FCL/sf/app/jrt: comparison javacommons/security/javasrc.cdc/com/nokia/mj/impl/security/midp/authorization/PermissionGranter.java

equal deleted inserted replaced

-:2455ef1f5bbc
+:d5e927d5853b
 /*
 * Hashtable containing the details of the blanket permissions of
 * different aplications being installed
 */
 private Hashtable iBlanketPermissionsDetails = new Hashtable();
+private static final int NOT_FOUND = -2;
+private static final int REMOVED = -1;
 /**
 * Creates an instance of the PermissionGranter
 *
 * @return An instance of PermissionGranter
 *                             SecurityAttributes.getPermissionAttributes()
 *                             called after calling
 *                             SecurityAttributes.addManifestAttributes())
 */
 public void grantJarPermissions(
-StorageSession storageSession,
 Uid msUID,
 Uid oldMSUID,
-PermissionAttribute[] requestedPermissions)
+PermissionAttribute[] requestedPermissions,
-{
+AuthenticationCredentials[] authCredentials)
-if (storageSession == null
+{
-|| msUID == null)
+if (msUID == null)
 {
 return;
 }
-// take the domain from storage
-SecurityStorage storage = new SecurityStorage(storageSession);
-String protectionDomainName = storage.readProtectionDomain(msUID);
 // filter the already granted permissions
+String protectionDomainName = authCredentials[0].getProtectionDomainName();
 Object o = iGrantedPermissions.remove(
-msUID.getStringValue() + protectionDomainName);
+msUID.getStringValue()
++ protectionDomainName);
 Vector preGrantedPermissions = null;
 if (o != null)
 {
 if (o instanceof InvalidAttributeException)
 {
 resolvedPermissions.addElement(
 preGrantedPermissions.elementAt(i));
 }
 }
 }
-storage.writeGrantedPermissions(
+// in case of update preserve the settings of the "old" suite
-msUID,
+if (oldMSUID != null)
-oldMSUID,
+{
-resolvedPermissions);
+updateGrantedPermissions(
+msUID,
+oldMSUID,
+resolvedPermissions);
+}
 // update the cache with the full set of permissions
 iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName,
 resolvedPermissions);
 Logger.logGrantedPermissions(resolvedPermissions);
 }
 * @param protectionDomain     the protection domain containing the
 *                             permissions which are to be assigned to
 *                             the MIDlet suite.
 */
 public void grantJarPermissions(
-StorageSession storageSession,
 Uid uid,
 Uid oldUid,
 ProtectionDomain protectionDomain)
 {
 if (uid == null || protectionDomain == null)
 Vector resolvedPermissions = resolvePermissions(
 uid,
 protectionDomain.getName(),
 securityAttributes.getPermissionAttributes(),
 true /* add the assigned permissions */);
+// in case of update preserve the settings
-// store the permissions
+if (oldUid != null)
-SecurityStorage storage = new SecurityStorage(storageSession);
+{
-storage.writeGrantedPermissions(
+updateGrantedPermissions(
 uid,
 oldUid,
 resolvedPermissions);
+}
 // update the cache with the full set of permissions
-iGrantedPermissions.put(uid.getStringValue() + protectionDomain,
+iGrantedPermissions.put(uid.getStringValue() + protectionDomain.getName(),
 resolvedPermissions);
 Logger.logGrantedPermissions(resolvedPermissions);
 }
 /**
 e.hasMoreElements() ;)
 {
 String key = (String)e.nextElement();
 if (key.startsWith(msUidKey))
 {
-grantedPermissions = (Vector)iGrantedPermissions.remove(key);
+grantedPermissions = (Vector)iGrantedPermissions.get(key);
 if (key.endsWith("UnidentifiedThirdParty"))
 {
 // if the suite is not signed, there is no blanket
 // permissions concept either
 Logger.log("Suite " + msUID.toString() + " is not signed, therefore there are no blanket permissions returned");
 {
 PolicyBasedPermission permission =
 ((PolicyBasedPermission)grantedPermissions.elementAt(i));
 UserSecuritySettings settings =
 permission.getUserSecuritySettings();
 if (permission.getType() != PolicyBasedPermission.USER_TYPE
 || settings == null)
 {
 // not a user permission -> move on to the next permission
 Logger.log("Permission " + permission.getName() + " is not a user permission, therefore is is not returned as part of the group of blanket permissions");
 continue;
 }
 // check for sensitive combinations
 if (permissions_from_sensitive_combination_list_1
 && permissions_from_sensitive_combination_list_2)
 {
 /*String blanketPermissionsDetails = (
 ((call_control == true && multimedia == true)
 || (call_control == true && read_user_data == true)
 || (net_access == true && multimedia == true)
 || (net_access == true && read_user_data == true)
 || (messaging == true && multimedia == true)
 || (messaging == true && read_user_data == true)) ?
