policyfile.java

来自「This is a resource based on j2me embedde」· Java 代码 · 共 984 行 · 第 1/3 页

/*
 * @(#)PolicyFile.java	1.13 06/10/11
 *
 * Copyright  1990-2008 Sun Microsystems, Inc. All Rights Reserved.  
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER  
 *   
 * This program is free software; you can redistribute it and/or  
 * modify it under the terms of the GNU General Public License version  
 * 2 only, as published by the Free Software Foundation.   
 *   
 * This program is distributed in the hope that it will be useful, but  
 * WITHOUT ANY WARRANTY; without even the implied warranty of  
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  
 * General Public License version 2 for more details (a copy is  
 * included at /legal/license.txt).   
 *   
 * You should have received a copy of the GNU General Public License  
 * version 2 along with this work; if not, write to the Free Software  
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  
 * 02110-1301 USA   
 *   
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa  
 * Clara, CA 95054 or visit www.sun.com if you need additional  
 * information or have any questions. 
 *
 */
 

package sun.security.provider;

import java.io.*;
import java.lang.RuntimePermission;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import java.util.StringTokenizer;
import java.util.PropertyPermission;
import java.util.ArrayList;

import java.lang.reflect.*;

import java.security.cert.Certificate;
import java.security.*;

import sun.security.util.PropertyExpander;
import sun.security.util.Debug;
import sun.net.www.ParseUtil;


/**
 * The policy for a Java runtime (specifying 
 * which permissions are available for code from various principals)
 * is represented as one or more separate
 * persistent configurations.  Each configuration may be stored as a
 * flat ASCII file, as a serialized binary file of
 * the Policy class, or as a database. <p>
 * 
 * Each Java runtime may have multiple policy files.
 * The default policy files are configured in the security
 * properties file to be:
 * 
 * <pre>
 *   (<i>java.home</i>)/lib/security/java.policy
 *   (<i>user.home</i>)/.java.policy
 * </pre>
 * 
 * <p>where <i>java.home</i> indicates the JDK installation directory 
 * (determined by the value of the "java.home" system property),
 * and
 * <p>where <i>user.home</i> indicates the user's home directory
 * (determined by the value of the "user.home" system property).
 * 
 * <p>The Java runtime creates one global Policy object, which is used to
 * represent the permissions granted in the static policy configuration 
 * file(s).  It is consulted by
 * a ProtectionDomain when the protection domain initializes its set of
 * permissions. <p>
 * 
 * <p>The Policy object is agnostic in that
 * it is not involved in making policy decisions.  It is merely the
 * Java runtime representation of the persistent policy configuration
 * file(s). <p>
 * 
 * <p>When a protection domain needs to initialize its set of
 * permissions, it executes code such as the following
 * to ask the global Policy object to populate a
 * PermissionCollection object with the appropriate permissions:
 * <pre>
 *  policy = Policy.getPolicy();
 *  PermissionCollection perms = policy.getPermissions(MyCodeSource)
 * </pre>
 * 
 * <p>The protection domain passes in a CodeSource
 * object, which encapsulates its codebase (URL) and public key attributes.
 * The Policy object evaluates the global policy in light of who the
 * principal is and returns an appropriate Permissions object. 
 * 
 * @author Roland Schemers
 * @version 1.42, 04/17/00
 * @see java.security.CodeSource
 * @see java.security.Permissions
 * @see java.security.ProtectionDomain 
 */

public class PolicyFile extends java.security.Policy {

    private static final Debug debug = Debug.getInstance("policy");

    private Vector policyEntries;
    private Hashtable aliasMapping;

    private boolean initialized = false;

    private boolean expandProperties = true;
    private boolean ignoreIdentityScope = false;

    // for use with the reflection API

    private static final Class[] PARAMS = { String.class, String.class};

    /** 
     * Creates a Policy object.
     */
    public PolicyFile() {
	// initialize Policy if either the java.security.policy or
	// java.security.manager properties are set
	String prop =(String) java.security.AccessController.doPrivileged(
               new sun.security.action.GetPropertyAction(
					   "java.security.policy"));
	if (prop == null) {
	    prop =(String) java.security.AccessController.doPrivileged(
                new sun.security.action.GetPropertyAction(
 					   "java.security.manager"));
	}
 	if (prop != null)
 	    init();
    }

