FCL/sf/app/jrt: comparison javacommons/security/javasrc.cdc/com/nokia/mj/impl/security/midp/authorization/PermissionGranter.java

equal deleted inserted replaced

-:7cee158cb8cd
+:26b2b12093af
 *
 */
 package com.nokia.mj.impl.security.midp.authorization;
-import com.nokia.mj.impl.utils.Id;
 import com.nokia.mj.impl.utils.Uid;
 import com.nokia.mj.impl.utils.exception.InvalidAttributeException;
 import com.nokia.mj.impl.security.midp.common.MIDPPermission;
 import com.nokia.mj.impl.security.midp.common.UserSecuritySettings;
 import com.nokia.mj.impl.security.midp.common.UserSecuritySettingsImpl;
 /*
 * Hashtable containing the details of the blanket permissions of
 * different aplications being installed
 */
 private Hashtable iBlanketPermissionsDetails = new Hashtable();
-private static final int NOT_FOUND = -2;
-private static final int REMOVED = -1;
 /**
 * Creates an instance of the PermissionGranter
 *
 * @return An instance of PermissionGranter
 *                             SecurityAttributes.getPermissionAttributes()
 *                             called after calling
 *                             SecurityAttributes.addManifestAttributes())
 */
 public void grantJarPermissions(
+StorageSession storageSession,
 Uid msUID,
 Uid oldMSUID,
-PermissionAttribute[] requestedPermissions,
+PermissionAttribute[] requestedPermissions)
-AuthenticationCredentials[] authCredentials)
+{
-{
+if (storageSession == null
-if (msUID == null)
+|| msUID == null)
 {
 return;
 }
+// take the domain from storage
+SecurityStorage storage = new SecurityStorage(storageSession);
+String protectionDomainName = storage.readProtectionDomain(msUID);
 // filter the already granted permissions
-String protectionDomainName = authCredentials[0].getProtectionDomainName();
 Object o = iGrantedPermissions.remove(
-msUID.getStringValue()
+msUID.getStringValue() + protectionDomainName);
-+ protectionDomainName);
 Vector preGrantedPermissions = null;
 if (o != null)
 {
 if (o instanceof InvalidAttributeException)
 {
 resolvedPermissions.addElement(
 preGrantedPermissions.elementAt(i));
 }
 }
 }
-// in case of update preserve the settings of the "old" suite
+storage.writeGrantedPermissions(
-if (oldMSUID != null)
+msUID,
-{
+oldMSUID,
-updateGrantedPermissions(
+resolvedPermissions);
-msUID,
-oldMSUID,
-resolvedPermissions);
-}
 // update the cache with the full set of permissions
 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName,
 resolvedPermissions);
 Logger.logGrantedPermissions(resolvedPermissions);
 }
 * @param protectionDomain     the protection domain containing the
 *                             permissions which are to be assigned to
 *                             the MIDlet suite.
 */
 public void grantJarPermissions(
+StorageSession storageSession,
 Uid uid,
 Uid oldUid,
 ProtectionDomain protectionDomain)
 {
 if (uid == null || protectionDomain == null)
 Vector resolvedPermissions = resolvePermissions(
 uid,
 protectionDomain.getName(),
 securityAttributes.getPermissionAttributes(),
 true /* add the assigned permissions */);
-// in case of update preserve the settings
-if (oldUid != null)
+// store the permissions
-{
+SecurityStorage storage = new SecurityStorage(storageSession);
-updateGrantedPermissions(
+storage.writeGrantedPermissions(
 uid,
 oldUid,
 resolvedPermissions);
-}
 // update the cache with the full set of permissions
-iGrantedPermissions.put(uid.getStringValue() + protectionDomain.getName(),
+iGrantedPermissions.put(uid.getStringValue() + protectionDomain,
 resolvedPermissions);
 Logger.logGrantedPermissions(resolvedPermissions);
 }
 /**
 e.hasMoreElements() ;)
 {
 String key = (String)e.nextElement();
 if (key.startsWith(msUidKey))
 {
-grantedPermissions = (Vector)iGrantedPermissions.get(key);
+grantedPermissions = (Vector)iGrantedPermissions.remove(key);
 if (key.endsWith("UnidentifiedThirdParty"))
 {
 // if the suite is not signed, there is no blanket
 // permissions concept either
 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned");
 {
 PolicyBasedPermission permission =
 ((PolicyBasedPermission)grantedPermissions.elementAt(i));
 UserSecuritySettings settings =
 permission.getUserSecuritySettings();
 if (permission.getType() != PolicyBasedPermission.USER_TYPE
 || settings == null)
 {
 // not a user permission -> move on to the next permission
 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions");
 continue;
 }
 // check for sensitive combinations
 if (permissions_from_sensitive_combination_list_1
 && permissions_from_sensitive_combination_list_2)
 {
-/*String blanketPermissionsDetails = (
+String blanketPermissionsDetails = (
 ((call_control == true && multimedia == true)
 || (call_control == true && read_user_data == true)
 || (net_access == true && multimedia == true)
 || (net_access == true && read_user_data == true)
 || (messaging == true && multimedia == true)
 || (messaging == true && read_user_data == true)) ?
