1 package body DBMS_JVM_EXP_PERMS as
2 EXP_END CONSTANT PLS_INTEGER := 999999;
3 EXP_START CONSTANT PLS_INTEGER := 0;
4 cursor policy_q is select kind, grantee, type_schema,type_name,
5 name,action, enabled from dba_java_policy where
6 enabled='ENABLED';
7 zone PLS_INTEGER := EXP_START;
8
9
10 function grant_sysprivs_exp(version IN varchar2,
11 new_block OUT PLS_INTEGER
12 ) return varchar2 as
13
14 comm_str varchar2(4000);
15 Begin
16 -- Check version is >= 10.2
17 if version < '10.02.00.00.00' then
18 return '';
19 end if;
20
21 sys.dbms_zhelp_ir.check_sys_priv(DBMS_ZHELP_IR.KZSSTA);
22
23 <<exp_done>>
24 if zone = EXP_END then
25 zone := EXP_START;
26 if policy_q%ISOPEN = TRUE then
27 close policy_q;
28 end if;
29 return '';
30 end if;
31
32 comm_str := export_perms(zone, new_block);
33
34 if comm_str is null then
35 zone := EXP_END;
36 goto exp_done;
37 else
38 zone := zone + 1;
39 return comm_str;
40 end if;
41 exception
42 when others then
43 zone := EXP_START;
44 raise;
45 end grant_sysprivs_exp;
46
47 function create_exp(objid IN number,
48 version in varchar2,
49 new_block OUT PLS_INTEGER) return varchar2 as
50 Begin
51 return '';
52 end create_exp;
53
54 function grant_exp (objid IN NUMBER,
55 isdba IN PLS_INTEGER,
56 grantor OUT VARCHAR2,
57 version IN VARCHAR2,
58 new_block OUT PLS_INTEGER) RETURN varchar2 as
59 Begin
60 return '';
61 end grant_exp;
62
63 function audit_exp (objid IN NUMBER,
64 version IN VARCHAR2,
65 new_block OUT PLS_INTEGER) RETURN varchar2 as
66 Begin
67 return '';
68 end audit_exp;
69
70 function audit_sysprivs_exp (version IN VARCHAR2,
71 new_block OUT PLS_INTEGER ) RETURN varchar2 as
72 Begin
73 return '';
74 end audit_sysprivs_exp;
75
76 function drop_exp (objid IN NUMBER,
77 version IN VARCHAR2,
78 new_block OUT PLS_INTEGER) RETURN varchar2 as
79 Begin
80 return '';
81 end drop_exp;
82
83 -- uses the temp_java_perms table built by the first part of import
84 -- and adds permissions and policy permissions as necessary.
85 procedure import_jvm_perms(pcol temp_java_policy) as
86
87 row_count number;
88
89 key number;
90
91 POLICYPERM CONSTANT varchar2(50) :=
92 'oracle.aurora.rdbms.security.PolicyTablePermission';
93
94 class varchar2(500);
95
96 action varchar2(200);
97
98 pol_seq number :=0 ;
99 run_seq number :=0 ;
100
101 Begin
102
103 -- Check privs
104 sys.dbms_zhelp_ir.check_sys_priv(DBMS_ZHELP_IR.KZSSTA);
105
106 -- we need to disable the RESTRICTion on RuntimePermission#LoadLibrary
107 select seq into pol_seq from dba_java_policy
108 where kind = 'RESTRICT' and type_schema='SYS'
109 and type_name = POLICYPERM and
110 name = '0:java.lang.RuntimePermission#loadLibrary.*' and
111 enabled='ENABLED';
112
113 if(pol_seq != 0) then
114 dbms_java.disable_permission(pol_seq);
115 end if;
116
117 select seq into run_seq from dba_java_policy
118 where kind = 'RESTRICT' and type_schema='SYS'
119 and type_name = 'java.lang.RuntimePermission' and
120 name = 'loadLibrary.*' and enabled='ENABLED';
121
122 if(run_seq != 0) then
123 dbms_java.disable_permission(run_seq);
124 end if;
125
126
127 -- This is the main loop that goes through each record
128 -- and check the target dba_java_policy table to see if there is
129 -- a like permission there already. If not then the permission
130 -- is created.
