16 */ |
16 */ |
17 |
17 |
18 package com.nokia.mj.tools.security.midp; |
18 package com.nokia.mj.tools.security.midp; |
19 |
19 |
20 import java.util.Vector; |
20 import java.util.Vector; |
|
21 import java.util.Hashtable; |
21 import java.io.IOException; |
22 import java.io.IOException; |
22 import java.io.FileInputStream; |
23 import java.io.FileInputStream; |
23 import java.util.StringTokenizer; |
24 import java.util.StringTokenizer; |
24 import java.io.ByteArrayOutputStream; |
25 import java.io.ByteArrayOutputStream; |
25 import java.io.ObjectOutputStream; |
26 import java.io.ObjectOutputStream; |
44 * |
45 * |
45 * policy: domain+; |
46 * policy: domain+; |
46 * domain: 'domain' Identifier ';' grant+; |
47 * domain: 'domain' Identifier ';' grant+; |
47 * grant: 'grant' (grant_user | grant_allowed | grant_assigned); |
48 * grant: 'grant' (grant_user | grant_allowed | grant_assigned); |
48 * grant_allowed: 'allowed' permissions; |
49 * grant_allowed: 'allowed' permissions; |
49 * grant_assigned: 'assigned' permissions; |
50 * grant_assigned: 'assigned' grant_name? (initial_mode other_modes permissions)? permissions; |
50 * grant_user: 'user' grant_name initial_mode other_modes permissions; |
51 * grant_user: 'user' grant_name initial_mode other_modes permissions; |
51 * grant_name: '"' Identifier '"'; |
52 * grant_name: '"' Identifier '"'; |
52 * permissions: '{' permission+ '}'; |
53 * permissions: '{' permission+ '}'; |
53 * permission: 'permission' permission_class target_name? target_action? ';'; |
54 * permission: 'permission' permission_class target_name? target_action? ';'; |
54 * permission_class: Identifier ( '.' Identifier)*; |
55 * permission_class: Identifier ( '.' Identifier)*; |
157 throw new IllegalArgumentException( |
159 throw new IllegalArgumentException( |
158 "Invalid security policy - missing domain information"); |
160 "Invalid security policy - missing domain information"); |
159 } |
161 } |
160 domain = extractToken(';'); |
162 domain = extractToken(';'); |
161 Vector perms = new Vector(); |
163 Vector perms = new Vector(); |
|
164 Vector unconfirmedPerms = new Vector(); |
162 find("grant"); |
165 find("grant"); |
163 while (offset < policy.length) |
166 while (offset < policy.length) |
164 { |
167 { |
165 SecurityPolicyPermissionSettings settings = null; |
168 SecurityPolicyPermissionSettings settings = null; |
|
169 SecurityPolicyPermissionSettings unconfirmedSettings = null; |
166 int type = getType(extractToken()); |
170 int type = getType(extractToken()); |
|
171 String settingsName = null; |
167 if (type == PolicyBasedPermission.USER_TYPE) |
172 if (type == PolicyBasedPermission.USER_TYPE) |
168 { |
173 { |
169 String settingsName = extractToken('"', '"'); |
174 settingsName = extractToken('"', '"'); |
170 check(settingsName, "User grant group without name"); |
175 check(settingsName, "User grant group without name"); |
171 // trim off the leading and trailing double-quotes |
176 // trim off the leading and trailing double-quotes |
172 if (settingsName.startsWith("\"")) |
177 if (settingsName.startsWith("\"")) |
173 { |
178 { |
174 settingsName = settingsName.substring(1); |
179 settingsName = settingsName.substring(1); |
190 interactionModes[0]); |
195 interactionModes[0]); |
191 int[] allowedInteractionModes = getInteractionModes( |
196 int[] allowedInteractionModes = getInteractionModes( |
192 interactionModes); |
197 interactionModes); |
