1.1 --- a/src/jdk/internal/dynalink/beans/CheckRestrictedPackage.java Wed Mar 06 22:38:18 2013 +0530 1.2 +++ b/src/jdk/internal/dynalink/beans/CheckRestrictedPackage.java Sat Mar 09 21:49:32 2013 +0530 1.3 @@ -84,26 +84,55 @@ 1.4 package jdk.internal.dynalink.beans; 1.5 1.6 import java.lang.reflect.Modifier; 1.7 +import java.security.AccessControlContext; 1.8 +import java.security.AccessController; 1.9 +import java.security.Permissions; 1.10 +import java.security.PrivilegedAction; 1.11 +import java.security.ProtectionDomain; 1.12 1.13 /** 1.14 - * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. See 1.15 - * {@link CheckRestrictedPackageInternal} for implementation details. 1.16 + * A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. 1.17 */ 1.18 class CheckRestrictedPackage { 1.19 + private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext(); 1.20 + 1.21 /** 1.22 * Returns true if the class is either not public, or it resides in a package with restricted access. 1.23 * @param clazz the class to test 1.24 * @return true if the class is either not public, or it resides in a package with restricted access. 1.25 */ 1.26 static boolean isRestrictedClass(Class<?> clazz) { 1.27 - return !Modifier.isPublic(clazz.getModifiers()) || 1.28 - (System.getSecurityManager() != null && isRestrictedPackage(clazz.getPackage())); 1.29 + if(!Modifier.isPublic(clazz.getModifiers())) { 1.30 + // Non-public classes are always restricted 1.31 + return true; 1.32 + } 1.33 + final SecurityManager sm = System.getSecurityManager(); 1.34 + if(sm == null) { 1.35 + // No further restrictions if we don't have a security manager 1.36 + return false; 1.37 + } 1.38 + final String name = clazz.getName(); 1.39 + final int i = name.lastIndexOf('.'); 1.40 + if (i == -1) { 1.41 + // Classes in default package are never restricted 1.42 + return false; 1.43 + } 1.44 + // Do a package access check from within an access control context with no permissions 1.45 + try { 1.46 + AccessController.doPrivileged(new PrivilegedAction<Void>() { 1.47 + @Override 1.48 + public Void run() { 1.49 + sm.checkPackageAccess(name.substring(0, i)); 1.50 + return null; 1.51 + } 1.52 + }, NO_PERMISSIONS_CONTEXT); 1.53 + } catch(SecurityException e) { 1.54 + return true; 1.55 + } 1.56 + return false; 1.57 } 1.58 1.59 - private static boolean isRestrictedPackage(Package pkg) { 1.60 - // Note: we broke out the actual implementation into CheckRestrictedPackageInternal, so we only load it when 1.61 - // needed - that is, if we need to check a non-public class with a non-null package, in presence of a security 1.62 - // manager. 1.63 - return pkg == null ? false : CheckRestrictedPackageInternal.isRestrictedPackageName(pkg.getName()); 1.64 + private static AccessControlContext createNoPermissionsContext() { 1.65 + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) }); 1.66 } 1.67 }