8021129: Use public lookup again

Reviewed-by: lagergren, sundar
This commit is contained in:
Attila Szegedi 2013-07-23 18:28:58 +02:00
parent 34d2bae0b0
commit 947610257d
11 changed files with 202 additions and 667 deletions

View File

@ -292,6 +292,8 @@ abstract class AbstractJavaLinker implements GuardingDynamicLinker {
return new SimpleDynamicMethod(unreflectSafely(m), member.getDeclaringClass(), member.getName()); return new SimpleDynamicMethod(unreflectSafely(m), member.getDeclaringClass(), member.getName());
} }
private static final Lookup publicLookup = new Lookup(MethodHandles.publicLookup());
/** /**
* Unreflects a method handle from a Method or a Constructor using safe (zero-privilege) unreflection. Should be * Unreflects a method handle from a Method or a Constructor using safe (zero-privilege) unreflection. Should be
* only used for methods and constructors that are not caller sensitive. If a caller sensitive method were * only used for methods and constructors that are not caller sensitive. If a caller sensitive method were
@ -303,14 +305,13 @@ abstract class AbstractJavaLinker implements GuardingDynamicLinker {
private static MethodHandle unreflectSafely(AccessibleObject m) { private static MethodHandle unreflectSafely(AccessibleObject m) {
if(m instanceof Method) { if(m instanceof Method) {
final Method reflMethod = (Method)m; final Method reflMethod = (Method)m;
final MethodHandle handle = SafeUnreflector.unreflect(reflMethod); final MethodHandle handle = publicLookup.unreflect(reflMethod);
if(Modifier.isStatic(reflMethod.getModifiers())) { if(Modifier.isStatic(reflMethod.getModifiers())) {
return StaticClassIntrospector.editStaticMethodHandle(handle); return StaticClassIntrospector.editStaticMethodHandle(handle);
} }
return handle; return handle;
} }
return StaticClassIntrospector.editConstructorMethodHandle(SafeUnreflector.unreflectConstructor( return StaticClassIntrospector.editConstructorMethodHandle(publicLookup.unreflectConstructor((Constructor<?>)m));
(Constructor<?>)m));
} }
private static DynamicMethod mergeMethods(SingleDynamicMethod method, DynamicMethod existing, Class<?> clazz, String name) { private static DynamicMethod mergeMethods(SingleDynamicMethod method, DynamicMethod existing, Class<?> clazz, String name) {

View File

@ -84,6 +84,7 @@
package jdk.internal.dynalink.beans; package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle; import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.lang.reflect.Member; import java.lang.reflect.Member;
import java.lang.reflect.Method; import java.lang.reflect.Method;
@ -92,6 +93,7 @@ import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
import jdk.internal.dynalink.support.Lookup;
/** /**
* Base for classes that expose class field and method information to an {@link AbstractJavaLinker}. There are * Base for classes that expose class field and method information to an {@link AbstractJavaLinker}. There are
@ -99,6 +101,8 @@ import java.util.Map;
* @author Attila Szegedi * @author Attila Szegedi
*/ */
abstract class FacetIntrospector { abstract class FacetIntrospector {
private static final Lookup publicLookup = new Lookup(MethodHandles.publicLookup());
private final Class<?> clazz; private final Class<?> clazz;
private final boolean instance; private final boolean instance;
private final boolean isRestricted; private final boolean isRestricted;
@ -160,11 +164,11 @@ abstract class FacetIntrospector {
MethodHandle unreflectGetter(Field field) { MethodHandle unreflectGetter(Field field) {
return editMethodHandle(SafeUnreflector.unreflectGetter(field)); return editMethodHandle(publicLookup.unreflectGetter(field));
} }
MethodHandle unreflectSetter(Field field) { MethodHandle unreflectSetter(Field field) {
return editMethodHandle(SafeUnreflector.unreflectSetter(field)); return editMethodHandle(publicLookup.unreflectSetter(field));
} }
/** /**

View File

@ -1,156 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import jdk.internal.dynalink.beans.sandbox.Unreflector;
/**
* Provides lookup of unreflected method handles through delegation to an instance of {@link SafeUnreflectorImpl}. If
* Dynalink is run as trusted code, the delegate class is loaded into an isolated zero-permissions protection domain,
* serving as a firebreak against an accidental privilege escalation downstream.
*/
final class SafeUnreflector {
private static final String UNREFLECTOR_IMPL_CLASS_NAME = "jdk.internal.dynalink.beans.SafeUnreflectorImpl";
private static final Unreflector impl = createImpl();
private SafeUnreflector() {
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflect(Method)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param m the method to unreflect
* @return the unreflected method handle.
*/
static MethodHandle unreflect(Method m) {
return impl.unreflect(m);
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflectGetter(Field)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a getter is unreflected
* @return the unreflected field getter handle.
*/
static MethodHandle unreflectGetter(Field f) {
return impl.unreflectGetter(f);
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflectSetter(Field)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a setter is unreflected
* @return the unreflected field setter handle.
*/
static MethodHandle unreflectSetter(Field f) {
return impl.unreflectSetter(f);
}
static MethodHandle unreflectConstructor(Constructor<?> c) {
return impl.unreflectConstructor(c);
}
private static Unreflector createImpl() {
final Class<?> unreflectorImplClass = AccessController.doPrivileged(new PrivilegedAction<Class<?>>() {
@Override
public Class<?> run() {
return SandboxClassLoader.loadClass(UNREFLECTOR_IMPL_CLASS_NAME);
}
});
try {
return (Unreflector)unreflectorImplClass.newInstance();
} catch(InstantiationException | IllegalAccessException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
}

