCombinationWarning(byte[] current, byte pushInterruptLevel, PermissionGroup group, byte newLevel) { if (newLevel != BLANKET_GRANTED) { return null; } byte level; if (group == NET_ACCESS_GROUP || group == LOW_LEVEL_NET_ACCESS_GROUP) { if (pushInterruptLevel == BLANKET_GRANTED || pushInterruptLevel == BLANKET) { return createInsecureCombinationWarningMessage( group.getName(), Resource.getString(ResourceConstants.AMS_MGR_INTRUPT)); } level = getPermissionGroupLevel(current, READ_USER_DATA_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { return createInsecureCombinationWarningMessage( group, READ_USER_DATA_GROUP); } level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { return createInsecureCombinationWarningMessage( group, MULTIMEDIA_GROUP); } level = getPermissionGroupLevel(current, AUTO_INVOCATION_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { return createMutuallyExclusiveErrorMessage(group, AUTO_INVOCATION_GROUP); } } if (group == LOCAL_CONN_GROUP) { level = getPermissionGroupLevel(current, READ_USER_DATA_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { return createInsecureCombinationWarningMessage( LOCAL_CONN_GROUP, READ_USER_DATA_GROUP); } level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP); if (level == BLANKET_GRANTED || level == BLANKET) { return createInsecureCombinationWarningMessage( LOCAL_CONN_GROUP, MULTIMEDIA_GROUP); } } final PermissionGroup[] netGroups = { NET_ACCESS_GROUP, LOW_LEVEL_NET_ACCESS_GROUP };⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?