8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)

Reviewed-by: jrose, alanb, dfuchs

8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
Reviewed-by: jrose, alanb, dfuchs
2bfa31ee · mchung · 0f0fd998 · 2bfa31ee · 2bfa31ee · 2bfa31ee
6 changed file
--- a/src/share/classes/java/lang/Class.java
+++ b/src/share/classes/java/lang/Class.java
--- a/src/share/classes/java/lang/SecurityManager.java
+++ b/src/share/classes/java/lang/SecurityManager.java
@@ -1675,10 +1675,18 @@ class SecurityManager {
     *             permission to access members.
     * @exception  NullPointerException if the <code>clazz</code> argument is
     *             <code>null</code>.
+     *
+     * @deprecated This method relies on the caller being at a stack depth
+     *             of 4 which is error-prone and cannot be enforced by the runtime.
+     *             Users of this method should instead invoke {@link #checkPermission}
+     *             directly.  This method will be changed in a future release
+     *             to check the permission {@code java.security.AllPermission}.
+     *
     * @see java.lang.reflect.Member
     * @since JDK1.1
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
+    @Deprecated
    @CallerSensitive
    public void checkMemberAccess(Class<?> clazz, int which) {
        if (clazz == null) {

--- a/src/share/classes/java/lang/invoke/MethodHandles.java
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java
@@ -41,6 +41,7 @@ import sun.reflect.misc.ReflectUtil;
 import sun.security.util.SecurityConstants;
 import static java.lang.invoke.MethodHandleStatics.*;
 import static java.lang.invoke.MethodHandleNatives.Constants.*;
+import sun.security.util.SecurityConstants;

 /**
 * This class consists exclusively of static methods that operate on or return
@@ -305,36 +306,30 @@ public class MethodHandles {
     * <a name="secmgr"></a>
     * If a security manager is present, member lookups are subject to
     * additional checks.
-     * From one to four calls are made to the security manager.
+     * From one to three calls are made to the security manager.
     * Any of these calls can refuse access by throwing a
     * {@link java.lang.SecurityException SecurityException}.
     * Define {@code smgr} as the security manager,
+     * {@code lookc} as the lookup class of the current lookup object,
     * {@code refc} as the containing class in which the member
     * is being sought, and {@code defc} as the class in which the
     * member is actually defined.
+     * The value {@code lookc} is defined as <em>not present</em>
+     * if the current lookup object does not have
+     * {@linkplain java.lang.invoke.MethodHandles.Lookup#PRIVATE private access}.
     * The calls are made according to the following rules:
     * <ul>
-     * <li>In all cases, {@link SecurityManager#checkMemberAccess
-     *     smgr.checkMemberAccess(refc, Member.PUBLIC)} is called.
-     * <li>If the class loader of the lookup class is not
+     * <li>If {@code lookc} is not present, or if its class loader is not
     *     the same as or an ancestor of the class loader of {@code refc},
     *     then {@link SecurityManager#checkPackageAccess
     *     smgr.checkPackageAccess(refcPkg)} is called,
     *     where {@code refcPkg} is the package of {@code refc}.
+     * <li>If the retrieved member is not public and
+     *     {@code lookc} is not present, then
+     *     {@link SecurityManager#checkPermission smgr.checkPermission}
+     *     with {@code RuntimePermission("accessDeclaredMembers")} is called.
     * <li>If the retrieved member is not public,
-     *     {@link SecurityManager#checkMemberAccess
-     *     smgr.checkMemberAccess(defc, Member.DECLARED)} is called.
-     *     (Note that {@code defc} might be the same as {@code refc}.)
-     *     The default implementation of this security manager method
-     *     inspects the stack to determine the original caller of
-     *     the reflective request (such as {@code findStatic}),
-     *     and performs additional permission checks if the
-     *     class loader of {@code defc} differs from the class
-     *     loader of the class from which the reflective request came.
-     * <li>If the retrieved member is not public,
-     *     and if {@code defc} and {@code refc} are in different class loaders,
-     *     and if the class loader of the lookup class is not
-     *     the same as or an ancestor of the class loader of {@code defc},
+     *     and if {@code defc} and {@code refc} are different,
     *     then {@link SecurityManager#checkPackageAccess
     *     smgr.checkPackageAccess(defcPkg)} is called,
     *     where {@code defcPkg} is the package of {@code defc}.
@@ -1053,22 +1048,6 @@ return mh1;
            return (allowedModes & PRIVATE) != 0;
        }