 "settings_inst_query_perm_net" :
 "settings_inst_query_perm_sec");*/
 Id blanketPermissionsDetails = (
 ((call_control == true && multimedia == true)
 || (call_control == true && read_user_data == true)
 || (net_access == true && multimedia == true)
 || (net_access == true && read_user_data == true)
 || (messaging == true && multimedia == true)
 || (messaging == true && read_user_data == true)) ?
 new Id("settings_inst_query_perm_net", "N/A") :
 new Id("settings_inst_query_perm_sec", "N/A"));
 iBlanketPermissionsDetails.put(msUidKey,
 UserSecuritySettingsImpl.getLocalizedString(
 blanketPermissionsDetails));
 Logger.log("The granted permissions are all set to Blanket, therefore there won't be any runtime security prompts");
 SecurityStorage storage = new SecurityStorage(storageSession);
 storage.writeUserSecuritySettings(msUID,
 UserSecuritySettings.BLANKET_INTERACTION_MODE,
 true /* blanket prompt shown */);
+// cleanup the cache as well
+cleanup(msUID);
 }
 /**
 * Performs a cleanup (e.g. on cached data)
 *
 {
 Logger.log("Cleanup permission granter cache");
 iGrantedPermissions.clear();
 iBlanketPermissionsDetails.clear();
 }
 /**
 * Removes all the security data related to a certain MIDlet suite
 *
 * @param storageSession the JavaStorage session to be used when
 *                       removing the security data
 {
 Logger.log("Remove granted permissions");
 SecurityStorage storage = new SecurityStorage(storageSession);
 storage.removeGrantedPermissions(msUID);
 // clear the cache
+cleanup(msUID);
+}
+/**
+* Writes to storage all the security data related to a certain MIDlet suite
+*
+* @param sessionID the JavaStorage session to be used when
+*                  writing the security data into storage
+* @param msUID     the UID if the MIDlet suite whose security data is
+*                  being written
+*/
+public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID)
+{
+Logger.log("Write granted permissions to storage");
+if (storageSession == null || msUID == null)
+{
+return;
+}
+SecurityStorage storage = new SecurityStorage(storageSession);
 String msUidKey = msUID.getStringValue();
 for (Enumeration e = iGrantedPermissions.keys() ;
 e.hasMoreElements() ;)
 {
 String key = (String)e.nextElement();
 if (key.startsWith(msUidKey))
 {
-iGrantedPermissions.remove(key);
+storage.writeGrantedPermissions(
-break;
+msUID,
-}
+oldMsUID,
-}
+(Vector)iGrantedPermissions.remove(key));
-iBlanketPermissionsDetails.remove(msUidKey);
+return;
+}
+}
 }
 private Vector resolvePermissions(Uid msUID,
 String protectionDomainName,
 PermissionAttribute[] requestedPermissions,
 if (policyPermissions != null)
 {
 for (int i=0; i<policyPermissions.length; i++)
 {
 if (policyPermissions[i].getType()
 == PolicyBasedPermission.ASSIGNED_TYPE
 || policyPermissions[i].getType()
 == PolicyBasedPermission.USER_ASSIGNED_TYPE)
 {
 PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
 policyPermissions[i]);
 // add it only if not contained already
 PermissionAttribute[] requestedPermissions)
 {
 return resolvePermissions(msUID, protectionDomainName,
 requestedPermissions, true /* add assigned permissions */);
 }
