8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information...

8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC Reviewed-by: jbachorik, mullan

8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information...
8064331: JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC Reviewed-by: jbachorik, mullan
19da6e09 · kevinw · a251d442 · 19da6e09 · 19da6e09 · 19da6e09
3 changed file
--- a/src/share/classes/java/security/AccessControlContext.java
+++ b/src/share/classes/java/security/AccessControlContext.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -172,9 +172,24 @@ public final class AccessControlContext {
    public AccessControlContext(AccessControlContext acc,
                                DomainCombiner combiner) {

-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
+        this(acc, combiner, false);
+    }
+
+    /**
+     * package private to allow calls from ProtectionDomain without performing
+     * the security check for {@linkplain SecurityConstants.CREATE_ACC_PERMISSION}
+     * permission
+     */
+    AccessControlContext(AccessControlContext acc,
+                        DomainCombiner combiner,
+                        boolean preauthorized) {
+        if (!preauthorized) {
+            SecurityManager sm = System.getSecurityManager();
+            if (sm != null) {
+                sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
+                this.isAuthorized = true;
+            }
+        } else {
            this.isAuthorized = true;
        }


--- a/src/share/classes/java/security/ProtectionDomain.java
+++ b/src/share/classes/java/security/ProtectionDomain.java
@@ -59,35 +59,44 @@ import sun.misc.SharedSecrets;
 */

 public class ProtectionDomain {
+    private static class JavaSecurityAccessImpl implements JavaSecurityAccess {

-    static {
-        // Set up JavaSecurityAccess in SharedSecrets
-        SharedSecrets.setJavaSecurityAccess(
-            new JavaSecurityAccess() {
-                public <T> T doIntersectionPrivilege(
-                    PrivilegedAction<T> action,
-                    final AccessControlContext stack,
-                    final AccessControlContext context)
-                {
-                    if (action == null) {
-                        throw new NullPointerException();
-                    }
-                    return AccessController.doPrivileged(
-                        action,
-                        new AccessControlContext(
-                            stack.getContext(), context).optimize()
-                    );
-                }
+        private JavaSecurityAccessImpl() {
+        }

-                public <T> T doIntersectionPrivilege(
-                    PrivilegedAction<T> action,
-                    AccessControlContext context)
-                {
-                    return doIntersectionPrivilege(action,
-                        AccessController.getContext(), context);
-                }
+        @Override
+        public <T> T doIntersectionPrivilege(
+                PrivilegedAction<T> action,
+                final AccessControlContext stack,
+                final AccessControlContext context) {
+            if (action == null) {
+                throw new NullPointerException();
            }
-       );
+
+            return AccessController.doPrivileged(
+                action,
+                getCombinedACC(context, stack)
+            );
+        }
+
+        @Override
+        public <T> T doIntersectionPrivilege(
+                PrivilegedAction<T> action,
+                AccessControlContext context) {
+            return doIntersectionPrivilege(action,
+                AccessController.getContext(), context);
+        }
+
+        private static AccessControlContext getCombinedACC(AccessControlContext context, AccessControlContext stack) {
+            AccessControlContext acc = new AccessControlContext(context, stack.getDomainCombiner(), true);
+
+            return new AccessControlContext(stack.getContext(), acc).optimize();
+        }
+    }
+
+    static {
+        // Set up JavaSecurityAccess in SharedSecrets
+        SharedSecrets.setJavaSecurityAccess(new JavaSecurityAccessImpl());
    }

    /* CodeSource */

--- a/test/java/security/ProtectionDomain/PreserveCombinerTest.java
+++ b/test/java/security/ProtectionDomain/PreserveCombinerTest.java
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+import sun.misc.SharedSecrets;
+
+/*
+ * @test
+ * @bug 8064331
+ * @summary Make sure that JavaSecurityAccess.doIntersectionPrivilege()
+ *          is not dropping the information about the domain combiner of
+ *          the stack ACC
+ */
+
+public class PreserveCombinerTest {
+    public static void main(String[]args) throws Exception {
+        final DomainCombiner dc = new DomainCombiner() {
+            @Override
+            public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
+                return currentDomains; // basically a no-op
+            }
+        };
+
+        // Get an instance of the saved ACC
+        AccessControlContext saved = AccessController.getContext();
+        // Simulate the stack ACC with a DomainCombiner attached
+        AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc);
+
+        // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert
+        // whether the DomainCombiner from the stack ACC is preserved
+        boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() {
+            @Override
+            public Boolean run() {
+                return dc == AccessController.getContext().getDomainCombiner();
+            }
+        }, stack, saved);
+
+        if (!ret) {
+            System.exit(1);
+        }
+    }
+}
+