From 74914b1d021f3e76d84af277e6f6b82d5727b09c Mon Sep 17 00:00:00 2001 From: mullan Date: Tue, 22 Oct 2013 08:03:16 -0400 Subject: [PATCH] 8021191: Add isAuthorized check to limited doPrivileged methods Reviewed-by: weijun, xuelei --- .../java/security/AccessControlContext.java | 4 ++ .../java/security/AccessController.java | 56 ++++++++++++++++--- 2 files changed, 52 insertions(+), 8 deletions(-) diff --git a/src/share/classes/java/security/AccessControlContext.java b/src/share/classes/java/security/AccessControlContext.java index 9b5bc0722..1805aafcc 100644 --- a/src/share/classes/java/security/AccessControlContext.java +++ b/src/share/classes/java/security/AccessControlContext.java @@ -350,6 +350,10 @@ public final class AccessControlContext { return combiner; } + boolean isAuthorized() { + return isAuthorized; + } + /** * Determines whether the access request indicated by the * specified permission should be allowed or denied, based on diff --git a/src/share/classes/java/security/AccessController.java b/src/share/classes/java/security/AccessController.java index a7d089958..89392261f 100644 --- a/src/share/classes/java/security/AccessController.java +++ b/src/share/classes/java/security/AccessController.java @@ -344,9 +344,10 @@ public final class AccessController { * If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. *

- * If a security manager is installed and the {@code AccessControlContext} - * was not created by system code and the caller's {@code ProtectionDomain} - * has not been granted the {@literal "createAccessControlContext"} + * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} * {@link java.security.SecurityPermission}, then the action is performed * with no permissions. * @@ -384,6 +385,13 @@ public final class AccessController { *

* If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the PrivilegedAction's * {@code run} method. @@ -438,6 +446,13 @@ public final class AccessController { * *

This method preserves the current AccessControlContext's * DomainCombiner (which may be null) while the action is performed. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the PrivilegedAction's * {@code run} method. @@ -571,8 +586,18 @@ public final class AccessController { AccessControlContext parent, AccessControlContext context, Permission[] perms) { - return new AccessControlContext(getCallerPD(caller), combiner, parent, - context, perms); + ProtectionDomain callerPD = getCallerPD(caller); + // check if caller is authorized to create context + if (context != null && !context.isAuthorized() && + System.getSecurityManager() != null && + !callerPD.impliesCreateAccessControlContext()) + { + ProtectionDomain nullPD = new ProtectionDomain(null, null); + return new AccessControlContext(new ProtectionDomain[] { nullPD }); + } else { + return new AccessControlContext(callerPD, combiner, parent, + context, perms); + } } private static ProtectionDomain getCallerPD(final Class caller) { @@ -597,9 +622,10 @@ public final class AccessController { * If the action's {@code run} method throws an unchecked * exception, it will propagate through this method. *

- * If a security manager is installed and the {@code AccessControlContext} - * was not created by system code and the caller's {@code ProtectionDomain} - * has not been granted the {@literal "createAccessControlContext"} + * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} * {@link java.security.SecurityPermission}, then the action is performed * with no permissions. * @@ -641,6 +667,13 @@ public final class AccessController { *

* If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the * PrivilegedExceptionAction's {@code run} method. @@ -697,6 +730,13 @@ public final class AccessController { * *

This method preserves the current AccessControlContext's * DomainCombiner (which may be null) while the action is performed. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the * PrivilegedExceptionAction's {@code run} method. -- GitLab