stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8186535: Remove deprecated pre-1.2 SecurityManager methods and fields

Browse Source 
Reviewed-by: alanb, coleenp, hseigel, mchung
This commit is contained in:
Sean Mullan 2017-11-30 07:54:28 -05:00
parent 5102cb9120
commit 4da03ba907
8 changed files with 119 additions and 465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
make/hotspot/symbols/symbols-unix
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@ JVM_ActiveProcessorCount
JVM_ArrayCopy JVM_ArrayCopy
JVM_AssertionStatusDirectives JVM_AssertionStatusDirectives
JVM_CallStackWalk JVM_CallStackWalk
JVM_ClassDepth
JVM_ClassLoaderDepth
JVM_Clone JVM_Clone
JVM_ConstantPoolGetClassAt JVM_ConstantPoolGetClassAt
JVM_ConstantPoolGetClassAtIfLoaded JVM_ConstantPoolGetClassAtIfLoaded
@ -47,8 +45,6 @@ JVM_ConstantPoolGetStringAt
JVM_ConstantPoolGetTagAt JVM_ConstantPoolGetTagAt
JVM_ConstantPoolGetUTF8At JVM_ConstantPoolGetUTF8At
JVM_CountStackFrames JVM_CountStackFrames
JVM_CurrentClassLoader
JVM_CurrentLoadedClass
JVM_CurrentThread JVM_CurrentThread
JVM_CurrentTimeMillis JVM_CurrentTimeMillis
JVM_DefineClass JVM_DefineClass

4
make/mapfiles/libjava/mapfile-vers
View File

@ -205,10 +205,6 @@ SUNWprivate_1.1 {
Java_java_lang_Runtime_runFinalization0; Java_java_lang_Runtime_runFinalization0;
Java_java_lang_Runtime_totalMemory; Java_java_lang_Runtime_totalMemory;
Java_java_lang_Runtime_availableProcessors; Java_java_lang_Runtime_availableProcessors;
Java_java_lang_SecurityManager_classDepth;
Java_java_lang_SecurityManager_classLoaderDepth0;
Java_java_lang_SecurityManager_currentClassLoader0;
Java_java_lang_SecurityManager_currentLoadedClass0;
Java_java_lang_SecurityManager_getClassContext; Java_java_lang_SecurityManager_getClassContext;
Java_java_lang_Shutdown_halt0; Java_java_lang_Shutdown_halt0;
Java_java_lang_StackTraceElement_initStackTraceElement; Java_java_lang_StackTraceElement_initStackTraceElement;

