/hg/release/icedtea7-forest-2.4/jdk: 7 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Feb 19 16:31:29 PST 2013
changeset 8a71400859f8 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=8a71400859f8
author: mchung
date: Mon Jan 21 13:34:48 2013 -0800
8004937: Improve proxy construction
Reviewed-by: jrose, ahgross
changeset c4534e3b4fa1 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=c4534e3b4fa1
author: andrew
date: Fri Feb 15 14:59:18 2013 +0000
8006439: Improve MethodHandles coverage
Summary: Fill out caller-sensitive list. Recognize aliases of non-static methods. Remove use of MethodUtil Trampoline.
Reviewed-by: mchung, twisti, jdn, skoivu
changeset a2576b953228 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=a2576b953228
author: andrew
date: Fri Feb 15 15:00:18 2013 +0000
8006446: Restrict MBeanServer access
Reviewed-by: alanb, mchung, darcy, jrose, ahgross, skoivu
changeset 28585c8118c5 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=28585c8118c5
author: wetmore
date: Thu Feb 07 11:48:13 2013 -0800
8006777: Improve TLS handling of invalid messages
Reviewed-by: wetmore, ahgross
changeset 5fa664bdfbcc in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=5fa664bdfbcc
author: valeriep
date: Thu Feb 07 16:18:32 2013 -0800
8007688: Blacklist known bad certificate
Summary: Added two known bad certs to the blacklist certs.
Reviewed-by: mullan
changeset a872f2dc4519 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=a872f2dc4519
author: mchung
date: Tue Feb 05 22:56:47 2013 -0800
8007393: Possible race condition after JDK-6664509
Reviewed-by: alanb, jgish
changeset 2230cd11d9a5 in /hg/release/icedtea7-forest-2.4/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jdk?cmd=changeset;node=2230cd11d9a5
author: mchung
date: Thu Feb 07 09:41:47 2013 -0800
8007611: logging behavior in applet changed
Reviewed-by: alanb, jgish
diffstat:
src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java | 2 +
src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java | 10 +
src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java | 34 +-
src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java | 2 +
src/share/classes/java/lang/invoke/MethodHandleImpl.java | 24 +-
src/share/classes/java/lang/invoke/MethodHandleNatives.java | 18 +-
src/share/classes/java/lang/invoke/MethodHandleProxies.java | 28 +-
src/share/classes/java/lang/invoke/MethodHandles.java | 64 ++-
src/share/classes/java/lang/management/ManagementFactory.java | 18 +-
src/share/classes/java/util/logging/LogManager.java | 55 +-
src/share/classes/sun/management/LockDataConverter.java | 24 +-
src/share/classes/sun/management/ThreadInfoCompositeData.java | 6 +-
src/share/classes/sun/security/ssl/CipherBox.java | 202 +++++++--
src/share/classes/sun/security/ssl/CipherSuite.java | 23 +-
src/share/classes/sun/security/ssl/EngineInputRecord.java | 220 ++++++---
src/share/classes/sun/security/ssl/EngineOutputRecord.java | 4 +-
src/share/classes/sun/security/ssl/InputRecord.java | 178 +++++++-
src/share/classes/sun/security/ssl/MAC.java | 46 +-
src/share/classes/sun/security/ssl/OutputRecord.java | 4 +-
src/share/classes/sun/security/ssl/SSLEngineImpl.java | 26 +-
src/share/classes/sun/security/ssl/SSLSocketImpl.java | 22 +-
src/share/classes/sun/security/util/UntrustedCertificates.java | 108 ++++-
src/share/lib/security/java.security-linux | 6 +-
src/share/lib/security/java.security-macosx | 6 +-
src/share/lib/security/java.security-solaris | 6 +-
src/share/lib/security/java.security-windows | 6 +-
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java | 6 +-
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java | 6 +-
28 files changed, 845 insertions(+), 309 deletions(-)
diffs (truncated from 2012 to 500 lines):
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Thu Feb 07 09:41:47 2013 -0800
@@ -36,6 +36,7 @@
import javax.management.ObjectName;
import javax.management.loading.PrivateClassLoader;
+import sun.reflect.misc.ReflectUtil;
/**
* This class keeps the list of Class Loaders registered in the MBean Server.
@@ -192,6 +193,7 @@
final ClassLoader without,
final ClassLoader stop)
throws ClassNotFoundException {
+ ReflectUtil.checkPackageAccess(className);
final int size = list.length;
for(int i=0; i<size; i++) {
try {
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Feb 07 09:41:47 2013 -0800
@@ -51,6 +51,7 @@
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
@@ -1409,6 +1410,8 @@
// Default is true.
final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
+ checkNewMBeanServerPermission();
+
// This constructor happens to disregard the value of the interceptors
// flag - that is, it always uses the default value - false.
