|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 package com.nokia.mj.impl.security.midp.authorization; |
|
19 |
|
20 import com.nokia.mj.impl.utils.Uid; |
|
21 import com.nokia.mj.impl.utils.exception.InvalidAttributeException; |
|
22 import com.nokia.mj.impl.security.midp.common.MIDPPermission; |
|
23 import com.nokia.mj.impl.security.midp.common.UserSecuritySettings; |
|
24 import com.nokia.mj.impl.security.midp.common.UserSecuritySettingsImpl; |
|
25 import com.nokia.mj.impl.security.midp.common.PermissionAttribute; |
|
26 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermissionImpl; |
|
27 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission; |
|
28 import com.nokia.mj.impl.security.midp.common.AuthenticationCredentials; |
|
29 import com.nokia.mj.impl.security.midp.common.SecurityAttributes; |
|
30 import com.nokia.mj.impl.security.midp.common.ProtectionDomain; |
|
31 import com.nokia.mj.impl.utils.Attribute; |
|
32 import com.nokia.mj.impl.security.midp.storage.*; |
|
33 import com.nokia.mj.impl.storage.StorageSession; |
|
34 import com.nokia.mj.impl.security.utils.Logger; |
|
35 import java.util.Vector; |
|
36 import java.util.Hashtable; |
|
37 import java.util.Enumeration; |
|
38 |
|
39 /** |
|
40 * Grants permissions to MIDlet suites at installation time based on the |
|
41 * MIDlet's signing information and based on the permissions requested by the |
|
42 * MIDlet suite |
|
43 */ |
|
44 public final class PermissionGranter |
|
45 { |
|
46 // self |
|
47 private static PermissionGranter self; |
|
48 |
|
49 /* |
|
50 * Hashtable containing the granted permissions of |
|
51 * different aplications being installed |
|
52 */ |
|
53 private Hashtable iGrantedPermissions = new Hashtable(); |
|
54 |
|
55 /* |
|
56 * Hashtable containing the details of the blanket permissions of |
|
57 * different aplications being installed |
|
58 */ |
|
59 private Hashtable iBlanketPermissionsDetails = new Hashtable(); |
|
60 |
|
61 /** |
|
62 * Creates an instance of the PermissionGranter |
|
63 * |
|
64 * @return An instance of PermissionGranter |
|
65 */ |
|
66 public static PermissionGranter getInstance() |
|
67 { |
|
68 if (self == null) |
|
69 { |
|
70 self = new PermissionGranter(); |
|
71 } |
|
72 return self; |
|
73 } |
|
74 |
|
75 /** |
|
76 * Grants permissions to a certain MIDlet suite. This method is called |
|
77 * when/if the JAD is available |
|
78 * |
|
79 * @param msUID the UID if the MIDlet suite to whom the |
|
80 * permissions are granted |
|
81 * @param oldMSUID the UID if the MIDlet suite being updated |
|
82 * (if applicable) or null otherwise |
|
83 * @param requestedPermissions the permissions requested in the JAD by |
|
84 * the MIDlet (the set of requested permissions |
|
85 * is retrieved from |
|
86 * SecurityAttributes.getPermissionAttributes() |
|
87 * called after calling |
|
88 * SecurityAttributes.addDescriptorAttributes()) |
|
89 * @param authCredentials a set of credentials assigned to the MIDlet |
|
90 * suite as a result of calling |
|
91 * AuthenticationModule.authenticateJAD |
|
92 */ |
|
93 public void grantJadPermissions( |
|
94 Uid msUID, |
|
95 Uid oldMSUID, |
|
96 PermissionAttribute[] requestedPermissions, |
|
97 AuthenticationCredentials[] authCredentials) |
|
98 { |
|
99 if (msUID == null |
|
100 || authCredentials == null) |
|
101 { |
|
102 return; |
|
103 } |
|
104 |
|
105 Vector grantedPermissions = new Vector(); |
|
106 InvalidAttributeException excThrown = null; |
|
107 boolean validPermissionsGranted = false; |
|
108 for (int i=0; i< authCredentials.length; i++) |
|
109 { |
|
110 if (iGrantedPermissions.containsKey(msUID.getStringValue() |
