Search in sources :

Example 51 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class LoaderHandler method getLoaderAccessControlContext.

/**
     * Return the access control context that a loader for the given
     * codebase URL path should execute with.
     */
private static AccessControlContext getLoaderAccessControlContext(URL[] urls) {
    /*
         * The approach used here is taken from the similar method
         * getAccessControlContext() in the sun.applet.AppletPanel class.
         */
    // begin with permissions granted to all code in current policy
    PermissionCollection perms = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<PermissionCollection>() {

        public PermissionCollection run() {
            CodeSource codesource = new CodeSource(null, (java.security.cert.Certificate[]) null);
            Policy p = java.security.Policy.getPolicy();
            if (p != null) {
                return p.getPermissions(codesource);
            } else {
                return new Permissions();
            }
        }
    });
    // createClassLoader permission needed to create loader in context
    perms.add(new RuntimePermission("createClassLoader"));
    // add permissions to read any "java.*" property
    perms.add(new java.util.PropertyPermission("java.*", "read"));
    // add permissions reuiqred to load from codebase URL path
    addPermissionsForURLs(urls, perms, true);
    /*
         * Create an AccessControlContext that consists of a single
         * protection domain with only the permissions calculated above.
         */
    ProtectionDomain pd = new ProtectionDomain(new CodeSource((urls.length > 0 ? urls[0] : null), (java.security.cert.Certificate[]) null), perms);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) CodeSource(java.security.CodeSource) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions)

Example 52 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class RMIConnectionImpl method withPermissions.

private static AccessControlContext withPermissions(Permission... perms) {
    Permissions col = new Permissions();
    for (Permission thePerm : perms) {
        col.add(thePerm);
    }
    final ProtectionDomain pd = new ProtectionDomain(null, col);
    return new AccessControlContext(new ProtectionDomain[] { pd });
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions) Permission(java.security.Permission)

Example 53 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class SubjectDomainCombiner method combineJavaxPolicy.

/**
     * Use the javax.security.auth.Policy implementation
     */
private ProtectionDomain[] combineJavaxPolicy(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
    if (!allowCaching) {
        java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {

            @SuppressWarnings("deprecation")
            public Void run() {
                // Call refresh only caching is disallowed
                javax.security.auth.Policy.getPolicy().refresh();
                return null;
            }
        });
    }
    int cLen = (currentDomains == null ? 0 : currentDomains.length);
    int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
    // the ProtectionDomains for the new AccessControlContext
    // that we will return
    ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
    synchronized (cachedPDs) {
        if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) {
            // if the Subject was mutated, clear the PD cache
            Set<Principal> newSet = subject.getPrincipals();
            synchronized (newSet) {
                principalSet = new java.util.HashSet<Principal>(newSet);
            }
            principals = principalSet.toArray(new Principal[principalSet.size()]);
            cachedPDs.clear();
            if (debug != null) {
                debug.println("Subject mutated - clearing cache");
            }
        }
        for (int i = 0; i < cLen; i++) {
            ProtectionDomain pd = currentDomains[i];
            ProtectionDomain subjectPd = cachedPDs.getValue(pd);
            if (subjectPd == null) {
                if (pdAccess.getStaticPermissionsField(pd)) {
                    // keep static ProtectionDomain objects static
                    subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions());
                } else {
                    // XXX
                    // we must first add the original permissions.
                    // that way when we later add the new JAAS permissions,
                    // any unresolved JAAS-related permissions will
                    // automatically get resolved.
                    // get the original perms
                    Permissions perms = new Permissions();
                    PermissionCollection coll = pd.getPermissions();
                    java.util.Enumeration<Permission> e;
                    if (coll != null) {
                        synchronized (coll) {
                            e = coll.elements();
                            while (e.hasMoreElements()) {
                                Permission newPerm = e.nextElement();
                                perms.add(newPerm);
                            }
                        }
                    }
                    // get perms from the policy
                    final java.security.CodeSource finalCs = pd.getCodeSource();
                    final Subject finalS = subject;
                    PermissionCollection newPerms = java.security.AccessController.doPrivileged(new PrivilegedAction<PermissionCollection>() {

