diff options
author | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
---|---|---|
committer | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
commit | 554fd8c5195424bdbcabf5de30fdc183aba391bd (patch) | |
tree | 976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/vm/reference/java/security | |
download | cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2 cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz |
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig;
imported gcc-4.6.4 source tree from verified upstream tarball.
downloading a git-generated archive based on the 'upstream' tag
should provide you with a source tree that is binary identical
to the one extracted from the above tarball.
if you have obtained the source via the command 'git clone',
however, do note that line-endings of files in your working
directory might differ from line-endings of the respective
files in the upstream repository.
Diffstat (limited to 'libjava/classpath/vm/reference/java/security')
-rw-r--r-- | libjava/classpath/vm/reference/java/security/VMAccessController.java | 280 | ||||
-rw-r--r-- | libjava/classpath/vm/reference/java/security/VMSecureRandom.java | 129 |
2 files changed, 409 insertions, 0 deletions
diff --git a/libjava/classpath/vm/reference/java/security/VMAccessController.java b/libjava/classpath/vm/reference/java/security/VMAccessController.java new file mode 100644 index 000000000..9299e6f84 --- /dev/null +++ b/libjava/classpath/vm/reference/java/security/VMAccessController.java @@ -0,0 +1,280 @@ +/* VMAccessController.java -- VM-specific access controller methods. + Copyright (C) 2004, 2005 Free Software Foundation, Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.util.HashSet; +import java.util.LinkedList; + +final class VMAccessController +{ + + // Fields. + // ------------------------------------------------------------------------- + + /** + * This is a per-thread stack of AccessControlContext objects (which can + * be null) for each call to AccessController.doPrivileged in each thread's + * call stack. We use this to remember which context object corresponds to + * which call. + */ + private static final ThreadLocal contexts = new ThreadLocal(); + + /** + * This is a Boolean that, if set, tells getContext that it has already + * been called once, allowing us to handle recursive permission checks + * caused by methods getContext calls. + */ + private static final ThreadLocal inGetContext = new ThreadLocal(); + + /** + * And we return this all-permissive context to ensure that privileged + * methods called from getContext succeed. + */ + private static final AccessControlContext DEFAULT_CONTEXT; + static + { + CodeSource source = new CodeSource(null, null); + Permissions permissions = new Permissions(); + permissions.add(new AllPermission()); + ProtectionDomain[] domain = new ProtectionDomain[] { + new ProtectionDomain(source, permissions) + }; + DEFAULT_CONTEXT = new AccessControlContext(domain); + } + + private static final boolean DEBUG = gnu.classpath.Configuration.DEBUG; + private static void debug(String msg) + { + System.err.print(">>> VMAccessController: "); + System.err.println(msg); + } + + // Constructors. + // ------------------------------------------------------------------------- + + private VMAccessController() { } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Relate a class (which should be an instance of {@link PrivilegedAction} + * with an access control context. This method is used by {@link + * AccessController#doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)} + * to set up the context that will be returned by {@link #getContext()}. + * This method relates the class to the current thread, so contexts + * pushed from one thread will not be available to another. + * + * @param acc The access control context. + */ + static void pushContext (AccessControlContext acc) + { + if (DEBUG) + debug("pushing " + acc); + LinkedList stack = (LinkedList) contexts.get(); + if (stack == null) + { + if (DEBUG) + debug("no stack... creating "); + stack = new LinkedList(); + contexts.set(stack); + } + stack.addFirst(acc); + } + + /** + * Removes the relation of a class to an {@link AccessControlContext}. + * This method is used by {@link AccessController} when exiting from a + * call to {@link + * AccessController#doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)}. + */ + static void popContext() + { + if (DEBUG) + debug("popping context"); + + // Stack should never be null, nor should it be empty, if this method + // and its counterpart has been called properly. + LinkedList stack = (LinkedList) contexts.get(); + if (stack != null) + { + stack.removeFirst(); + if (stack.isEmpty()) + contexts.set(null); + } + else if (DEBUG) + { + debug("no stack during pop?????"); + } + } + + /** + * Examine the method stack of the currently running thread, and create + * an {@link AccessControlContext} filled in with the appropriate {@link + * ProtectionDomain} objects given this stack. + * + * @return The context. + */ + static AccessControlContext getContext() + { + // If we are already in getContext, but called a method that needs + // a permission check, return the all-permissive context so methods + // called from here succeed. + // + // XXX is this necessary? We should verify if there are any calls in + // the stack below this method that require permission checks. + Boolean inCall = (Boolean) inGetContext.get(); + if (inCall != null && inCall.booleanValue()) + { + if (DEBUG) + debug("already in getContext"); + return DEFAULT_CONTEXT; + } + + inGetContext.set(Boolean.TRUE); + + Object[][] stack = getStack(); + Class[] classes = (Class[]) stack[0]; + String[] methods = (String[]) stack[1]; + + if (DEBUG) + debug("got trace of length " + classes.length); + + HashSet domains = new HashSet(); + HashSet seenDomains = new HashSet(); + AccessControlContext context = null; + int privileged = 0; + + // We walk down the stack, adding each ProtectionDomain for each + // class in the call stack. If we reach a call to doPrivileged, + // we don't add any more stack frames. We skip the first