# HG changeset patch # User Jaroslav Tulach # Date 1380881102 -7200 # Node ID b16f72c563f23d8d854cf442d917f93fc10740af # Parent 41046f76a76ad0338bfed93d06148449597d253e Trivial access controller diff -r 41046f76a76a -r b16f72c563f2 rt/emul/compact/src/main/java/java/security/AccessController.java --- a/rt/emul/compact/src/main/java/java/security/AccessController.java Fri Oct 04 12:01:56 2013 +0200 +++ b/rt/emul/compact/src/main/java/java/security/AccessController.java Fri Oct 04 12:05:02 2013 +0200 @@ -25,8 +25,6 @@ package java.security; -import sun.security.util.Debug; - /** *

The AccessController class is used for access control operations * and decisions. @@ -264,7 +262,9 @@ * @see java.security.DomainCombiner */ - public static native T doPrivileged(PrivilegedAction action); + public static T doPrivileged(PrivilegedAction action) { + return action.run(); + } /** * Performs the specified PrivilegedAction with privileges @@ -289,13 +289,7 @@ * @since 1.6 */ public static T doPrivilegedWithCombiner(PrivilegedAction action) { - - DomainCombiner dc = null; - AccessControlContext acc = getStackAccessControlContext(); - if (acc == null || (dc = acc.getAssignedCombiner()) == null) { - return AccessController.doPrivileged(action); - } - return AccessController.doPrivileged(action, preserveCombiner(dc)); + return action.run(); } @@ -326,8 +320,8 @@ * @see #doPrivileged(PrivilegedAction) * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) */ - public static native T doPrivileged(PrivilegedAction action, - AccessControlContext context); +// public static native T doPrivileged(PrivilegedAction action, +// AccessControlContext context); /** * Performs the specified PrivilegedExceptionAction with @@ -353,9 +347,15 @@ * @see #doPrivilegedWithCombiner(PrivilegedExceptionAction) * @see java.security.DomainCombiner */ - public static native T + public static T doPrivileged(PrivilegedExceptionAction action) - throws PrivilegedActionException; + throws PrivilegedActionException { + try { + return action.run(); + } catch (Exception ex) { + throw new PrivilegedActionException(ex); + } + } /** @@ -385,43 +385,10 @@ */ public static T doPrivilegedWithCombiner (PrivilegedExceptionAction action) throws PrivilegedActionException { - - DomainCombiner dc = null; - AccessControlContext acc = getStackAccessControlContext(); - if (acc == null || (dc = acc.getAssignedCombiner()) == null) { - return AccessController.doPrivileged(action); - } - return AccessController.doPrivileged(action, preserveCombiner(dc)); + return doPrivileged(action); } /** - * preserve the combiner across the doPrivileged call - */ - private static AccessControlContext preserveCombiner - (DomainCombiner combiner) { - - /** - * callerClass[0] = Reflection.getCallerClass - * callerClass[1] = AccessController.preserveCombiner - * callerClass[2] = AccessController.doPrivileged - * callerClass[3] = caller - */ - final Class callerClass = sun.reflect.Reflection.getCallerClass(3); - ProtectionDomain callerPd = doPrivileged - (new PrivilegedAction() { - public ProtectionDomain run() { - return callerClass.getProtectionDomain(); - } - }); - - // perform 'combine' on the caller of doPrivileged, - // even if the caller is from the bootclasspath - ProtectionDomain[] pds = new ProtectionDomain[] {callerPd}; - return new AccessControlContext(combiner.combine(pds, null), combiner); - } - - - /** * Performs the specified PrivilegedExceptionAction with * privileges enabled and restricted by the specified * AccessControlContext. The action is performed with the @@ -450,30 +417,10 @@ * @see #doPrivileged(PrivilegedAction) * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) */ - public static native T - doPrivileged(PrivilegedExceptionAction action, - AccessControlContext context) - throws PrivilegedActionException; - - /** - * Returns the AccessControl context. i.e., it gets - * the protection domains of all the callers on the stack, - * starting at the first class with a non-null - * ProtectionDomain. - * - * @return the access control context based on the current stack or - * null if there was only privileged system code. - */ - - private static native AccessControlContext getStackAccessControlContext(); - - /** - * Returns the "inherited" AccessControl context. This is the context - * that existed when the thread was created. Package private so - * AccessControlContext can use it. - */ - - static native AccessControlContext getInheritedAccessControlContext(); +// public static native T +// doPrivileged(PrivilegedExceptionAction action, +// AccessControlContext context) +// throws PrivilegedActionException; /** * This method takes a "snapshot" of the current calling context, which @@ -486,17 +433,17 @@ * @return the AccessControlContext based on the current context. */ - public static AccessControlContext getContext() - { - AccessControlContext acc = getStackAccessControlContext(); - if (acc == null) { - // all we had was privileged system code. We don't want - // to return null though, so we construct a real ACC. - return new AccessControlContext(null, true); - } else { - return acc.optimize(); - } - } +// public static AccessControlContext getContext() +// { +// AccessControlContext acc = getStackAccessControlContext(); +// if (acc == null) { +// // all we had was privileged system code. We don't want +// // to return null though, so we construct a real ACC. +// return new AccessControlContext(null, true); +// } else { +// return acc.optimize(); +// } +// } /** * Determines whether the access request indicated by the @@ -516,42 +463,42 @@ * security policy currently in effect. */ - public static void checkPermission(Permission perm) - throws AccessControlException - { - //System.err.println("checkPermission "+perm); - //Thread.currentThread().dumpStack(); - - if (perm == null) { - throw new NullPointerException("permission can't be null"); - } - - AccessControlContext stack = getStackAccessControlContext(); - // if context is null, we had privileged system code on the stack. - if (stack == null) { - Debug debug = AccessControlContext.getDebug(); - boolean dumpDebug = false; - if (debug != null) { - dumpDebug = !Debug.isOn("codebase="); - dumpDebug &= !Debug.isOn("permission=") || - Debug.isOn("permission=" + perm.getClass().getCanonicalName()); - } - - if (dumpDebug && Debug.isOn("stack")) { - Thread.currentThread().dumpStack(); - } - - if (dumpDebug && Debug.isOn("domain")) { - debug.println("domain (context is null)"); - } - - if (dumpDebug) { - debug.println("access allowed "+perm); - } - return; - } - - AccessControlContext acc = stack.optimize(); - acc.checkPermission(perm); - } +// public static void checkPermission(Permission perm) +// throws AccessControlException +// { +// //System.err.println("checkPermission "+perm); +// //Thread.currentThread().dumpStack(); +// +// if (perm == null) { +// throw new NullPointerException("permission can't be null"); +// } +// +// AccessControlContext stack = getStackAccessControlContext(); +// // if context is null, we had privileged system code on the stack. +// if (stack == null) { +// Debug debug = AccessControlContext.getDebug(); +// boolean dumpDebug = false; +// if (debug != null) { +// dumpDebug = !Debug.isOn("codebase="); +// dumpDebug &= !Debug.isOn("permission=") || +// Debug.isOn("permission=" + perm.getClass().getCanonicalName()); +// } +// +// if (dumpDebug && Debug.isOn("stack")) { +// Thread.currentThread().dumpStack(); +// } +// +// if (dumpDebug && Debug.isOn("domain")) { +// debug.println("domain (context is null)"); +// } +// +// if (dumpDebug) { +// debug.println("access allowed "+perm); +// } +// return; +// } +// +// AccessControlContext acc = stack.optimize(); +// acc.checkPermission(perm); +// } }