                        @SuppressWarnings("deprecation")
                        public PermissionCollection run() {
                            return javax.security.auth.Policy.getPolicy().getPermissions(finalS, finalCs);
                        }
                    });
                    // avoiding duplicates
                    synchronized (newPerms) {
                        e = newPerms.elements();
                        while (e.hasMoreElements()) {
                            Permission newPerm = e.nextElement();
                            if (!perms.implies(newPerm)) {
                                perms.add(newPerm);
                                if (debug != null)
                                    debug.println("Adding perm " + newPerm + "\n");
                            }
                        }
                    }
                    subjectPd = new ProtectionDomain(finalCs, perms, pd.getClassLoader(), principals);
                }
                if (allowCaching)
                    cachedPDs.putValue(pd, subjectPd);
            }
            newDomains[i] = subjectPd;
        }
    }
    if (debug != null) {
        debug.println("updated current: ");
        for (int i = 0; i < cLen; i++) {
            debug.println("\tupdated[" + i + "] = " + newDomains[i]);
        }
    }
    // now add on the assigned domains
    if (aLen > 0) {
        System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
    }
    if (debug != null) {
        if (newDomains == null || newDomains.length == 0) {
            debug.println("returning null");
        } else {
            debug.println("combinedDomains: ");
            for (int i = 0; i < newDomains.length; i++) {
                debug.println("newDomain " + i + ": " + newDomains[i].toString());
            }
        }
    }
    // return the new ProtectionDomains
    if (newDomains == null || newDomains.length == 0) {
        return null;
    } else {
        return newDomains;
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions) Permission(java.security.Permission) Principal(java.security.Principal)

Example 54 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class SubjectDomainCombiner method optimize.

private static ProtectionDomain[] optimize(ProtectionDomain[] domains) {
    if (domains == null || domains.length == 0)
        return null;
    ProtectionDomain[] optimized = new ProtectionDomain[domains.length];
    ProtectionDomain pd;
    int num = 0;
    for (int i = 0; i < domains.length; i++) {
        // skip System Domains
        if ((pd = domains[i]) != null) {
            // remove duplicates
            boolean found = false;
            for (int j = 0; j < num && !found; j++) {
                found = (optimized[j] == pd);
            }
            if (!found) {
                optimized[num++] = pd;
            }
        }
    }
    // resize the array if necessary
    if (num > 0 && num < domains.length) {
        ProtectionDomain[] downSize = new ProtectionDomain[num];
        System.arraycopy(optimized, 0, downSize, 0, downSize.length);
        optimized = downSize;
    }
    return ((num == 0 || optimized.length == 0) ? null : optimized);
}
Also used : ProtectionDomain(java.security.ProtectionDomain)

Example 55 with ProtectionDomain

use of java.security.ProtectionDomain in project jdk8u_jdk by JetBrains.

the class DefaultMBeanServerInterceptor method checkMBeanTrustPermission.

private static void checkMBeanTrustPermission(final Class<?> theClass) throws SecurityException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        Permission perm = new MBeanTrustPermission("register");
        PrivilegedAction<ProtectionDomain> act = new PrivilegedAction<ProtectionDomain>() {

            public ProtectionDomain run() {
                return theClass.getProtectionDomain();
            }
        };
        ProtectionDomain pd = AccessController.doPrivileged(act);
        AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
        sm.checkPermission(perm, acc);
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) PrivilegedAction(java.security.PrivilegedAction) MBeanTrustPermission(javax.management.MBeanTrustPermission) MBeanPermission(javax.management.MBeanPermission) MBeanTrustPermission(javax.management.MBeanTrustPermission) Permission(java.security.Permission)

Aggregations

ProtectionDomain (java.security.ProtectionDomain)148 InstrumentClass (com.navercorp.pinpoint.bootstrap.instrument.InstrumentClass)44 Instrumentor (com.navercorp.pinpoint.bootstrap.instrument.Instrumentor)44 TransformCallback (com.navercorp.pinpoint.bootstrap.instrument.transformer.TransformCallback)42 CodeSource (java.security.CodeSource)39 InstrumentException (com.navercorp.pinpoint.bootstrap.instrument.InstrumentException)28 AccessControlContext (java.security.AccessControlContext)24 Permissions (java.security.Permissions)22 InstrumentMethod (com.navercorp.pinpoint.bootstrap.instrument.InstrumentMethod)20 Permission (java.security.Permission)17 URL (java.net.URL)16 Policy (java.security.Policy)16 Test (org.junit.Test)16 File (java.io.File)12 PermissionCollection (java.security.PermissionCollection)12 IOException (java.io.IOException)11 Method (java.lang.reflect.Method)8 URI (java.net.URI)8 HashSet (java.util.HashSet)8 Principal (java.security.Principal)7