1 files changed, 29 insertions, 5 deletions

diff --git a/libjava/classpath/java/security/AccessControlContext.java b/libjava/classpath/java/security/AccessControlContext.java
index 9a6ad208144..3b51e94125b 100644
--- a/libjava/classpath/java/security/AccessControlContext.java
+++ b/libjava/classpath/java/security/AccessControlContext.java
@@ -77,14 +77,23 @@ public final class AccessControlContext
 
   /**
    * Construct a new AccessControlContext with the specified
-   * ProtectionDomains and DomainCombiner
+   * {@link ProtectionDomain}s and {@link DomainCombiner}.
    *
+   * <p>Code calling this constructor must have a {@link
+   * SecurityPermission} of <i>createAccessControlContext</i>.</p>
+   *
+   * @throws SecurityException If the caller does not have permission
+   * to create an access control context.
    * @since 1.3
    */
   public AccessControlContext(AccessControlContext acc,
 			      DomainCombiner combiner)
   {
-    // XXX check permission to call this.
+    SecurityManager sm = System.getSecurityManager ();
+    if (sm != null)
+      {
+        sm.checkPermission (new SecurityPermission ("createAccessControlContext"));
+      }
     AccessControlContext acc2 = AccessController.getContext();
     protectionDomains = combiner.combine (acc2.protectionDomains,
                                           acc.protectionDomains);
@@ -119,10 +128,20 @@ public final class AccessControlContext
   public void checkPermission(Permission perm) throws AccessControlException
   {
     if (protectionDomains.length == 0)
-      throw new AccessControlException ("permission not granted");
+      throw new AccessControlException ("permission " 
+					+ perm 
+					+ " not granted: no protection domains");
+
     for (int i = 0; i < protectionDomains.length; i++)
-      if (!protectionDomains[i].implies(perm))
-        throw new AccessControlException ("permission not granted");
+      {
+	final ProtectionDomain domain = protectionDomains[i];
+	if (!domain.implies(perm))
+	  throw new AccessControlException ("permission " 
+					    + perm 
+					    + " not granted: " 
+					    + domain 
+					    + " does not imply it.");
+      }
   }
 
   /**
@@ -173,4 +192,9 @@ public final class AccessControlContext
 
     return h;
   }
+
+  ProtectionDomain[] getProtectionDomains ()
+  {
+    return protectionDomains;
+  }
 }