提交 2bfa31ee 编写于 作者: M mchung

8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)

Reviewed-by: jrose, alanb, dfuchs
上级 0f0fd998
...@@ -1675,10 +1675,18 @@ class SecurityManager { ...@@ -1675,10 +1675,18 @@ class SecurityManager {
* permission to access members. * permission to access members.
* @exception NullPointerException if the <code>clazz</code> argument is * @exception NullPointerException if the <code>clazz</code> argument is
* <code>null</code>. * <code>null</code>.
*
* @deprecated This method relies on the caller being at a stack depth
* of 4 which is error-prone and cannot be enforced by the runtime.
* Users of this method should instead invoke {@link #checkPermission}
* directly. This method will be changed in a future release
* to check the permission {@code java.security.AllPermission}.
*
* @see java.lang.reflect.Member * @see java.lang.reflect.Member
* @since JDK1.1 * @since JDK1.1
* @see #checkPermission(java.security.Permission) checkPermission * @see #checkPermission(java.security.Permission) checkPermission
*/ */
@Deprecated
@CallerSensitive @CallerSensitive
public void checkMemberAccess(Class<?> clazz, int which) { public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == null) { if (clazz == null) {
......
...@@ -41,6 +41,7 @@ import sun.reflect.misc.ReflectUtil; ...@@ -41,6 +41,7 @@ import sun.reflect.misc.ReflectUtil;
import sun.security.util.SecurityConstants; import sun.security.util.SecurityConstants;
import static java.lang.invoke.MethodHandleStatics.*; import static java.lang.invoke.MethodHandleStatics.*;
import static java.lang.invoke.MethodHandleNatives.Constants.*; import static java.lang.invoke.MethodHandleNatives.Constants.*;
import sun.security.util.SecurityConstants;
/** /**
* This class consists exclusively of static methods that operate on or return * This class consists exclusively of static methods that operate on or return
...@@ -305,36 +306,30 @@ public class MethodHandles { ...@@ -305,36 +306,30 @@ public class MethodHandles {
* <a name="secmgr"></a> * <a name="secmgr"></a>
* If a security manager is present, member lookups are subject to * If a security manager is present, member lookups are subject to
* additional checks. * additional checks.
* From one to four calls are made to the security manager. * From one to three calls are made to the security manager.
* Any of these calls can refuse access by throwing a * Any of these calls can refuse access by throwing a
* {@link java.lang.SecurityException SecurityException}. * {@link java.lang.SecurityException SecurityException}.
* Define {@code smgr} as the security manager, * Define {@code smgr} as the security manager,
* {@code lookc} as the lookup class of the current lookup object,
* {@code refc} as the containing class in which the member * {@code refc} as the containing class in which the member
* is being sought, and {@code defc} as the class in which the * is being sought, and {@code defc} as the class in which the
* member is actually defined. * member is actually defined.
* The value {@code lookc} is defined as <em>not present</em>
* if the current lookup object does not have
* {@linkplain java.lang.invoke.MethodHandles.Lookup#PRIVATE private access}.
* The calls are made according to the following rules: * The calls are made according to the following rules:
* <ul> * <ul>
* <li>In all cases, {@link SecurityManager#checkMemberAccess * <li>If {@code lookc} is not present, or if its class loader is not
* smgr.checkMemberAccess(refc, Member.PUBLIC)} is called.
* <li>If the class loader of the lookup class is not
* the same as or an ancestor of the class loader of {@code refc}, * the same as or an ancestor of the class loader of {@code refc},
* then {@link SecurityManager#checkPackageAccess * then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(refcPkg)} is called, * smgr.checkPackageAccess(refcPkg)} is called,
* where {@code refcPkg} is the package of {@code refc}. * where {@code refcPkg} is the package of {@code refc}.
* <li>If the retrieved member is not public and
* {@code lookc} is not present, then
* {@link SecurityManager#checkPermission smgr.checkPermission}
* with {@code RuntimePermission("accessDeclaredMembers")} is called.
* <li>If the retrieved member is not public, * <li>If the retrieved member is not public,
* {@link SecurityManager#checkMemberAccess * and if {@code defc} and {@code refc} are different,
* smgr.checkMemberAccess(defc, Member.DECLARED)} is called.
* (Note that {@code defc} might be the same as {@code refc}.)
