/hg/release/icedtea7-forest-2.1/jdk: 12 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Feb 19 16:27:20 PST 2013
changeset eb7b1c391c31 in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=eb7b1c391c31
author: mchung
date: Mon Jan 21 13:34:48 2013 -0800
8004937: Improve proxy construction
Reviewed-by: jrose, ahgross
changeset 57f7c7db785f in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=57f7c7db785f
author: andrew
date: Thu Feb 14 23:23:10 2013 +0000
8006439: Improve MethodHandles coverage
Summary: Fill out caller-sensitive list. Recognize aliases of non-static methods. Remove use of MethodUtil Trampoline.
Reviewed-by: mchung, twisti, jdn, skoivu
changeset 804fa94e3ac9 in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=804fa94e3ac9
author: andrew
date: Thu Feb 14 23:23:37 2013 +0000
8006446: Restrict MBeanServer access
Reviewed-by: alanb, mchung, darcy, jrose, ahgross, skoivu
changeset 144a4fb704f9 in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=144a4fb704f9
author: andrew
date: Thu Feb 14 23:24:30 2013 +0000
8006777: Improve TLS handling of invalid messages
Reviewed-by: wetmore, ahgross
changeset b5331644228b in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=b5331644228b
author: xuelei
date: Mon Jan 09 21:03:16 2012 -0800
7123519: problems with certification path
Summary: Also including the contribution from Dennis Gu
Reviewed-by: mullan, weijun
changeset 283668a8a90a in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=283668a8a90a
author: valeriep
date: Thu Feb 07 16:18:32 2013 -0800
8007688: Blacklist known bad certificate
Summary: Added two known bad certs to the blacklist certs.
Reviewed-by: mullan
changeset a7fb0ef3c81b in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=a7fb0ef3c81b
author: andrew
date: Thu Feb 14 23:55:06 2013 +0000
PR1303: Support building with giflib 5
changeset 71043d7e55ac in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=71043d7e55ac
author: andrew
date: Fri Feb 15 00:04:42 2013 +0000
Added tag icedtea-2.1.6 for changeset a7fb0ef3c81b
changeset 16db2cbd266c in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=16db2cbd266c
author: andrew
date: Sun Feb 17 17:29:56 2013 +0000
Removed tag icedtea-2.1.6
changeset c2ca674784ce in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=c2ca674784ce
author: mchung
date: Tue Feb 05 22:56:47 2013 -0800
8007393: Possible race condition after JDK-6664509
Reviewed-by: alanb, jgish
changeset 31e42bc32102 in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=31e42bc32102
author: mchung
date: Thu Feb 07 09:41:47 2013 -0800
8007611: logging behavior in applet changed
Reviewed-by: alanb, jgish
changeset 78fbbfe20edb in /hg/release/icedtea7-forest-2.1/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/jdk?cmd=changeset;node=78fbbfe20edb
author: andrew
date: Sun Feb 17 19:14:29 2013 +0000
Added tag icedtea-2.1.6 for changeset 31e42bc32102
diffstat:
.hgtags | 5 +
src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java | 2 +
src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java | 10 +
src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java | 34 +-
src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java | 2 +
src/share/classes/java/lang/invoke/MethodHandleImpl.java | 24 +-
src/share/classes/java/lang/invoke/MethodHandleNatives.java | 18 +-
src/share/classes/java/lang/invoke/MethodHandleProxies.java | 28 +-
src/share/classes/java/lang/invoke/MethodHandles.java | 63 +-
src/share/classes/java/lang/management/ManagementFactory.java | 18 +-
src/share/classes/java/util/logging/LogManager.java | 55 +-
src/share/classes/sun/management/LockDataConverter.java | 24 +-