// This is admitedly a bug, but we chose not to fix it for now
@@ -1494,4 +1497,11 @@
}
}
+ private static void checkNewMBeanServerPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ Permission perm = new MBeanServerPermission("newMBeanServer");
+ sm.checkPermission(perm);
+ }
+ }
}
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Feb 07 09:41:47 2013 -0800
@@ -32,11 +32,13 @@
import java.io.ObjectInputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
+import java.security.Permission;
import java.util.Map;
import java.util.logging.Level;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanException;
+import javax.management.MBeanPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.OperationsException;
@@ -44,7 +46,7 @@
import javax.management.RuntimeErrorException;
import javax.management.RuntimeMBeanException;
import javax.management.RuntimeOperationsException;
-
+import sun.reflect.misc.ConstructorUtil;
import sun.reflect.misc.ReflectUtil;
/**
@@ -56,7 +58,6 @@
* @since 1.5
*/
public class MBeanInstantiator {
-
private final ModifiableClassLoaderRepository clr;
// private MetaData meta = null;
@@ -88,6 +89,7 @@
"Exception occurred during object instantiation");
}
+ ReflectUtil.checkPackageAccess(className);
try {
if (clr == null) throw new ClassNotFoundException(className);
theClass = clr.loadClass(className);
@@ -162,6 +164,7 @@
continue;
}
+ ReflectUtil.checkPackageAccess(signature[i]);
// Ok we do not have a primitive type ! We need to build
// the signature of the method
//
@@ -205,6 +208,9 @@
*/
public Object instantiate(Class<?> theClass)
throws ReflectionException, MBeanException {
+
+ checkMBeanPermission(theClass, null, null, "instantiate");
+
Object moi;
@@ -260,6 +266,9 @@
public Object instantiate(Class<?> theClass, Object params[],
String signature[], ClassLoader loader)
throws ReflectionException, MBeanException {
+
+ checkMBeanPermission(theClass, null, null, "instantiate");
+
// Instantiate the new object
// ------------------------------
@@ -407,6 +416,8 @@
throw new RuntimeOperationsException(new
IllegalArgumentException(), "Null className passed in parameter");
}
+
+ ReflectUtil.checkPackageAccess(className);
Class<?> theClass;
if (loaderName == null) {
// Load the class using the agent class loader
@@ -619,13 +630,13 @@
**/
static Class<?> loadClass(String className, ClassLoader loader)
throws ReflectionException {
-
Class<?> theClass;
if (className == null) {
throw new RuntimeOperationsException(new
IllegalArgumentException("The class name cannot be null"),
"Exception occurred during object instantiation");
}
+ ReflectUtil.checkPackageAccess(className);
try {
if (loader == null)
loader = MBeanInstantiator.class.getClassLoader();
@@ -676,6 +687,7 @@
// We need to load the class through the class
// loader of the target object.
//
+ ReflectUtil.checkPackageAccess(signature[i]);
tab[i] = Class.forName(signature[i], false, aLoader);
}
} catch (ClassNotFoundException e) {
@@ -701,7 +713,7 @@
private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
try {
- return c.getConstructor(params);
+ return ConstructorUtil.getConstructor(c, params);
} catch (Exception e) {
return null;
}
@@ -715,4 +727,18 @@
char.class, boolean.class})
primitiveClasses.put(c.getName(), c);
}
+
+ private static void checkMBeanPermission(Class<?> clazz,
+ String member,
+ ObjectName objectName,
+ String actions) {
+ SecurityManager sm = System.getSecurityManager();
+ if (clazz != null && sm != null) {
+ Permission perm = new MBeanPermission(clazz.getName(),
+ member,
+ objectName,
+ actions);
+ sm.checkPermission(perm);
+ }
+ }
}
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java Thu Feb 07 09:41:47 2013 -0800
@@ -38,6 +38,7 @@
import javax.management.ObjectName;
import javax.management.ReflectionException;
import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
+import sun.reflect.misc.ReflectUtil;
/**
* Base class for MBeans. There is one instance of this class for
@@ -131,6 +132,7 @@
" is not an instance of " + mbeanInterfaceType.getName();
throw new NotCompliantMBeanException(msg);
}
+ ReflectUtil.checkPackageAccess(mbeanInterfaceType);
this.resource = resource;
MBeanIntrospector<M> introspector = getMBeanIntrospector();
this.perInterface = introspector.getPerInterface(mbeanInterfaceType);
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/java/lang/invoke/MethodHandleImpl.java
--- a/src/share/classes/java/lang/invoke/MethodHandleImpl.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleImpl.java Thu Feb 07 09:41:47 2013 -0800
@@ -802,12 +802,11 @@
static
MethodHandle bindCaller(MethodHandle mh, Class<?> hostClass) {
// Do not use this function to inject calls into system classes.