* The default implementation of this security manager method
* inspects the stack to determine the original caller of
* the reflective request (such as {@code findStatic}),
* and performs additional permission checks if the
* class loader of {@code defc} differs from the class
* loader of the class from which the reflective request came.
* <li>If the retrieved member is not public,
* and if {@code defc} and {@code refc} are in different class loaders,
* and if the class loader of the lookup class is not
* the same as or an ancestor of the class loader of {@code defc},
* then {@link SecurityManager#checkPackageAccess * then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(defcPkg)} is called, * smgr.checkPackageAccess(defcPkg)} is called,
* where {@code defcPkg} is the package of {@code defc}. * where {@code defcPkg} is the package of {@code defc}.
...@@ -1053,22 +1048,6 @@ return mh1; ...@@ -1053,22 +1048,6 @@ return mh1;
return (allowedModes & PRIVATE) != 0; return (allowedModes & PRIVATE) != 0;
} }
/**
* Determine whether a security manager has an overridden
* SecurityManager.checkMemberAccess method.
*/
private boolean isCheckMemberAccessOverridden(SecurityManager sm) {
final Class<? extends SecurityManager> cls = sm.getClass();
if (cls == SecurityManager.class) return false;
try {
return cls.getMethod("checkMemberAccess", Class.class, int.class).
getDeclaringClass() != SecurityManager.class;
} catch (NoSuchMethodException e) {
throw new InternalError("should not reach here");
}
}
/** /**
* Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>. * Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
* Determines a trustable caller class to compare with refc, the symbolic reference class. * Determines a trustable caller class to compare with refc, the symbolic reference class.
...@@ -1079,45 +1058,22 @@ return mh1; ...@@ -1079,45 +1058,22 @@ return mh1;
if (smgr == null) return; if (smgr == null) return;
if (allowedModes == TRUSTED) return; if (allowedModes == TRUSTED) return;
final boolean overridden = isCheckMemberAccessOverridden(smgr);
// Step 1: // Step 1:
{
// Default policy is to allow Member.PUBLIC; no need to check
// permission if SecurityManager is the default implementation
final int which = Member.PUBLIC;
final Class<?> clazz = refc;
if (overridden) {
// Don't refactor; otherwise break the stack depth for
// checkMemberAccess of subclasses of SecurityManager as specified.
smgr.checkMemberAccess(clazz, which);
}
}
// Step 2:
if (!isFullPowerLookup() || if (!isFullPowerLookup() ||
!VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) { !VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
ReflectUtil.checkPackageAccess(refc); ReflectUtil.checkPackageAccess(refc);
} }
// Step 3: // Step 2:
if (m.isPublic()) return; if (m.isPublic()) return;
Class<?> defc = m.getDeclaringClass(); Class<?> defc = m.getDeclaringClass();
{ {
// Inline SecurityManager.checkMemberAccess
final int which = Member.DECLARED;
final Class<?> clazz = defc;
if (!overridden) {
if (!isFullPowerLookup()) { if (!isFullPowerLookup()) {
smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
} }
} else {
// Don't refactor; otherwise break the stack depth for
// checkMemberAccess of subclasses of SecurityManager as specified.
smgr.checkMemberAccess(clazz, which);
}
} }
// Step 4: // Step 3:
if (defc != refc) { if (defc != refc) {
ReflectUtil.checkPackageAccess(defc); ReflectUtil.checkPackageAccess(defc);
} }
......
...@@ -42,14 +42,12 @@ interface Member { ...@@ -42,14 +42,12 @@ interface Member {
/** /**
* Identifies the set of all public members of a class or interface, * Identifies the set of all public members of a class or interface,
* including inherited members. * including inherited members.
* @see java.lang.SecurityManager#checkMemberAccess
*/ */
public static final int PUBLIC = 0; public static final int PUBLIC = 0;
/** /**
* Identifies the set of declared members of a class or interface. * Identifies the set of declared members of a class or interface.
* Inherited members are not included. * Inherited members are not included.
* @see java.lang.SecurityManager#checkMemberAccess
*/ */
public static final int DECLARED = 1; public static final int DECLARED = 1;
......