110
src/hotspot/share/prims/jvm.cpp
View File

@ -3137,64 +3137,6 @@ JVM_END
// java.lang.SecurityManager /////////////////////////////////////////////////////////////////////// // java.lang.SecurityManager ///////////////////////////////////////////////////////////////////////
static bool is_trusted_frame(JavaThread* jthread, vframeStream* vfst) {
assert(jthread->is_Java_thread(), "must be a Java thread");
if (jthread->privileged_stack_top() == NULL) return false;
if (jthread->privileged_stack_top()->frame_id() == vfst->frame_id()) {
oop loader = jthread->privileged_stack_top()->class_loader();
if (loader == NULL) return true;
bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
if (trusted) return true;
}
return false;
}
JVM_ENTRY(jclass, JVM_CurrentLoadedClass(JNIEnv *env))
JVMWrapper("JVM_CurrentLoadedClass");
ResourceMark rm(THREAD);
for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
// if a method in a class in a trusted loader is in a doPrivileged, return NULL
bool trusted = is_trusted_frame(thread, &vfst);
if (trusted) return NULL;
Method* m = vfst.method();
if (!m->is_native()) {
InstanceKlass* holder = m->method_holder();
oop loader = holder->class_loader();
if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
return (jclass) JNIHandles::make_local(env, holder->java_mirror());
}
}
}
return NULL;
JVM_END
JVM_ENTRY(jobject, JVM_CurrentClassLoader(JNIEnv *env))
JVMWrapper("JVM_CurrentClassLoader");
ResourceMark rm(THREAD);
for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
// if a method in a class in a trusted loader is in a doPrivileged, return NULL
bool trusted = is_trusted_frame(thread, &vfst);
if (trusted) return NULL;
Method* m = vfst.method();
if (!m->is_native()) {
InstanceKlass* holder = m->method_holder();
assert(holder->is_klass(), "just checking");
oop loader = holder->class_loader();
if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
return JNIHandles::make_local(env, loader);
}
}
}
return NULL;
JVM_END
JVM_ENTRY(jobjectArray, JVM_GetClassContext(JNIEnv *env)) JVM_ENTRY(jobjectArray, JVM_GetClassContext(JNIEnv *env))
JVMWrapper("JVM_GetClassContext"); JVMWrapper("JVM_GetClassContext");
ResourceMark rm(THREAD); ResourceMark rm(THREAD);
@ -3234,58 +3176,6 @@ JVM_ENTRY(jobjectArray, JVM_GetClassContext(JNIEnv *env))
JVM_END JVM_END
JVM_ENTRY(jint, JVM_ClassDepth(JNIEnv *env, jstring name))
JVMWrapper("JVM_ClassDepth");
ResourceMark rm(THREAD);
Handle h_name (THREAD, JNIHandles::resolve_non_null(name));
Handle class_name_str = java_lang_String::internalize_classname(h_name, CHECK_0);
const char* str = java_lang_String::as_utf8_string(class_name_str());
TempNewSymbol class_name_sym = SymbolTable::probe(str, (int)strlen(str));
if (class_name_sym == NULL) {
return -1;
}
int depth = 0;
for(vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
if (!vfst.method()->is_native()) {
InstanceKlass* holder = vfst.method()->method_holder();
assert(holder->is_klass(), "just checking");
if (holder->name() == class_name_sym) {
return depth;
}
depth++;
}
}
return -1;
JVM_END
JVM_ENTRY(jint, JVM_ClassLoaderDepth(JNIEnv *env))
JVMWrapper("JVM_ClassLoaderDepth");
ResourceMark rm(THREAD);
int depth = 0;
for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
// if a method in a class in a trusted loader is in a doPrivileged, return -1
bool trusted = is_trusted_frame(thread, &vfst);
if (trusted) return -1;
Method* m = vfst.method();
if (!m->is_native()) {
InstanceKlass* holder = m->method_holder();
assert(holder->is_klass(), "just checking");
oop loader = holder->class_loader();
if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
return depth;
}
depth++;
}
}
return -1;
JVM_END
// java.lang.Package //////////////////////////////////////////////////////////////// // java.lang.Package ////////////////////////////////////////////////////////////////

