diff options
Diffstat (limited to 'bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java')
-rw-r--r-- | bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java | 89 |
1 files changed, 39 insertions, 50 deletions
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java index 43dc91154..6a93c53d2 100644 --- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java +++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/SecurityTable.java @@ -16,7 +16,6 @@ import java.security.PermissionCollection; import java.util.Enumeration; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; - import org.eclipse.osgi.internal.permadmin.SecurityRow.Decision; import org.osgi.service.condpermadmin.Condition; @@ -32,8 +31,7 @@ public class SecurityTable extends PermissionCollection { private final SecurityRow[] rows; private final SecurityAdmin securityAdmin; - private final transient Map<EvaluationCacheKey, Integer> evaluationCache = - new ConcurrentHashMap<>(10000); + private final transient Map<EvaluationCacheKey, Integer> evaluationCache = new ConcurrentHashMap<>(10000); public SecurityTable(SecurityAdmin securityAdmin, SecurityRow[] rows) { if (rows == null) @@ -50,8 +48,7 @@ public class SecurityTable extends PermissionCollection { if (bundlePermissions == null) { return ABSTAIN; } - EvaluationCacheKey evaluationCacheKey = new EvaluationCacheKey(bundlePermissions, - permission); + EvaluationCacheKey evaluationCacheKey = new EvaluationCacheKey(bundlePermissions, permission); if (isEmpty()) { evaluationCache.put(evaluationCacheKey, ABSTAIN); return ABSTAIN; @@ -74,9 +71,7 @@ public class SecurityTable extends PermissionCollection { for (int i = 0; i < rows.length && immediateDecisionIdx == -1; i++) { if (result == null) { //check all conditions for any that are mutable, this will turn off the cache - hasMutable |= checkMutable(bundlePermissions, - evaluationCacheKey, - rows[i]); + hasMutable |= checkMutable(bundlePermissions, evaluationCacheKey, rows[i]); } try { results[i] = rows[i].evaluate(bundlePermissions, permission); @@ -102,11 +97,7 @@ public class SecurityTable extends PermissionCollection { // no need to process the rest of the rows immediateDecisionIdx = i; } - Integer immediateDecision = handlePostponedConditions(evaluationCacheKey, - hasMutable, - postponed, - results, - immediateDecisionIdx); + Integer immediateDecision = handlePostponedConditions(evaluationCacheKey, hasMutable, postponed, results, immediateDecisionIdx); if (immediateDecision != null) return immediateDecision; int finalDecision = postponed ? POSTPONED : ABSTAIN; @@ -116,8 +107,7 @@ public class SecurityTable extends PermissionCollection { return finalDecision; } - private boolean checkMutable(BundlePermissions bundlePermissions, - EvaluationCacheKey evaluationCacheKey, SecurityRow row) { + private boolean checkMutable(BundlePermissions bundlePermissions, EvaluationCacheKey evaluationCacheKey, SecurityRow row) { Condition[] conditions = row.getConditions(bundlePermissions); if (conditions != null) { for (Condition condition : conditions) { @@ -130,42 +120,41 @@ public class SecurityTable extends PermissionCollection { return false; } - private Integer handlePostponedConditions(EvaluationCacheKey evaluationCacheKey, - boolean hasMutable, boolean postponed, Decision[] results, int immediateDecisionIdx) { + private Integer handlePostponedConditions(EvaluationCacheKey evaluationCacheKey, boolean hasMutable, boolean postponed, Decision[] results, int immediateDecisionIdx) { if (postponed) { - int immediateDecision = immediateDecisionIdx < 0 ? DENIED : results[immediateDecisionIdx].decision; - // iterate over all postponed conditions; - // if they all provide the same decision as the immediate decision then return the immediate decision - boolean allSameDecision = true; - int i = immediateDecisionIdx < 0 ? results.length - 1 : immediateDecisionIdx - 1; - for (; i >= 0 && allSameDecision; i--) { - if ((results[i].decision & POSTPONED) == POSTPONED) { - if ((results[i].decision & immediateDecision) == 0) - allSameDecision = false; - else - results[i] = SecurityRow.DECISION_ABSTAIN; // we can clear postpones with the same decision as the immediate - } - } - if (allSameDecision) { - if (!hasMutable) { - evaluationCache.put(evaluationCacheKey, immediateDecision); - } - return immediateDecision; - } - - // we now are forced to postpone; we need to also remember the postponed decisions and - // the immediate decision if there is one. - EquinoxSecurityManager equinoxManager = securityAdmin.getSupportedSecurityManager(); - if (equinoxManager == null) { - // TODO this is really an error condition. - // This should never happen. We checked for a supported manager when the row was postponed - if (!hasMutable) { - evaluationCache.put(evaluationCacheKey, ABSTAIN); - } - return ABSTAIN; - } - equinoxManager.addConditionsForDomain(results); - } + int immediateDecision = immediateDecisionIdx < 0 ? DENIED : results[immediateDecisionIdx].decision; + // iterate over all postponed conditions; + // if they all provide the same decision as the immediate decision then return the immediate decision + boolean allSameDecision = true; + int i = immediateDecisionIdx < 0 ? results.length - 1 : immediateDecisionIdx - 1; + for (; i >= 0 && allSameDecision; i--) { + if ((results[i].decision & POSTPONED) == POSTPONED) { + if ((results[i].decision & immediateDecision) == 0) + allSameDecision = false; + else + results[i] = SecurityRow.DECISION_ABSTAIN; // we can clear postpones with the same decision as the immediate + } + } + if (allSameDecision) { + if (!hasMutable) { + evaluationCache.put(evaluationCacheKey, immediateDecision); + } + return immediateDecision; + } + + // we now are forced to postpone; we need to also remember the postponed decisions and + // the immediate decision if there is one. + EquinoxSecurityManager equinoxManager = securityAdmin.getSupportedSecurityManager(); + if (equinoxManager == null) { + // TODO this is really an error condition. + // This should never happen. We checked for a supported manager when the row was postponed + if (!hasMutable) { + evaluationCache.put(evaluationCacheKey, ABSTAIN); + } + return ABSTAIN; + } + equinoxManager.addConditionsForDomain(results); + } return null; } |