8147771: Construction of static protection domains under Javax custom policy

Summary: Changed SubjectDomainCombiner to combine static PD as is even when custom policy is enabled. Reviewed-by: valeriep

8147771: Construction of static protection domains under Javax custom policy
Summary: Changed SubjectDomainCombiner to combine static PD as is even when custom policy is enabled. Reviewed-by: valeriep
2aedf226 · igerasim · 71323e8a · 2aedf226 · 2aedf226 · 2aedf226
3 changed file
--- a/src/share/classes/java/security/ProtectionDomain.java
+++ b/src/share/classes/java/security/ProtectionDomain.java
@@ -475,6 +475,11 @@ public class ProtectionDomain {
                        }
                    };
                }
+
+                @Override
+                public boolean getStaticPermissionsField(ProtectionDomain pd) {
+                    return pd.staticPermissions;
+                }
            });
    }
 }
--- a/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
+++ b/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import java.security.Security;
 import java.util.Set;
 import java.util.WeakHashMap;
 import java.lang.ref.WeakReference;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityProtectionDomainAccess;

 /**
 * A {@code SubjectDomainCombiner} updates ProtectionDomains
@@ -65,6 +67,9 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
    private static final boolean allowCaching =
                                        (useJavaxPolicy && cachePolicy());

+    private static final JavaSecurityProtectionDomainAccess pdAccess =
+        SharedSecrets.getJavaSecurityProtectionDomainAccess();
+
    /**
     * Associate the provided {@code Subject} with this
     * {@code SubjectDomainCombiner}.
@@ -239,10 +244,16 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
                subjectPd = cachedPDs.getValue(pd);

                if (subjectPd == null) {
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // Need to keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
                                                pd.getPermissions(),
                                                pd.getClassLoader(),
                                                principals);
+                    }
                    cachedPDs.putValue(pd, subjectPd);
                } else {
                    allNew = false;
@@ -341,7 +352,11 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
                ProtectionDomain subjectPd = cachedPDs.getValue(pd);

                if (subjectPd == null) {
-
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
                        // XXX
                        // we must first add the original permissions.
                        // that way when we later add the new JAAS permissions,
@@ -364,7 +379,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
                        }

                        // get perms from the policy
-
                        final java.security.CodeSource finalCs = pd.getCodeSource();
                        final Subject finalS = subject;
                        PermissionCollection newPerms =
@@ -394,7 +408,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
                        }
                        subjectPd = new ProtectionDomain
                            (finalCs, perms, pd.getClassLoader(), principals);
-
+                    }
                    if (allowCaching)
                        cachedPDs.putValue(pd, subjectPd);
                }

--- a/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
+++ b/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
@@ -36,4 +36,9 @@ public interface JavaSecurityProtectionDomainAccess {
     * Returns the ProtectionDomainCache.
     */
    ProtectionDomainCache getProtectionDomainCache();
+
+    /**
+     * Returns the staticPermissions field of the specified object
+     */
+    boolean getStaticPermissionsField(ProtectionDomain pd);
 }