|
111 + authCredentials[i].getProtectionDomainName())) |
|
112 { |
|
113 continue; |
|
114 } |
|
115 try |
|
116 { |
|
117 // try resolving the requested permissions |
|
118 Vector resolvedPermissions = resolvePermissions( |
|
119 msUID, |
|
120 authCredentials[i].getProtectionDomainName(), |
|
121 requestedPermissions, |
|
122 false /* skip adding the assigned permissions */); |
|
123 if (resolvedPermissions == null) |
|
124 { |
|
125 continue; |
|
126 } |
|
127 |
|
128 // store granted permissions to cache |
|
129 iGrantedPermissions.put(msUID.getStringValue() |
|
130 + authCredentials[i].getProtectionDomainName(), |
|
131 resolvedPermissions); |
|
132 // mark down that we have granted valid permissions |
|
133 validPermissionsGranted = true; |
|
134 } |
|
135 catch (InvalidAttributeException e) |
|
136 { |
|
137 // keep the exception instead of the granted permissions |
|
138 // and throw it later if needed |
|
139 iGrantedPermissions.put(msUID.getStringValue() |
|
140 + authCredentials[i].getProtectionDomainName(), e); |
|
141 if (excThrown == null) |
|
142 { |
|
143 excThrown = e; |
|
144 } |
|
145 } |
|
146 } |
|
147 // if granting permissions resulted in nothing but exceptions, |
|
148 // just throw the first one |
|
149 if (!validPermissionsGranted && excThrown != null) |
|
150 { |
|
151 throw excThrown; |
|
152 } |
|
153 } |
|
154 |
|
155 /** |
|
156 * Grants permissions to a certain MIDlet suite. This method is called |
|
157 * when the JAR is available |
|
158 * |
|
159 * @param storageSession the JavaStorage session to be used when |
|
160 * storing the granted permissions |
|
161 * @param msUID the UID if the MIDlet suite to whom the |
|
162 * permissions are granted |
|
163 * @param oldMSUID the UID if the MIDlet suite being updated |
|
164 * (if applicable) or null otherwise |
|
165 * @param requestedPermissions the permissions requested in the JAR by |
|
166 * the MIDlet (the set of requested permissions |
|
167 * is retrieved from |
|
168 * SecurityAttributes.getPermissionAttributes() |
|
169 * called after calling |
|
170 * SecurityAttributes.addManifestAttributes()) |
|
171 */ |
|
172 public void grantJarPermissions( |
|
173 StorageSession storageSession, |
|
174 Uid msUID, |
|
175 Uid oldMSUID, |
|
176 PermissionAttribute[] requestedPermissions) |
|
177 { |
|
178 if (storageSession == null |
|
179 || msUID == null) |
|
180 { |
|
181 return; |
|
182 } |
|
183 |
|
184 // take the domain from storage |
|
185 SecurityStorage storage = new SecurityStorage(storageSession); |
|
186 String protectionDomainName = storage.readProtectionDomain(msUID); |
|
187 // filter the already granted permissions |
|
188 Object o = iGrantedPermissions.remove( |
|
189 msUID.getStringValue() + protectionDomainName); |
|
190 Vector preGrantedPermissions = null; |
|
191 if (o != null) |
|
192 { |
|
193 if (o instanceof InvalidAttributeException) |
|
194 { |
|
195 throw(InvalidAttributeException)o; |
|
196 } |
|
197 preGrantedPermissions = (Vector)o; |
|
198 } |
|
199 // resolved the requested permissions |
|
200 Vector resolvedPermissions = resolvePermissions(msUID, |
|
201 protectionDomainName, |
|
202 requestedPermissions); |
|
203 |
|
204 // store the pre-granted and the resolved permissions |
|
205 if (preGrantedPermissions != null) |
|
206 { |
|
207 for (int i=0; i<preGrantedPermissions.size(); i++) |
|
208 { |
|
209 if (!resolvedPermissions.contains( |
|
210 preGrantedPermissions.elementAt(i))) |
|
211 { |
|
212 resolvedPermissions.addElement( |
|
213 preGrantedPermissions.elementAt(i)); |
|
214 } |
|
215 } |
|
216 } |
|
217 storage.writeGrantedPermissions( |
|
