--- a/javacommons/security/javasrc.cdc/com/nokia/mj/impl/security/midp/authorization/PermissionGranter.java Wed Sep 15 12:05:25 2010 +0300
+++ b/javacommons/security/javasrc.cdc/com/nokia/mj/impl/security/midp/authorization/PermissionGranter.java Wed Oct 13 14:23:59 2010 +0300
@@ -17,7 +17,6 @@
package com.nokia.mj.impl.security.midp.authorization;
-import com.nokia.mj.impl.utils.Id;
import com.nokia.mj.impl.utils.Uid;
import com.nokia.mj.impl.utils.exception.InvalidAttributeException;
import com.nokia.mj.impl.security.midp.common.MIDPPermission;
@@ -58,9 +57,6 @@
* different aplications being installed
*/
private Hashtable iBlanketPermissionsDetails = new Hashtable();
-
- private static final int NOT_FOUND = -2;
- private static final int REMOVED = -1;
/**
* Creates an instance of the PermissionGranter
@@ -174,22 +170,23 @@
* SecurityAttributes.addManifestAttributes())
*/
public void grantJarPermissions(
+ StorageSession storageSession,
Uid msUID,
Uid oldMSUID,
- PermissionAttribute[] requestedPermissions,
- AuthenticationCredentials[] authCredentials)
+ PermissionAttribute[] requestedPermissions)
{
- if (msUID == null)
+ if (storageSession == null
+ || msUID == null)
{
return;
}
+ // take the domain from storage
+ SecurityStorage storage = new SecurityStorage(storageSession);
+ String protectionDomainName = storage.readProtectionDomain(msUID);
// filter the already granted permissions
- String protectionDomainName = authCredentials[0].getProtectionDomainName();
Object o = iGrantedPermissions.remove(
- msUID.getStringValue()
- + protectionDomainName);
-
+ msUID.getStringValue() + protectionDomainName);
Vector preGrantedPermissions = null;
if (o != null)
{
@@ -217,15 +214,10 @@
}
}
}
- // in case of update preserve the settings of the "old" suite
- if (oldMSUID != null)
- {
- updateGrantedPermissions(
- msUID,
- oldMSUID,
- resolvedPermissions);
- }
-
+ storage.writeGrantedPermissions(
+ msUID,
+ oldMSUID,
+ resolvedPermissions);
// update the cache with the full set of permissions
iGrantedPermissions.put(msUID.getStringValue() + protectionDomainName,
resolvedPermissions);
@@ -247,6 +239,7 @@
* the MIDlet suite.
*/
public void grantJarPermissions(
+ StorageSession storageSession,
Uid uid,
Uid oldUid,
ProtectionDomain protectionDomain)
@@ -271,17 +264,15 @@
protectionDomain.getName(),
securityAttributes.getPermissionAttributes(),
true /* add the assigned permissions */);
- // in case of update preserve the settings
- if (oldUid != null)
- {
- updateGrantedPermissions(
- uid,
- oldUid,
- resolvedPermissions);
- }
-
+
+ // store the permissions
+ SecurityStorage storage = new SecurityStorage(storageSession);
+ storage.writeGrantedPermissions(
+ uid,
+ oldUid,
+ resolvedPermissions);
// update the cache with the full set of permissions
- iGrantedPermissions.put(uid.getStringValue() + protectionDomain.getName(),
+ iGrantedPermissions.put(uid.getStringValue() + protectionDomain,
resolvedPermissions);
Logger.logGrantedPermissions(resolvedPermissions);
}
@@ -323,7 +314,7 @@
String key = (String)e.nextElement();
if (key.startsWith(msUidKey))
{
- grantedPermissions = (Vector)iGrantedPermissions.get(key);
+ grantedPermissions = (Vector)iGrantedPermissions.remove(key);
if (key.endsWith("UnidentifiedThirdParty"))
{
// if the suite is not signed, there is no blanket
@@ -368,7 +359,7 @@
((PolicyBasedPermission)grantedPermissions.elementAt(i));
UserSecuritySettings settings =
permission.getUserSecuritySettings();
- if (permission.getType() != PolicyBasedPermission.USER_TYPE
+ if (permission.getType() != PolicyBasedPermission.USER_TYPE
|| settings == null)
{
// not a user permission -> move on to the next permission
@@ -466,26 +457,15 @@
if (permissions_from_sensitive_combination_list_1
&& permissions_from_sensitive_combination_list_2)
{
- /*String blanketPermissionsDetails = (
+ String blanketPermissionsDetails = (
((call_control == true && multimedia == true)
- || (call_control == true && read_user_data == true)
+ || (call_control == true && read_user_data == true)
|| (net_access == true && multimedia == true)
|| (net_access == true && read_user_data == true)
|| (messaging == true && multimedia == true)
- || (messaging == true && read_user_data == true)) ?
