Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java')
-rw-r--r--bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java89
1 files changed, 39 insertions, 50 deletions
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java
index 43dc91154..6a93c53d2 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java
@@ -16,7 +16,6 @@ import java.security.PermissionCollection;
import java.util.Enumeration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
-
import org.eclipse.osgi.internal.permadmin.SecurityRow.Decision;
import org.osgi.service.condpermadmin.Condition;
@@ -32,8 +31,7 @@ public class SecurityTable extends PermissionCollection {
private final SecurityRow[] rows;
private final SecurityAdmin securityAdmin;
- private final transient Map<EvaluationCacheKey, Integer> evaluationCache =
- new ConcurrentHashMap<>(10000);
+ private final transient Map<EvaluationCacheKey, Integer> evaluationCache = new ConcurrentHashMap<>(10000);
public SecurityTable(SecurityAdmin securityAdmin, SecurityRow[] rows) {
if (rows == null)
@@ -50,8 +48,7 @@ public class SecurityTable extends PermissionCollection {
if (bundlePermissions == null) {
return ABSTAIN;
}
- EvaluationCacheKey evaluationCacheKey = new EvaluationCacheKey(bundlePermissions,
- permission);
+ EvaluationCacheKey evaluationCacheKey = new EvaluationCacheKey(bundlePermissions, permission);
if (isEmpty()) {
evaluationCache.put(evaluationCacheKey, ABSTAIN);
return ABSTAIN;
@@ -74,9 +71,7 @@ public class SecurityTable extends PermissionCollection {
for (int i = 0; i < rows.length && immediateDecisionIdx == -1; i++) {
if (result == null) {
//check all conditions for any that are mutable, this will turn off the cache
- hasMutable |= checkMutable(bundlePermissions,
- evaluationCacheKey,
- rows[i]);
+ hasMutable |= checkMutable(bundlePermissions, evaluationCacheKey, rows[i]);
}
try {
results[i] = rows[i].evaluate(bundlePermissions, permission);
@@ -102,11 +97,7 @@ public class SecurityTable extends PermissionCollection {
// no need to process the rest of the rows
immediateDecisionIdx = i;
}
- Integer immediateDecision = handlePostponedConditions(evaluationCacheKey,
- hasMutable,
- postponed,
- results,
- immediateDecisionIdx);
+ Integer immediateDecision = handlePostponedConditions(evaluationCacheKey, hasMutable, postponed, results, immediateDecisionIdx);
if (immediateDecision != null)
return immediateDecision;
int finalDecision = postponed ? POSTPONED : ABSTAIN;
@@ -116,8 +107,7 @@ public class SecurityTable extends PermissionCollection {
return finalDecision;
}
- private boolean checkMutable(BundlePermissions bundlePermissions,
- EvaluationCacheKey evaluationCacheKey, SecurityRow row) {
+ private boolean checkMutable(BundlePermissions bundlePermissions, EvaluationCacheKey evaluationCacheKey, SecurityRow row) {
Condition[] conditions = row.getConditions(bundlePermissions);
if (conditions != null) {
for (Condition condition : conditions) {
@@ -130,42 +120,41 @@ public class SecurityTable extends PermissionCollection {
return false;
}
- private Integer handlePostponedConditions(EvaluationCacheKey evaluationCacheKey,
- boolean hasMutable, boolean postponed, Decision[] results, int immediateDecisionIdx) {
+ private Integer handlePostponedConditions(EvaluationCacheKey evaluationCacheKey, boolean hasMutable, boolean postponed, Decision[] results, int immediateDecisionIdx) {
if (postponed) {
- int immediateDecision = immediateDecisionIdx < 0 ? DENIED : results[immediateDecisionIdx].decision;
- // iterate over all postponed conditions;
- // if they all provide the same decision as the immediate decision then return the immediate decision
- boolean allSameDecision = true;
- int i = immediateDecisionIdx < 0 ? results.length - 1 : immediateDecisionIdx - 1;
- for (; i >= 0 && allSameDecision; i--) {
- if ((results[i].decision & POSTPONED) == POSTPONED) {
- if ((results[i].decision & immediateDecision) == 0)
- allSameDecision = false;
- else
- results[i] = SecurityRow.DECISION_ABSTAIN; // we can clear postpones with the same decision as the immediate
- }
- }
- if (allSameDecision) {
- if (!hasMutable) {
- evaluationCache.put(evaluationCacheKey, immediateDecision);
- }
- return immediateDecision;
- }
-
- // we now are forced to postpone; we need to also remember the postponed decisions and
- // the immediate decision if there is one.
- EquinoxSecurityManager equinoxManager = securityAdmin.getSupportedSecurityManager();
- if (equinoxManager == null) {
- // TODO this is really an error condition.
- // This should never happen. We checked for a supported manager when the row was postponed
- if (!hasMutable) {
- evaluationCache.put(evaluationCacheKey, ABSTAIN);
- }
- return ABSTAIN;
- }
- equinoxManager.addConditionsForDomain(results);
- }
+ int immediateDecision = immediateDecisionIdx < 0 ? DENIED : results[immediateDecisionIdx].decision;
+ // iterate over all postponed conditions;
+ // if they all provide the same decision as the immediate decision then return the immediate decision
+ boolean allSameDecision = true;
+ int i = immediateDecisionIdx < 0 ? results.length - 1 : immediateDecisionIdx - 1;
+ for (; i >= 0 && allSameDecision; i--) {
+ if ((results[i].decision & POSTPONED) == POSTPONED) {
+ if ((results[i].decision & immediateDecision) == 0)
+ allSameDecision = false;
+ else
+ results[i] = SecurityRow.DECISION_ABSTAIN; // we can clear postpones with the same decision as the immediate
+ }
+ }
+ if (allSameDecision) {
+ if (!hasMutable) {
+ evaluationCache.put(evaluationCacheKey, immediateDecision);
+ }
+ return immediateDecision;
+ }
+
+ // we now are forced to postpone; we need to also remember the postponed decisions and
+ // the immediate decision if there is one.
+ EquinoxSecurityManager equinoxManager = securityAdmin.getSupportedSecurityManager();
+ if (equinoxManager == null) {
+ // TODO this is really an error condition.
+ // This should never happen. We checked for a supported manager when the row was postponed
+ if (!hasMutable) {
+ evaluationCache.put(evaluationCacheKey, ABSTAIN);
+ }
+ return ABSTAIN;
+ }
+ equinoxManager.addConditionsForDomain(results);
+ }
return null;
}

Back to the top