-        /**
-         * Determine whether a security manager has an overridden
-         * SecurityManager.checkMemberAccess method.
-         */
-        private boolean isCheckMemberAccessOverridden(SecurityManager sm) {
-            final Class<? extends SecurityManager> cls = sm.getClass();
-            if (cls == SecurityManager.class) return false;
-
-            try {
-                return cls.getMethod("checkMemberAccess", Class.class, int.class).
-                    getDeclaringClass() != SecurityManager.class;
-            } catch (NoSuchMethodException e) {
-                throw new InternalError("should not reach here");
-            }
-        }
-
        /**
         * Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
         * Determines a trustable caller class to compare with refc, the symbolic reference class.
@@ -1079,45 +1058,22 @@ return mh1;
            if (smgr == null)  return;
            if (allowedModes == TRUSTED)  return;

-            final boolean overridden = isCheckMemberAccessOverridden(smgr);
            // Step 1:
-            {
-                // Default policy is to allow Member.PUBLIC; no need to check
-                // permission if SecurityManager is the default implementation
-                final int which = Member.PUBLIC;
-                final Class<?> clazz = refc;
-                if (overridden) {
-                    // Don't refactor; otherwise break the stack depth for
-                    // checkMemberAccess of subclasses of SecurityManager as specified.
-                    smgr.checkMemberAccess(clazz, which);
-                }
-            }
-
-            // Step 2:
            if (!isFullPowerLookup() ||
                !VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
                ReflectUtil.checkPackageAccess(refc);
            }

-            // Step 3:
+            // Step 2:
            if (m.isPublic()) return;
            Class<?> defc = m.getDeclaringClass();
            {
-                // Inline SecurityManager.checkMemberAccess
-                final int which = Member.DECLARED;
-                final Class<?> clazz = defc;
-                if (!overridden) {
-                    if (!isFullPowerLookup()) {
-                        smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
-                    }
-                } else {
-                    // Don't refactor; otherwise break the stack depth for
-                    // checkMemberAccess of subclasses of SecurityManager as specified.
-                    smgr.checkMemberAccess(clazz, which);
+                if (!isFullPowerLookup()) {
+                    smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
                }
            }

-            // Step 4:
+            // Step 3:
            if (defc != refc) {
                ReflectUtil.checkPackageAccess(defc);
            }

--- a/src/share/classes/java/lang/reflect/Member.java
+++ b/src/share/classes/java/lang/reflect/Member.java
@@ -42,14 +42,12 @@ interface Member {
    /**
     * Identifies the set of all public members of a class or interface,
     * including inherited members.
-     * @see java.lang.SecurityManager#checkMemberAccess
     */
    public static final int PUBLIC = 0;

    /**
     * Identifies the set of declared members of a class or interface.
     * Inherited members are not included.
-     * @see java.lang.SecurityManager#checkMemberAccess
     */
    public static final int DECLARED = 1;


--- a/test/java/lang/invoke/InvokeDynamicPrintArgs.java
+++ b/test/java/lang/invoke/InvokeDynamicPrintArgs.java
@@ -22,6 +22,7 @@
 */

