From 0f478d2cfd45e32ffe4b40ca67ea9b5f1da64f80 Mon Sep 17 00:00:00 2001 From: Claes Redestad Date: Mon, 30 Apr 2018 16:27:23 +0200 Subject: [PATCH] 8202419: Avoid creating Permission constants early Reviewed-by: alanb, mullan --- .../share/classes/java/lang/Thread.java | 7 ++----- .../java/lang/reflect/AccessibleObject.java | 16 +++++++--------- .../jdk/internal/reflect/ReflectionFactory.java | 7 +++---- .../sun/security/util/SecurityConstants.java | 17 ++++++++++++++--- 4 files changed, 26 insertions(+), 21 deletions(-) diff --git a/src/java.base/share/classes/java/lang/Thread.java b/src/java.base/share/classes/java/lang/Thread.java index 9bdad3280de..0ff5ad8aac3 100644 --- a/src/java.base/share/classes/java/lang/Thread.java +++ b/src/java.base/share/classes/java/lang/Thread.java @@ -425,7 +425,8 @@ class Thread implements Runnable { */ if (security != null) { if (isCCLOverridden(getClass())) { - security.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION); + security.checkPermission( + SecurityConstants.SUBCLASS_IMPLEMENTATION_PERMISSION); } } @@ -1703,10 +1704,6 @@ class Thread implements Runnable { return m; } - - private static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION = - new RuntimePermission("enableContextClassLoaderOverride"); - /** cache of subclass security audit results */ /* Replace with ConcurrentReferenceHashMap when/if it appears in a future * release */ diff --git a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java index 9ea28b64d62..de0591d232b 100644 --- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java +++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java @@ -35,6 +35,7 @@ import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; import sun.security.action.GetPropertyAction; +import sun.security.util.SecurityConstants; /** * The {@code AccessibleObject} class is the base class for {@code Field}, @@ -73,17 +74,14 @@ import sun.security.action.GetPropertyAction; */ public class AccessibleObject implements AnnotatedElement { - /** - * The Permission object that is used to check whether a client - * has sufficient privilege to defeat Java language access - * control checks. - */ - private static final java.security.Permission ACCESS_PERMISSION = - new ReflectPermission("suppressAccessChecks"); - static void checkPermission() { SecurityManager sm = System.getSecurityManager(); - if (sm != null) sm.checkPermission(ACCESS_PERMISSION); + if (sm != null) { + // SecurityConstants.ACCESS_PERMISSION is used to check + // whether a client has sufficient privilege to defeat Java + // language access control checks. + sm.checkPermission(SecurityConstants.ACCESS_PERMISSION); + } } /** diff --git a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java index f919026b31d..f3c7741872b 100644 --- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java +++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java @@ -47,6 +47,7 @@ import java.util.Properties; import jdk.internal.misc.VM; import sun.reflect.misc.ReflectUtil; import sun.security.action.GetPropertyAction; +import sun.security.util.SecurityConstants; /**

The master factory for all reflective objects, both those in java.lang.reflect (Fields, Methods, Constructors) as well as their @@ -63,8 +64,6 @@ import sun.security.action.GetPropertyAction; public class ReflectionFactory { private static boolean initted = false; - private static final Permission reflectionFactoryAccessPerm - = new RuntimePermission("reflectionFactoryAccess"); private static final ReflectionFactory soleInstance = new ReflectionFactory(); // Provides access to package-private mechanisms in java.lang.reflect private static volatile LangReflectAccess langReflectAccess; @@ -129,8 +128,8 @@ public class ReflectionFactory { public static ReflectionFactory getReflectionFactory() { SecurityManager security = System.getSecurityManager(); if (security != null) { - // TO DO: security.checkReflectionFactoryAccess(); - security.checkPermission(reflectionFactoryAccessPerm); + security.checkPermission( + SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION); } return soleInstance; } diff --git a/src/java.base/share/classes/sun/security/util/SecurityConstants.java b/src/java.base/share/classes/sun/security/util/SecurityConstants.java index c7099aca30f..ae935a66562 100644 --- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java +++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java @@ -25,12 +25,10 @@ package sun.security.util; +import java.lang.reflect.ReflectPermission; import java.net.SocketPermission; import java.net.NetPermission; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.Permission; -import java.security.BasicPermission; import java.security.SecurityPermission; import java.security.AllPermission; import sun.security.action.GetPropertyAction; @@ -131,6 +129,10 @@ public final class SecurityConstants { public static final RuntimePermission GET_STACK_TRACE_PERMISSION = new RuntimePermission("getStackTrace"); + // java.lang.Thread + public static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION = + new RuntimePermission("enableContextClassLoaderOverride"); + // java.security.AccessControlContext public static final SecurityPermission CREATE_ACC_PERMISSION = new SecurityPermission("createAccessControlContext"); @@ -149,4 +151,13 @@ public final class SecurityConstants { public static final String PROVIDER_VER = GetPropertyAction.privilegedGetProperty("java.specification.version"); + + // java.lang.reflect.AccessibleObject + public static final ReflectPermission ACCESS_PERMISSION = + new ReflectPermission("suppressAccessChecks"); + + // sun.reflect.ReflectionFactory + public static final RuntimePermission REFLECTION_FACTORY_ACCESS_PERMISSION = + new RuntimePermission("reflectionFactoryAccess"); + }