Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
329b06bf
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
329b06bf
编写于
5月 25, 2017
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8180024: Improve construction of objects during deserialization
Reviewed-by: dfuchs
上级
61ca4a7b
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
101 addition
and
1 deletion
+101
-1
src/share/classes/java/io/ObjectStreamClass.java
src/share/classes/java/io/ObjectStreamClass.java
+101
-1
未找到文件。
src/share/classes/java/io/ObjectStreamClass.java
浏览文件 @
329b06bf
...
...
@@ -32,14 +32,19 @@ import java.lang.ref.WeakReference;
import
java.lang.reflect.Constructor
;
import
java.lang.reflect.Field
;
import
java.lang.reflect.InvocationTargetException
;
import
java.lang.reflect.UndeclaredThrowableException
;
import
java.lang.reflect.Member
;
import
java.lang.reflect.Method
;
import
java.lang.reflect.Modifier
;
import
java.lang.reflect.Proxy
;
import
java.security.AccessControlContext
;
import
java.security.AccessController
;
import
java.security.MessageDigest
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.PermissionCollection
;
import
java.security.Permissions
;
import
java.security.PrivilegedAction
;
import
java.security.ProtectionDomain
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.Collections
;
...
...
@@ -48,6 +53,8 @@ import java.util.HashSet;
import
java.util.Set
;
import
java.util.concurrent.ConcurrentHashMap
;
import
java.util.concurrent.ConcurrentMap
;
import
sun.misc.JavaSecurityAccess
;
import
sun.misc.SharedSecrets
;
import
sun.misc.Unsafe
;
import
sun.reflect.CallerSensitive
;
import
sun.reflect.Reflection
;
...
...
@@ -173,6 +180,9 @@ public class ObjectStreamClass implements Serializable {
/** serialization-appropriate constructor, or null if none */
private
Constructor
<?>
cons
;
/** protection domains that need to be checked when calling the constructor */
private
ProtectionDomain
[]
domains
;
/** class-defined writeObject method, or null if none */
private
Method
writeObjectMethod
;
/** class-defined readObject method, or null if none */
...
...
@@ -505,6 +515,7 @@ public class ObjectStreamClass implements Serializable {
cl
,
"readObjectNoData"
,
null
,
Void
.
TYPE
);
hasWriteObjectData
=
(
writeObjectMethod
!=
null
);
}
domains
=
getProtectionDomains
(
cons
,
cl
);
writeReplaceMethod
=
getInheritableMethod
(
cl
,
"writeReplace"
,
null
,
Object
.
class
);
readResolveMethod
=
getInheritableMethod
(
...
...
@@ -547,6 +558,65 @@ public class ObjectStreamClass implements Serializable {
ObjectStreamClass
()
{
}
/**
* Creates a PermissionDomain that grants no permission.
*/
private
ProtectionDomain
noPermissionsDomain
()
{
PermissionCollection
perms
=
new
Permissions
();
perms
.
setReadOnly
();
return
new
ProtectionDomain
(
null
,
perms
);
}
/**
* Aggregate the ProtectionDomains of all the classes that separate
* a concrete class {@code cl} from its ancestor's class declaring
* a constructor {@code cons}.
*
* If {@code cl} is defined by the boot loader, or the constructor
* {@code cons} is declared by {@code cl}, or if there is no security
* manager, then this method does nothing and {@code null} is returned.
*
* @param cons A constructor declared by {@code cl} or one of its
* ancestors.
* @param cl A concrete class, which is either the class declaring
* the constructor {@code cons}, or a serializable subclass
* of that class.
* @return An array of ProtectionDomain representing the set of
* ProtectionDomain that separate the concrete class {@code cl}
* from its ancestor's declaring {@code cons}, or {@code null}.
*/
private
ProtectionDomain
[]
getProtectionDomains
(
Constructor
<?>
cons
,
Class
<?>
cl
)
{
ProtectionDomain
[]
domains
=
null
;
if
(
cons
!=
null
&&
cl
.
getClassLoader
()
!=
null
&&
System
.
getSecurityManager
()
!=
null
)
{
Class
<?>
cls
=
cl
;
Class
<?>
fnscl
=
cons
.
getDeclaringClass
();
Set
<
ProtectionDomain
>
pds
=
null
;
while
(
cls
!=
fnscl
)
{
ProtectionDomain
pd
=
cls
.
getProtectionDomain
();
if
(
pd
!=
null
)
{
if
(
pds
==
null
)
pds
=
new
HashSet
<>();
pds
.
add
(
pd
);
}
cls
=
cls
.
getSuperclass
();
if
(
cls
==
null
)
{
// that's not supposed to happen
// make a ProtectionDomain with no permission.
// should we throw instead?
if
(
pds
==
null
)
pds
=
new
HashSet
<>();
else
pds
.
clear
();
pds
.
add
(
noPermissionsDomain
());
break
;
}
}
if
(
pds
!=
null
)
{
domains
=
pds
.
toArray
(
new
ProtectionDomain
[
0
]);
}
}
return
domains
;
}
/**
* Initializes class descriptor representing a proxy class.
*/
...
...
@@ -577,6 +647,7 @@ public class ObjectStreamClass implements Serializable {
writeReplaceMethod
=
localDesc
.
writeReplaceMethod
;
readResolveMethod
=
localDesc
.
readResolveMethod
;
deserializeEx
=
localDesc
.
deserializeEx
;
domains
=
localDesc
.
domains
;
cons
=
localDesc
.
cons
;
}
fieldRefl
=
getReflector
(
fields
,
localDesc
);
...
...
@@ -663,6 +734,7 @@ public class ObjectStreamClass implements Serializable {
if
(
deserializeEx
==
null
)
{
deserializeEx
=
localDesc
.
deserializeEx
;
}
domains
=
localDesc
.
domains
;
cons
=
localDesc
.
cons
;
}
...
...
@@ -1003,7 +1075,35 @@ public class ObjectStreamClass implements Serializable {
requireInitialized
();
if
(
cons
!=
null
)
{
try
{
return
cons
.
newInstance
();
if
(
domains
==
null
||
domains
.
length
==
0
)
{
return
cons
.
newInstance
();
}
else
{
JavaSecurityAccess
jsa
=
SharedSecrets
.
getJavaSecurityAccess
();
PrivilegedAction
<?>
pea
=
()
->
{
try
{
return
cons
.
newInstance
();
}
catch
(
InstantiationException
|
InvocationTargetException
|
IllegalAccessException
x
)
{
throw
new
UndeclaredThrowableException
(
x
);
}
};
// Can't use PrivilegedExceptionAction with jsa
try
{
return
jsa
.
doIntersectionPrivilege
(
pea
,
AccessController
.
getContext
(),
new
AccessControlContext
(
domains
));
}
catch
(
UndeclaredThrowableException
x
)
{
Throwable
cause
=
x
.
getCause
();
if
(
cause
instanceof
InstantiationException
)
throw
(
InstantiationException
)
cause
;
if
(
cause
instanceof
InvocationTargetException
)
throw
(
InvocationTargetException
)
cause
;
if
(
cause
instanceof
IllegalAccessException
)
throw
(
IllegalAccessException
)
cause
;
// not supposed to happen
throw
x
;
}
}
}
catch
(
IllegalAccessException
ex
)
{
// should not occur, as access checks have been suppressed
throw
new
InternalError
(
ex
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录