From 7303280ef5e99aff51f0e1bdcbdbcb66bb7f226e Mon Sep 17 00:00:00 2001
From: Daniel Fuchs <dfuchs@openjdk.org>
Date: Wed, 30 Jan 2013 11:33:51 +0100
Subject: [PATCH] 8006446: Restrict MBeanServer access

Reviewed-by: alanb, mchung, darcy, jrose, ahgross, skoivu
---
 .../ClassLoaderRepositorySupport.java         |  2 ++
 .../sun/jmx/mbeanserver/JmxMBeanServer.java   | 10 ++++++
 .../jmx/mbeanserver/MBeanInstantiator.java    | 34 ++++++++++++++++---
 .../com/sun/jmx/mbeanserver/MBeanSupport.java |  2 ++
 .../lang/management/ManagementFactory.java    | 18 +++++-----
 .../share/lib/security/java.security-linux    |  6 ++--
 .../share/lib/security/java.security-macosx   |  6 ++--
 .../share/lib/security/java.security-solaris  |  6 ++--
 .../share/lib/security/java.security-windows  |  6 ++--
 .../SubjectDelegation2Test.java               |  6 ++--
 .../SubjectDelegation3Test.java               |  6 ++--
 11 files changed, 67 insertions(+), 35 deletions(-)

diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
index 728fb12a7e8..9fc0e7dbe9e 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
@@ -36,6 +36,7 @@ import java.util.logging.Level;
 
 import javax.management.ObjectName;
 import javax.management.loading.PrivateClassLoader;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class keeps the list of Class Loaders registered in the MBean Server.
@@ -192,6 +193,7 @@ final class ClassLoaderRepositorySupport
                                final ClassLoader without,
                                final ClassLoader stop)
             throws ClassNotFoundException {
+        ReflectUtil.checkPackageAccess(className);
         final int size = list.length;
         for(int i=0; i<size; i++) {
             try {
diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
index cd2bd63c0e3..69228b766c0 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
@@ -51,6 +51,7 @@ import javax.management.MBeanPermission;
 import javax.management.MBeanRegistrationException;
 import javax.management.MBeanServer;
 import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.NotificationFilter;
 import javax.management.NotificationListener;
@@ -1409,6 +1410,8 @@ public final class JmxMBeanServer
         // Default is true.
         final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
 
+        checkNewMBeanServerPermission();
+
         // This constructor happens to disregard the value of the interceptors
         // flag - that is, it always uses the default value - false.
         // This is admitedly a bug, but we chose not to fix it for now
@@ -1494,4 +1497,11 @@ public final class JmxMBeanServer
         }
     }
 
+    private static void checkNewMBeanServerPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            Permission perm = new MBeanServerPermission("newMBeanServer");
+            sm.checkPermission(perm);
+        }
+    }
 }
diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
index 557aed43f89..ab62660be49 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
@@ -32,11 +32,13 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.security.Permission;
 import java.util.Map;
 import java.util.logging.Level;
 
 import javax.management.InstanceNotFoundException;
 import javax.management.MBeanException;
+import javax.management.MBeanPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.ObjectName;
 import javax.management.OperationsException;
@@ -44,7 +46,7 @@ import javax.management.ReflectionException;
 import javax.management.RuntimeErrorException;
 import javax.management.RuntimeMBeanException;
 import javax.management.RuntimeOperationsException;
-
+import sun.reflect.misc.ConstructorUtil;
 import sun.reflect.misc.ReflectUtil;
 
 /**
@@ -56,7 +58,6 @@ import sun.reflect.misc.ReflectUtil;
  * @since 1.5
  */
 public class MBeanInstantiator {
-
     private final ModifiableClassLoaderRepository clr;
     //    private MetaData meta = null;
 
@@ -88,6 +89,7 @@ public class MBeanInstantiator {
                              "Exception occurred during object instantiation");
         }
 
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (clr == null) throw new ClassNotFoundException(className);
             theClass = clr.loadClass(className);
@@ -162,6 +164,7 @@ public class MBeanInstantiator {
                     continue;
                 }
 
+                ReflectUtil.checkPackageAccess(signature[i]);
                 // Ok we do not have a primitive type ! We need to build
                 // the signature of the method
                 //
@@ -205,6 +208,9 @@ public class MBeanInstantiator {
      */
     public Object instantiate(Class<?> theClass)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         Object moi;
 
 
@@ -260,6 +266,9 @@ public class MBeanInstantiator {
     public Object instantiate(Class<?> theClass, Object params[],
                               String signature[], ClassLoader loader)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         // Instantiate the new object
 
