1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
/*
* $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/AdminPermission.java,v 1.34 2007/02/21 16:49:05 hargrave Exp $
*
* Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.osgi.framework;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.*;
/**
* A bundle's authority to perform specific privileged administrative operations
* on or to get sensitive information about a bundle. The actions for this
* permission are:
*
* <pre>
* Action Methods
* class Bundle.loadClass
* execute Bundle.start
* Bundle.stop
* StartLevel.setBundleStartLevel
* extensionLifecycle BundleContext.installBundle for extension bundles
* Bundle.update for extension bundles
* Bundle.uninstall for extension bundles
* lifecycle BundleContext.installBundle
* Bundle.update
* Bundle.uninstall
* listener BundleContext.addBundleListener for SynchronousBundleListener
* BundleContext.removeBundleListener for SynchronousBundleListener
* metadata Bundle.getHeaders
* Bundle.getLocation
* resolve PackageAdmin.refreshPackages
* PackageAdmin.resolveBundles
* resource Bundle.getResource
* Bundle.getResources
* Bundle.getEntry
* Bundle.getEntryPaths
* Bundle.findEntries
* Bundle resource/entry URL creation
* startlevel StartLevel.setStartLevel
* StartLevel.setInitialBundleStartLevel
* context Bundle.getBundleContext
*
* </pre>
*
* <p>
* The special action "*" will represent all actions.
* <p>
* The name of this permission is a filter expression. The filter gives access
* to the following parameters:
* <ul>
* <li>signer - A Distinguished Name chain used to sign a bundle. Wildcards in
* a DN are not matched according to the filter string rules, but according to
* the rules defined for a DN chain.</li>
* <li>location - The location of a bundle.</li>
* <li>id - The bundle ID of the designated bundle.</li>
* <li>name - The symbolic name of a bundle.</li>
* </ul>
*
* @ThreadSafe
* @version $Revision: 1.34 $
*/
public final class AdminPermission extends BasicPermission {
static final long serialVersionUID = 307051004521261705L;
/**
* The action string <code>class</code> (Value is "class").
* @since 1.3
*/
public final static String CLASS = "class";
/**
* The action string <code>execute</code> (Value is "execute").
* @since 1.3
*/
public final static String EXECUTE = "execute";
/**
* The action string <code>extensionLifecycle</code> (Value is
* "extensionLifecycle").
* @since 1.3
*/
public final static String EXTENSIONLIFECYCLE = "extensionLifecycle";
/**
* The action string <code>lifecycle</code> (Value is "lifecycle").
* @since 1.3
*/
public final static String LIFECYCLE = "lifecycle";
/**
* The action string <code>listener</code> (Value is "listener").
* @since 1.3
*/
public final static String LISTENER = "listener";
/**
* The action string <code>metadata</code> (Value is "metadata").
* @since 1.3
*/
public final static String METADATA = "metadata";
/**
* The action string <code>resolve</code> (Value is "resolve").
* @since 1.3
*/
public final static String RESOLVE = "resolve";
/**
* The action string <code>resource</code> (Value is "resource").
* @since 1.3
*/
public final static String RESOURCE = "resource";
/**
* The action string <code>startlevel</code> (Value is "startlevel").
* @since 1.3
*/
public final static String STARTLEVEL = "startlevel";
/**
* The action string <code>context</code> (Value is "context").
* @since 1.4
*/
public final static String CONTEXT = "context";
/*
* NOTE: A framework implementor may also choose to replace this class in
* their distribution with a class that directly interfaces with the
* framework implementation. This replacement class MUST NOT
* alter the public/protected signature of this class.
*/
/*
* This class will load the AdminPermission class in the package named by
* the org.osgi.vendor.framework package. For each instance of this class,
* an instance of the vendor AdminPermission class will be created and this
* class will delegate method calls to the vendor AdminPermission instance.
*/
private static class ImplHolder implements PrivilegedAction<Constructor[]> {
private static final String packageProperty = "org.osgi.vendor.framework";
static final Constructor initStringString;
static final Constructor initBundleString;
static {
Constructor[] constructors = AccessController.doPrivileged(new ImplHolder());
initStringString = constructors[0];
initBundleString = constructors[1];
}
private ImplHolder() {
}
public Constructor[] run() {
String packageName = System
.getProperty(packageProperty);
if (packageName == null) {
throw new NoClassDefFoundError(packageProperty
+ " property not set");
}
Class<?> delegateClass;
try {
delegateClass = Class.forName(packageName
+ ".AdminPermission");
}
catch (ClassNotFoundException e) {
throw new NoClassDefFoundError(e.toString());
}
Constructor[] result = new Constructor[2];
try {
result[0] = delegateClass
.getConstructor(new Class[] {String.class,
String.class });
result[1] = delegateClass
.getConstructor(new Class[] {Bundle.class,
String.class });
}
catch (NoSuchMethodException e) {
throw new NoSuchMethodError(e.toString());
}
return result;
}
}
/*
* This is the delegate permission created by the constructor.
*/
private final Permission delegate;
/**
* Creates a new <code>AdminPermission</code> object that matches all
* bundles and has all actions. Equivalent to AdminPermission("*","*");
*/
public AdminPermission() {
this("*", "*"); //$NON-NLS-1$
}
/**
* Create a new AdminPermission.
