Mon, 12 Aug 2013 12:46:01 +0200
8022789: Revisit doPrivileged blocks in Dynalink
Reviewed-by: lagergren, sundar
1.1 --- a/src/jdk/internal/dynalink/DynamicLinkerFactory.java Mon Aug 12 14:43:53 2013 +0530 1.2 +++ b/src/jdk/internal/dynalink/DynamicLinkerFactory.java Mon Aug 12 12:46:01 2013 +0200 1.3 @@ -99,6 +99,7 @@ 1.4 import jdk.internal.dynalink.linker.LinkRequest; 1.5 import jdk.internal.dynalink.support.AutoDiscovery; 1.6 import jdk.internal.dynalink.support.BottomGuardingDynamicLinker; 1.7 +import jdk.internal.dynalink.support.ClassLoaderGetterContextProvider; 1.8 import jdk.internal.dynalink.support.CompositeGuardingDynamicLinker; 1.9 import jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker; 1.10 import jdk.internal.dynalink.support.LinkerServicesImpl; 1.11 @@ -315,7 +316,7 @@ 1.12 public ClassLoader run() { 1.13 return Thread.currentThread().getContextClassLoader(); 1.14 } 1.15 - }); 1.16 + }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT); 1.17 } 1.18 1.19 private static void addClasses(Set<Class<? extends GuardingDynamicLinker>> knownLinkerClasses,
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/src/jdk/internal/dynalink/support/ClassLoaderGetterContextProvider.java Mon Aug 12 12:46:01 2013 +0200 2.3 @@ -0,0 +1,107 @@ 2.4 +/* 2.5 + * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. 2.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2.7 + * 2.8 + * This code is free software; you can redistribute it and/or modify it 2.9 + * under the terms of the GNU General Public License version 2 only, as 2.10 + * published by the Free Software Foundation. Oracle designates this 2.11 + * particular file as subject to the "Classpath" exception as provided 2.12 + * by Oracle in the LICENSE file that accompanied this code. 2.13 + * 2.14 + * This code is distributed in the hope that it will be useful, but WITHOUT 2.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 2.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 2.17 + * version 2 for more details (a copy is included in the LICENSE file that 2.18 + * accompanied this code). 2.19 + * 2.20 + * You should have received a copy of the GNU General Public License version 2.21 + * 2 along with this work; if not, write to the Free Software Foundation, 2.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2.23 + * 2.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2.25 + * or visit www.oracle.com if you need additional information or have any 2.26 + * questions. 2.27 + */ 2.28 + 2.29 +/* 2.30 + * This file is available under and governed by the GNU General Public 2.31 + * License version 2 only, as published by the Free Software Foundation. 2.32 + * However, the following notice accompanied the original version of this 2.33 + * file, and Oracle licenses the original version of this file under the BSD 2.34 + * license: 2.35 + */ 2.36 +/* 2.37 + Copyright 2009-2013 Attila Szegedi 2.38 + 2.39 + Licensed under both the Apache License, Version 2.0 (the "Apache License") 2.40 + and the BSD License (the "BSD License"), with licensee being free to 2.41 + choose either of the two at their discretion. 2.42 + 2.43 + You may not use this file except in compliance with either the Apache 2.44 + License or the BSD License. 2.45 + 2.46 + If you choose to use this file in compliance with the Apache License, the 2.47 + following notice applies to you: 2.48 + 2.49 + You may obtain a copy of the Apache License at 2.50 + 2.51 + http://www.apache.org/licenses/LICENSE-2.0 2.52 + 2.53 + Unless required by applicable law or agreed to in writing, software 2.54 + distributed under the License is distributed on an "AS IS" BASIS, 2.55 + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 2.56 + implied. See the License for the specific language governing 2.57 + permissions and limitations under the License. 2.58 + 2.59 + If you choose to use this file in compliance with the BSD License, the 2.60 + following notice applies to you: 2.61 + 2.62 + Redistribution and use in source and binary forms, with or without 2.63 + modification, are permitted provided that the following conditions are 2.64 + met: 2.65 + * Redistributions of source code must retain the above copyright 2.66 + notice, this list of conditions and the following disclaimer. 2.67 + * Redistributions in binary form must reproduce the above copyright 2.68 + notice, this list of conditions and the following disclaimer in the 2.69 + documentation and/or other materials provided with the distribution. 2.70 + * Neither the name of the copyright holder nor the names of 2.71 + contributors may be used to endorse or promote products derived from 2.72 + this software without specific prior written permission. 2.73 + 2.74 + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 2.75 + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 2.76 + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 2.77 + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER 2.78 + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2.79 + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2.80 + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 2.81 + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 2.82 + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 2.83 + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 2.84 + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2.85 +*/ 2.86 + 2.87 +package jdk.internal.dynalink.support; 2.88 + 2.89 +import java.security.AccessControlContext; 2.90 +import java.security.Permissions; 2.91 +import java.security.ProtectionDomain; 2.92 + 2.93 +/** 2.94 + * This class exposes a canonical {@link AccessControlContext} with a single {@link RuntimePermission} for 2.95 + * {@code "getClassLoader"} permission that is used by other parts of the code to narrow their set of permissions when 2.96 + * they're retrieving class loaders in privileged blocks. 2.97 + */ 2.98 +public class ClassLoaderGetterContextProvider { 2.99 + /** 2.100 + * Canonical instance of {@link AccessControlContext} with a single {@link RuntimePermission} for 2.101 + * {@code "getClassLoader"} permission. 2.102 + */ 2.103 + public static final AccessControlContext GET_CLASS_LOADER_CONTEXT; 2.104 + static { 2.105 + final Permissions perms = new Permissions(); 2.106 + perms.add(new RuntimePermission("getClassLoader")); 2.107 + GET_CLASS_LOADER_CONTEXT = new AccessControlContext( 2.108 + new ProtectionDomain[] { new ProtectionDomain(null, perms) }); 2.109 + } 2.110 +}
3.1 --- a/src/jdk/internal/dynalink/support/ClassMap.java Mon Aug 12 14:43:53 2013 +0530 3.2 +++ b/src/jdk/internal/dynalink/support/ClassMap.java Mon Aug 12 12:46:01 2013 +0200 3.3 @@ -155,7 +155,7 @@ 3.4 public ClassLoader run() { 3.5 return clazz.getClassLoader(); 3.6 } 3.7 - }); 3.8 + }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT); 3.9 3.10 // If allowed to strongly reference, put it in the fast map 3.11 if(Guards.canReferenceDirectly(classLoader, clazzLoader)) {
4.1 --- a/src/jdk/internal/dynalink/support/TypeConverterFactory.java Mon Aug 12 14:43:53 2013 +0530 4.2 +++ b/src/jdk/internal/dynalink/support/TypeConverterFactory.java Mon Aug 12 12:46:01 2013 +0200 4.3 @@ -151,7 +151,7 @@ 4.4 public ClassLoader run() { 4.5 return clazz.getClassLoader(); 4.6 } 4.7 - }); 4.8 + }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT); 4.9 } 4.10 4.11 /**