    /** 
     * Initializes the Policy object and reads the default policy 
     * configuration file(s) into the Policy object.
     * 
     * The algorithm for locating the policy file(s) and reading their
     * information into the Policy object is:
     * <pre>
     *   loop through the Security Properties named "policy.url.1", 
     *   "policy.url.2", etc, until you don't find one. Each of 
     *   these specify a policy file.
     *   
     *   if none of these could be loaded, use a builtin static policy
     *      equivalent to the default lib/security/java.policy file.
     * 
     *   if the system property "java.policy" is defined (which is the
     *      case when the user uses the -D switch at runtime), and
     *     its use is allowed by the security property file,
     *     also load it.
     * </pre>
     * 
     * Each policy file consists of one or more grant entries, each of
     * which consists of a number of permission entries.
     * <pre>
     *   grant signedBy "<i>alias</i>", codeBase "<i>URL</i>" {
     *     permission <i>Type</i> "<i>name</i>", "<i>action</i>", 
     *         signedBy "<i>alias</i>";
     *     ....
     *     permission <i>Type</i> "<i>name</i>", "<i>action</i>", 
     *         signedBy "<i>alias</i>";
     *   };
     *  	
     * </pre>
     * 
     * All non-italicized items above must appear as is (although case 
     * doesn't matter and some are optional, as noted below).
     * Italicized items represent variable values.
     *
     * <p> A grant entry must begin with the word <code>grant</code>.
     * The <code>signedBy</code> and <code>codeBase</code> name/value 
     * pairs are optional.
     * If they are not present, then any signer (including unsigned code)
     * will match, and any codeBase will match.
     *
     * <p> A permission entry must begin with the word <code>permission</code>. 
     * The word <code><i>Type</i></code> in the template above would actually be
     * a specific permission type, such as <code>java.io.FilePermission</code>
     * or <code>java.lang.RuntimePermission</code>.
     * 
     * <p>The "<i>action</i>" is required for
     * many permission types, such as <code>java.io.FilePermission</code>
     * (where it specifies what type of file access is permitted).
     * It is not required for categories such as 
     * <code>java.lang.RuntimePermission</code>
     * where it is not necessary - you either have the 
     * permission specified by the <code>"<i>name</i>"</code> 
     * value following the type name or you don't.
     * 
     * <p>The <code>signedBy</code> name/value pair for a permission entry 
     * is optional. If present, it indicates a signed permission. That is,
     * the permission class itself must be signed by the given alias in
     * order for it to be granted. For example,
     * suppose you have the following grant entry:
     * 
     * <pre>
     *   grant {
     *     permission Foo "foobar", signedBy "FooSoft";
     *   }
     * </pre>
     * 
     * <p>Then this permission of type <i>Foo</i> is granted if the 
     * <code>Foo.class</code> permission has been signed by the 
     * "FooSoft" alias, or if <code>Foo.class</code> is a 
     * system class (i.e., is found on the CLASSPATH).
     * 
     * <p>Items that appear in an entry must appear in the specified order
     * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and 
     * "<i>action</i>"). An entry is terminated with a semicolon.
     * 
     * <p>Case is unimportant for the identifiers (<code>permission</code>, 
     * <code>signedBy</code>, <code>codeBase</code>, etc.) but is 
     * significant for the <i>Type</i>
     * or for any string that is passed in as a value. <p>
     * 
     * <p>An example of two entries in a policy configuration file is
     * <pre>
     *   //  if the code is signed by "Duke", grant it read/write to all 
     *   // files in /tmp.
     *
     *   grant signedBy "Duke" {
     * 		permission java.io.FilePermission "/tmp/*", "read,write";
     *   };
     * <p>	
     *   // grant everyone the following permission
     *
     *   grant { 
     * 	   permission java.util.PropertyPermission "java.vendor";
     *   };
     *  </pre>
     */
    private synchronized void init() {

	if (initialized)
	    return;

	policyEntries = new Vector();
	aliasMapping = new Hashtable(11);
	
	AccessController.doPrivileged(new java.security.PrivilegedAction() {
	    public Object run() {
		initPolicyFile();
		initialized = true;
		return null;
	    }
	});
    }

    /**
     * Refreshes the policy object. 
     *
     */
    public synchronized void refresh()
    {
	initialized = false;
	init();
    }


    private void initPolicyFile() {

	// No need to put this into a begin/endPrivileged block, because
	// this is already called from privileged code in Policy.java
	String prop = Security.getProperty("policy.expandProperties");

	if (prop != null) expandProperties = prop.equalsIgnoreCase("true");

	String iscp = Security.getProperty("policy.ignoreIdentityScope");

	if (iscp != null) ignoreIdentityScope = iscp.equalsIgnoreCase("true");

	// No need to put this into a begin/endPrivileged block, because
	// this is already called from privileged code in Policy.java
	String allowSys  = Security.getProperty("policy.allowSystemProperty");

	if ((allowSys!=null) && allowSys.equalsIgnoreCase("true")) {
	    // No need to put this into a begin/endPrivileged block, because
	    // this is already called from privileged code in Policy.java
	    String extra_policy = System.getProperty("java.security.policy");
	    if (extra_policy != null) {
		boolean overrideAll = false;
		if (extra_policy.startsWith("=")) {
		    overrideAll = true;
		    extra_policy = extra_policy.substring(1);
		}
		try {
		    extra_policy = PropertyExpander.expand(extra_policy);
		    URL policyURL;
		    File policyFile = new File(extra_policy);
		    if (policyFile.exists()) {
			policyURL = policyFile.toURL();
		    } else {
			policyURL = new URL(extra_policy);
		    }
		    if (debug != null)
			    debug.println("reading "+policyURL);
		    init(policyURL);
		} catch (Exception e) {
		    // ignore. 
		    if (debug != null) {
			debug.println("caught exception: "+e);
		    }

		}
		if (overrideAll) {
		    if (debug != null) {
			debug.println("overriding other policies!");
		    }
		    return;
		}
	    }
	} else {
	}

	int n = 1;
	boolean loaded_one = false;
	String policy_url;

	// No need to put this into a begin/endPrivileged block, because
	// this is already called from privileged code in Policy.java