218 msUID, |
|
219 oldMSUID, |
|
220 resolvedPermissions); |
|
221 // update the cache with the full set of permissions |
|
222 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName, |
|
223 resolvedPermissions); |
|
224 Logger.logGrantedPermissions(resolvedPermissions); |
|
225 } |
|
226 |
|
227 /** |
|
228 * Grants all the permissions from a specified protection domain to a |
|
229 * certain MIDlet suite. |
|
230 * |
|
231 * @param storageSession the JavaStorage session to be used when |
|
232 * storing the granted permissions |
|
233 * @param uid the Uid if the MIDlet suite to whom the |
|
234 * permissions are granted |
|
235 * @param oldUid the Uid if the MIDlet suite being updated |
|
236 * (if applicable) or null otherwise |
|
237 * @param protectionDomain the protection domain containing the |
|
238 * permissions which are to be assigned to |
|
239 * the MIDlet suite. |
|
240 */ |
|
241 public void grantJarPermissions( |
|
242 StorageSession storageSession, |
|
243 Uid uid, |
|
244 Uid oldUid, |
|
245 ProtectionDomain protectionDomain) |
|
246 { |
|
247 if (uid == null || protectionDomain == null) |
|
248 { |
|
249 return; |
|
250 } |
|
251 |
|
252 // Build in the securityAttributes object with MIDP version only |
|
253 // (same as MIDP2 unsigned MIDlets suites do). this combined with |
|
254 // a certain protection domain guarantees that all the permissions |
|
255 // from a certain protection domain are retrieved |
|
256 SecurityAttributes securityAttributes = new SecurityAttributes(); |
|
257 Hashtable allAttributes = new Hashtable(); |
|
258 allAttributes.put(SecurityAttributes.MIDP_VERSION_ATTRIBUTE_NAME, new Attribute("", "MIDP-2.0")); |
|
259 securityAttributes.addDescriptorAttributes(allAttributes); |
|
260 |
|
261 // try resolving the requested permissions |
|
262 Vector resolvedPermissions = resolvePermissions( |
|
263 uid, |
|
264 protectionDomain.getName(), |
|
265 securityAttributes.getPermissionAttributes(), |
|
266 true /* add the assigned permissions */); |
|
267 |
|
268 // store the permissions |
|
269 SecurityStorage storage = new SecurityStorage(storageSession); |
|
270 storage.writeGrantedPermissions( |
|
271 uid, |
|
272 oldUid, |
|
273 resolvedPermissions); |
|
274 // update the cache with the full set of permissions |
|
275 iGrantedPermissions.put(uid.getStringValue() + protectionDomain, |
|
276 resolvedPermissions); |
|
277 Logger.logGrantedPermissions(resolvedPermissions); |
|
278 } |
|
279 |
|
280 /** |
|
281 * Retrieves the localized names of the "blanket permission"s granted to a |
|
282 * certain MIDlet suite. |
|
283 * The concept of blanket permission granted to a MIDlet suite is defined |
|
284 * by the following conditions: |
|
285 * <ul> |
|
286 * <li>The MIDlet suite is signed</li> |
|
287 * <li>The maximum allowed setting of each of the granted permissions |
|
288 * requested by the MIDlet suite is Blanket</li> |
|
289 * <li>The default setting of at least one of the requested permissions |
|
290 * is something else than Blanket</li> |
|
291 * <li>The MIDlet suite is not granted permissions in the following |
|
292 * combination: Application Auto Invocation AND Net Access</li> |
|
293 * </ul> |
|
294 * |
|
295 * @param msUID the UID of the MIDlet suite for whom the Blanket |
|
296 * permissions are queried |
|
297 * @return the localized names of the blanket permissions |
|
298 * granted to the MIDlet suite or null otherwise |
|
299 */ |
|
300 public String[] getBlanketPermissions( |
|
301 Uid msUID) |
|
302 { |
|
303 // sanity checks |
|
304 if (msUID == null) |
|
305 { |
|
306 return null; |
|
307 } |
|
308 // get the set of granted permissions |