three stack + // frames, since they comprise the calls to getStack, getContext, + // and AccessController.getContext. + for (int i = 3; i < classes.length && privileged < 2; i++) + { + Class clazz = classes[i]; + String method = methods[i]; + + if (DEBUG) + { + debug("checking " + clazz + "." + method); + // subject to getClassLoader RuntimePermission + debug("loader = " + clazz.getClassLoader()); + } + + // If the previous frame was a call to doPrivileged, then this is + // the last frame we look at. + if (privileged == 1) + privileged = 2; + + if (clazz.equals (AccessController.class) + && method.equals ("doPrivileged")) + { + // If there was a call to doPrivileged with a supplied context, + // return that context. If using JAAS doAs*, it should be + // a context with a SubjectDomainCombiner + LinkedList l = (LinkedList) contexts.get(); + if (l != null) + context = (AccessControlContext) l.getFirst(); + privileged = 1; + } + + // subject to getProtectionDomain RuntimePermission + ProtectionDomain domain = clazz.getProtectionDomain(); + + if (domain == null) + continue; + if (seenDomains.contains(domain)) + continue; + seenDomains.add(domain); + + // Create a static snapshot of this domain, which may change over time + // if the current policy changes. + domains.add(new ProtectionDomain(domain.getCodeSource(), + domain.getPermissions())); + } + + if (DEBUG) + debug("created domains: " + domains); + + ProtectionDomain[] result = (ProtectionDomain[]) + domains.toArray(new ProtectionDomain[domains.size()]); + + if (context != null) + { + DomainCombiner dc = context.getDomainCombiner (); + // If the supplied context had no explicit DomainCombiner, use + // our private version, which computes the intersection of the + // context's domains with the derived set. + if (dc == null) + context = new AccessControlContext + (IntersectingDomainCombiner.SINGLETON.combine + (result, context.getProtectionDomains ())); + // Use the supplied DomainCombiner. This should be secure, + // because only trusted code may create an + // AccessControlContext with a custom DomainCombiner. + else + context = new AccessControlContext (result, context, dc); + } + // No context was supplied. Return the derived one. + else + context = new AccessControlContext (result); + + inGetContext.set(Boolean.FALSE); + return context; + } + + /** + * Returns a snapshot of the current call stack as a pair of arrays: + * the first an array of classes in the call stack, the second an array + * of strings containing the method names in the call stack. The two + * arrays match up, meaning that method <i>i</i> is declared in class + * <i>i</i>. The arrays are clean; it will only contain Java methods, + * and no element of the list should be null. + * + * <p>The default implementation returns an empty stack, which will be + * interpreted as having no permissions whatsoever. + * + * @return A pair of arrays describing the current call stack. The first + * element is an array of Class objects, and the second is an array + * of Strings comprising the method names. + */ + private static Object[][] getStack() + { + return new Object[][] { new Class[0], new String[0] }; + } +} diff --git a/libjava/classpath/vm/reference/java/security/VMSecureRandom.java b/libjava/classpath/vm/reference/java/security/VMSecureRandom.java new file mode 100644 index 000000000..bea154977 --- /dev/null +++ b/libjava/classpath/vm/reference/java/security/VMSecureRandom.java @@ -0,0 +1,129 @@ +/* VMSecureRandom.java -- random seed generator. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +/** + * VM-specific methods for generating real (or almost real) random + * seeds. VM implementors should write a version of this class that + * reads random bytes from some system source. + * + * <p>The default implementation of this class runs eight threads that + * increment counters in a tight loop, and XORs each counter to + * produce one byte of seed data. This is not very efficient, and is + * not guaranteed to be random (the thread scheduler is probably + * deterministic, after all). If possible, VM implementors should + * reimplement this class so it obtains a random seed from a system + * facility, such as a system entropy gathering device or hardware + * random number generator. + */ +final class VMSecureRandom +{ + + /** + * Generate a random seed. Implementations are free to generate + * fewer random bytes than are requested, and leave the remaining + * bytes of the destination buffer as zeros. Implementations SHOULD, + * however, make a best-effort attempt to satisfy the request. + * + * @param buffer The destination buffer. + * @param offset The offset in the buffer to start putting bytes. + * @param length The number of random bytes to generate. + */ + static int generateSeed(byte[] buffer, int offset, int length) + { + if (length < 0) + throw new IllegalArgumentException("length must be nonnegative"); + if (offset < 0 || offset + length > buffer.length) + throw new IndexOutOfBoundsException(); + + Spinner[] spinners = new Spinner[8]; + int n = 0x1; + for (int i = 0; i < spinners.length; i++) + { + spinners[i] = new Spinner((byte) n); + Thread t = new Thread(spinners[i]); + t.start(); + n <<= 1; + } + + // Wait until at least one spinner has started. + while (!(spinners[0].running || spinners[1].running || spinners[2].running + || spinners[3].running || spinners[4].running || spinners[5].running + || spinners[6].running || spinners[7].running)) + { + Thread.yield(); + } + + for (int i = offset; i < length; i++) + { + buffer[i] = (byte) (spinners[0].value ^ spinners[1].value ^ spinners[2].value + ^ spinners[3].value ^ spinners[4].value ^ spinners[5].value + ^ spinners[6].value ^ spinners[7].value); + Thread.yield(); + } + + for (int i = 0; i < spinners.length; i++) + spinners[i].stop(); + + return length; + } + + static class Spinner implements Runnable + { + volatile byte value; + volatile boolean running; + + Spinner(final byte initial) + { + value = initial; + } + + public void run() + { + running = true; + while (running) + value++; + } + + private void stop() + { + running = false; + } + } +} |