|
1 /* |
|
2 * Copyright (c) 2000 - 2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 package com.nokia.epdt.plugins.s60.securityconf; |
|
20 |
|
21 /* java.util */ |
|
22 import java.util.List; |
|
23 import java.util.ArrayList; |
|
24 |
|
25 /* java.io */ |
|
26 import java.io.IOException; |
|
27 import java.io.InputStream; |
|
28 import java.io.BufferedReader; |
|
29 import java.io.InputStreamReader; |
|
30 import java.io.ObjectInputStream; |
|
31 import java.io.ObjectOutputStream; |
|
32 import java.io.OutputStream; |
|
33 import java.io.PrintWriter; |
|
34 |
|
35 /** |
|
36 * MIDP security configuration model. |
|
37 */ |
|
38 class SecConfModel implements SecurityConstants { |
|
39 |
|
40 // Emulater/real life security mode |
|
41 private boolean iEmulatedSecurityMode = false; |
|
42 private String iSelectedDomainId; |
|
43 private ProtectionDomain iUserDefinedDomain; |
|
44 private List iProtectionDomains = new ArrayList(); |
|
45 private List iFunctionGroups = new ArrayList(); |
|
46 |
|
47 /** |
|
48 * Creates MIDP security configuration model. |
|
49 * @throws IOException if it fails to load default MIDP security |
|
50 * configuration from the resources. |
|
51 */ |
|
52 SecConfModel() throws IOException { |
|
53 InputStream in = openPolicyFileResource(); |
|
54 try { |
|
55 PolicyFileParser.parse(in, new InitialScan()); |
|
56 } finally { |
|
57 in.close(); |
|
58 } |
|
59 |
|
60 // Create user defined domain |
|
61 iUserDefinedDomain = new ProtectionDomain(USER_DEFINED_DOMAIN); |
|
62 iProtectionDomains.add(iUserDefinedDomain); |
|
63 int n = iFunctionGroups.size(); |
|
64 for (int i=0; i<n; i++) { |
|
65 String domain = (String)iFunctionGroups.get(i); |
|
66 iUserDefinedDomain.setPermission(domain,Permission.Allowed); |
|
67 } |
|
68 |
|
69 // Select first domain by default |
|
70 iSelectedDomainId = ((ProtectionDomain) |
|
71 iProtectionDomains.get(0)).getIdentifier(); |
|
72 } |
|
73 |
|
74 /** |
|
75 * Gets the protection domains known to the model, including the |
|
76 * "User defined" pseudo-domain. |
|
77 * |
|
78 * @param aIncludeHidden <code>true</code> to include hidden domains |
|
79 * @return array of protection domains |
|
80 */ |
|
81 ProtectionDomain [] getProtectionDomains(boolean aIncludeHidden) { |
|
82 List domains = iProtectionDomains; |
|
83 if (!aIncludeHidden) { |
|
84 // remove hidden domains from the list |
|
85 domains = new ArrayList(iProtectionDomains); |
|
86 for (int i=domains.size()-1; i>=0; i--) { |
|
87 ProtectionDomain domain = (ProtectionDomain)domains.get(i); |
|
88 if (domain.isHidden()) domains.remove(i); |
|
89 } |
|
90 } |
|
91 return (ProtectionDomain[]) domains.toArray( |
|
92 new ProtectionDomain[domains.size()]); |
|
93 } |
|
94 |
|
95 /** |
|
96 * Gets currently selected protection domain. |
|
97 * @return the currently selected protection domain, <code>null</code> |
|
98 * if none. |
|
99 */ |
|
100 ProtectionDomain getSelectedDomain() { |
|
101 return findProtectionDomain(iSelectedDomainId); |
|
102 } |
|
103 |
|
104 /** |
|
105 * Selects a protection domain |
|
106 * @param aDomain the domain to select |
|
107 */ |
|
108 void setSelectedDomain(ProtectionDomain aDomain) { |
|
109 if (aDomain == null) { |