 "settings_inst_query_perm_net" :
-"settings_inst_query_perm_sec");*/
+"settings_inst_query_perm_sec");
-Id blanketPermissionsDetails = (
-((call_control == true && multimedia == true)
-|| (call_control == true && read_user_data == true)
-|| (net_access == true && multimedia == true)
-|| (net_access == true && read_user_data == true)
-|| (messaging == true && multimedia == true)
-|| (messaging == true && read_user_data == true)) ?
-new Id("settings_inst_query_perm_net", "N/A") :
-new Id("settings_inst_query_perm_sec", "N/A"));
 iBlanketPermissionsDetails.put(msUidKey,
 UserSecuritySettingsImpl.getLocalizedString(
 blanketPermissionsDetails));
 }
 if (blanketPermissions.size() > 0)
 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts");
 SecurityStorage storage = new SecurityStorage(storageSession);
 storage.writeUserSecuritySettings(msUID,
 UserSecuritySettings.BLANKET_INTERACTION_MODE,
 true /* blanket prompt shown */);
-// cleanup the cache as well
-cleanup(msUID);
 }
 /**
 * Performs a cleanup (e.g. on cached data)
 *
 {
 Logger.log("Cleanup permission granter cache");
 iGrantedPermissions.clear();
 iBlanketPermissionsDetails.clear();
 }
 /**
 * Removes all the security data related to a certain MIDlet suite
 *
 * @param storageSession the JavaStorage session to be used when
 *                       removing the security data
 {
 Logger.log("Remove granted permissions");
 SecurityStorage storage = new SecurityStorage(storageSession);
 storage.removeGrantedPermissions(msUID);
 // clear the cache
-cleanup(msUID);
-}
-/**
-* Writes to storage all the security data related to a certain MIDlet suite
-*
-* @param sessionID the JavaStorage session to be used when
-*                  writing the security data into storage
-* @param msUID     the UID if the MIDlet suite whose security data is
-*                  being written
-*/
-public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID)
-{
-Logger.log("Write granted permissions to storage");
-if (storageSession == null || msUID == null)
-{
-return;
-}
-SecurityStorage storage = new SecurityStorage(storageSession);
 String msUidKey = msUID.getStringValue();
 for (Enumeration e = iGrantedPermissions.keys() ;
 e.hasMoreElements() ;)
 {
 String key = (String)e.nextElement();
 if (key.startsWith(msUidKey))
 {
-storage.writeGrantedPermissions(
+iGrantedPermissions.remove(key);
-msUID,
+break;
-oldMsUID,
+}
-(Vector)iGrantedPermissions.remove(key));
+}
-return;
+iBlanketPermissionsDetails.remove(msUidKey);
-}
-}
 }
 private Vector resolvePermissions(Uid msUID,
 String protectionDomainName,
 PermissionAttribute[] requestedPermissions,
 if (policyPermissions != null)
 {
 for (int i=0; i<policyPermissions.length; i++)
 {
 if (policyPermissions[i].getType()
 == PolicyBasedPermission.ASSIGNED_TYPE
 || policyPermissions[i].getType()
 == PolicyBasedPermission.USER_ASSIGNED_TYPE)
 {
 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
 policyPermissions[i]);
 // add it only if not contained already
 PermissionAttribute[] requestedPermissions)
 {
 return resolvePermissions(msUID, protectionDomainName,
 requestedPermissions, true /* add assigned permissions */);