193 settings = new SecurityPolicyPermissionSettings(settingsName, |
198 settings = new SecurityPolicyPermissionSettings(settingsName, |
194 currentInteractionMode, allowedInteractionModes); |
199 currentInteractionMode, allowedInteractionModes); |
|
200 allSettings.put(settingsName, settings); |
|
201 } |
|
202 else if (type == PolicyBasedPermission.ASSIGNED_TYPE) |
|
203 { |
|
204 settingsName = extractToken('"', '"'); |
|
205 if (settingsName != null |
|
206 && settingsName.length() > 0 |
|
207 && settingsName.indexOf("{") == -1) |
|
208 { |
|
209 type = PolicyBasedPermission.USER_ASSIGNED_TYPE; |
|
210 settings = (SecurityPolicyPermissionSettings)allSettings.get( |
|
211 settingsName); |
|
212 if (settings == null) |
|
213 { |
|
214 // parse the rest of the settings and store it as |
|
215 // unconfirmed settings: after all the parsing is |
|
216 // done go through the unconfirmed settings and |
|
217 // replace them with settings from user permissions |
|
218 // (if found) or use the unconfirmed settings if no |
|
219 // other user settings were found |
|
220 String strInteractionModes = extractToken('{'); |
|
221 String[] interactionModes = split(strInteractionModes,","); |
|
222 if (interactionModes != null && interactionModes.length > 0) |
|
223 { |
|
224 int currentInteractionMode = getInteractionMode( |
|
225 interactionModes[0]); |
|
226 int[] allowedInteractionModes = getInteractionModes( |
|
227 interactionModes); |
|
228 unconfirmedSettings = new SecurityPolicyPermissionSettings( |
|
229 settingsName, currentInteractionMode, allowedInteractionModes); |
|
230 } |
|
231 else |
|
232 { |
|
233 unconfirmedSettings = new SecurityPolicyPermissionSettings( |
|
234 settingsName); |
|
235 } |
|
236 } |
|
237 } |
195 } |
238 } |
196 find("permission"); |
239 find("permission"); |
197 while (offset < policy.length && policy[offset] != '}') |
240 while (offset < policy.length && policy[offset] != '}') |
198 { |
241 { |
199 String pName = extractToken(';'); |
242 String pName = extractToken(';'); |
244 } |
287 } |
245 // split the composite action list into simple actions and grant |
288 // split the composite action list into simple actions and grant |
246 // return multiple permissions with simple actions. This step is |
289 // return multiple permissions with simple actions. This step is |
247 // to be removed when APIs support composite actions |
290 // to be removed when APIs support composite actions |
248 String[] actions = split(pActionList,","); |
291 String[] actions = split(pActionList,","); |
|
292 if (unconfirmedSettings != null |
|
293 && unconfirmedSettings.getCurrentInteractionMode() |
|
294 == UserSecuritySettings.UNDEFINED_INTERACTION_MODE) |
|
295 { |
|
296 // discard the settings since they are not vald |
|
297 unconfirmedSettings = null; |
|
298 } |
249 if (actions != null) |
299 if (actions != null) |
250 { |
300 { |
251 for (int i=0; i<actions.length; i++) |
301 for (int i=0; i<actions.length; i++) |
252 { |
302 { |
253 perms.add(getPermission(pName, |
303 if (unconfirmedSettings == null) |
254 pTarget, actions[i], type, settings)); |
304 { |
|
305 perms.add(getSecurityPolicyPermission( |
|
306 pName, pTarget, actions[i], type, settings)); |
|
307 } |
|
308 else |
|
309 { |
|
310 unconfirmedPerms.add(getSecurityPolicyPermission( |
|
311 pName, pTarget, actions[i], type, unconfirmedSettings)); |
|
312 } |
255 } |
313 } |
256 } |
314 } |
257 else |
315 else |
258 { |
316 { |