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
*/ */
/* @test /* @test
* @bug 7050328 8007035
* @summary smoke test for invokedynamic instructions * @summary smoke test for invokedynamic instructions
* @build indify.Indify * @build indify.Indify
* @compile InvokeDynamicPrintArgs.java * @compile InvokeDynamicPrintArgs.java
...@@ -42,6 +43,7 @@ import java.util.*; ...@@ -42,6 +43,7 @@ import java.util.*;
import java.io.*; import java.io.*;
import java.lang.invoke.*; import java.lang.invoke.*;
import java.security.*;
import static java.lang.invoke.MethodHandles.*; import static java.lang.invoke.MethodHandles.*;
import static java.lang.invoke.MethodType.*; import static java.lang.invoke.MethodType.*;
...@@ -62,17 +64,10 @@ public class InvokeDynamicPrintArgs { ...@@ -62,17 +64,10 @@ public class InvokeDynamicPrintArgs {
} }
private static void checkConstantRefs() throws Throwable { private static void checkConstantRefs() throws Throwable {
// check some constant references: // check some constant references to its self class
assertEquals(MT_bsm(), MH_bsm().type()); assertEquals(MT_bsm(), MH_bsm().type());
assertEquals(MT_bsm2(), MH_bsm2().type()); assertEquals(MT_bsm2(), MH_bsm2().type());
try {
assertEquals(MT_bsm(), non_MH_bsm().type()); assertEquals(MT_bsm(), non_MH_bsm().type());
// if SM is installed, must throw before this point
assertEquals(false, System.getSecurityManager() != null);
} catch (SecurityException ex) {
// if SM is installed, must throw to this point
assertEquals(true, System.getSecurityManager() != null);
}
} }
private static void assertEquals(Object exp, Object act) { private static void assertEquals(Object exp, Object act) {
if (exp == act || (exp != null && exp.equals(act))) return; if (exp == act || (exp != null && exp.equals(act))) return;
...@@ -80,21 +75,8 @@ public class InvokeDynamicPrintArgs { ...@@ -80,21 +75,8 @@ public class InvokeDynamicPrintArgs {
} }
private static void setSM() { private static void setSM() {
// Test for severe security manager interactions (7050328). Policy.setPolicy(new TestPolicy());
class SM extends SecurityManager { System.setSecurityManager(new SecurityManager());
public void checkPackageAccess(String pkg) {
if (pkg.startsWith("test."))
throw new SecurityException("checkPackageAccess "+pkg);
}
public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == InvokeDynamicPrintArgs.class)
throw new SecurityException("checkMemberAccess "+clazz.getName()+" #"+which);
}
// allow these others:
public void checkPermission(java.security.Permission perm) {
}
}
System.setSecurityManager(new SM());
} }
private static PrintStream oldOut; private static PrintStream oldOut;
...@@ -250,4 +232,22 @@ public class InvokeDynamicPrintArgs { ...@@ -250,4 +232,22 @@ public class InvokeDynamicPrintArgs {
if (System.getProperty("InvokeDynamicPrintArgs.allow-untransformed") != null) return; if (System.getProperty("InvokeDynamicPrintArgs.allow-untransformed") != null) return;
throw new AssertionError("this code should be statically transformed away by Indify"); throw new AssertionError("this code should be statically transformed away by Indify");
} }
static class TestPolicy extends Policy {
final PermissionCollection permissions = new Permissions();
TestPolicy() {
permissions.add(new java.io.FilePermission("<<ALL FILES>>", "read"));
}
public PermissionCollection getPermissions(ProtectionDomain domain) {
return permissions;
}
public PermissionCollection getPermissions(CodeSource codesource) {
return permissions;
}
public boolean implies(ProtectionDomain domain, Permission perm) {
return permissions.implies(perm);
}
}
} }
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
/**
* @test
* @bug 8007035
* @summary Test MethodHandle of a private member
*
* @run main TestPrivateMember
*/
public class TestPrivateMember {
public static void main(String... args) throws Throwable {
System.setSecurityManager(new SecurityManager());
TestPrivateMember t = new TestPrivateMember();
t.test();
}
public TestPrivateMember() {
}
public void test() throws Throwable {
MethodHandles.Lookup lookup = MethodHandles.lookup();
MethodType mt = MethodType.methodType(void.class);
try {
MethodHandle mh = lookup.findStatic(Class.class, "checkInitted", mt);
throw new RuntimeException("IllegalAccessException not thrown");
} catch (IllegalAccessException e) {
// okay
System.out.println("Expected exception: " + e.getMessage());
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册