src/share/classes/sun/management/ThreadInfoCompositeData.java | 6 +-
src/share/classes/sun/security/provider/certpath/ForwardBuilder.java | 7 +-
src/share/classes/sun/security/provider/certpath/ForwardState.java | 5 +-
src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java | 4 +-
src/share/classes/sun/security/provider/certpath/ReverseBuilder.java | 6 +-
src/share/classes/sun/security/provider/certpath/ReverseState.java | 5 +-
src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java | 9 +-
src/share/classes/sun/security/provider/certpath/UntrustedChecker.java | 89 +
src/share/classes/sun/security/ssl/CipherBox.java | 202 +-
src/share/classes/sun/security/ssl/CipherSuite.java | 23 +-
src/share/classes/sun/security/ssl/EngineInputRecord.java | 220 +-
src/share/classes/sun/security/ssl/EngineOutputRecord.java | 4 +-
src/share/classes/sun/security/ssl/InputRecord.java | 178 +-
src/share/classes/sun/security/ssl/MAC.java | 46 +-
src/share/classes/sun/security/ssl/OutputRecord.java | 4 +-
src/share/classes/sun/security/ssl/SSLEngineImpl.java | 26 +-
src/share/classes/sun/security/ssl/SSLSocketImpl.java | 22 +-
src/share/classes/sun/security/util/UntrustedCertificates.java | 847 ++++++++++
src/share/classes/sun/security/validator/SimpleValidator.java | 17 +-
src/share/classes/sun/security/validator/ValidatorException.java | 5 +-
src/share/lib/security/java.security | 6 +-
src/share/lib/security/java.security-solaris | 4 +
src/share/lib/security/java.security-windows | 4 +
src/share/native/sun/awt/splashscreen/splashscreen_gif.c | 9 +
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java | 6 +-
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java | 6 +-
test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java | 312 +++
test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java | 315 +++
test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java | 297 +++
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java | 305 +++
42 files changed, 2964 insertions(+), 308 deletions(-)
diffs (truncated from 4304 to 500 lines):
diff -r 833c87b29994 -r 78fbbfe20edb .hgtags
--- a/.hgtags Mon Feb 11 23:04:45 2013 +0000
+++ b/.hgtags Sun Feb 17 19:14:29 2013 +0000
@@ -160,3 +160,8 @@
0000000000000000000000000000000000000000 icedtea-2.1.5
0000000000000000000000000000000000000000 icedtea-2.1.5
1240b063ab952404906155b9703e2fa472933d47 icedtea-2.1.5
+a7fb0ef3c81b63ce4ad55b3eaf3a2cd93bd32963 icedtea-2.1.6
+a7fb0ef3c81b63ce4ad55b3eaf3a2cd93bd32963 icedtea-2.1.6
+0000000000000000000000000000000000000000 icedtea-2.1.6
+0000000000000000000000000000000000000000 icedtea-2.1.6
+31e42bc321027abccb9fb8135f13d63bea0fa762 icedtea-2.1.6
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Sun Feb 17 19:14:29 2013 +0000
@@ -36,6 +36,7 @@
import javax.management.ObjectName;
import javax.management.loading.PrivateClassLoader;
+import sun.reflect.misc.ReflectUtil;
/**
* This class keeps the list of Class Loaders registered in the MBean Server.
@@ -192,6 +193,7 @@
final ClassLoader without,
final ClassLoader stop)
throws ClassNotFoundException {
+ ReflectUtil.checkPackageAccess(className);
final int size = list.length;
for(int i=0; i<size; i++) {
try {
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Sun Feb 17 19:14:29 2013 +0000
@@ -51,6 +51,7 @@
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
@@ -1409,6 +1410,8 @@
// Default is true.
final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
+ checkNewMBeanServerPermission();
+
// This constructor happens to disregard the value of the interceptors
// flag - that is, it always uses the default value - false.
