提交 0acfafa6 编写于 作者: C coleenp

8015256: Better class accessibility

Summary: Improve protection domain check in forName()
Reviewed-by: mchung, acorn, jdn
上级 1a946e18
# #
# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
...@@ -82,6 +82,7 @@ ...@@ -82,6 +82,7 @@
_JVM_EnableCompiler _JVM_EnableCompiler
_JVM_Exit _JVM_Exit
_JVM_FillInStackTrace _JVM_FillInStackTrace
_JVM_FindClassFromCaller
_JVM_FindClassFromClass _JVM_FindClassFromClass
_JVM_FindClassFromClassLoader _JVM_FindClassFromClassLoader
_JVM_FindClassFromBootLoader _JVM_FindClassFromBootLoader
......
# #
# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
...@@ -82,6 +82,7 @@ ...@@ -82,6 +82,7 @@
_JVM_EnableCompiler _JVM_EnableCompiler
_JVM_Exit _JVM_Exit
_JVM_FillInStackTrace _JVM_FillInStackTrace
_JVM_FindClassFromCaller
_JVM_FindClassFromClass _JVM_FindClassFromClass
_JVM_FindClassFromClassLoader _JVM_FindClassFromClassLoader
_JVM_FindClassFromBootLoader _JVM_FindClassFromBootLoader
......
# #
# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
...@@ -84,6 +84,7 @@ SUNWprivate_1.1 { ...@@ -84,6 +84,7 @@ SUNWprivate_1.1 {
JVM_EnableCompiler; JVM_EnableCompiler;
JVM_Exit; JVM_Exit;
JVM_FillInStackTrace; JVM_FillInStackTrace;
JVM_FindClassFromCaller;
JVM_FindClassFromClass; JVM_FindClassFromClass;
JVM_FindClassFromClassLoader; JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader; JVM_FindClassFromBootLoader;
......
# #
# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
...@@ -84,6 +84,7 @@ SUNWprivate_1.1 { ...@@ -84,6 +84,7 @@ SUNWprivate_1.1 {
JVM_EnableCompiler; JVM_EnableCompiler;
JVM_Exit; JVM_Exit;
JVM_FillInStackTrace; JVM_FillInStackTrace;
JVM_FindClassFromCaller;
JVM_FindClassFromClass; JVM_FindClassFromClass;
JVM_FindClassFromClassLoader; JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader; JVM_FindClassFromBootLoader;
......
# #
# Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
...@@ -84,6 +84,7 @@ SUNWprivate_1.1 { ...@@ -84,6 +84,7 @@ SUNWprivate_1.1 {
JVM_EnableCompiler; JVM_EnableCompiler;
JVM_Exit; JVM_Exit;
JVM_FillInStackTrace; JVM_FillInStackTrace;
JVM_FindClassFromCaller;
JVM_FindClassFromClass; JVM_FindClassFromClass;
JVM_FindClassFromClassLoader; JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader; JVM_FindClassFromBootLoader;
......
/* /*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -777,6 +777,7 @@ JVM_ENTRY(jclass, JVM_FindClassFromBootLoader(JNIEnv* env, ...@@ -777,6 +777,7 @@ JVM_ENTRY(jclass, JVM_FindClassFromBootLoader(JNIEnv* env,
return (jclass) JNIHandles::make_local(env, k->java_mirror()); return (jclass) JNIHandles::make_local(env, k->java_mirror());
JVM_END JVM_END
// Not used; JVM_FindClassFromCaller replaces this.
JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name,
jboolean init, jobject loader, jboolean init, jobject loader,
jboolean throwError)) jboolean throwError))
...@@ -803,6 +804,42 @@ JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, ...@@ -803,6 +804,42 @@ JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name,
return result; return result;
JVM_END JVM_END
// Find a class with this name in this loader, using the caller's protection domain.
JVM_ENTRY(jclass, JVM_FindClassFromCaller(JNIEnv* env, const char* name,
jboolean init, jobject loader,
jclass caller))
JVMWrapper2("JVM_FindClassFromCaller %s throws ClassNotFoundException", name);
// Java libraries should ensure that name is never null...
if (name == NULL || (int)strlen(name) > Symbol::max_length()) {
// It's impossible to create this class; the name cannot fit
// into the constant pool.
THROW_MSG_0(vmSymbols::java_lang_ClassNotFoundException(), name);
}
TempNewSymbol h_name = SymbolTable::new_symbol(name, CHECK_NULL);
oop loader_oop = JNIHandles::resolve(loader);
oop from_class = JNIHandles::resolve(caller);
oop protection_domain = NULL;
// If loader is null, shouldn't call ClassLoader.checkPackageAccess; otherwise get
// NPE. Put it in another way, the bootstrap class loader has all permission and
// thus no checkPackageAccess equivalence in the VM class loader.
// The caller is also passed as NULL by the java code if there is no security
// manager to avoid the performance cost of getting the calling class.
if (from_class != NULL && loader_oop != NULL) {
protection_domain = java_lang_Class::as_Klass(from_class)->protection_domain();
}
Handle h_loader(THREAD, loader_oop);
Handle h_prot(THREAD, protection_domain);
jclass result = find_class_from_class_loader(env, h_name, init, h_loader,
h_prot, false, THREAD);
if (TraceClassResolution && result != NULL) {
trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result)));
}
return result;
JVM_END
JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name, JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name,
jboolean init, jclass from)) jboolean init, jclass from))
...@@ -3956,10 +3993,15 @@ void initialize_converter_functions() { ...@@ -3956,10 +3993,15 @@ void initialize_converter_functions() {
// Shared JNI/JVM entry points ////////////////////////////////////////////////////////////// // Shared JNI/JVM entry points //////////////////////////////////////////////////////////////
jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init, Handle loader, Handle protection_domain, jboolean throwError, TRAPS) { jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init,
Handle loader, Handle protection_domain,
jboolean throwError, TRAPS) {
// Security Note: // Security Note:
// The Java level wrapper will perform the necessary security check allowing // The Java level wrapper will perform the necessary security check allowing
// us to pass the NULL as the initiating class loader. // us to pass the NULL as the initiating class loader. The VM is responsible for
// the checkPackageAccess relative to the initiating class loader via the
// protection_domain. The protection_domain is passed as NULL by the java code
// if there is no security manager in 3-arg Class.forName().
Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL); Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL);
KlassHandle klass_handle(THREAD, klass); KlassHandle klass_handle(THREAD, klass);
......
/* /*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -416,6 +416,19 @@ JVM_FindClassFromClassLoader(JNIEnv *env, const char *name, jboolean init, ...@@ -416,6 +416,19 @@ JVM_FindClassFromClassLoader(JNIEnv *env, const char *name, jboolean init,
JNIEXPORT jclass JNICALL JNIEXPORT jclass JNICALL
JVM_FindClassFromBootLoader(JNIEnv *env, const char *name); JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
/*
* Find a class from a given class loader. Throws ClassNotFoundException.
* name: name of class
* init: whether initialization is done
* loader: class loader to look up the class. This may not be the same as the caller's
* class loader.
* caller: initiating class. The initiating class may be null when a security
* manager is not installed.
*/
JNIEXPORT jclass JNICALL
JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
jobject loader, jclass caller);
/* /*
* Find a class from a given class. * Find a class from a given class.
*/ */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册