|
110 iSelectedDomainId = null; |
|
111 } else { |
|
112 iSelectedDomainId = aDomain.getIdentifier(); |
|
113 } |
|
114 } |
|
115 |
|
116 /** |
|
117 * Gets known function groups. |
|
118 * @return array of function group names |
|
119 */ |
|
120 String[] getFunctionGroups() { |
|
121 return (String[])iFunctionGroups.toArray( |
|
122 new String[iFunctionGroups.size()]); |
|
123 } |
|
124 |
|
125 /** |
|
126 * Checks if we are in the "emulated security mode". |
|
127 * @return <code>true</code> if we are enforcing the same permissions |
|
128 * for all protection domains. |
|
129 */ |
|
130 boolean isEmulatedSecurityMode() { |
|
131 return iEmulatedSecurityMode; |
|
132 } |
|
133 |
|
134 /** |
|
135 * Turns the "emulated security mode" on or off. |
|
136 * @param aEmulatedSecurityMode <code>true</code> to enforce the same |
|
137 * permissions for all protection domains, <code>false</code> to use |
|
138 * default JVM secrity settings. |
|
139 */ |
|
140 void setEmulatedSecurityMode(boolean aEmulatedSecurityMode) { |
|
141 iEmulatedSecurityMode = aEmulatedSecurityMode; |
|
142 } |
|
143 |
|
144 /** |
|
145 * Opens the policy file resource. |
|
146 * @return the input stream for the policy file resource. |
|
147 * Never returns null. |
|
148 * @throws IOException if resource is not found |
|
149 */ |
|
150 private InputStream openPolicyFileResource() throws IOException { |
|
151 InputStream in = getClass().getResourceAsStream(POLICY_FILE_NAME); |
|
152 if (in != null) return in; |
|
153 throw new IOException(POLICY_FILE_NAME); |
|
154 } |
|
155 |
|
156 /** |
|
157 * Finds ProtectionDomain object for the specified identifier. |
|
158 * @param aId the domain identifier |
|
159 * @return ProtectionDomain object if found, null otherwise. |
|
160 */ |
|
161 private ProtectionDomain findProtectionDomain(String aId) { |
|
162 int n = iProtectionDomains.size(); |
|
163 for (int i=0; i<n; i++) { |
|
164 ProtectionDomain d = (ProtectionDomain)iProtectionDomains.get(i); |
|
165 if (d.getIdentifier().equals(aId)) { |
|
166 return d; |
|
167 } |
|
168 } |
|
169 return null; |
|
170 } |
|
171 |
|
172 /** |
|
173 * Writes policy file to the output stream |
|
174 * @param aStream the stream to write to |
|
175 * @throws IOException if an I/O error occurs |
|
176 */ |
|
177 void writePolicyFile(OutputStream aStream) throws IOException { |
|
178 InputStream in = openPolicyFileResource(); |
|
179 try { |
|
180 PrintWriter out = new PrintWriter(aStream, false); |
|
181 try { |
|
182 if (!iEmulatedSecurityMode) { |
|
183 // Just copy the original file |
|
184 BufferedReader reader = new BufferedReader( |
|
185 new InputStreamReader(in)); |
|
186 String line = null; |
|
187 while ((line = reader.readLine()) != null) { |
|
188 out.println(line); |
|
189 } |
|
190 } else { |
|
191 // Save modified version of the original file |
|
192 out.println("# This is a generated file."); |
|
193 out.println(); |
|
194 PolicyFileParser.parse(in, new PolicyFileWriter(out)); |
|
195 } |
|
196 } finally { |
|
197 out.flush(); |
|
198 } |
|
199 } finally { |
|
200 in.close(); |
|
201 } |
|
202 } |
|
203 |
|
204 /** |
|
205 * Saves the state of the model to the output stream |
|
206 * @param aStream the stream to write to |
