提交 28b7300a 编写于 作者: R robm

8151934: Resolve class resolution

Reviewed-by: chegar
上级 bdc45dc6
......@@ -103,8 +103,8 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (security != null) {
security.checkCreateClassLoader();
}
ucp = new URLClassPath(urls);
this.acc = AccessController.getContext();
ucp = new URLClassPath(urls, acc);
}
URLClassLoader(URL[] urls, ClassLoader parent,
......@@ -115,8 +115,8 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (security != null) {
security.checkCreateClassLoader();
}
ucp = new URLClassPath(urls);
this.acc = acc;
ucp = new URLClassPath(urls, acc);
}
/**
......@@ -147,8 +147,8 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (security != null) {
security.checkCreateClassLoader();
}
ucp = new URLClassPath(urls);
this.acc = AccessController.getContext();
ucp = new URLClassPath(urls, acc);
}
URLClassLoader(URL[] urls, AccessControlContext acc) {
......@@ -158,8 +158,8 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (security != null) {
security.checkCreateClassLoader();
}
ucp = new URLClassPath(urls);
this.acc = acc;
ucp = new URLClassPath(urls, acc);
}
/**
......@@ -191,8 +191,8 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (security != null) {
security.checkCreateClassLoader();
}
ucp = new URLClassPath(urls, factory);
acc = AccessController.getContext();
ucp = new URLClassPath(urls, factory, acc);
}
/* A map (used as a set) to keep track of closeable local resources
......
/*
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -26,9 +26,11 @@
package sun.misc;
import java.io.*;
import java.security.AccessController;
import java.util.*;
import java.util.jar.*;
import java.util.zip.*;
import sun.security.action.GetPropertyAction;
/**
* This class is used to maintain mappings from packages, classes
......@@ -72,7 +74,8 @@ public class JarIndex {
* be added to the index. Otherwise, just the directory names are added.
*/
private static final boolean metaInfFilenames =
"true".equals(System.getProperty("sun.misc.JarIndex.metaInfFilenames"));
"true".equals(AccessController.doPrivileged(
new GetPropertyAction("sun.misc.JarIndex.metaInfFilenames")));
/**
* Constructs a new, empty jar index.
......
......@@ -408,7 +408,7 @@ public class Launcher {
} else {
urls = new URL[0];
}
bcp = new URLClassPath(urls, factory);
bcp = new URLClassPath(urls, factory, null);
bcp.initLookupCache(null);
}
}
......
/*
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -44,6 +44,7 @@ import java.net.HttpURLConnection;
import java.net.URLStreamHandler;
import java.net.URLStreamHandlerFactory;
import java.io.*;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AccessControlException;
import java.security.CodeSigner;
......@@ -67,6 +68,7 @@ public class URLClassPath {
private static final boolean DEBUG;
private static final boolean DEBUG_LOOKUP_CACHE;
private static final boolean DISABLE_JAR_CHECKING;
private static final boolean DISABLE_ACC_CHECKING;
static {
JAVA_VERSION = java.security.AccessController.doPrivileged(
......@@ -78,6 +80,10 @@ public class URLClassPath {
String p = java.security.AccessController.doPrivileged(
new GetPropertyAction("sun.misc.URLClassPath.disableJarChecking"));
DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false;
p = AccessController.doPrivileged(
new GetPropertyAction("jdk.net.URLClassPath.disableRestrictedPermissions"));
DISABLE_ACC_CHECKING = p != null ? p.equals("true") || p.equals("") : false;
}
/* The original search path of URLs. */
......@@ -98,6 +104,11 @@ public class URLClassPath {
/* Whether this URLClassLoader has been closed yet */
private boolean closed = false;
/* The context to be used when loading classes and resources. If non-null
* this is the context that was captured during the creation of the
* URLClassLoader. null implies no additional security restrictions. */
private final AccessControlContext acc;
/**
* Creates a new URLClassPath for the given URLs. The URLs will be
* searched in the order specified for classes and resources. A URL
......@@ -107,8 +118,12 @@ public class URLClassPath {
* @param urls the directory and JAR file URLs to search for classes
* and resources
* @param factory the URLStreamHandlerFactory to use when creating new URLs
* @param acc the context to be used when loading classes and resources, may
* be null
*/
public URLClassPath(URL[] urls, URLStreamHandlerFactory factory) {
public URLClassPath(URL[] urls,
URLStreamHandlerFactory factory,
AccessControlContext acc) {
for (int i = 0; i < urls.length; i++) {
path.add(urls[i]);
}
......@@ -116,10 +131,22 @@ public class URLClassPath {
if (factory != null) {
jarHandler = factory.createURLStreamHandler("jar");
}
if (DISABLE_ACC_CHECKING)
this.acc = null;
else
this.acc = acc;
}
/**
* Constructs a URLClassPath with no additional security restrictions.
* Used by code that implements the class path.
*/
public URLClassPath(URL[] urls) {
this(urls, null);
this(urls, null, null);
}
public URLClassPath(URL[] urls, AccessControlContext acc) {
this(urls, null, acc);
}
public synchronized List<IOException> closeLoaders() {
......@@ -499,6 +526,14 @@ public class URLClassPath {
} catch (IOException e) {
// Silently ignore for now...
continue;
} catch (SecurityException se) {
// Always silently ignore. The context, if there is one, that
// this URLClassPath was given during construction will never
// have permission to access the URL.
if (DEBUG) {
System.err.println("Failed to access " + url + ", " + se );
}
continue;
}
// Finally, add the Loader to the search path.
validateLookupCache(loaders.size(), urlNoFragString);
......@@ -527,10 +562,10 @@ public class URLClassPath {
return new Loader(url);
}
} else {
return new JarLoader(url, jarHandler, lmap);
return new JarLoader(url, jarHandler, lmap, acc);
}
}
});
}, acc);
} catch (java.security.PrivilegedActionException pae) {
throw (IOException)pae.getException();
}
......@@ -755,11 +790,12 @@ public class URLClassPath {
*/
static class JarLoader extends Loader {
private JarFile jar;
private URL csu;
private final URL csu;
private JarIndex index;
private MetaIndex metaIndex;
private URLStreamHandler handler;
private HashMap<String, Loader> lmap;
private final HashMap<String, Loader> lmap;
private final AccessControlContext acc;
private boolean closed = false;
private static final sun.misc.JavaUtilZipFileAccess zipAccess =
sun.misc.SharedSecrets.getJavaUtilZipFileAccess();
......@@ -769,13 +805,15 @@ public class URLClassPath {
* a JAR file.
*/
JarLoader(URL url, URLStreamHandler jarHandler,
HashMap<String, Loader> loaderMap)
HashMap<String, Loader> loaderMap,
AccessControlContext acc)
throws IOException
{
super(new URL("jar", "", -1, url + "!/", jarHandler));
csu = url;
handler = jarHandler;
lmap = loaderMap;
this.acc = acc;
if (!isOptimizable(url)) {
ensureOpen();
......@@ -859,8 +897,7 @@ public class URLClassPath {
}
return null;
}
}
);
}, acc);
} catch (java.security.PrivilegedActionException pae) {
throw (IOException)pae.getException();
}
......@@ -1054,9 +1091,9 @@ public class URLClassPath {
new PrivilegedExceptionAction<JarLoader>() {
public JarLoader run() throws IOException {
return new JarLoader(url, handler,
lmap);
lmap, acc);
}
});
}, acc);
/* this newly opened jar file has its own index,
* merge it into the parent's index, taking into
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册