001: /*
002: *
003: *
004: * Copyright 1990-2007 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package com.sun.midp.security;
028:
029: /**
030: * Contains methods to get various security state information of the currently
031: * running MIDlet suite.
032: */
033: public final class SecurityToken {
034:
035: /** The standard security exception message. */
036: public static final String STD_EX_MSG = "Application not authorized to access the restricted API";
037:
038: /** Enables the first domain be constructed without a domain. */
039: private static boolean firstCaller = true;
040:
041: /** Permission list. */
042: private byte permissions[];
043:
044: /**
045: * Creates a security domain with a list of permitted actions or no list
046: * to indicate all actions. The caller must be have permission for
047: * <code>Permissions.MIDP</code> or be the first caller of
048: * the method for this instance of the VM.
049: * @param securityToken security token of the caller, can be null for
050: * the first caller
051: * @param ApiPermissions for the token
052: * @exception SecurityException if caller is not permitted to call this
053: * method
054: */
055: SecurityToken(SecurityToken securityToken, byte[][] ApiPermissions) {
056: if (firstCaller) {
057: // The first call is during system initialization.
058: firstCaller = false;
059: } else {
060: securityToken.checkIfPermissionAllowed(Permissions.MIDP);
061: }
062:
063: permissions = ApiPermissions[Permissions.CUR_LEVELS];
064: }
065:
066: /**
067: * Check to see the suite has the ALLOW level for specific permission.
068: * This is used for by internal APIs that only provide access to
069: * trusted system applications.
070: *
071: * @param permission permission ID from com.sun.midp.security.Permissions
072: *
073: * @exception SecurityException if the permission is not
074: * allowed by this token
075: */
076: public void checkIfPermissionAllowed(int permission) {
077: checkIfPermissionAllowed(permission, STD_EX_MSG);
078: }
079:
080: /**
081: * Check to see the suite has the ALLOW level for specific permission.
082: * This is used for by internal APIs that only provide access to
083: * trusted system applications.
084: *
085: * @param permission permission ID from com.sun.midp.security.Permissions
086: * @param exceptionMsg message if a security exception is thrown
087: *
088: * @exception SecurityException if the permission is not
089: * allowed by this token
090: */
091: public void checkIfPermissionAllowed(int permission,
092: String exceptionMsg) {
093: if (permissions == null) {
094: /* totally trusted, all permission allowed */
095: return;
096: }
097:
098: if (permission >= 0 && permission < permissions.length
099: && (permissions[permission] == Permissions.ALLOW)) {
100: return;
101: }
102:
103: // this method do not ask the user
104: throw new SecurityException(exceptionMsg);
105: }
106: }
|