|
207 * @throws IOException if an I/O error occurs |
|
208 */ |
|
209 void save(OutputStream aStream) throws IOException { |
|
210 ObjectOutputStream out = new ObjectOutputStream(aStream); |
|
211 out.writeBoolean(iEmulatedSecurityMode); |
|
212 out.writeObject(iSelectedDomainId); |
|
213 out.writeObject(iUserDefinedDomain); |
|
214 } |
|
215 |
|
216 /** |
|
217 * Loads the state of the model from the input stream |
|
218 * @param aStream the stream to read from |
|
219 * @throws IOException if an I/O error occurs |
|
220 * @throws ClassNotFoundException if deserialization error occurs |
|
221 */ |
|
222 void load(InputStream aStream) throws IOException, ClassNotFoundException { |
|
223 ObjectInputStream in = new ObjectInputStream(aStream); |
|
224 boolean emulatedSecurityMode = in.readBoolean(); |
|
225 String selectedDomainId = (String)in.readObject(); |
|
226 ProtectionDomain userDomain = (ProtectionDomain)in.readObject(); |
|
227 |
|
228 // Verify and store deserialized values |
|
229 iEmulatedSecurityMode = emulatedSecurityMode; |
|
230 if (findProtectionDomain(selectedDomainId) != null) { |
|
231 iSelectedDomainId = selectedDomainId; |
|
232 } |
|
233 if (userDomain.isUserDefined()) { |
|
234 // User defined domain is always the last one |
|
235 iProtectionDomains.set(iProtectionDomains.size()-1,userDomain); |
|
236 iUserDefinedDomain = userDomain; |
|
237 } |
|
238 } |
|
239 |
|
240 /** |
|
241 * This handler scans the policy file to collect information about |
|
242 * domains, function groups and bindings. |
|
243 */ |
|
244 private class InitialScan implements PolicyFileParser.Handler { |
|
245 private String iProtectionDomain; |
|
246 private String iFunctionGroup; |
|
247 public void handleFormatDecl(String aFormatVersion) {} |
|
248 public void handleEmptyLine() {} |
|
249 public void handleDecl(String aLine) {} |
|
250 public void handleProtectionDomainDecl(String aDomain) { |
|
251 ProtectionDomain domain = findProtectionDomain(aDomain); |
|
252 if (domain == null) { |
|
253 domain = new ProtectionDomain(aDomain); |
|
254 iProtectionDomains.add(domain); |
|
255 } |
|
256 } |
|
257 public void handleFunctionGroupDecl(String aGroupName) { |
|
258 iFunctionGroups.add(aGroupName); |
|
259 } |
|
260 public void handleDomainBindingsDecl(String aProtectionDomain) { |
|
261 iProtectionDomain = aProtectionDomain; |
|
262 } |
|
263 public void handleFunctionGroupBindingDecl(String aFunctionGroup) { |
|
264 iFunctionGroup = aFunctionGroup; |
|
265 } |
|
266 public void handlePermission(Permission aPermission) { |
|
267 ProtectionDomain domain = findProtectionDomain(iProtectionDomain); |
|
268 if (domain != null && iFunctionGroup != null) { |
|
269 if (WILDCARD.equals(iFunctionGroup)) { |
|
270 int n = iFunctionGroups.size(); |
|
271 for (int i=0; i<n; i++) { |
|
272 domain.setPermission((String)iFunctionGroups.get(i), |
|
273 aPermission); |
|
274 } |
|
275 } else { |
|
276 domain.setPermission(iFunctionGroup, aPermission); |
|
277 } |
|
278 } |
|
279 } |
|
280 |
|
281 public void handleEndFunctionGroupBinding() { |
|
282 iFunctionGroup = null; |
|
283 } |
|
284 public void handleEndDomainBindings() { |
|
285 iProtectionDomain = null; |
|
286 } |
|