295
src/java.base/share/classes/java/lang/SecurityManager.java
View File

@ -101,7 +101,7 @@ import sun.security.util.SecurityConstants;
* <code>checkPermission</code> returns quietly. If denied, a * <code>checkPermission</code> returns quietly. If denied, a
* <code>SecurityException</code> is thrown. * <code>SecurityException</code> is thrown.
* <p> * <p>
* As of Java 2 SDK v1.2, the default implementation of each of the other * The default implementation of each of the other
* <code>check</code> methods in <code>SecurityManager</code> is to * <code>check</code> methods in <code>SecurityManager</code> is to
* call the <code>SecurityManager checkPermission</code> method * call the <code>SecurityManager checkPermission</code> method
* to determine if the calling thread has permission to perform the requested * to determine if the calling thread has permission to perform the requested
@ -197,10 +197,10 @@ import sun.security.util.SecurityConstants;
* See {@extLink security_guide_permissions * See {@extLink security_guide_permissions
* Permissions in the Java Development Kit (JDK)} * Permissions in the Java Development Kit (JDK)}
* for permission-related information. * for permission-related information.
* This document includes, for example, a table listing the various SecurityManager * This document includes a table listing the various SecurityManager
* <code>check</code> methods and the permission(s) the default * <code>check</code> methods and the permission(s) the default
* implementation of each such method requires. * implementation of each such method requires.
* It also contains a table of all the version 1.2 methods * It also contains a table of the methods
* that require permissions, and for each such method tells * that require permissions, and for each such method tells
* which permission it requires. * which permission it requires.
* *
@ -228,20 +228,7 @@ import sun.security.util.SecurityConstants;
* *
* @since 1.0 * @since 1.0
*/ */
public public class SecurityManager {
class SecurityManager {
/**
* This field is <code>true</code> if there is a security check in
* progress; <code>false</code> otherwise.
*
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This field is subject to removal in a
* future version of Java SE.
*/
@Deprecated(since="1.2", forRemoval=true)
protected boolean inCheck;
/* /*
* Have we been initialized. Effective against finalizer attacks. * Have we been initialized. Effective against finalizer attacks.
@ -261,24 +248,6 @@ class SecurityManager {
} }
} }
/**
* Tests if there is a security check in progress.
*
* @return the value of the <code>inCheck</code> field. This field
* should contain <code>true</code> if a security check is
* in progress,
* <code>false</code> otherwise.
* @see java.lang.SecurityManager#inCheck
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*/
@Deprecated(since="1.2", forRemoval=true)
public boolean getInCheck() {
return inCheck;
}
/** /**
* Constructs a new <code>SecurityManager</code>. * Constructs a new <code>SecurityManager</code>.
* *
@ -321,198 +290,6 @@ class SecurityManager {
*/ */
protected native Class<?>[] getClassContext(); protected native Class<?>[] getClassContext();
/**
* Returns the class loader of the most recently executing method from
* a class defined using a non-system class loader. A non-system
* class loader is defined as being a class loader that is not equal to
* the system class loader (as returned
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
* <p>
* This method will return
* <code>null</code> in the following three cases:
* <ol>
* <li>All methods on the execution stack are from classes
* defined using the system class loader or one of its ancestors.
*
* <li>All methods on the execution stack up to the first
* "privileged" caller
* (see {@link java.security.AccessController#doPrivileged})
* are from classes
* defined using the system class loader or one of its ancestors.
*
* <li> A call to <code>checkPermission</code> with
* <code>java.security.AllPermission</code> does not
* result in a SecurityException.
*
* </ol>
*
* @return the class loader of the most recent occurrence on the stack
* of a method from a class defined using a non-system class
* loader.
*
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.2", forRemoval=true)
protected ClassLoader currentClassLoader() {
ClassLoader cl = currentClassLoader0();
if ((cl != null) && hasAllPermission())
cl = null;
return cl;
}
private native ClassLoader currentClassLoader0();
/**
* Returns the class of the most recently executing method from
* a class defined using a non-system class loader. A non-system
* class loader is defined as being a class loader that is not equal to
* the system class loader (as returned
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
* <p>
* This method will return
* <code>null</code> in the following three cases:
* <ol>
* <li>All methods on the execution stack are from classes
* defined using the system class loader or one of its ancestors.
*
* <li>All methods on the execution stack up to the first
* "privileged" caller
* (see {@link java.security.AccessController#doPrivileged})
* are from classes
* defined using the system class loader or one of its ancestors.
*
* <li> A call to <code>checkPermission</code> with
* <code>java.security.AllPermission</code> does not
* result in a SecurityException.
*
* </ol>
*
* @return the class of the most recent occurrence on the stack
* of a method from a class defined using a non-system class
* loader.
*
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.2", forRemoval=true)
protected Class<?> currentLoadedClass() {
Class<?> c = currentLoadedClass0();
if ((c != null) && hasAllPermission())
c = null;
return c;
}
/**
* Returns the stack depth of the specified class.
*
* @param name the fully qualified name of the class to search for.
* @return the depth on the stack frame of the first occurrence of a
* method from a class with the specified name;
* <code>-1</code> if such a frame cannot be found.
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*/
@Deprecated(since="1.2", forRemoval=true)
protected native int classDepth(String name);
/**
* Returns the stack depth of the most recently executing method