131
132 for i in pcol.FIRST .. pcol.LAST
133 loop
134 -- Check if permission is already in dba_java_policy
135 select count(*) into row_count from dba_java_policy d where
136 pcol(i).kind = d.kind and
137 pcol(i).grantee = d.grantee and
138 pcol(i).type_schema = d.type_schema and
139 pcol(i).type_name = d.type_name and
140 (pcol(i).name = d.name or (pcol(i).name is null and d.name is null)
141 or ((d.name ='*' or d.name is null) and pcol(i).name != null)) and
142 (pcol(i).action = d.action or (pcol(i).action is null and
143 d.action is null) or ((d.action = '*' or d.action is null) and
144 pcol(i).action != null));
145 -- If this is non-zero then we must grant or restrict
146 if row_count = 0 then
147 -- GRANT
148 if pcol(i).kind = 'GRANT' then
149 -- Policy Permissions are handled differently
150 if pcol(i).type_name = POLICYPERM then
151 if(instr(pcol(i).name,'0',1,1) = 0) then
152 class := pcol(i).name;
153 action := '';
154 else
155 class := substr(pcol(i).name,3,instr(pcol(i).name,'#',1,1)-3);
156 action := substr(pcol(i).name,instr(pcol(i).name,'#',1,1)+1);
157 end if;
158 dbms_java.grant_policy_permission(pcol(i).grantee,
159 pcol(i).type_schema, class, action, key);
160 else -- regular grants
161 dbms_java.grant_permission(pcol(i).grantee,
162 pcol(i).type_schema||':'||pcol(i).type_name,
163 pcol(i).name, pcol(i).action,key);
164 end if;
165 else -- RESTRICT
166 if pcol(i).type_name = POLICYPERM then
167 dbms_java.restrict_permission(pcol(i).grantee,
168 pcol(i).type_schema||':'||POLICYPERM, pcol(i).name,'',key);
169 else
170 dbms_java.restrict_permission(pcol(i).grantee,
171 pcol(i).type_schema||':'||pcol(i).type_name,
172 pcol(i).name, pcol(i).action,key);
173 end if;
174 end if;
175 if pcol(i).enabled = 'DISABLE' then
176 dbms_java.disable_permission(key);
177 end if;
178 else
179 goto end_loop;
180 end if;
181 <<end_loop>>
182 null;
183 end loop;
184
185 -- reenable the RESTRICTions run_seq must be first!
186 if(run_seq != 0) then
187 dbms_java.enable_permission(run_seq);
188 end if;
189 if( pol_seq != 0) then
190 dbms_java.enable_permission(pol_seq);
191 end if;
192 exception
193 WHEN OTHERS THEN
194 raise;
195 end import_jvm_perms;
196
197 function export_perms(state IN OUT PLS_INTEGER, new_block OUT PLS_INTEGER)
198 return varchar2 as
199
200 kind varchar2(8);
201 grantee varchar2(30);
202 type_schema varchar2(30);
203 type_name varchar2(4000);
204 name varchar2(4000);
205 action varchar2(4000);
206 enabled varchar2(8);
207
208 Begin
209 -- open the dba_java_policy cursor and return temp tale creation
210 IF policy_q%ISOPEN = FALSE and state = 0 THEN
211 open policy_q;
212 new_block := 0;
213 return 'execute immediate (''CREATE TABLE TEMP_JAVA_PRIVS' ||
214 ' AS SELECT KIND, GRANTEE, TYPE_SCHEMA, TYPE_NAME,' ||
215 ' NAME, ACTION, ENABLED FROM DBA_JAVA_POLICY WHERE ROWNUM > 1'');';
216 end if;
217 -- Process the insert commands for import.
218 if policy_q%ISOPEN = TRUE then
219 Fetch policy_q into kind, grantee, type_schema,
220 type_name, name, action, enabled;
221 if policy_q%NOTFOUND OR policy_q%NOTFOUND IS NULL THEN
222 close policy_q;
223 state := EXP_END -1;
224 else
225 -- process each row and right the inserts
226 if state = 1 then
227 new_block := 1;
228 else
229 new_block := 0;
230 end if;
231 return 'INSERT INTO TEMP_JAVA_PRIVS VALUES(''' || kind || ''',''' ||
232 grantee || ''',''' || type_schema || ''',''' || type_name ||
233 ''',''' || name || ''',''' || action || ''',''' ||
234 enabled || ''');';
235 end if;
236 end if;
237 if state = EXP_END-1 then
238 new_block :=1;
239 return
240 'DECLARE
241 TJP SYS.DBMS_JVM_EXP_PERMS.TEMP_JAVA_POLICY;
242 CURSOR C1 IS SELECT KIND,GRANTEE,TYPE_SCHEMA,TYPE_NAME,
243 NAME,ACTION,ENABLED FROM TEMP_JAVA_PRIVS;
244 BEGIN
245 OPEN C1;
246 FETCH C1 BULK COLLECT INTO TJP;
247 CLOSE C1;
248 SYS.DBMS_JVM_EXP_PERMS.IMPORT_JVM_PERMS(TJP);
249 EXECUTE IMMEDIATE(''DROP TABLE TEMP_JAVA_PRIVS'');
250 END;';
251 end if;
252 -- export is done
253 return '';
254 end export_perms;
255
256 end DBMS_JVM_EXP_PERMS;