287 } |
|
288 |
|
289 /** |
|
290 * This handler writes a modified version of the policy file. |
|
291 * Must only be used in the "emulated" security mode. |
|
292 */ |
|
293 private class PolicyFileWriter implements PolicyFileParser.Handler { |
|
294 private PrintWriter iWriter; |
|
295 private ProtectionDomain iEmulatedDomain; |
|
296 private String iProtectionDomain; |
|
297 |
|
298 PolicyFileWriter(PrintWriter aWriter) { |
|
299 if (!isEmulatedSecurityMode()) throw new IllegalStateException(); |
|
300 iWriter = aWriter; |
|
301 iEmulatedDomain = getSelectedDomain(); |
|
302 } |
|
303 private void printDecl(String aKeyword, String aValue) { |
|
304 iWriter.print('\t'); |
|
305 iWriter.print(aKeyword); |
|
306 iWriter.print(' '); |
|
307 // For some reason, strings enclosed in square brackets (such as |
|
308 // [UNTRUSTED] or [*]) are not quoted. That may have some special |
|
309 // meaning to the phone software. |
|
310 int len = aValue.length(); |
|
311 if (len >= 2 && |
|
312 aValue.charAt(0) == '[' && |
|
313 aValue.charAt(len-1) == ']') { |
|
314 iWriter.println(aValue); |
|
315 } else { |
|
316 iWriter.print('"'); |
|
317 iWriter.print(aValue); |
|
318 iWriter.println('"'); |
|
319 } |
|
320 } |
|
321 |
|
322 // PolicyFileParser.Handler interface |
|
323 public void handleFormatDecl(String aFormatVersion) { |
|
324 iWriter.print(FORMAT_VERSION_KEYWORD); |
|
325 iWriter.print(" "); |
|
326 iWriter.println(aFormatVersion); |
|
327 } |
|
328 public void handleEmptyLine() { |
|
329 if (iProtectionDomain == null) { |
|
330 iWriter.println(); |
|
331 } |
|
332 } |
|
333 public void handleDecl(String aLine) { |
|
334 if (iProtectionDomain == null) { |
|
335 iWriter.println(aLine); |
|
336 } |
|
337 } |
|
338 public void handleProtectionDomainDecl(String aProtectionDomain) { |
|
339 printDecl(DOMAIN_KEYWORD, aProtectionDomain); |
|
340 } |
|
341 public void handleFunctionGroupDecl(String aGroupName) { |
|
342 iWriter.print('\t'); |
|
343 iWriter.print(FUNCTION_GROUP_KEYWORD); |
|
344 iWriter.print(" \""); |
|
345 iWriter.print(aGroupName); |
|
346 iWriter.println('"'); |
|
347 } |
|
348 public void handleDomainBindingsDecl(String aProtectionDomain) { |
|
349 printDecl(DOMAIN_BINDINGS_KEYWORD, aProtectionDomain); |
|
350 iWriter.println(); |
|
351 iProtectionDomain = aProtectionDomain; |
|
352 } |
|
353 public void handleFunctionGroupBindingDecl(String aFunctionGroup) {} |
|
354 public void handlePermission(Permission aPermission) {} |
|
355 public void handleEndFunctionGroupBinding() {} |
|
356 public void handleEndDomainBindings() { |
|
357 int n = iFunctionGroups.size(); |
|
358 for (int i=0; i<n; i++) { |
|
359 String group = (String)iFunctionGroups.get(i); |
|
360 Permission p = iEmulatedDomain.getPermission(group); |
|
361 if (!p.isDenied()) { |
|
362 iWriter.print('\t'); |
|
363 printDecl(FUNCTION_GROUP_BINDING_KEYWORD, group); |
|
364 iWriter.println(); |
|
365 p.print(iWriter); |
|
366 iWriter.print("\t\t"); |
|
367 iWriter.println(END_FUNCTION_GROUP_BINDING_KEYWORD); |
|
368 iWriter.println(); |
|
369 } |
|
370 } |
|
371 iWriter.print('\t'); |
|
372 iWriter.println(END_DOMAIN_BINDINGS_KEYWORD); |
|
373 iProtectionDomain = null; |
|
374 } |
|
375 } |
|
376 } |