+private void cleanup(Uid msUID)
+{
+// clear the cache
+String msUidKey = msUID.getStringValue();
+for (Enumeration e = iGrantedPermissions.keys() ;
+e.hasMoreElements() ;)
+{
+String key = (String)e.nextElement();
+if (key.startsWith(msUidKey))
+{
+iGrantedPermissions.remove(key);
+break;
+}
+}
+iBlanketPermissionsDetails.remove(msUidKey);
+}
+private void updateGrantedPermissions(Uid newAppUID, Uid oldAppUID, Vector grantedPermissions)
+{
+// the vector containing the newGrantedPermissions
+Vector newGrantedPermissions = new Vector();
+// get the old permissions & settings
+SecurityStorage storage = new SecurityStorage();
+Vector oldPermissions = storage.readGrantedPermissions(oldAppUID);
+storage.close();
+// filter out the the brand new permissions
+// (permissions which are not found among the old permissions)
+if (oldPermissions != null)
+{
+int index=0;
+while (index < grantedPermissions.size())
+{
+// instead of calling Vector.removeElement(p) we will do the
+// remove manually, since the search is to be based on
+// the permission without the settings
+PolicyBasedPermission p = (PolicyBasedPermission)
+grantedPermissions.elementAt(index);
+int status = removeElement(oldPermissions, p);
+switch (status)
+{
+case REMOVED:
+case NOT_FOUND:
+index++;
+break;
+default:
+// different settings
+UserSecuritySettings oldSettings
+= ((PolicyBasedPermission)oldPermissions
+.elementAt(status)).getUserSecuritySettings();
+UserSecuritySettings newSettings
+= p.getUserSecuritySettings();
+if (oldSettings != null
+&& newSettings != null)
+{
+boolean activeSettings = false;
+if (oldSettings.isActive()
+|| newSettings.isActive())
+{
+activeSettings = true;
+}
+newGrantedPermissions.addElement(
+new PolicyBasedPermissionImpl(
+p.getName(),
+p.getTarget(),
+p.getActionList(),
+p.getType(),
+new UserSecuritySettingsImpl(
+newSettings.getName(),
+oldSettings.getCurrentInteractionMode(),
+newSettings.getAllowedInteractionModes(),
+oldSettings.getBlanketPrompt(),
+activeSettings)));
+}
+else
+{
+newGrantedPermissions.addElement(p);
+}
+grantedPermissions.removeElementAt(index);
+break;
+}
+}
+}
+// write what's left from the granted permissions
+for (int i=0; i<newGrantedPermissions.size(); i++)
+{
+grantedPermissions.addElement(newGrantedPermissions.elementAt(i));
+}
+}
+private int removeElement(Vector elements, PolicyBasedPermission element)
+{
+PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
+element.getName(),
+element.getTarget(),
+element.getActionList(),
+null);
+for (int i=0; i<elements.size(); i++)
+{
+PolicyBasedPermission tmp = (PolicyBasedPermission)elements
+.elementAt(i);
+PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl(
+tmp.getName(),
+tmp.getTarget(),
+tmp.getActionList(),
+null);
+if (p1.equals(p2))
+{
+UserSecuritySettings s1 = element.getUserSecuritySettings();
+UserSecuritySettings s2 = tmp.getUserSecuritySettings();
+if ((s1 == null && s2 == null)
+|| (s1 != null
+&& s2 != null
+&& s1.equals(s2)))
+{
+// identical permissions
+elements.removeElementAt(i);
+return REMOVED;
+}
+return i;
+}
+}
+return NOT_FOUND;
+}
 }

branch	RCL_3
changeset 71	d5e927d5853b
parent 66	2455ef1f5bbc
child 83	26b2b12093af