|
309 String msUidKey = msUID.getStringValue(); |
|
310 Vector grantedPermissions = null; |
|
311 for (Enumeration e = iGrantedPermissions.keys() ; |
|
312 e.hasMoreElements() ;) |
|
313 { |
|
314 String key = (String)e.nextElement(); |
|
315 if (key.startsWith(msUidKey)) |
|
316 { |
|
317 grantedPermissions = (Vector)iGrantedPermissions.remove(key); |
|
318 if (key.endsWith("UnidentifiedThirdParty")) |
|
319 { |
|
320 // if the suite is not signed, there is no blanket |
|
321 // permissions concept either |
|
322 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned"); |
|
323 return null; |
|
324 } |
|
325 break; |
|
326 } |
|
327 } |
|
328 // Step1: go through each of the granted permissions and do the |
|
329 // following: |
|
330 // a) ensure that the maximum interaction mode is Blanket |
|
331 // b) mark down if the default setting is something else than |
|
332 // Blanket |
|
333 // c) mark down to which of the following lists it belongs |
|
334 // - list 1: Application Auto Invocation |
|
335 // - list 2: Net Access |
|
336 // - list 3: Net Access, Low Level Net Access, Messaging, Restricted messaging, Call control, Local connectivity |
|
337 // - list 4: Multimedia, Read user data |
|
338 // Step 2: check the following combinations: |
|
339 // a) permissions in list 1 and permissions list 2 |
|
340 // b) permissions in list 3 and permissions list 4 |
|
341 if (grantedPermissions != null && grantedPermissions.size() > 0) |
|
342 { |
|
343 boolean defaultNotBlanket = false; |
|
344 boolean permissions_from_mutually_exclusive_list_1 = false; |
|
345 boolean permissions_from_mutually_exclusive_list_2 = false; |
|
346 boolean permissions_from_sensitive_combination_list_1 = false; |
|
347 boolean permissions_from_sensitive_combination_list_2 = false; |
|
348 String blanketPermissionsDetails = "settings_inst_query_perm_sec"; |
|
349 Vector blanketPermissions = |
|
350 new Vector(); |
|
351 for (int i=0; i<grantedPermissions.size(); i++) |
|
352 { |
|
353 PolicyBasedPermission permission = |
|
354 ((PolicyBasedPermission)grantedPermissions.elementAt(i)); |
|
355 UserSecuritySettings settings = |
|
356 permission.getUserSecuritySettings(); |
|
357 if (settings == null) |
|
358 { |
|
359 // not a user permission -> move on to the next permission |
|
360 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions"); |
|
361 continue; |
|
362 } |
|
363 if (!settings.isInteractionModeAllowed( |
|
364 UserSecuritySettings.BLANKET_INTERACTION_MODE)) |
|
365 { |
|
366 // blanket is not an allowed interaction mode |
|
367 // -> no blanket permission |
|
368 Logger.log("Permission " + permission.getName() + " does not allow Blanket, therefore there are no blanket permissions returned"); |
|
369 return null; |
|
370 } |
|
371 String settingsLocName = UserSecuritySettingsImpl |
|
372 .getLocalizedName(settings.getName()); |
|
373 if (settings.getCurrentInteractionMode() |
|
374 != UserSecuritySettings.BLANKET_INTERACTION_MODE) |
|
375 { |
|
376 if (!blanketPermissions.contains(settingsLocName)) |
|
377 { |
|
378 blanketPermissions.addElement(settingsLocName); |
|
379 } |
|
380 defaultNotBlanket = true; |
|
381 } |
|
382 // mark down to which mutually exclusive list the permission belongs |
|
383 if (settings.getName().equalsIgnoreCase( |
|
384 UserSecuritySettings.APPLICATION_AUTO_INVOCATION_SETTINGS)) |
|
385 { |
|
386 permissions_from_mutually_exclusive_list_1 = true; |
|
387 } |
|
388 else if (settings.getName().equalsIgnoreCase( |
|
389 UserSecuritySettings.NET_ACCESS_SETTINGS)) |
|
390 { |
|
391 permissions_from_mutually_exclusive_list_2 = true; |
|
392 permissions_from_sensitive_combination_list_1 = true; |