* from a class defined using a non-system class loader. A non-system
* class loader is defined as being a class loader that is not equal to
* the system class loader (as returned
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
* <p>
* This method will return
* -1 in the following three cases:
* <ol>
* <li>All methods on the execution stack are from classes
* defined using the system class loader or one of its ancestors.
*
* <li>All methods on the execution stack up to the first
* "privileged" caller
* (see {@link java.security.AccessController#doPrivileged})
* are from classes
* defined using the system class loader or one of its ancestors.
*
* <li> A call to <code>checkPermission</code> with
* <code>java.security.AllPermission</code> does not
* result in a SecurityException.
*
* </ol>
*
* @return the depth on the stack frame of the most recent occurrence of
* a method from a class defined using a non-system class loader.
*
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*
* @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.2", forRemoval=true)
protected int classLoaderDepth() {
int depth = classLoaderDepth0();
if (depth != -1) {
if (hasAllPermission())
depth = -1;
else
depth--; // make sure we don't include ourself
}
return depth;
}
private native int classLoaderDepth0();
/**
* Tests if a method from a class with the specified
* name is on the execution stack.
*
* @param name the fully qualified name of the class.
* @return <code>true</code> if a method from a class with the specified
* name is on the execution stack; <code>false</code> otherwise.
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
*/
@Deprecated(since="1.2", forRemoval=true)
protected boolean inClass(String name) {
return classDepth(name) >= 0;
}
/**
* Basically, tests if a method from a class defined using a
* class loader is on the execution stack.
*
* @return <code>true</code> if a call to <code>currentClassLoader</code>
* has a non-null return value.
*
* @deprecated This type of security checking is not recommended.
* It is recommended that the <code>checkPermission</code>
* call be used instead. This method is subject to removal in a
* future version of Java SE.
* @see #currentClassLoader() currentClassLoader
*/
@Deprecated(since="1.2", forRemoval=true)
protected boolean inClassLoader() {
return currentClassLoader() != null;
}
/** /**
* Creates an object that encapsulates the current execution * Creates an object that encapsulates the current execution
* environment. The result of this method is used, for example, by the * environment. The result of this method is used, for example, by the
@ -1698,64 +1475,32 @@ class SecurityManager {
} }
/** /**
* Throws a <code>SecurityException</code> if the * Throws a {@code SecurityException} if the calling thread does
* calling thread is not allowed to access members. * not have {@code AllPermission}.
* <p>
* The default policy is to allow access to PUBLIC members, as well
* as access to classes that have the same class loader as the caller.
* In all other cases, this method calls <code>checkPermission</code>
* with the <code>RuntimePermission("accessDeclaredMembers")
* </code> permission.
* <p>
* If this method is overridden, then a call to
* <code>super.checkMemberAccess</code> cannot be made,
* as the default implementation of <code>checkMemberAccess</code>
* relies on the code being checked being at a stack depth of
* 4.
* *
* @param clazz the class that reflection is to be performed on. * @param clazz the class that reflection is to be performed on.
*
* @param which type of access, PUBLIC or DECLARED. * @param which type of access, PUBLIC or DECLARED.
* * @throws SecurityException if the caller does not have
* @exception SecurityException if the caller does not have * {@code AllPermission}
* permission to access members. * @throws NullPointerException if the {@code clazz} argument is
* @exception NullPointerException if the <code>clazz</code> argument is * {@code null}
* <code>null</code>. * @deprecated This method was originally used to check if the calling
* * thread was allowed to access members. It relied on the
* @deprecated This method relies on the caller being at a stack depth * caller being at a stack depth of 4 which is error-prone and
* of 4 which is error-prone and cannot be enforced by the runtime. * cannot be enforced by the runtime. The method has been
* Users of this method should instead invoke {@link #checkPermission} * obsoleted and code should instead use
* directly. * {@link #checkPermission} to check
* This method is subject to removal in a future version of Java SE. * {@code RuntimePermission("accessDeclaredMembers")}. This
* * method is subject to removal in a future version of Java SE.
* @see java.lang.reflect.Member
* @since 1.1 * @since 1.1
* @see #checkPermission(java.security.Permission) checkPermission * @see #checkPermission(java.security.Permission) checkPermission
*/ */
@Deprecated(since="1.8", forRemoval=true) @Deprecated(since="1.8", forRemoval=true)
@CallerSensitive
public void checkMemberAccess(Class<?> clazz, int which) { public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == null) { if (clazz == null) {
throw new NullPointerException("class can't be null"); throw new NullPointerException("class can't be null");
} }
if (which != Member.PUBLIC) { checkPermission(SecurityConstants.ALL_PERMISSION);
Class<?> stack[] = getClassContext();
/*
* stack depth of 4 should be the caller of one of the
* methods in java.lang.Class that invoke checkMember
* access. The stack should look like:
*
* someCaller [3]
* java.lang.Class.someReflectionAPI [2]
* java.lang.Class.checkMemberAccess [1]
* SecurityManager.checkMemberAccess [0]
*
*/
if ((stack.length<4) ||
(stack[3].getClassLoader() != clazz.getClassLoader())) {
checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
}
} }
/** /**
@ -1792,8 +1537,6 @@ class SecurityManager {
checkPermission(new SecurityPermission(target)); checkPermission(new SecurityPermission(target));
} }
private native Class<?> currentLoadedClass0();
/** /**
* Returns the thread group into which to instantiate any new * Returns the thread group into which to instantiate any new
* thread being created at the time this is being called. * thread being created at the time this is being called.

