| Richard S. Hall | 930fecc | 2005-08-16 18:33:34 +0000 | [diff] [blame] | 1 | /* |
| 2 | * $Header: /cvshome/build/org.osgi.service.permissionadmin/src/org/osgi/service/permissionadmin/PermissionAdmin.java,v 1.7 2005/05/13 20:33:46 hargrave Exp $ |
| 3 | * |
| 4 | * Copyright (c) OSGi Alliance (2001, 2005). All Rights Reserved. |
| 5 | * |
| 6 | * This program and the accompanying materials are made available under the |
| 7 | * terms of the Eclipse Public License v1.0 which accompanies this |
| 8 | * distribution, and is available at http://www.eclipse.org/legal/epl-v10.html. |
| 9 | */ |
| 10 | |
| 11 | package org.osgi.service.permissionadmin; |
| 12 | |
| 13 | /** |
| 14 | * The Permission Admin service allows management agents to manage the |
| 15 | * permissions of bundles. There is at most one Permission Admin service present |
| 16 | * in the OSGi environment. |
| 17 | * <p> |
| 18 | * Access to the Permission Admin service is protected by corresponding |
| 19 | * <code>ServicePermission</code>. In addition <code>AdminPermission</code> is |
| 20 | * required to actually set permissions. |
| 21 | * |
| 22 | * <p> |
| 23 | * Bundle permissions are managed using a permission table. A bundle's location |
| 24 | * serves as the key into this permission table. The value of a table entry is |
| 25 | * the set of permissions (of type <code>PermissionInfo</code>) granted to the |
| 26 | * bundle named by the given location. A bundle may have an entry in the |
| 27 | * permission table prior to being installed in the Framework. |
| 28 | * |
| 29 | * <p> |
| 30 | * The permissions specified in <code>setDefaultPermissions</code> are used as the |
| 31 | * default permissions which are granted to all bundles that do not have an |
| 32 | * entry in the permission table. |
| 33 | * |
| 34 | * <p> |
| 35 | * Any changes to a bundle's permissions in the permission table will take |
| 36 | * effect no later than when bundle's <code>java.security.ProtectionDomain</code> |
| 37 | * is next involved in a permission check, and will be made persistent. |
| 38 | * |
| 39 | * <p> |
| 40 | * Only permission classes on the system classpath or from an exported package |
| 41 | * are considered during a permission check. Additionally, only permission |
| 42 | * classes that are subclasses of <code>java.security.Permission</code> and define |
| 43 | * a 2-argument constructor that takes a <i>name </i> string and an <i>actions |
| 44 | * </i> string can be used. |
| 45 | * <p> |
| 46 | * Permissions implicitly granted by the Framework (for example, a bundle's |
| 47 | * permission to access its persistent storage area) cannot be changed, and are |
| 48 | * not reflected in the permissions returned by <code>getPermissions</code> and |
| 49 | * <code>getDefaultPermissions</code>. |
| 50 | * |
| 51 | * @version $Revision: 1.7 $ |
| 52 | */ |
| 53 | public interface PermissionAdmin { |
| 54 | /** |
| 55 | * Gets the permissions assigned to the bundle with the specified location. |
| 56 | * |
| 57 | * @param location The location of the bundle whose permissions are to be |
| 58 | * returned. |
| 59 | * |
| 60 | * @return The permissions assigned to the bundle with the specified |
| 61 | * location, or <code>null</code> if that bundle has not been assigned |
| 62 | * any permissions. |
| 63 | */ |
| 64 | PermissionInfo[] getPermissions(String location); |
| 65 | |
| 66 | /** |
| 67 | * Assigns the specified permissions to the bundle with the specified |
| 68 | * location. |
| 69 | * |
| 70 | * @param location The location of the bundle that will be assigned the |
| 71 | * permissions. |
| 72 | * @param permissions The permissions to be assigned, or <code>null</code> if |
| 73 | * the specified location is to be removed from the permission table. |
| 74 | * @exception SecurityException if the caller does not have the |
| 75 | * <code>AdminPermission</code>. |
| 76 | */ |
| 77 | void setPermissions(String location, PermissionInfo[] permissions); |
| 78 | |
| 79 | /** |
| 80 | * Returns the bundle locations that have permissions assigned to them, that |
| 81 | * is, bundle locations for which an entry exists in the permission table. |
| 82 | * |
| 83 | * @return The locations of bundles that have been assigned any permissions, |
| 84 | * or <code>null</code> if the permission table is empty. |
| 85 | */ |
| 86 | String[] getLocations(); |
| 87 | |
| 88 | /** |
| 89 | * Gets the default permissions. |
| 90 | * |
| 91 | * <p> |
| 92 | * These are the permissions granted to any bundle that does not have |
| 93 | * permissions assigned to its location. |
| 94 | * |
| 95 | * @return The default permissions, or <code>null</code> if no default |
| 96 | * permissions are set. |
| 97 | */ |
| 98 | PermissionInfo[] getDefaultPermissions(); |
| 99 | |
| 100 | /** |
| 101 | * Sets the default permissions. |
| 102 | * |
| 103 | * <p> |
| 104 | * These are the permissions granted to any bundle that does not have |
| 105 | * permissions assigned to its location. |
| 106 | * |
| 107 | * @param permissions The default permissions, or <code>null</code> if the |
| 108 | * default permissions are to be removed from the permission table. |
| 109 | * @exception SecurityException if the caller does not have the |
| 110 | * <code>AdminPermission</code>. |
| 111 | */ |
| 112 | void setDefaultPermissions(PermissionInfo[] permissions); |
| 113 | } |