|
393 blanketPermissionsDetails = "settings_inst_query_perm_net"; |
|
394 } |
|
395 else if (settings.getName().equalsIgnoreCase( |
|
396 UserSecuritySettings.LOW_LEVEL_NET_ACCESS_SETTINGS) |
|
397 || settings.getName().equalsIgnoreCase( |
|
398 UserSecuritySettings.MESSAGING_SETTINGS) |
|
399 || settings.getName().equalsIgnoreCase( |
|
400 UserSecuritySettings.RESTRICTED_MESSAGING_SETTINGS) |
|
401 || settings.getName().equalsIgnoreCase( |
|
402 UserSecuritySettings.CALL_CONTROL_SETTINGS) |
|
403 || settings.getName().equalsIgnoreCase( |
|
404 UserSecuritySettings.LOCAL_CONNECTIVITY_SETTINGS)) |
|
405 { |
|
406 permissions_from_sensitive_combination_list_1 = true; |
|
407 } |
|
408 else if (settings.getName().equalsIgnoreCase( |
|
409 UserSecuritySettings.MULTIMEDIA_RECORDING_SETTINGS) |
|
410 || settings.getName().equalsIgnoreCase( |
|
411 UserSecuritySettings.READ_USER_DATA_ACCESS_SETTINGS)) |
|
412 { |
|
413 permissions_from_sensitive_combination_list_2 = true; |
|
414 } |
|
415 } |
|
416 if (!defaultNotBlanket) |
|
417 { |
|
418 // none of the granted permissions has the default set to |
|
419 // something else than Blanket -> there is no blanket |
|
420 // permission concept |
|
421 Logger.log("All of the granted permissions are set to Blanket already, therefore there are no blanket permissions returned"); |
|
422 return null; |
|
423 } |
|
424 // check for "forbidden" combinations |
|
425 if (permissions_from_mutually_exclusive_list_1 |
|
426 && permissions_from_mutually_exclusive_list_2) |
|
427 { |
|
428 // forget about blanket permissions |
|
429 Logger.log("The mutual exclusive rules would be violated if the granted permissions were all set to Blanket, therefore there are no blanket permissions returned"); |
|
430 return null; |
|
431 } |
|
432 // check for sensitive combinations |
|
433 if (permissions_from_sensitive_combination_list_1 |
|
434 && permissions_from_sensitive_combination_list_2) |
|
435 { |
|
436 iBlanketPermissionsDetails.put(msUidKey, |
|
437 UserSecuritySettingsImpl.getLocalizedString( |
|
438 blanketPermissionsDetails)); |
|
439 } |
|
440 if (blanketPermissions.size() > 0) |
|
441 { |
|
442 String[] ret = new String[blanketPermissions.size()]; |
|
443 blanketPermissions.copyInto(ret); |
|
444 Logger.logBlanketPermissions(ret); |
|
445 return ret; |
|
446 } |
|
447 } |
|
448 return null; |
|
449 } |
|
450 |
|
451 /** |
|
452 * Retrieves details associated with the "blanket permission"s granted to a |
|
453 * certain MIDlet suite. |
|
454 * |
|
455 * @param msUID the UID of the MIDlet suite for whom the Blanket |
|
456 * permissions's details are queried |
|
457 * @return the details (as localized string) associated with |
|
458 * the blanket permissions or null otherwise |
|
459 */ |
|
460 public String getBlanketPermissionsDetails( |
|
461 Uid msUID) |
|
462 { |
|
463 // sanity checks |
|
464 if (msUID == null) |
|
465 { |
|
466 return null; |
|
467 } |
|
468 return (String)iBlanketPermissionsDetails.remove( |
|
469 msUID.getStringValue()); |
|
470 } |
|
471 |
|
472 |
|
473 /** |
|
474 * Sets the permissions granted to a certain MIDlet suite to Blanket |
|
475 * |
|
476 * @param storageSession the JavaStorage session to be used when setting |
|
477 * the permissions to Blanket |
|
478 * @param msUID the UID of the MIDlet suite whose permissions |
|
479 * are set to Blanket |
|
480 */ |
|
481 public void setPermissionsToBlanket( |
|
482 StorageSession storageSession, |
|
483 Uid msUID) |
|
484 { |
|
485 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts"); |
|
486 SecurityStorage storage = new SecurityStorage(storageSession); |