259 perms.add(getPermission(pName, |
317 if (unconfirmedSettings == null) |
260 pTarget, pActionList, type, settings)); |
318 { |
|
319 perms.add(getSecurityPolicyPermission( |
|
320 pName, pTarget, pActionList, type, settings)); |
|
321 } |
|
322 else |
|
323 { |
|
324 unconfirmedPerms.add(getSecurityPolicyPermission( |
|
325 pName, pTarget, pActionList, type, unconfirmedSettings)); |
|
326 } |
261 } |
327 } |
262 find("permission"); |
328 find("permission"); |
263 } |
329 } |
264 find("grant", true); |
330 find("grant", true); |
265 } |
331 } |
266 if (perms.size() == 0) |
332 if (perms.size() == 0 && unconfirmedPerms.size() == 0) |
267 { |
333 { |
268 throw new IllegalArgumentException( |
334 throw new IllegalArgumentException( |
269 "Invalid security policy - missing/invalid permissions information"); |
335 "Invalid security policy - missing/invalid permissions information"); |
|
336 } |
|
337 // confirm the unconfirmed permissions: look for settings in the perms -> |
|
338 // if found then use those settings, otherwise use the unconfirmed settings |
|
339 for(int i=0; i<unconfirmedPerms.size(); i++) |
|
340 { |
|
341 SecurityPolicyPermission unconfirmedPerm = |
|
342 (SecurityPolicyPermission) unconfirmedPerms |
|
343 .elementAt(i); |
|
344 SecurityPolicyPermissionSettings confirmedSettings = |
|
345 (SecurityPolicyPermissionSettings)allSettings |
|
346 .get(unconfirmedPerm.getUserSecuritySettings().getName()); |
|
347 if (confirmedSettings != null) |
|
348 { |
|
349 perms.add(getSecurityPolicyPermission( |
|
350 unconfirmedPerm.getName(), |
|
351 unconfirmedPerm.getTarget(), |
|
352 unconfirmedPerm.getActionList(), |
|
353 unconfirmedPerm.getType(), |
|
354 confirmedSettings)); |
|
355 } |
|
356 else |
|
357 { |
|
358 perms.add(unconfirmedPerm); |
|
359 } |
270 } |
360 } |
271 SecurityPolicyPermission[] permissions |
361 SecurityPolicyPermission[] permissions |
272 = new SecurityPolicyPermission[perms.size()]; |
362 = new SecurityPolicyPermission[perms.size()]; |
273 perms.copyInto(permissions); |
363 perms.copyInto(permissions); |
274 securityPolicy = new SecurityPolicy(domain, permissions); |
364 securityPolicy = new SecurityPolicy(domain, permissions); |
461 tokens.addElement(str); |
551 tokens.addElement(str); |
462 String[] strTokens = new String[tokens.size()]; |
552 String[] strTokens = new String[tokens.size()]; |
463 tokens.copyInto(strTokens); |
553 tokens.copyInto(strTokens); |
464 return strTokens; |
554 return strTokens; |
465 } |
555 } |
466 |
556 |
467 private SecurityPolicyPermission getPermission(String pName, |
557 private SecurityPolicyPermission getSecurityPolicyPermission( |
468 String pTarget, |
558 String name, |
469 String pAction, |
559 String target, |
470 int pType, |
560 String actionList, |
471 SecurityPolicyPermissionSettings pSettings) |
561 int type, |
472 { |
562 SecurityPolicyPermissionSettings settings) |
473 if (pSettings == null) |
563 { |
474 { |
564 if (settings == null && type == PolicyBasedPermission.USER_ASSIGNED_TYPE) |
475 return new SecurityPolicyPermission( |
565 { |
476 pName, pTarget, pAction, pType); |
566 return new SecurityPolicyPermission(name, target, actionList, PolicyBasedPermission.ASSIGNED_TYPE); |
477 } |
567 } |
478 else |
568 return new SecurityPolicyPermission(name, target, actionList, type, settings); |
479 { |
|
480 return new SecurityPolicyPermission( |
|
481 pName, pTarget, pAction, pSettings); |
|
482 } |
|
483 } |
569 } |
484 } |
570 } |