         // ------------------------------
@@ -407,6 +416,8 @@ public class MBeanInstantiator {
             throw new  RuntimeOperationsException(new
              IllegalArgumentException(), "Null className passed in parameter");
         }
+
+        ReflectUtil.checkPackageAccess(className);
         Class<?> theClass;
         if (loaderName == null) {
             // Load the class using the agent class loader
@@ -619,13 +630,13 @@ public class MBeanInstantiator {
      **/
     static Class<?> loadClass(String className, ClassLoader loader)
         throws ReflectionException {
-
         Class<?> theClass;
         if (className == null) {
             throw new RuntimeOperationsException(new
                 IllegalArgumentException("The class name cannot be null"),
                               "Exception occurred during object instantiation");
         }
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (loader == null)
                 loader = MBeanInstantiator.class.getClassLoader();
@@ -676,6 +687,7 @@ public class MBeanInstantiator {
                 // We need to load the class through the class
                 // loader of the target object.
                 //
+                ReflectUtil.checkPackageAccess(signature[i]);
                 tab[i] = Class.forName(signature[i], false, aLoader);
             }
         } catch (ClassNotFoundException e) {
@@ -701,7 +713,7 @@ public class MBeanInstantiator {
 
     private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
         try {
-            return c.getConstructor(params);
+            return ConstructorUtil.getConstructor(c, params);
         } catch (Exception e) {
             return null;
         }
@@ -715,4 +727,18 @@ public class MBeanInstantiator {
                                           char.class, boolean.class})
             primitiveClasses.put(c.getName(), c);
     }
+
+    private static void checkMBeanPermission(Class<?> clazz,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions) {
+        SecurityManager sm = System.getSecurityManager();
+        if (clazz != null && sm != null) {
+            Permission perm = new MBeanPermission(clazz.getName(),
+                                                  member,
+                                                  objectName,
+                                                  actions);
+            sm.checkPermission(perm);
+        }
+    }
 }
diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
index 8109365e8d4..3af4b8b86d7 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
@@ -38,6 +38,7 @@ import javax.management.NotCompliantMBeanException;
 import javax.management.ObjectName;
 import javax.management.ReflectionException;
 import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * Base class for MBeans.  There is one instance of this class for
@@ -131,6 +132,7 @@ public abstract class MBeanSupport<M>
                 " is not an instance of " + mbeanInterfaceType.getName();
             throw new NotCompliantMBeanException(msg);
         }
+        ReflectUtil.checkPackageAccess(mbeanInterfaceType);
         this.resource = resource;
         MBeanIntrospector<M> introspector = getMBeanIntrospector();
         this.perInterface = introspector.getPerInterface(mbeanInterfaceType);
diff --git a/jdk/src/share/classes/java/lang/management/ManagementFactory.java b/jdk/src/share/classes/java/lang/management/ManagementFactory.java
index d99333c9e11..278ace1d7d1 100644
--- a/jdk/src/share/classes/java/lang/management/ManagementFactory.java
+++ b/jdk/src/share/classes/java/lang/management/ManagementFactory.java
@@ -802,20 +802,20 @@ public class ManagementFactory {
      */
     private static void addMXBean(final MBeanServer mbs, final PlatformManagedObject pmo) {
         // Make DynamicMBean out of MXBean by wrapping it with a StandardMBean
-        final DynamicMBean dmbean;
-        if (pmo instanceof DynamicMBean) {
-            dmbean = DynamicMBean.class.cast(pmo);
-        } else if (pmo instanceof NotificationEmitter) {
-            dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
-        } else {
-            dmbean = new StandardMBean(pmo, null, true);
-        }
-
         try {
             AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
                 public Void run() throws InstanceAlreadyExistsException,
                                          MBeanRegistrationException,
                                          NotCompliantMBeanException {
+                    final DynamicMBean dmbean;
+                    if (pmo instanceof DynamicMBean) {
+                        dmbean = DynamicMBean.class.cast(pmo);
+                    } else if (pmo instanceof NotificationEmitter) {
+                        dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
+                    } else {
+                        dmbean = new StandardMBean(pmo, null, true);
+                    }
+
                     mbs.registerMBean(dmbean, pmo.getObjectName());
                     return null;
                 }
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index c37bb480eb6..8fc53d73677 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -151,8 +151,7 @@ package.access=sun.,\
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -176,8 +175,7 @@ package.definition=sun.,\
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index ffb99c06936..5a319fa5445 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -152,8 +152,7 @@ package.access=sun.,\
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -178,8 +177,7 @@ package.definition=sun.,\
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 4236643f55e..2a781cff75d 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -153,8 +153,7 @@ package.access=sun.,\
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -178,8 +177,7 @@ package.definition=sun.,\
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index 89ec5678646..a00f4628dd6 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -152,8 +152,7 @@ package.access=sun.,\
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -177,8 +176,7 @@ package.definition=sun.,\
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\
diff --git a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java
index ff56c46fbd2..d91ae14ba57 100644
--- a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java
+++ b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java
@@ -119,9 +119,6 @@ public class SubjectDelegation2Test {
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("monitorRole");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -132,6 +129,9 @@ public class SubjectDelegation2Test {
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");
diff --git a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java
index b3a004e0467..de169987796 100644
--- a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java
+++ b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java
@@ -120,9 +120,6 @@ public class SubjectDelegation3Test {
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("delegate");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -133,6 +130,9 @@ public class SubjectDelegation3Test {
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");