Mercurial > jdk8-mips64-public > nashorn / file diff

     1.1 --- a/src/jdk/internal/dynalink/beans/CheckRestrictedPackage.java	Wed Mar 06 22:38:18 2013 +0530
     1.2 +++ b/src/jdk/internal/dynalink/beans/CheckRestrictedPackage.java	Sat Mar 09 21:49:32 2013 +0530
     1.3 @@ -84,26 +84,55 @@
     1.4  package jdk.internal.dynalink.beans;
     1.5  
     1.6  import java.lang.reflect.Modifier;
     1.7 +import java.security.AccessControlContext;
     1.8 +import java.security.AccessController;
     1.9 +import java.security.Permissions;
    1.10 +import java.security.PrivilegedAction;
    1.11 +import java.security.ProtectionDomain;
    1.12  
    1.13  /**
    1.14 - * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. See
    1.15 - * {@link CheckRestrictedPackageInternal} for implementation details.
    1.16 + * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc.
    1.17   */
    1.18  class CheckRestrictedPackage {
    1.19 +    private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext();
    1.20 +
    1.21      /**
    1.22       * Returns true if the class is either not public, or it resides in a package with restricted access.
    1.23       * @param clazz the class to test
    1.24       * @return true if the class is either not public, or it resides in a package with restricted access.
    1.25       */
    1.26      static boolean isRestrictedClass(Class<?> clazz) {
    1.27 -        return !Modifier.isPublic(clazz.getModifiers()) ||
    1.28 -                (System.getSecurityManager() != null && isRestrictedPackage(clazz.getPackage()));
    1.29 +        if(!Modifier.isPublic(clazz.getModifiers())) {
    1.30 +            // Non-public classes are always restricted
    1.31 +            return true;
    1.32 +        }
    1.33 +        final SecurityManager sm = System.getSecurityManager();
    1.34 +        if(sm == null) {
    1.35 +            // No further restrictions if we don't have a security manager
    1.36 +            return false;
    1.37 +        }
    1.38 +        final String name = clazz.getName();
    1.39 +        final int i = name.lastIndexOf('.');
    1.40 +        if (i == -1) {
    1.41 +            // Classes in default package are never restricted
    1.42 +            return false;
    1.43 +        }
    1.44 +        // Do a package access check from within an access control context with no permissions
    1.45 +        try {
    1.46 +            AccessController.doPrivileged(new PrivilegedAction<Void>() {
    1.47 +                @Override
    1.48 +                public Void run() {
    1.49 +                    sm.checkPackageAccess(name.substring(0, i));
    1.50 +                    return null;
    1.51 +                }
    1.52 +            }, NO_PERMISSIONS_CONTEXT);
    1.53 +        } catch(SecurityException e) {
    1.54 +            return true;
    1.55 +        }
    1.56 +        return false;
    1.57      }
    1.58  
    1.59 -    private static boolean isRestrictedPackage(Package pkg) {
    1.60 -        // Note: we broke out the actual implementation into CheckRestrictedPackageInternal, so we only load it when
    1.61 -        // needed - that is, if we need to check a non-public class with a non-null package, in presence of a security
    1.62 -        // manager.
    1.63 -        return pkg == null ? false : CheckRestrictedPackageInternal.isRestrictedPackageName(pkg.getName());
    1.64 +    private static AccessControlContext createNoPermissionsContext() {
    1.65 +        return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
    1.66      }
    1.67  }