- if (hostClass == null) {
- hostClass = C_Trampoline;
- } else if (hostClass.isArray() ||
+ if (hostClass == null
+ || (hostClass.isArray() ||
hostClass.isPrimitive() ||
hostClass.getName().startsWith("java.") ||
- hostClass.getName().startsWith("sun.")) {
+ hostClass.getName().startsWith("sun."))) {
throw new InternalError(); // does not happen, and should not anyway
}
// For simplicity, convert mh to a varargs-like method.
@@ -817,23 +816,6 @@
return restoreToType(bccInvoker.bindTo(vamh), mh.type());
}
- // This class ("Trampoline") is known to be inside a dead-end class loader.
- // Inject all doubtful calls into this class.
- private static Class<?> C_Trampoline;
- static {
- Class<?> tramp = null;
- try {
- final int FRAME_COUNT_ARG = 1; // [0] Reflection [1] Trampoline
- java.lang.reflect.Method gcc = sun.reflect.Reflection.class.getMethod("getCallerClass", int.class);
- tramp = (Class<?>) sun.reflect.misc.MethodUtil.invoke(gcc, null, new Object[]{ FRAME_COUNT_ARG });
- if (tramp.getClassLoader() == BindCaller.class.getClassLoader())
- throw new RuntimeException(tramp.getName()+" class loader");
- } catch (Throwable ex) {
- throw newInternalError(ex);
- }
- C_Trampoline = tramp;
- }
-
private static final Unsafe UNSAFE = Unsafe.getUnsafe();
private static MethodHandle makeInjectedInvoker(Class<?> hostClass) {
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/java/lang/invoke/MethodHandleNatives.java
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java Thu Feb 07 09:41:47 2013 -0800
@@ -393,11 +393,14 @@
*/
// FIXME: Replace this pattern match by an annotation @sun.reflect.CallerSensitive.
static boolean isCallerSensitive(MemberName mem) {
- assert(mem.isInvocable());
+ if (!mem.isInvocable()) return false; // fields are not caller sensitive
Class<?> defc = mem.getDeclaringClass();
switch (mem.getName()) {
case "doPrivileged":
+ case "doPrivilegedWithCombiner":
return defc == java.security.AccessController.class;
+ case "checkMemberAccess":
+ return canBeCalledVirtual(mem, java.lang.SecurityManager.class);
case "getUnsafe":
return defc == sun.misc.Unsafe.class;
case "lookup":
@@ -470,7 +473,7 @@
if (defc == java.util.concurrent.atomic.AtomicReferenceFieldUpdater.class) return true;
break;
case "getContextClassLoader":
- return defc == java.lang.Thread.class;
+ return canBeCalledVirtual(mem, java.lang.Thread.class);
case "getPackage":
case "getPackages":
return defc == java.lang.Package.class;
@@ -488,13 +491,24 @@
break;
case "getCallerClassLoader":
return defc == java.lang.ClassLoader.class;
+ case "registerAsParallelCapable":
+ return canBeCalledVirtual(mem, java.lang.ClassLoader.class);
case "getProxyClass":
case "newProxyInstance":
return defc == java.lang.reflect.Proxy.class;
+ case "asInterfaceInstance":
+ return defc == java.lang.invoke.MethodHandleProxies.class;
case "getBundle":
case "clearCache":
return defc == java.util.ResourceBundle.class;
}
return false;
}
+ static boolean canBeCalledVirtual(MemberName symbolicRef, Class<?> definingClass) {
+ Class<?> symbolicRefClass = symbolicRef.getDeclaringClass();
+ if (symbolicRefClass == definingClass) return true;
+ if (symbolicRef.isStatic() || symbolicRef.isPrivate()) return false;
+ return (definingClass.isAssignableFrom(symbolicRefClass) || // Msym overrides Mdef
+ symbolicRefClass.isInterface()); // Mdef implements Msym
+ }
}
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/java/lang/invoke/MethodHandleProxies.java
--- a/src/share/classes/java/lang/invoke/MethodHandleProxies.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandleProxies.java Thu Feb 07 09:41:47 2013 -0800
@@ -141,12 +141,15 @@
<T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle target) {
if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers()))
throw new IllegalArgumentException("not a public interface: "+intfc.getName());
- SecurityManager smgr = System.getSecurityManager();
- if (smgr != null) {
+ final MethodHandle mh;
+ if (System.getSecurityManager() != null) {
final int CALLER_FRAME = 2; // 0: Reflection, 1: asInterfaceInstance, 2: caller
final Class<?> caller = Reflection.getCallerClass(CALLER_FRAME);
- final ClassLoader ccl = caller.getClassLoader();
+ final ClassLoader ccl = (caller != null) ? caller.getClassLoader() : null;
ReflectUtil.checkProxyPackageAccess(ccl, intfc);
