ESPolicy.java 文件源码

@Override @SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
    CodeSource codeSource = domain.getCodeSource();
    // codesource can be null when reducing privileges via doPrivileged()
    if (codeSource == null) {
        return false;
    }

    URL location = codeSource.getLocation();
    // location can be null... ??? nobody knows
    // https://bugs.openjdk.java.net/browse/JDK-8129972
    if (location != null) {
        // run scripts with limited permissions
        if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
            return untrusted.implies(domain, permission);
        }
        // check for an additional plugin permission: plugin policy is
        // only consulted for its codesources.
        Policy plugin = plugins.get(location.getFile());
        if (plugin != null && plugin.implies(domain, permission)) {
            return true;
        }
    }

    // Special handling for broken Hadoop code: "let me execute or my classes will not load"
    // yeah right, REMOVE THIS when hadoop is fixed
    if (permission instanceof FilePermission && "<<ALL FILES>>".equals(permission.getName())) {
        for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
            if ("org.apache.hadoop.util.Shell".equals(element.getClassName()) &&
                  "runCommand".equals(element.getMethodName())) {
                // we found the horrible method: the hack begins!
                // force the hadoop code to back down, by throwing an exception that it catches.
                rethrow(new IOException("no hadoop, you cannot do this."));
            }
        }
    }

    // otherwise defer to template + dynamic file permissions
    return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
}