magic reflection access checks

[Tom Rodriguez]

MagicAccessorImpl is loaded as part of our bootstrap in 
SystemDictionary::initialize_preloaded_classes.  verify_class_access will only 
try to use MagicAccessorImpl if this test fails:

   445     if ((current_class == NULL) ||
   446         (current_class == new_class) ||
   447         (instanceKlass::cast(new_class)->is_public()) ||
   448         is_same_class_package(current_class, new_class)) {
   449       return true;
   450     }

This test should never fail for any classes on the boot classpath so by the time 
any code needs a non null value we have it.  Do you have logic equivalent to this?

tom

Christian Thalinger wrote:
> Hi!
> 
> While implementing the HotSpot interface (jvm.cpp) in CACAO and getting
> the tricks used in HotSpot (damn, that is a hard job), I'm now stuck at
> the magic access checks, like in:
> 
> Reflection::verify_class_access
> 
> The problem comes with reflection.  The generated accessor classes, like
> sun/reflect/GeneratedConstructorAccessor1, get loaded and are a
> sub-class of sun/reflect/MagicAccessorImpl.  Thus the access checks
> grant them access to everything:
> 
>   // New (1.4) reflection implementation. Allow all accesses from
>   // sun/reflect/MagicAccessorImpl subclasses to succeed trivially.
> 
> The problem I now have in CACAO is, I have to check if the currently
> loaded class is a sub-class of sun.reflect.MagicAccessorImpl.  This
> check can only be done when the super-classes get resolved.  But when
> resolving the super-classes, the access-check functions of CACAO are
> called (obiously, otherwise this would be a security hole) and these do:
> 
>     if (class_issubclass(referer, class_sun_reflect_MagicAccessorImpl))
>         return true;
> 
> I can't do sub-class tests without the class being resolved doing the
> check on.
> 
> My question is now, how does HotSpot handle this case?  How can HotSpot
> do sub-class tests with a not-resolved class?
> 
> - twisti