// This is admitedly a bug, but we chose not to fix it for now
@@ -1494,4 +1497,11 @@
}
}
+ private static void checkNewMBeanServerPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ Permission perm = new MBeanServerPermission("newMBeanServer");
+ sm.checkPermission(perm);
+ }
+ }
}
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Sun Feb 17 19:14:29 2013 +0000
@@ -32,11 +32,13 @@
import java.io.ObjectInputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
+import java.security.Permission;
import java.util.Map;
import java.util.logging.Level;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanException;
+import javax.management.MBeanPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.OperationsException;
@@ -44,7 +46,7 @@
import javax.management.RuntimeErrorException;
import javax.management.RuntimeMBeanException;
import javax.management.RuntimeOperationsException;
-
+import sun.reflect.misc.ConstructorUtil;
import sun.reflect.misc.ReflectUtil;
/**
@@ -56,7 +58,6 @@
* @since 1.5
*/
public class MBeanInstantiator {
-
private final ModifiableClassLoaderRepository clr;
// private MetaData meta = null;
@@ -88,6 +89,7 @@
"Exception occurred during object instantiation");
}
+ ReflectUtil.checkPackageAccess(className);
try {
if (clr == null) throw new ClassNotFoundException(className);
theClass = clr.loadClass(className);
@@ -162,6 +164,7 @@
continue;
}
+ ReflectUtil.checkPackageAccess(signature[i]);
// Ok we do not have a primitive type ! We need to build
// the signature of the method
//
@@ -205,6 +208,9 @@
*/
public Object instantiate(Class<?> theClass)
throws ReflectionException, MBeanException {
+
+ checkMBeanPermission(theClass, null, null, "instantiate");
+
Object moi;
@@ -260,6 +266,9 @@
public Object instantiate(Class<?> theClass, Object params[],
String signature[], ClassLoader loader)
throws ReflectionException, MBeanException {
+
+ checkMBeanPermission(theClass, null, null, "instantiate");
+
// Instantiate the new object
// ------------------------------
@@ -407,6 +416,8 @@
throw new RuntimeOperationsException(new
IllegalArgumentException(), "Null className passed in parameter");
}
+
+ ReflectUtil.checkPackageAccess(className);
Class<?> theClass;
if (loaderName == null) {
// Load the class using the agent class loader
@@ -619,13 +630,13 @@
**/
static Class<?> loadClass(String className, ClassLoader loader)
throws ReflectionException {
-
Class<?> theClass;
if (className == null) {
throw new RuntimeOperationsException(new
IllegalArgumentException("The class name cannot be null"),
"Exception occurred during object instantiation");
}
+ ReflectUtil.checkPackageAccess(className);
try {
if (loader == null)
loader = MBeanInstantiator.class.getClassLoader();
@@ -676,6 +687,7 @@
// We need to load the class through the class
// loader of the target object.
//
+ ReflectUtil.checkPackageAccess(signature[i]);
tab[i] = Class.forName(signature[i], false, aLoader);
}
} catch (ClassNotFoundException e) {
@@ -701,7 +713,7 @@
private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
try {
- return c.getConstructor(params);
+ return ConstructorUtil.getConstructor(c, params);
} catch (Exception e) {
return null;
}
@@ -715,4 +727,18 @@
char.class, boolean.class})
primitiveClasses.put(c.getName(), c);
}
+
+ private static void checkMBeanPermission(Class<?> clazz,
+ String member,
+ ObjectName objectName,
+ String actions) {
+ SecurityManager sm = System.getSecurityManager();
+ if (clazz != null && sm != null) {
+ Permission perm = new MBeanPermission(clazz.getName(),
+ member,
+ objectName,
+ actions);
+ sm.checkPermission(perm);
+ }
+ }
}
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java Sun Feb 17 19:14:29 2013 +0000
@@ -38,6 +38,7 @@
import javax.management.ObjectName;
import javax.management.ReflectionException;
import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
+import sun.reflect.misc.ReflectUtil;
/**
* Base class for MBeans. There is one instance of this class for
@@ -131,6 +132,7 @@
" is not an instance of " + mbeanInterfaceType.getName();
throw new NotCompliantMBeanException(msg);
}
+ ReflectUtil.checkPackageAccess(mbeanInterfaceType);
this.resource = resource;
MBeanIntrospector<M> introspector = getMBeanIntrospector();
this.perInterface = introspector.getPerInterface(mbeanInterfaceType);
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/java/lang/invoke/MethodHandleImpl.java
--- a/src/share/classes/java/lang/invoke/MethodHandleImpl.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleImpl.java Sun Feb 17 19:14:29 2013 +0000
@@ -1278,12 +1278,11 @@
static
MethodHandle bindCaller(MethodHandle mh, Class<?> hostClass) {
// Do not use this function to inject calls into system classes.
