8202419: Avoid creating Permission constants early

Reviewed-by: alanb, mullan
2018-04-30 16:27:23 +02:00 · 2018-04-30 16:27:23 +02:00 · 0f478d2cfd
commit 0f478d2cfd
parent f7afa8ff53
4 changed files with 26 additions and 21 deletions
--- a/src/java.base/share/classes/java/lang/Thread.java
+++ b/src/java.base/share/classes/java/lang/Thread.java
@ -425,7 +425,8 @@ class Thread implements Runnable {
         */
        if (security != null) {
            if (isCCLOverridden(getClass())) {
-                security.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
+                security.checkPermission(
+                        SecurityConstants.SUBCLASS_IMPLEMENTATION_PERMISSION);
            }
        }

@ -1703,10 +1704,6 @@ class Thread implements Runnable {
        return m;
    }

-
-    private static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION =
-                    new RuntimePermission("enableContextClassLoaderOverride");
-
    /** cache of subclass security audit results */
    /* Replace with ConcurrentReferenceHashMap when/if it appears in a future
     * release */
--- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java
+++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java
@ -35,6 +35,7 @@ import jdk.internal.reflect.CallerSensitive;
 import jdk.internal.reflect.Reflection;
 import jdk.internal.reflect.ReflectionFactory;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.SecurityConstants;

 /**
 * The {@code AccessibleObject} class is the base class for {@code Field},
@ -73,17 +74,14 @@ import sun.security.action.GetPropertyAction;
 */
 public class AccessibleObject implements AnnotatedElement {

-    /**
-     * The Permission object that is used to check whether a client
-     * has sufficient privilege to defeat Java language access
-     * control checks.
-     */
-    private static final java.security.Permission ACCESS_PERMISSION =
-        new ReflectPermission("suppressAccessChecks");
-
    static void checkPermission() {
        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
+        if (sm != null) {
+            // SecurityConstants.ACCESS_PERMISSION is used to check
+            // whether a client has sufficient privilege to defeat Java
+            // language access control checks.
+            sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
+        }
    }

    /**
--- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
+++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
@ -47,6 +47,7 @@ import java.util.Properties;
 import jdk.internal.misc.VM;
 import sun.reflect.misc.ReflectUtil;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.SecurityConstants;

 /** <P> The master factory for all reflective objects, both those in
    java.lang.reflect (Fields, Methods, Constructors) as well as their
@ -63,8 +64,6 @@ import sun.security.action.GetPropertyAction;
 public class ReflectionFactory {

    private static boolean initted = false;
-    private static final Permission reflectionFactoryAccessPerm
-        = new RuntimePermission("reflectionFactoryAccess");
    private static final ReflectionFactory soleInstance = new ReflectionFactory();
    // Provides access to package-private mechanisms in java.lang.reflect
    private static volatile LangReflectAccess langReflectAccess;
@ -129,8 +128,8 @@ public class ReflectionFactory {
    public static ReflectionFactory getReflectionFactory() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-            // TO DO: security.checkReflectionFactoryAccess();
-            security.checkPermission(reflectionFactoryAccessPerm);
+            security.checkPermission(
+                SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION);
        }
        return soleInstance;
    }
--- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java
+++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java
@ -25,12 +25,10 @@

 package sun.security.util;

+import java.lang.reflect.ReflectPermission;
 import java.net.SocketPermission;
 import java.net.NetPermission;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.Permission;
-import java.security.BasicPermission;
 import java.security.SecurityPermission;
 import java.security.AllPermission;
 import sun.security.action.GetPropertyAction;
@ -131,6 +129,10 @@ public final class SecurityConstants {
    public static final RuntimePermission GET_STACK_TRACE_PERMISSION =
       new RuntimePermission("getStackTrace");

+    // java.lang.Thread
+    public static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION =
+        new RuntimePermission("enableContextClassLoaderOverride");
+
    // java.security.AccessControlContext
    public static final SecurityPermission CREATE_ACC_PERMISSION =
       new SecurityPermission("createAccessControlContext");
@ -149,4 +151,13 @@ public final class SecurityConstants {

    public static final String PROVIDER_VER =
        GetPropertyAction.privilegedGetProperty("java.specification.version");
+
+    // java.lang.reflect.AccessibleObject
+    public static final ReflectPermission ACCESS_PERMISSION =
+        new ReflectPermission("suppressAccessChecks");
+
+    // sun.reflect.ReflectionFactory
+    public static final RuntimePermission REFLECTION_FACTORY_ACCESS_PERMISSION =
+        new RuntimePermission("reflectionFactoryAccess");
+
 }