|
487 storage.writeUserSecuritySettings(msUID, |
|
488 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
489 true /* blanket prompt shown */); |
|
490 } |
|
491 |
|
492 /** |
|
493 * Performs a cleanup (e.g. on cached data) |
|
494 * |
|
495 */ |
|
496 public void cleanup() |
|
497 { |
|
498 Logger.log("Cleanup permission granter cache"); |
|
499 iGrantedPermissions.clear(); |
|
500 iBlanketPermissionsDetails.clear(); |
|
501 } |
|
502 |
|
503 /** |
|
504 * Removes all the security data related to a certain MIDlet suite |
|
505 * |
|
506 * @param storageSession the JavaStorage session to be used when |
|
507 * removing the security data |
|
508 * @param msUID the UID if the MIDlet suite whose security data |
|
509 * is being removed |
|
510 */ |
|
511 public void removeSecurityData(StorageSession storageSession, Uid msUID) |
|
512 { |
|
513 Logger.log("Remove granted permissions"); |
|
514 SecurityStorage storage = new SecurityStorage(storageSession); |
|
515 storage.removeGrantedPermissions(msUID); |
|
516 // clear the cache |
|
517 String msUidKey = msUID.getStringValue(); |
|
518 for (Enumeration e = iGrantedPermissions.keys() ; |
|
519 e.hasMoreElements() ;) |
|
520 { |
|
521 String key = (String)e.nextElement(); |
|
522 if (key.startsWith(msUidKey)) |
|
523 { |
|
524 iGrantedPermissions.remove(key); |
|
525 break; |
|
526 } |
|
527 } |
|
528 iBlanketPermissionsDetails.remove(msUidKey); |
|
529 } |
|
530 |
|
531 private Vector resolvePermissions(Uid msUID, |
|
532 String protectionDomainName, |
|
533 PermissionAttribute[] requestedPermissions, |
|
534 boolean addAssignedPerms) |
|
535 { |
|
536 // retrieve the policy permissions |
|
537 PolicyBasedPermission[] policyPermissions = SecurityPolicyModule |
|
538 .getInstance().getPermissions(protectionDomainName); |
|
539 |
|
540 // resovle requested permissions (if not already done) |
|
541 Vector resolvedPermissions = PermissionResolver |
|
542 .resolvePermissions(msUID, requestedPermissions, policyPermissions); |
|
543 |
|
544 // add the "assigned" permissions from the policy to the set of granted |
|
545 // permissions |
|
546 if (addAssignedPerms) |
|
547 { |
|
548 if (resolvedPermissions == null) |
|
549 { |
|
550 resolvedPermissions = new Vector(); |
|
551 } |
|
552 if (policyPermissions != null) |
|
553 { |
|
554 for (int i=0; i<policyPermissions.length; i++) |
|
555 { |
|
556 if (policyPermissions[i].getType() |
|
557 == PolicyBasedPermission.ASSIGNED_TYPE) |
|
558 { |
|
559 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl( |
|
560 policyPermissions[i]); |
|
561 // add it only if not contained already |
|
562 boolean found = false; |
|
563 for (int j=0; j<resolvedPermissions.size(); j++) |
|
564 { |
|
565 PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl( |
|
566 (PolicyBasedPermission)resolvedPermissions.elementAt(j)); |
|
567 if (p1.equals(p2)) |
|
568 { |
|
569 found = true; |
|
570 break; |
|
571 } |
|
572 } |
|
573 if (!found) |
|
574 { |
|
575 resolvedPermissions.addElement( |
|
576 new PolicyBasedPermissionImpl( |
|
577 policyPermissions[i].getName(), |
|
578 policyPermissions[i].getTarget(), |
|
579 policyPermissions[i].getActionList(), |
|
580 policyPermissions[i].getUserSecuritySettings())); |
|
581 } |
|
582 } |
|
583 } |
|
584 } |
|
585 } |
|
586 return resolvedPermissions; |
|
587 } |
|
588 |
|
589 private Vector resolvePermissions(Uid msUID, |
|
590 String protectionDomainName, |
|
591 PermissionAttribute[] requestedPermissions) |
|
592 { |
|
593 return resolvePermissions(msUID, protectionDomainName, |
|
594 requestedPermissions, true /* add assigned permissions */); |
|
595 } |
|
596 } |