 }
-private void cleanup(Uid msUID)
-{
-// clear the cache
-String msUidKey = msUID.getStringValue();
-for (Enumeration e = iGrantedPermissions.keys() ;
-e.hasMoreElements() ;)
-{
-String key = (String)e.nextElement();
-if (key.startsWith(msUidKey))
-{
-iGrantedPermissions.remove(key);
-break;
-}
-}
-iBlanketPermissionsDetails.remove(msUidKey);
-}
-private void updateGrantedPermissions(Uid newAppUID, Uid oldAppUID, Vector grantedPermissions)
-{
-// the vector containing the newGrantedPermissions
-Vector newGrantedPermissions = new Vector();
-// get the old permissions & settings
-SecurityStorage storage = new SecurityStorage();
-Vector oldPermissions = storage.readGrantedPermissions(oldAppUID);
-storage.close();
-// filter out the the brand new permissions
-// (permissions which are not found among the old permissions)
-if (oldPermissions != null)
-{
-int index=0;
-while (index < grantedPermissions.size())
-{
-// instead of calling Vector.removeElement(p) we will do the
-// remove manually, since the search is to be based on
-// the permission without the settings
-PolicyBasedPermission p = (PolicyBasedPermission)
-grantedPermissions.elementAt(index);
-int status = removeElement(oldPermissions, p);
-switch (status)
-{
-case REMOVED:
-case NOT_FOUND:
-index++;
-break;
-default:
-// different settings
-UserSecuritySettings oldSettings
-= ((PolicyBasedPermission)oldPermissions
-.elementAt(status)).getUserSecuritySettings();
-UserSecuritySettings newSettings
-= p.getUserSecuritySettings();
-if (oldSettings != null
-&& newSettings != null)
-{
-boolean activeSettings = false;
-if (oldSettings.isActive()
-|| newSettings.isActive())
-{
-activeSettings = true;
-}
-newGrantedPermissions.addElement(
-new PolicyBasedPermissionImpl(
-p.getName(),
-p.getTarget(),
-p.getActionList(),
-p.getType(),
-new UserSecuritySettingsImpl(
-newSettings.getName(),
-oldSettings.getCurrentInteractionMode(),
-newSettings.getAllowedInteractionModes(),
-oldSettings.getBlanketPrompt(),
-activeSettings)));
-}
-else
-{
-newGrantedPermissions.addElement(p);
-}
-grantedPermissions.removeElementAt(index);
-break;
-}
-}
-}
-// write what's left from the granted permissions
-for (int i=0; i<newGrantedPermissions.size(); i++)
-{
-grantedPermissions.addElement(newGrantedPermissions.elementAt(i));
-}
-}
-private int removeElement(Vector elements, PolicyBasedPermission element)
-{
-PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
-element.getName(),
-element.getTarget(),
-element.getActionList(),
-null);
-for (int i=0; i<elements.size(); i++)
-{
-PolicyBasedPermission tmp = (PolicyBasedPermission)elements
-.elementAt(i);
-PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl(
-tmp.getName(),
-tmp.getTarget(),
-tmp.getActionList(),
-null);
-if (p1.equals(p2))
-{
-UserSecuritySettings s1 = element.getUserSecuritySettings();
-UserSecuritySettings s2 = tmp.getUserSecuritySettings();
-if ((s1 == null && s2 == null)
-|| (s1 != null
-&& s2 != null
-&& s1.equals(s2)))
-{
-// identical permissions
-elements.removeElementAt(i);
-return REMOVED;
-}
-return i;
-}
-}
-return NOT_FOUND;
-}
 }

branch	RCL_3
changeset 83	26b2b12093af
parent 71	d5e927d5853b