FileDocCategorySizeDatePackage
AccessControlContext.javaAPI DocAndroid 1.5 API10966Wed May 06 22:41:04 BST 2009java.security

AccessControlContext

public final class AccessControlContext extends Object
{@code AccessControlContext} encapsulates the {@code ProtectionDomain}s on which access control decisions are based.

Fields Summary
ProtectionDomain[]
context
DomainCombiner
combiner
private AccessControlContext
inherited
Constructors Summary
public AccessControlContext(AccessControlContext acc, DomainCombiner combiner)
Constructs a new instance of {@code AccessControlContext} with the specified {@code AccessControlContext} and {@code DomainCombiner}.

If a {@code SecurityManager} is installed, code calling this constructor need the {@code SecurityPermission} {@code createAccessControlContext} to be granted, otherwise a {@code SecurityException} will be thrown.

param
acc the {@code AccessControlContext} related to the given {@code DomainCombiner}
param
combiner the {@code DomainCombiner} related to the given {@code AccessControlContext}
throws
SecurityException if a {@code SecurityManager} is installed and the caller does not have permission to invoke this constructor
throws
NullPointerException if {@code acc} is {@code null}
since
Android 1.0

        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new SecurityPermission(
                    "createAccessControlContext"));
        }
        // no need to clone() here as ACC is immutable
        this.context = acc.context;
        this.combiner = combiner;
public AccessControlContext(ProtectionDomain[] context)
Constructs a new instance of {@code AccessControlContext} with the specified array of {@code ProtectionDomain}s.

param
context the {@code ProtectionDomain}s that are used to perform access checks in the context of this {@code AccessControlContext}
throws
NullPointerException if {@code context} is {@code null}
since
Android 1.0

        if (context == null) {
            throw new NullPointerException("context can not be null");
        }
        if (context.length != 0) {
            // remove dup entries
            ArrayList<ProtectionDomain> a = new ArrayList<ProtectionDomain>();
            for (int i = 0; i < context.length; i++) {
                if (context[i] != null && !a.contains(context[i])) {
                    a.add(context[i]);
                }
            }
            if (a.size() != 0) {
                this.context = new ProtectionDomain[a.size()];
                a.toArray(this.context);
            }
        }
        if (this.context == null) {
            // Prevent numerous checks for 'context==null' 
            this.context = new ProtectionDomain[0];
        }
AccessControlContext(ProtectionDomain[] stack, AccessControlContext inherited)
Package-level ctor which is used in AccessController.
ProtectionDomains passed as stack is then passed into {@link #AccessControlContext(ProtectionDomain[])}, therefore:
  • it must not be null
  • duplicates will be removed
  • null-s will be removed

    • param
    stack - array of ProtectionDomains
    param
    inherited - inherited context, which may be null

            this(stack); // removes dups, removes nulls, checks for stack==null
        this.inherited = inherited;
    AccessControlContext(ProtectionDomain[] stack, DomainCombiner combiner)
    Package-level ctor which is used in AccessController.
    ProtectionDomains passed as stack is then passed into {@link #AccessControlContext(ProtectionDomain[])}, therefore:
  • it must not be null
  • duplicates will be removed
  • null-s will be removed

    • param
    stack - array of ProtectionDomains
    param
    combiner - combiner

            this(stack); // removes dups, removes nulls, checks for stack==null
        this.combiner = combiner;
    Methods Summary
    public voidcheckPermission(java.security.Permission perm)
    Checks the specified permission against the vm's current security policy. The check is based on this {@code AccessControlContext} as opposed to the {@link AccessController#checkPermission(Permission)} method which performs access checks based on the context of the current thread. This method returns silently if the permission is granted, otherwise an {@code AccessControlException} is thrown.

    A permission is considered granted if every {@link ProtectionDomain} in this context has been granted the specified permission.

    If privileged operations are on the call stack, only the {@code ProtectionDomain}s from the last privileged operation are taken into account.

    If inherited methods are on the call stack, the protection domains of the declaring classes are checked, not the protection domains of the classes on which the method is invoked.

    param
    perm the permission to check against the policy
    throws
    AccessControlException if the specified permission is not granted
    throws
    NullPointerException if the specified permission is {@code null}
    see
    AccessController#checkPermission(Permission)
    since
    Android 1.0

            if (perm == null) {
            throw new NullPointerException("Permission cannot be null");
        }
        for (int i = 0; i < context.length; i++) {
            if (!context[i].implies(perm)) {
                throw new AccessControlException("Permission check failed "
                        + perm, perm);
            }
        }
        if (inherited != null) {
            inherited.checkPermission(perm);
        }
    public booleanequals(java.lang.Object obj)
    Compares the specified object with this {@code AccessControlContext} for equality. Returns {@code true} if the specified object is also an instance of {@code AccessControlContext}, and the two contexts encapsulate the same {@code ProtectionDomain}s. The order of the {@code ProtectionDomain}s is ignored by this method.

    param
    obj object to be compared for equality with this {@code AccessControlContext}
    return
    {@code true} if the specified object is equal to this {@code AccessControlContext}, otherwise {@code false}
    since
    Android 1.0

            if (this == obj) {
            return true;
        }
        if (obj instanceof AccessControlContext) {
            AccessControlContext that = (AccessControlContext) obj;
            if (!(PolicyUtils.matchSubset(context, that.context) && PolicyUtils
                    .matchSubset(that.context, context))) {
                return false;
            }
            // BEGIN android-changed
            if(combiner != null) {
                return combiner.equals(that.combiner);
            }
            return that.combiner == null;
            // END android-changed
        }
        return false;
    public java.security.DomainCombinergetDomainCombiner()
    Returns the {@code DomainCombiner} associated with this {@code AccessControlContext}.

    If a {@code SecurityManager} is installed, code calling this method needs the {@code SecurityPermission} {@code getDomainCombiner} to be granted, otherwise a {@code SecurityException} will be thrown.

    return
    the {@code DomainCombiner} associated with this {@code AccessControlContext}
    throws
    SecurityException if a {@code SecurityManager} is installed and the caller does not have permission to invoke this method
    since
    Android 1.0

            SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new SecurityPermission("getDomainCombiner"));
        }
        return combiner;
    public inthashCode()
    Returns the hash code value for this {@code AccessControlContext}. Returns the same hash code for {@code AccessControlContext}s that are equal to each other as required by the general contract of {@link Object#hashCode}.

    return
    the hash code value for this {@code AccessControlContext}
    see
    Object#equals(Object)
    see
    AccessControlContext#equals(Object)
    since
    Android 1.0

            int hash = 0;
        for (int i = 0; i < context.length; i++) {
            hash ^= context[i].hashCode();
        }
        return hash;