- if (hostClass == null) {
- hostClass = C_Trampoline;
- } else if (hostClass.isArray() ||
+ if (hostClass == null
+ || (hostClass.isArray() ||
hostClass.isPrimitive() ||
hostClass.getName().startsWith("java.") ||
- hostClass.getName().startsWith("sun.")) {
+ hostClass.getName().startsWith("sun."))) {
throw new InternalError(); // does not happen, and should not anyway
}
// For simplicity, convert mh to a varargs-like method.
@@ -1293,23 +1292,6 @@
return restoreToType(bccInvoker.bindTo(vamh), mh.type());
}
- // This class ("Trampoline") is known to be inside a dead-end class loader.
- // Inject all doubtful calls into this class.
- private static Class<?> C_Trampoline;
- static {
- Class<?> tramp = null;
- try {
- final int FRAME_COUNT_ARG = 1; // [0] Reflection [1] Trampoline
- java.lang.reflect.Method gcc = sun.reflect.Reflection.class.getMethod("getCallerClass", int.class);
- tramp = (Class<?>) sun.reflect.misc.MethodUtil.invoke(gcc, null, new Object[]{ FRAME_COUNT_ARG });
- if (tramp.getClassLoader() == BindCaller.class.getClassLoader())
- throw new RuntimeException(tramp.getName()+" class loader");
- } catch (Throwable ex) {
- throw new InternalError(ex.toString());
- }
- C_Trampoline = tramp;
- }
-
private static final Unsafe UNSAFE = Unsafe.getUnsafe();
private static MethodHandle makeInjectedInvoker(Class<?> hostClass) {
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/java/lang/invoke/MethodHandleNatives.java
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java Sun Feb 17 19:14:29 2013 +0000
@@ -412,11 +412,14 @@
*/
// FIXME: Replace this pattern match by an annotation @sun.reflect.CallerSensitive.
static boolean isCallerSensitive(MemberName mem) {
- assert(mem.isInvocable());
+ if (!mem.isInvocable()) return false; // fields are not caller sensitive
Class<?> defc = mem.getDeclaringClass();
switch (mem.getName()) {
case "doPrivileged":
+ case "doPrivilegedWithCombiner":
return defc == java.security.AccessController.class;
+ case "checkMemberAccess":
+ return canBeCalledVirtual(mem, java.lang.SecurityManager.class);
case "getUnsafe":
return defc == sun.misc.Unsafe.class;
case "lookup":
@@ -489,7 +492,7 @@
if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class) return true;
break;
case "getContextClassLoader":
- return defc == java.lang.Thread.class;
+ return canBeCalledVirtual(mem, java.lang.Thread.class);
case "getPackage":
case "getPackages":
return defc == java.lang.Package.class;
@@ -507,13 +510,24 @@
break;
case "getCallerClassLoader":
return defc == java.lang.ClassLoader.class;
+ case "registerAsParallelCapable":
+ return canBeCalledVirtual(mem, java.lang.ClassLoader.class);
case "getProxyClass":
case "newProxyInstance":
return defc == java.lang.reflect.Proxy.class;
+ case "asInterfaceInstance":
+ return defc == java.lang.invoke.MethodHandleProxies.class;
case "getBundle":
case "clearCache":
return defc == java.util.ResourceBundle.class;
}
return false;
}
+ static boolean canBeCalledVirtual(MemberName symbolicRef, Class<?> definingClass) {
+ Class<?> symbolicRefClass = symbolicRef.getDeclaringClass();
+ if (symbolicRefClass == definingClass) return true;
+ if (symbolicRef.isStatic() || symbolicRef.isPrivate()) return false;
+ return (definingClass.isAssignableFrom(symbolicRefClass) || // Msym overrides Mdef
+ symbolicRefClass.isInterface()); // Mdef implements Msym
+ }
}
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/java/lang/invoke/MethodHandleProxies.java
--- a/src/share/classes/java/lang/invoke/MethodHandleProxies.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleProxies.java Sun Feb 17 19:14:29 2013 +0000
@@ -141,12 +141,15 @@
<T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle target) {
if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers()))
throw new IllegalArgumentException("not a public interface: "+intfc.getName());
- SecurityManager smgr = System.getSecurityManager();