*
* This constructor must only be used to create a permission that is going
* to be checked.
* <p>
* Examples:
*
* <pre>
* (signer=\*,o=ACME,c=US)
* (&(signer=\*,o=ACME,c=US)(name=com.acme.*)(location=http://www.acme.com/bundles/*))
* (id>=1)
* </pre>
*
* <p>
* When a signer key is used within the filter expression the signer value
* must escape the special filter chars ('*', '(', ')').
* <p>
* Null arguments are equivalent to "*".
*
* @param filter A filter expression that can use signer, location, id, and
* name keys. A value of "*" or <code>null</code> matches
* all bundle.
* @param actions <code>class</code>, <code>execute</code>,
* <code>extensionLifecycle</code>, <code>lifecycle</code>,
* <code>listener</code>, <code>metadata</code>,
* <code>resolve</code>, <code>resource</code>,
* <code>startlevel</code> or <code>context</code>. A value of "*" or <code>null</code>
* indicates all actions
*/
public AdminPermission(String filter, String actions) {
// arguments will be null if called from a PermissionInfo defined with
// no args
super(filter == null ? "*" : filter);
try {
try {
delegate = (Permission) ImplHolder.initStringString
.newInstance(new Object[] {filter, actions});
}
catch (InvocationTargetException e) {
throw e.getTargetException();
}
}
catch (Error e) {
throw e;
}
catch (RuntimeException e) {
throw e;
}
catch (Throwable e) {
throw new RuntimeException(e.toString());
}
}
/**
* Creates a new <code>AdminPermission</code> object to be used by the
* code that must check a <code>Permission</code> object.
*
* @param bundle A bundle
* @param actions <code>class</code>, <code>execute</code>,
* <code>extensionLifecycle</code>, <code>lifecycle</code>,
* <code>listener</code>, <code>metadata</code>,
* <code>resolve</code>, <code>resource</code>,
* <code>startlevel</code>, <code>context</code>.
* @since 1.3
*/
public AdminPermission(Bundle bundle, String actions) {
super(createName(bundle));
try {
try {
delegate = (Permission) ImplHolder.initBundleString
.newInstance(new Object[] {bundle, actions});
}
catch (InvocationTargetException e) {
throw e.getTargetException();
}
}
catch (Error e) {
throw e;
}
catch (RuntimeException e) {
throw e;
}
catch (Throwable e) {
throw new RuntimeException(e.toString());
}
}
/**
* Create a permission name from a Bundle
*
* @param bundle Bundle to use to create permission name.
* @return permission name.
*/
private static String createName(Bundle bundle) {
StringBuffer sb = new StringBuffer();
sb.append("(id=");
sb.append(bundle.getBundleId());
sb.append(")");
return sb.toString();
}
/**
* Determines the equality of two <code>AdminPermission</code> objects.
*
* @param obj The object being compared for equality with this object.
* @return <code>true</code> if <code>obj</code> is equivalent to this
* <code>AdminPermission</code>; <code>false</code> otherwise.
*/
public boolean equals(Object obj) {
if (obj == this) {
return true;
}
if (!(obj instanceof AdminPermission)) {
return false;
}
AdminPermission p = (AdminPermission) obj;
return delegate.equals(p.delegate);
}
/**
* Returns the hash code value for this object.
*
* @return Hash code value for this object.
*/
public int hashCode() {
return delegate.hashCode();
}
/**
* Returns the canonical string representation of the
* <code>AdminPermission</code> actions.
*
* <p>
* Always returns present <code>AdminPermission</code> actions in the
* following order: <code>class</code>, <code>execute</code>,
* <code>extensionLifecycle</code>, <code>lifecycle</code>,
* <code>listener</code>, <code>metadata</code>, <code>resolve</code>,
* <code>resource</code>, <code>startlevel</code>, <code>context</code>.
*
* @return Canonical string representation of the
* <code>AdminPermission</code> actions.
*/
public String getActions() {
return delegate.getActions();
}
/**
* Determines if the specified permission is implied by this object. This
* method throws an exception if the specified permission was not
* constructed with a bundle.
*
* <p>
* This method returns <code>true</code> if the specified permission is an
* AdminPermission AND
* <ul>
* <li>this object's filter matches the specified permission's bundle ID,
* bundle symbolic name, bundle location and bundle signer distinguished
* name chain OR</li>
* <li>this object's filter is "*"</li>
* </ul>
* AND this object's actions include all of the specified permission's
* actions.
* <p>
* Special case: if the specified permission was constructed with "*"
* filter, then this method returns <code>true</code> if this object's
* filter is "*" and this object's actions include all of the specified
* permission's actions
*
* @param p The permission to interrogate.
*
* @return <code>true</code> if the specified permission is implied by
* this object; <code>false</code> otherwise.
* @throws RuntimeException if specified permission was not constructed with
* a bundle or "*"
*/
public boolean implies(Permission p) {
if (!(p instanceof AdminPermission)) {
return false;
}
AdminPermission pp = (AdminPermission) p;
return delegate.implies(pp.delegate);
}
/**
* Returns a new <code>PermissionCollection</code> object suitable for
* storing <code>AdminPermission</code>s.
*
* @return A new <code>PermissionCollection</code> object.
*/
public PermissionCollection newPermissionCollection() {
return delegate.newPermissionCollection();
}
}
|