- "settings_inst_query_perm_net" :
- "settings_inst_query_perm_sec");*/
-
- Id blanketPermissionsDetails = (
- ((call_control == true && multimedia == true)
- || (call_control == true && read_user_data == true)
- || (net_access == true && multimedia == true)
- || (net_access == true && read_user_data == true)
- || (messaging == true && multimedia == true)
- || (messaging == true && read_user_data == true)) ?
- new Id("settings_inst_query_perm_net", "N/A") :
- new Id("settings_inst_query_perm_sec", "N/A"));
-
+ || (messaging == true && read_user_data == true)) ?
+ "settings_inst_query_perm_net" :
+ "settings_inst_query_perm_sec");
iBlanketPermissionsDetails.put(msUidKey,
UserSecuritySettingsImpl.getLocalizedString(
blanketPermissionsDetails));
@@ -540,8 +520,6 @@
storage.writeUserSecuritySettings(msUID,
UserSecuritySettings.BLANKET_INTERACTION_MODE,
true /* blanket prompt shown */);
- // cleanup the cache as well
- cleanup(msUID);
}
/**
@@ -554,7 +532,7 @@
iGrantedPermissions.clear();
iBlanketPermissionsDetails.clear();
}
-
+
/**
* Removes all the security data related to a certain MIDlet suite
*
@@ -569,25 +547,6 @@
SecurityStorage storage = new SecurityStorage(storageSession);
storage.removeGrantedPermissions(msUID);
// clear the cache
- cleanup(msUID);
- }
-
- /**
- * Writes to storage all the security data related to a certain MIDlet suite
- *
- * @param sessionID the JavaStorage session to be used when
- * writing the security data into storage
- * @param msUID the UID if the MIDlet suite whose security data is
- * being written
- */
- public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID)
- {
- Logger.log("Write granted permissions to storage");
- if (storageSession == null || msUID == null)
- {
- return;
- }
- SecurityStorage storage = new SecurityStorage(storageSession);
String msUidKey = msUID.getStringValue();
for (Enumeration e = iGrantedPermissions.keys() ;
e.hasMoreElements() ;)
@@ -595,13 +554,11 @@
String key = (String)e.nextElement();
if (key.startsWith(msUidKey))
{
- storage.writeGrantedPermissions(
- msUID,
- oldMsUID,
- (Vector)iGrantedPermissions.remove(key));
- return;
+ iGrantedPermissions.remove(key);
+ break;
}
}
+ iBlanketPermissionsDetails.remove(msUidKey);
}
private Vector resolvePermissions(Uid msUID,
@@ -630,8 +587,8 @@
for (int i=0; i<policyPermissions.length; i++)
{
if (policyPermissions[i].getType()
- == PolicyBasedPermission.ASSIGNED_TYPE
- || policyPermissions[i].getType()
+ == PolicyBasedPermission.ASSIGNED_TYPE
+ || policyPermissions[i].getType()
== PolicyBasedPermission.USER_ASSIGNED_TYPE)
{
PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
@@ -672,130 +629,4 @@
return resolvePermissions(msUID, protectionDomainName,
requestedPermissions, true /* add assigned permissions */);
}
-
- private void cleanup(Uid msUID)
- {
- // clear the cache
- String msUidKey = msUID.getStringValue();
- for (Enumeration e = iGrantedPermissions.keys() ;
- e.hasMoreElements() ;)
- {
- String key = (String)e.nextElement();