- if (smgr != null) {
+ final MethodHandle mh;
+ if (System.getSecurityManager() != null) {
final int CALLER_FRAME = 2; // 0: Reflection, 1: asInterfaceInstance, 2: caller
final Class<?> caller = Reflection.getCallerClass(CALLER_FRAME);
- final ClassLoader ccl = caller.getClassLoader();
+ final ClassLoader ccl = (caller != null) ? caller.getClassLoader() : null;
ReflectUtil.checkProxyPackageAccess(ccl, intfc);
+ mh = maybeBindCaller(target, caller);
+ } else {
+ mh = target;
}
ClassLoader proxyLoader = intfc.getClassLoader();
if (proxyLoader == null) {
@@ -160,7 +163,7 @@
for (int i = 0; i < methods.length; i++) {
Method sm = methods[i];
MethodType smMT = MethodType.methodType(sm.getReturnType(), sm.getParameterTypes());
- MethodHandle checkTarget = target.asType(smMT); // make throw WMT
+ MethodHandle checkTarget = mh.asType(smMT); // make throw WMT
checkTarget = checkTarget.asType(checkTarget.type().changeReturnType(Object.class));
vaTargets[i] = checkTarget.asSpreader(Object[].class, smMT.parameterCount());
}
@@ -183,8 +186,8 @@
}
};
- Object proxy;
- if (smgr != null) {
+ final Object proxy;
+ if (System.getSecurityManager() != null) {
// sun.invoke.WrapperInstance is a restricted interface not accessible
// by any non-null class loader.
final ClassLoader loader = proxyLoader;
@@ -204,6 +207,19 @@
return intfc.cast(proxy);
}
+ private static MethodHandle maybeBindCaller(MethodHandle target, Class<?> hostClass) {
+ if (hostClass == null || hostClass.getClassLoader() == null)
+ return target;
+
+ MethodHandle cbmh = MethodHandleImpl.bindCaller(target, hostClass);
+ if (target.isVarargsCollector()) {
+ MethodType type = cbmh.type();
+ int arity = type.parameterCount();
+ return cbmh.asVarargsCollector(type.parameterType(arity-1));
+ }
+ return cbmh;
+ }
+
/**
* Determines if the given object was produced by a call to {@link #asInterfaceInstance asInterfaceInstance}.
* @param x any reference
diff -r 833c87b29994 -r 78fbbfe20edb src/share/classes/java/lang/invoke/MethodHandles.java
--- a/src/share/classes/java/lang/invoke/MethodHandles.java Mon Feb 11 23:04:45 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java Sun Feb 17 19:14:29 2013 +0000
@@ -584,19 +584,20 @@
MethodHandle findStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
MemberName method = resolveOrFail(refc, name, type, true);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return accessStatic(refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return accessStatic(refc, method, callerClass);
}
private
- MethodHandle accessStatic(Class<?> refc, MemberName method) throws IllegalAccessException {
+ MethodHandle accessStatic(Class<?> refc, MemberName method, Class<?> callerClass) throws IllegalAccessException {
checkMethod(refc, method, true);
MethodHandle mh = MethodHandleImpl.findMethod(method, false, lookupClassOrNull());
- mh = maybeBindCaller(method, mh);
+ mh = maybeBindCaller(method, mh, callerClass);
return mh;
}
private
MethodHandle resolveStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
MemberName method = resolveOrFail(refc, name, type, true);
- return accessStatic(refc, method);
+ return accessStatic(refc, method, lookupClass);
}
/**
@@ -640,16 +641,17 @@
public MethodHandle findVirtual(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
MemberName method = resolveOrFail(refc, name, type, false);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return accessVirtual(refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return accessVirtual(refc, method, callerClass);
}
private MethodHandle resolveVirtual(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
MemberName method = resolveOrFail(refc, name, type, false);
- return accessVirtual(refc, method);
+ return accessVirtual(refc, method, lookupClass);
}
- private MethodHandle accessVirtual(Class<?> refc, MemberName method) throws IllegalAccessException {