+ mh = maybeBindCaller(target, caller);
+ } else {
+ mh = target;
}
ClassLoader proxyLoader = intfc.getClassLoader();
if (proxyLoader == null) {
@@ -160,7 +163,7 @@
for (int i = 0; i < methods.length; i++) {
Method sm = methods[i];
MethodType smMT = MethodType.methodType(sm.getReturnType(), sm.getParameterTypes());
- MethodHandle checkTarget = target.asType(smMT); // make throw WMT
+ MethodHandle checkTarget = mh.asType(smMT); // make throw WMT
checkTarget = checkTarget.asType(checkTarget.type().changeReturnType(Object.class));
vaTargets[i] = checkTarget.asSpreader(Object[].class, smMT.parameterCount());
}
@@ -183,8 +186,8 @@
}
};
- Object proxy;
- if (smgr != null) {
+ final Object proxy;
+ if (System.getSecurityManager() != null) {
// sun.invoke.WrapperInstance is a restricted interface not accessible
// by any non-null class loader.
final ClassLoader loader = proxyLoader;
@@ -204,6 +207,19 @@
return intfc.cast(proxy);
}
+ private static MethodHandle maybeBindCaller(MethodHandle target, Class<?> hostClass) {
+ if (hostClass == null || hostClass.getClassLoader() == null)
+ return target;
+
+ MethodHandle cbmh = MethodHandleImpl.bindCaller(target, hostClass);
+ if (target.isVarargsCollector()) {
+ MethodType type = cbmh.type();
+ int arity = type.parameterCount();
+ return cbmh.asVarargsCollector(type.parameterType(arity-1));
+ }
+ return cbmh;
+ }
+
/**
* Determines if the given object was produced by a call to {@link #asInterfaceInstance asInterfaceInstance}.
* @param x any reference
diff -r 5981cd14a7cf -r 2230cd11d9a5 src/share/classes/java/lang/invoke/MethodHandles.java
--- a/src/share/classes/java/lang/invoke/MethodHandles.java Thu Feb 14 23:55:06 2013 +0000
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java Thu Feb 07 09:41:47 2013 -0800
@@ -597,7 +597,8 @@
MethodHandle findStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
MemberName method = resolveOrFail(REF_invokeStatic, refc, name, type);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return getDirectMethod(REF_invokeStatic, refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return getDirectMethod(REF_invokeStatic, refc, method, callerClass);
}
/**
@@ -651,7 +652,8 @@
byte refKind = (refc.isInterface() ? REF_invokeInterface : REF_invokeVirtual);
MemberName method = resolveOrFail(refKind, refc, name, type);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return getDirectMethod(refKind, refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return getDirectMethod(refKind, refc, method, callerClass);
}
private MethodHandle findVirtualForMH(String name, MethodType type) {
// these names require special lookups because of the implicit MethodType argument
@@ -735,7 +737,8 @@
Lookup specialLookup = this.in(specialCaller);
MemberName method = specialLookup.resolveOrFail(REF_invokeSpecial, refc, name, type);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- return specialLookup.getDirectMethod(REF_invokeSpecial, refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return specialLookup.getDirectMethod(REF_invokeSpecial, refc, method, callerClass);
}
/**
@@ -878,7 +881,8 @@
Class<? extends Object> refc = receiver.getClass(); // may get NPE
MemberName method = resolveOrFail(REF_invokeSpecial, refc, name, type);
checkSecurityManager(refc, method); // stack walk magic: do not refactor
- MethodHandle mh = getDirectMethodNoRestrict(REF_invokeSpecial, refc, method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ MethodHandle mh = getDirectMethodNoRestrict(REF_invokeSpecial, refc, method, callerClass);
return mh.bindReceiver(receiver).setVarargs(method);
}
@@ -910,7 +914,8 @@
refKind = REF_invokeVirtual;
assert(method.isMethod());
Lookup lookup = m.isAccessible() ? IMPL_LOOKUP : this;
- return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method, callerClass);
}
/**
@@ -940,7 +945,8 @@
MemberName method = new MemberName(m, true);
assert(method.isMethod());
// ignore m.isAccessible: this is a new kind of access
- return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method);
+ Class<?> callerClass = findBoundCallerClass(method); // stack walk magic: do not refactor
+ return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method, callerClass);
}
/**
@@ -1039,7 +1045,29 @@
}
/**
+ * Find my trustable caller class if m is a caller sensitive method.