12
src/java.base/share/native/include/jvm.h
View File

@ -262,21 +262,9 @@ JVM_DumpThreads(JNIEnv *env, jclass threadClass, jobjectArray threads);
/* /*
* java.lang.SecurityManager * java.lang.SecurityManager
*/ */
JNIEXPORT jclass JNICALL
JVM_CurrentLoadedClass(JNIEnv *env);
JNIEXPORT jobject JNICALL
JVM_CurrentClassLoader(JNIEnv *env);
JNIEXPORT jobjectArray JNICALL JNIEXPORT jobjectArray JNICALL
JVM_GetClassContext(JNIEnv *env); JVM_GetClassContext(JNIEnv *env);
JNIEXPORT jint JNICALL
JVM_ClassDepth(JNIEnv *env, jstring name);
JNIEXPORT jint JNICALL
JVM_ClassLoaderDepth(JNIEnv *env);
/* /*
* java.lang.Package * java.lang.Package
*/ */

52
src/java.base/share/native/libjava/SecurityManager.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -76,53 +76,3 @@ Java_java_lang_SecurityManager_getClassContext(JNIEnv *env, jobject this)
return JVM_GetClassContext(env); return JVM_GetClassContext(env);
} }
JNIEXPORT jclass JNICALL
Java_java_lang_SecurityManager_currentLoadedClass0(JNIEnv *env, jobject this)
{
/* Make sure the security manager instance is initialized */
if (!check(env, this)) {
return NULL; /* exception */
}
return JVM_CurrentLoadedClass(env);
}
JNIEXPORT jobject JNICALL
Java_java_lang_SecurityManager_currentClassLoader0(JNIEnv *env, jobject this)
{
/* Make sure the security manager instance is initialized */
if (!check(env, this)) {
return NULL; /* exception */
}
return JVM_CurrentClassLoader(env);
}
JNIEXPORT jint JNICALL
Java_java_lang_SecurityManager_classDepth(JNIEnv *env, jobject this,
jstring name)
{
/* Make sure the security manager instance is initialized */
if (!check(env, this)) {
return -1; /* exception */
}
if (name == NULL) {
JNU_ThrowNullPointerException(env, 0);
return -1;
}
return JVM_ClassDepth(env, name);
}
JNIEXPORT jint JNICALL
Java_java_lang_SecurityManager_classLoaderDepth0(JNIEnv *env, jobject this)
{
/* Make sure the security manager instance is initialized */
if (!check(env, this)) {
return -1; /* exception */
}
return JVM_ClassLoaderDepth(env);
}

