to top
Android APIs
public interface

Acl

implements Owner
java.security.acl.Acl

Class Overview

The Access Control List (ACL) interface definition.

An ACL is a set of AclEntry objects.

An AclEntry is a list of Permissions that are granted (positive) or denied (negative) to a Principal.

An Acl has a list of owners (Owner) which are principals as well Principal. Only those principals which are the Acl's owners are allowed to modify the Acl.

The ACL has to conform to the following rules:

  • For each Principal there can be only one positive and one negative AclEntry.
  • If the two AclEntry's (positive and negative) for a specific Principal grant and deny the same Permission to that Principal, then that Permission is treated as neither granted nor denied to that Principal.
  • Permissions associated with an individual Principal always override permissions of the group(s) to which the individual belongs.
  • If there is no AclEntry associated with a specific Principal, then it is interpreted as an empty list of permissions.

Summary

Public Methods
abstract boolean addEntry(Principal caller, AclEntry entry)
Adds an AclEntry to this ACL instance.
abstract boolean checkPermission(Principal principal, Permission permission)
Checks whether the specified principal is granted the specified permission.
abstract Enumeration<AclEntry> entries()
Returns an Enumeration of the AclEntry of this ACL.
abstract String getName()
Returns the name of this ACL instance.
abstract Enumeration<Permission> getPermissions(Principal user)
Returns the set of allowed permissions for the specified Principal.
abstract boolean removeEntry(Principal caller, AclEntry entry)
Removes an AclEntry from this ACL instance.
abstract void setName(Principal caller, String name)
Sets the name of this ACL instance.
abstract String toString()
Returns the string representation of this ACL.
[Expand]
Inherited Methods
From interface java.security.acl.Owner

Public Methods

public abstract boolean addEntry (Principal caller, AclEntry entry)

Since: API Level 1

Adds an AclEntry to this ACL instance.

If the ACL already has an AclEntry of the same type ( positive or negative) and principal, then the new entry is not added.

Parameters
caller the invoking Principal.
entry the ACL entry to add.
Returns
  • true if the entry is added, false if there is already an entry of the same type for the same principal
Throws
NotOwnerException if the invoking Principal is not an owner of this ACL.

public abstract boolean checkPermission (Principal principal, Permission permission)

Since: API Level 1

Checks whether the specified principal is granted the specified permission.

The list of granted permissions is determined according to the rules specified by getPermissions.

Parameters
principal the principal the check the permissions for.
permission the permission to check for the principal.
Returns
  • true if the principal is granted the permission, otherwise false.

public abstract Enumeration<AclEntry> entries ()

Since: API Level 1

Returns an Enumeration of the AclEntry of this ACL.

Returns
  • an Enumeration of the AclEntry of this ACL.

public abstract String getName ()

Since: API Level 1

Returns the name of this ACL instance.

Returns
  • the name of this ACL instance.

public abstract Enumeration<Permission> getPermissions (Principal user)

Since: API Level 1

Returns the set of allowed permissions for the specified Principal.

If the specified principal has no entry in this ACL, an empty set is returned.

The allowed permissions are collected according to the following rules:

  • The two permission lists (positive and negative) of the principal's groups (Group) are collected. The positive (granted) permissions are the union of all group's positive permissions that the principal belongs to, the negative (denied) permissions are the union of all group's negative permissions that the principal belongs to. If a specific permission is in both the positive and the negative list, it is removed from both lists.
  • The individual permissions (positive and negative) of the principal override the group permissions. The positive individual permissions override the group's negative permissions and the negative individual permissions override the grpup's positive permissions.

Parameters
user the principal to get the allowed permissions for.
Returns
  • the set of allowed permissions for the specified principal.

public abstract boolean removeEntry (Principal caller, AclEntry entry)

Since: API Level 1

Removes an AclEntry from this ACL instance.

Parameters
caller the invoking Principal.
entry the ACL entry to remove.
Returns
  • true if the entry is removed, false if the entry is not in this ACL.
Throws
NotOwnerException if the invoking Principal is not an owner of this ACL.

public abstract void setName (Principal caller, String name)

Since: API Level 1

Sets the name of this ACL instance.

Parameters
caller the invoking Principal.
name the name to be set.
Throws
NotOwnerException if the invoking Principal is not an owner of this ACL.

public abstract String toString ()

Since: API Level 1

Returns the string representation of this ACL.

Returns
  • the string representation of this ACL.