+ private MethodHandle accessVirtual(Class<?> refc, MemberName method, Class<?> callerClass) throws IllegalAccessException {
checkMethod(refc, method, false);
MethodHandle mh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
- mh = maybeBindCaller(method, mh);
+ mh = maybeBindCaller(method, mh, callerClass);
return restrictProtectedReceiver(method, mh);
}
@@ -753,20 +755,22 @@
checkSpecialCaller(specialCaller);
MemberName method = resolveOrFail(refc, name, type, false, false, specialCaller);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return accessSpecial(refc, method, specialCaller);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return accessSpecial(refc, method, callerClass, specialCaller);
}
private MethodHandle accessSpecial(Class<?> refc, MemberName method,
+ Class<?> callerClass,
Class<?> specialCaller) throws NoSuchMethodException, IllegalAccessException {
checkMethod(refc, method, false);
MethodHandle mh = MethodHandleImpl.findMethod(method, false, specialCaller);
- mh = maybeBindCaller(method, mh);
+ mh = maybeBindCaller(method, mh, callerClass);
return restrictReceiver(method, mh, specialCaller);
}
private MethodHandle resolveSpecial(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
Class<?> specialCaller = lookupClass();
checkSpecialCaller(specialCaller);
MemberName method = resolveOrFail(refc, name, type, false, false, specialCaller);
- return accessSpecial(refc, method, specialCaller);
+ return accessSpecial(refc, method, lookupClass, specialCaller);
}
/**
@@ -927,7 +931,8 @@
checkSecurityManager(refc, method); // stack walk magic: do not refactor
checkMethod(refc, method, false);
MethodHandle dmh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
- MethodHandle bcmh = maybeBindCaller(method, dmh);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ MethodHandle bcmh = maybeBindCaller(method, dmh, callerClass);
if (bcmh != dmh) return fixVarargs(bcmh.bindTo(receiver), dmh);
MethodHandle bmh = MethodHandleImpl.bindReceiver(dmh, receiver);
if (bmh == null)
@@ -961,7 +966,8 @@
assert(method.isMethod());
if (!m.isAccessible()) checkMethod(method.getDeclaringClass(), method, method.isStatic());
MethodHandle mh = MethodHandleImpl.findMethod(method, true, lookupClassOrNull());
- mh = maybeBindCaller(method, mh);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ mh = maybeBindCaller(method, mh, callerClass);
if (!m.isAccessible()) mh = restrictProtectedReceiver(method, mh);
return mh;
}
@@ -994,7 +1000,8 @@
// ignore m.isAccessible: this is a new kind of access
checkMethod(m.getDeclaringClass(), method, false);
MethodHandle mh = MethodHandleImpl.findMethod(method, false, lookupClassOrNull());
- mh = maybeBindCaller(method, mh);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ mh = maybeBindCaller(method, mh, callerClass);
return restrictReceiver(method, mh, specialCaller);
}
@@ -1099,7 +1106,29 @@
}
/**
+ * Find my trustable caller class if m is a caller sensitive method.
+ * If this lookup object has private access, then the caller class is the lookupClass.
+ * Otherwise, it is the caller of the currently executing public API method (e.g., findVirtual).
+ * This is the same caller class as is used by checkSecurityManager.
+ * This function performs stack walk magic: do not refactor it.
+ */
+ Class<?> findBoundCallerClass(MemberName m) {
+ Class<?> callerClass = null;
+ if (MethodHandleNatives.isCallerSensitive(m)) {
+ // Do not refactor this to a more "logical" place, since it is stack walk magic.
+ // Note that this is the same expression as in Step 2 below in checkSecurityManager.
+ callerClass = ((allowedModes & PRIVATE) != 0
+ ? lookupClass // for strong access modes, no extra check
+ // next line does stack walk magic; do not refactor:
+ : getCallerClassAtEntryPoint(true));
+ }
+ return callerClass;
+ }
+ /**
* Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
More information about the distro-pkg-dev
mailing list