85
src/java.desktop/share/classes/sun/applet/AppletSecurity.java
View File

@ -48,6 +48,8 @@ import sun.awt.AppContext;
import sun.awt.AWTPermissions; import sun.awt.AWTPermissions;
import sun.security.util.SecurityConstants; import sun.security.util.SecurityConstants;
import static java.lang.StackWalker.*;
import static java.lang.StackWalker.Option.*;
/** /**
@ -106,11 +108,90 @@ class AppletSecurity extends AWTSecurityManager {
}); });
} }
private static final StackWalker walker =
AccessController.doPrivileged(
(PrivilegedAction<StackWalker>) () ->
StackWalker.getInstance(RETAIN_CLASS_REFERENCE));
/**
* Returns the class loader of the most recently executing method from
* a class defined using a non-system class loader. A non-system
* class loader is defined as being a class loader that is not equal to
* the system class loader (as returned
* by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
* <p>
* This method will return
* <code>null</code> in the following three cases:
* <ol>
* <li>All methods on the execution stack are from classes
* defined using the system class loader or one of its ancestors.
*
* <li>All methods on the execution stack up to the first
* "privileged" caller
* (see {@link java.security.AccessController#doPrivileged})
* are from classes
* defined using the system class loader or one of its ancestors.
*
* <li> A call to <code>checkPermission</code> with
* <code>java.security.AllPermission</code> does not
* result in a SecurityException.
* </ol>
*
* NOTE: This is an implementation of the SecurityManager.currentClassLoader
* method that uses StackWalker. SecurityManager.currentClassLoader
* has been removed from SE. This is a temporary workaround which is
* only needed while applets are still supported.
*
* @return the class loader of the most recent occurrence on the stack
* of a method from a class defined using a non-system class
* loader.
*/
private static ClassLoader currentClassLoader() {
StackFrame f =
walker.walk(s -> s.takeWhile(AppletSecurity::isNonPrivileged)
.filter(AppletSecurity::isNonSystemFrame)
.findFirst())
.orElse(null);
SecurityManager sm = System.getSecurityManager();
if (f != null && sm != null) {
try {
sm.checkPermission(new AllPermission());
} catch (SecurityException se) {
return f.getDeclaringClass().getClassLoader();
}
}
return null;
}
/**
* Returns true if the StackFrame is not AccessController.doPrivileged.
*/
private static boolean isNonPrivileged(StackFrame f) {
// possibly other doPrivileged variants
Class<?> c = f.getDeclaringClass();
return c == AccessController.class &&
f.getMethodName().equals("doPrivileged");
}
/**
* Returns true if the StackFrame is not from a class defined by the
* system class loader or one of its ancestors.
*/
private static boolean isNonSystemFrame(StackFrame f) {
ClassLoader loader = ClassLoader.getSystemClassLoader();
ClassLoader ld = f.getDeclaringClass().getClassLoader();
if (ld == null || ld == loader) return false;
while ((loader = loader.getParent()) != null) {
if (ld == loader)
return false;
}
return true;
}
/** /**
* get the current (first) instance of an AppletClassLoader on the stack. * get the current (first) instance of an AppletClassLoader on the stack.
*/ */
@SuppressWarnings({"deprecation",
"removal"}) // SecurityManager.currentClassLoader()
private AppletClassLoader currentAppletClassLoader() private AppletClassLoader currentAppletClassLoader()
{ {
// try currentClassLoader first // try currentClassLoader first

20
test/jdk/java/lang/SecurityManager/NoAWT.java → test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -22,15 +22,15 @@
*/ */
/* @test /* @test
* @bug 8004502 8008793 8029886 * @bug 8004502 8008793 8029886 8186535
* @summary Sanity check that SecurityManager methods that used to check * @summary Sanity check that the SecurityManager checkMemberAccess method and
* AWTPermission now check for AllPermission * methods that used to check AWTPermission now check for AllPermission
*/ */
import java.security.AllPermission; import java.security.AllPermission;
import java.security.Permission; import java.security.Permission;
public class NoAWT { public class DepMethodsRequireAllPerm {
static class MySecurityManager extends SecurityManager { static class MySecurityManager extends SecurityManager {
final Class<?> expectedClass; final Class<?> expectedClass;
@ -68,5 +68,15 @@ public class NoAWT {
if (sm.checkTopLevelWindow(new Object())) { if (sm.checkTopLevelWindow(new Object())) {
throw new RuntimeException("checkTopLevelWindow expected to return false"); throw new RuntimeException("checkTopLevelWindow expected to return false");
} }
try {
sm.checkMemberAccess(Object.class, java.lang.reflect.Member.DECLARED);
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkMemberAccess(null, java.lang.reflect.Member.DECLARED);
throw new RuntimeException("NullPointerException expected");
} catch (NullPointerException expected) { }
} }
} }