 /* @test
+ * @bug 7050328 8007035
 * @summary smoke test for invokedynamic instructions
 * @build indify.Indify
 * @compile InvokeDynamicPrintArgs.java
@@ -42,6 +43,7 @@ import java.util.*;
 import java.io.*;

 import java.lang.invoke.*;
+import java.security.*;
 import static java.lang.invoke.MethodHandles.*;
 import static java.lang.invoke.MethodType.*;

@@ -62,17 +64,10 @@ public class InvokeDynamicPrintArgs {
    }

    private static void checkConstantRefs() throws Throwable {
-        // check some constant references:
+        // check some constant references to its self class
        assertEquals(MT_bsm(), MH_bsm().type());
        assertEquals(MT_bsm2(), MH_bsm2().type());
-        try {
-            assertEquals(MT_bsm(), non_MH_bsm().type());
-            // if SM is installed, must throw before this point
-            assertEquals(false, System.getSecurityManager() != null);
-        } catch (SecurityException ex) {
-            // if SM is installed, must throw to this point
-            assertEquals(true, System.getSecurityManager() != null);
-        }
+        assertEquals(MT_bsm(), non_MH_bsm().type());
    }
    private static void assertEquals(Object exp, Object act) {
        if (exp == act || (exp != null && exp.equals(act)))  return;
@@ -80,21 +75,8 @@ public class InvokeDynamicPrintArgs {
    }

    private static void setSM() {
-        // Test for severe security manager interactions (7050328).
-        class SM extends SecurityManager {
-            public void checkPackageAccess(String pkg) {
-                if (pkg.startsWith("test."))
-                    throw new SecurityException("checkPackageAccess "+pkg);
-            }
-            public void checkMemberAccess(Class<?> clazz, int which) {
-                if (clazz == InvokeDynamicPrintArgs.class)
-                    throw new SecurityException("checkMemberAccess "+clazz.getName()+" #"+which);
-            }
-            // allow these others:
-            public void checkPermission(java.security.Permission perm) {
-            }
-        }
-        System.setSecurityManager(new SM());
+        Policy.setPolicy(new TestPolicy());
+        System.setSecurityManager(new SecurityManager());
    }

    private static PrintStream oldOut;
@@ -250,4 +232,22 @@ public class InvokeDynamicPrintArgs {
        if (System.getProperty("InvokeDynamicPrintArgs.allow-untransformed") != null)  return;
        throw new AssertionError("this code should be statically transformed away by Indify");
    }
+
+    static class TestPolicy extends Policy {
+        final PermissionCollection permissions = new Permissions();
+        TestPolicy() {
+            permissions.add(new java.io.FilePermission("<<ALL FILES>>", "read"));
+        }
+        public PermissionCollection getPermissions(ProtectionDomain domain) {
+            return permissions;
+        }
+
+        public PermissionCollection getPermissions(CodeSource codesource) {
+            return permissions;
+        }
+
+        public boolean implies(ProtectionDomain domain, Permission perm) {
+            return permissions.implies(perm);
+        }
+    }
 }
--- a/test/java/lang/invoke/TestPrivateMember.java
+++ b/test/java/lang/invoke/TestPrivateMember.java
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+
+/**
+ * @test
+ * @bug 8007035
+ * @summary Test MethodHandle of a private member
+ *
+ * @run main TestPrivateMember
+ */
+
+public class TestPrivateMember {
+    public static void main(String... args) throws Throwable {
+        System.setSecurityManager(new SecurityManager());
+        TestPrivateMember t = new TestPrivateMember();
+        t.test();
+    }
+
+    public TestPrivateMember() {
+    }
+
+    public void test() throws Throwable {
+        MethodHandles.Lookup lookup = MethodHandles.lookup();
+        MethodType mt = MethodType.methodType(void.class);
+        try {
+            MethodHandle mh = lookup.findStatic(Class.class, "checkInitted", mt);
+            throw new RuntimeException("IllegalAccessException not thrown");
+        } catch (IllegalAccessException e) {
+            // okay
+            System.out.println("Expected exception: " + e.getMessage());
+        }
+    }
+}