Tue, 16 Apr 2013 22:11:33 -0700
8010117: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive
Reviewed-by: jrose, alanb, twisti, sundar
1.1 --- a/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java Mon Apr 15 08:39:48 2013 -0300 1.2 +++ b/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java Tue Apr 16 22:11:33 2013 -0700 1.3 @@ -210,42 +210,10 @@ 1.4 } 1.5 1.6 private static ClassLoader getAppClassLoader() { 1.7 - if (System.getSecurityManager() == null) { 1.8 - return Thread.currentThread().getContextClassLoader(); 1.9 - } 1.10 - 1.11 - // Try to determine the caller class loader. Use that if it can be 1.12 - // found. If not, use the class loader of nashorn itself as the 1.13 - // "application" class loader for scripts. 1.14 - 1.15 - // User could have called ScriptEngineFactory.getScriptEngine() 1.16 - // 1.17 - // <caller> 1.18 - // <factory.getScriptEngine()> 1.19 - // <factory.getAppClassLoader()> 1.20 - // <Reflection.getCallerClass()> 1.21 - // 1.22 - // or used one of the getEngineByABC methods of ScriptEngineManager. 1.23 - // 1.24 - // <caller> 1.25 - // <ScriptEngineManager.getEngineByName()> 1.26 - // <factory.getScriptEngine()> 1.27 - // <factory.getAppClassLoader()> 1.28 - // <Reflection.getCallerClass()> 1.29 - 1.30 - // So, stack depth is 3 or 4 (recall it is zero based). We try 1.31 - // stack depths 3, 4 and look for non-bootstrap caller. 1.32 - Class<?> caller = null; 1.33 - for (int depth = 3; depth < 5; depth++) { 1.34 - caller = Reflection.getCallerClass(depth); 1.35 - if (caller != null && caller.getClassLoader() != null) { 1.36 - // found a non-bootstrap caller 1.37 - break; 1.38 - } 1.39 - } 1.40 - 1.41 - final ClassLoader ccl = (caller == null)? null : caller.getClassLoader(); 1.42 - // if caller loader is null, then use nashorn's own loader 1.43 + // Revisit: script engine implementation needs the capability to 1.44 + // find the class loader of the context in which the script engine 1.45 + // is running so that classes will be found and loaded properly 1.46 + ClassLoader ccl = Thread.currentThread().getContextClassLoader(); 1.47 return (ccl == null)? NashornScriptEngineFactory.class.getClassLoader() : ccl; 1.48 } 1.49 }
2.1 --- a/src/jdk/nashorn/internal/runtime/Context.java Mon Apr 15 08:39:48 2013 -0300 2.2 +++ b/src/jdk/nashorn/internal/runtime/Context.java Tue Apr 16 22:11:33 2013 -0700 2.3 @@ -56,6 +56,7 @@ 2.4 import jdk.nashorn.internal.parser.Parser; 2.5 import jdk.nashorn.internal.runtime.linker.JavaAdapterFactory; 2.6 import jdk.nashorn.internal.runtime.options.Options; 2.7 +import sun.reflect.CallerSensitive; 2.8 import sun.reflect.Reflection; 2.9 2.10 /** 2.11 @@ -113,11 +114,12 @@ 2.12 * Get the current global scope 2.13 * @return the current global scope 2.14 */ 2.15 + @CallerSensitive 2.16 public static ScriptObject getGlobal() { 2.17 final SecurityManager sm = System.getSecurityManager(); 2.18 if (sm != null) { 2.19 // skip getCallerClass and getGlobal and get to the real caller 2.20 - Class<?> caller = Reflection.getCallerClass(2); 2.21 + Class<?> caller = Reflection.getCallerClass(); 2.22 ClassLoader callerLoader = caller.getClassLoader(); 2.23 2.24 // Allow this method only for nashorn's own classes, objects