+ * If this lookup object has private access, then the caller class is the lookupClass.
+ * Otherwise, it is the caller of the currently executing public API method (e.g., findVirtual).
+ * This is the same caller class as is used by checkSecurityManager.
+ * This function performs stack walk magic: do not refactor it.
+ */
+ Class<?> findBoundCallerClass(MemberName m) {
+ Class<?> callerClass = null;
+ if (MethodHandleNatives.isCallerSensitive(m)) {
+ // Do not refactor this to a more "logical" place, since it is stack walk magic.
+ // Note that this is the same expression as in Step 2 below in checkSecurityManager.
+ callerClass = ((allowedModes & PRIVATE) != 0
+ ? lookupClass // for strong access modes, no extra check
+ // next line does stack walk magic; do not refactor:
+ : getCallerClassAtEntryPoint(true));
+ }
+ return callerClass;
+ }
+ /**
* Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
+ * Determines a trustable caller class to compare with refc, the symbolic reference class.
+ * If this lookup object has private access, then the caller class is the lookupClass.
+ * Otherwise, it is the caller of the currently executing public API method (e.g., findVirtual).
* This function performs stack walk magic: do not refactor it.
*/
void checkSecurityManager(Class<?> refc, MemberName m) {
@@ -1194,22 +1222,25 @@
return mh.viewAsType(narrowType);
}
- private MethodHandle getDirectMethod(byte refKind, Class<?> refc, MemberName method) throws IllegalAccessException {
+ private MethodHandle getDirectMethod(byte refKind, Class<?> refc, MemberName method, Class<?> callerClass)
+ throws IllegalAccessException {
return getDirectMethodCommon(refKind, refc, method,
(refKind == REF_invokeSpecial ||
(MethodHandleNatives.refKindHasReceiver(refKind) &&
- restrictProtectedReceiver(method))));
+ restrictProtectedReceiver(method))), callerClass);
}
- private MethodHandle getDirectMethodNoRestrict(byte refKind, Class<?> refc, MemberName method) throws IllegalAccessException {
- return getDirectMethodCommon(refKind, refc, method, false);
+ private MethodHandle getDirectMethodNoRestrict(byte refKind, Class<?> refc, MemberName method, Class<?> callerClass)
+ throws IllegalAccessException {
+ return getDirectMethodCommon(refKind, refc, method, false, callerClass);
}
private MethodHandle getDirectMethodCommon(byte refKind, Class<?> refc, MemberName method,
- boolean doRestrict) throws IllegalAccessException {
+ boolean doRestrict, Class<?> callerClass)
+ throws IllegalAccessException {
checkMethod(refKind, refc, method);
if (method.isMethodHandleInvoke())
return fakeMethodHandleInvoke(method);
MethodHandle mh = DirectMethodHandle.make(refc, method);
- mh = maybeBindCaller(method, mh);
+ mh = maybeBindCaller(method, mh, callerClass);
mh = mh.setVarargs(method);
if (doRestrict)
mh = restrictReceiver(method, mh, lookupClass());
@@ -1218,12 +1249,14 @@
private MethodHandle fakeMethodHandleInvoke(MemberName method) {
return throwException(method.getReturnType(), UnsupportedOperationException.class);
}
- private MethodHandle maybeBindCaller(MemberName method, MethodHandle mh) throws IllegalAccessException {
+ private MethodHandle maybeBindCaller(MemberName method, MethodHandle mh,
+ Class<?> callerClass)
+ throws IllegalAccessException {
if (allowedModes == TRUSTED || !MethodHandleNatives.isCallerSensitive(method))
return mh;
Class<?> hostClass = lookupClass;
if ((allowedModes & PRIVATE) == 0) // caller must use full-power lookup
- hostClass = null;
+ hostClass = callerClass; // callerClass came from a security manager style stack walk
MethodHandle cbmh = MethodHandleImpl.bindCaller(mh, hostClass);
// Note: caller will apply varargs after this step happens.
return cbmh;
More information about the distro-pkg-dev
mailing list