- if (key.startsWith(msUidKey))
- {
- iGrantedPermissions.remove(key);
- break;
- }
- }
- iBlanketPermissionsDetails.remove(msUidKey);
- }
-
- private void updateGrantedPermissions(Uid newAppUID, Uid oldAppUID, Vector grantedPermissions)
- {
- // the vector containing the newGrantedPermissions
- Vector newGrantedPermissions = new Vector();
-
- // get the old permissions & settings
- SecurityStorage storage = new SecurityStorage();
- Vector oldPermissions = storage.readGrantedPermissions(oldAppUID);
- storage.close();
-
- // filter out the the brand new permissions
- // (permissions which are not found among the old permissions)
- if (oldPermissions != null)
- {
- int index=0;
- while (index < grantedPermissions.size())
- {
- // instead of calling Vector.removeElement(p) we will do the
- // remove manually, since the search is to be based on
- // the permission without the settings
- PolicyBasedPermission p = (PolicyBasedPermission)
- grantedPermissions.elementAt(index);
- int status = removeElement(oldPermissions, p);
- switch (status)
- {
- case REMOVED:
- case NOT_FOUND:
- index++;
- break;
- default:
- // different settings
- UserSecuritySettings oldSettings
- = ((PolicyBasedPermission)oldPermissions
- .elementAt(status)).getUserSecuritySettings();
- UserSecuritySettings newSettings
- = p.getUserSecuritySettings();
- if (oldSettings != null
- && newSettings != null)
- {
- boolean activeSettings = false;
- if (oldSettings.isActive()
- || newSettings.isActive())
- {
- activeSettings = true;
- }
- newGrantedPermissions.addElement(
- new PolicyBasedPermissionImpl(
- p.getName(),
- p.getTarget(),
- p.getActionList(),
- p.getType(),
- new UserSecuritySettingsImpl(
- newSettings.getName(),
- oldSettings.getCurrentInteractionMode(),
- newSettings.getAllowedInteractionModes(),
- oldSettings.getBlanketPrompt(),
- activeSettings)));
- }
- else
- {
- newGrantedPermissions.addElement(p);
- }
- grantedPermissions.removeElementAt(index);
- break;
- }
- }
- }
- // write what's left from the granted permissions
- for (int i=0; i<newGrantedPermissions.size(); i++)
- {
- grantedPermissions.addElement(newGrantedPermissions.elementAt(i));
- }
- }
-
- private int removeElement(Vector elements, PolicyBasedPermission element)
- {
- PolicyBasedPermissionImpl p1 = new PolicyBasedPermissionImpl(
- element.getName(),
- element.getTarget(),
- element.getActionList(),
- null);
- for (int i=0; i<elements.size(); i++)
- {
- PolicyBasedPermission tmp = (PolicyBasedPermission)elements
- .elementAt(i);
- PolicyBasedPermissionImpl p2 = new PolicyBasedPermissionImpl(
- tmp.getName(),
- tmp.getTarget(),
- tmp.getActionList(),
- null);
- if (p1.equals(p2))
- {
- UserSecuritySettings s1 = element.getUserSecuritySettings();
- UserSecuritySettings s2 = tmp.getUserSecuritySettings();
- if ((s1 == null && s2 == null)
- || (s1 != null
- && s2 != null
- && s1.equals(s2)))
- {
- // identical permissions
- elements.removeElementAt(i);
- return REMOVED;
- }
- return i;
- }
- }
- return NOT_FOUND;
- }
}