View File

@ -1,146 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import jdk.internal.dynalink.beans.sandbox.Unreflector;
/**
* Performs lookup of unreflected method handles by delegating to {@link MethodHandles#lookup()} using itself as the
* lookup class. When Dynalink runs as trusted code, this class is loaded into an isolated zero-permissions protection
* domain to stop any accidental privilege escalation.
*/
final class SafeUnreflectorImpl implements Unreflector {
SafeUnreflectorImpl() {
}
@Override
public MethodHandle unreflect(Method m) {
try {
return MethodHandles.lookup().unreflect(m);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect method " + m);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectGetter(Field f) {
try {
return MethodHandles.lookup().unreflectGetter(f);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect getter for field " + f);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectSetter(Field f) {
try {
return MethodHandles.lookup().unreflectSetter(f);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect setter for field " + f);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectConstructor(Constructor<?> c) {
try {
return MethodHandles.lookup().unreflectConstructor(c);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect constructor " + c);
ee.initCause(e);
throw ee;
}
}
}

View File

@ -1,228 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PUBLIC;
import static jdk.internal.org.objectweb.asm.Opcodes.ASM4;
import java.io.IOException;
import java.io.InputStream;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.SecureClassLoader;
import java.security.SecureRandom;
import jdk.internal.org.objectweb.asm.ClassReader;
import jdk.internal.org.objectweb.asm.ClassVisitor;
import jdk.internal.org.objectweb.asm.ClassWriter;
import jdk.internal.org.objectweb.asm.MethodVisitor;
/**
* A utility class that can load a class with specified name into an isolated zero-permissions protection domain. It can
* be used to load classes that perform security-sensitive operations with no privileges at all, therefore ensuring such
* operations will only succeed if they would require no permissions, as well as to make sure that if these operations
* bind some part of the security execution context to their results, the bound security context is completely
* unprivileged. Such measures serve as firebreaks against accidental privilege escalation.
*/
final class SandboxClassLoader {
private final String className;
private final String randomizedClassName;
private SandboxClassLoader(String className) {
this.className = className;
final String simpleClassName = className.substring(className.lastIndexOf('.') + 1);
this.randomizedClassName = "randomPackage" + Long.toHexString(new SecureRandom().nextLong()) + "." + simpleClassName;
}
/**
* Load the named class into a zero-permissions protection domain. Even if the class is already loaded into the
* Dynalink's class loader, an independent class is created from the same bytecode, thus the returned class will
* never be identical with the one that might already be loaded. The class to be loaded is supposed to be package
* private and have no public constructors. This is not a functional requirement, but it is enforced to ensure that
* the original class was made adequately inaccessible. The returned class will be public and its constructors will
* be changed to public. The only permission given to the returned class will be
* {@code accessClassInPackage.jdk.internal.dynalink.beans.sandbox}. That package should be used solely to define
* SPI interfaces implemented by the loaded class.
* @param className the fully qualified name of the class to load
* @return the loaded class, renamed to a random package, made public, its constructors made public, and lacking any
* permissions except access to the sandbox package.
* @throws SecurityException if the calling code lacks the {@code createClassLoader} runtime permission. This
* normally means that Dynalink itself is running as untrusted code, and whatever functionality was meant to be
* isolated into an unprivileged class is likely okay to be used directly too.
*/
static Class<?> loadClass(String className) throws SecurityException {
return new SandboxClassLoader(className).loadClass();
}
private Class<?> loadClass() throws SecurityException {
final ClassLoader loader = createClassLoader();
try {
final Class<?> clazz = Class.forName(randomizedClassName, true, loader);
// Sanity check to ensure we didn't accidentally pick up the class from elsewhere
if(clazz.getClassLoader() != loader) {
throw new AssertionError(randomizedClassName + " was loaded from a different class loader");
}
return clazz;
} catch(ClassNotFoundException e) {
throw new AssertionError(e);
}
}
private ClassLoader createClassLoader() throws SecurityException {
final String lclassName = this.randomizedClassName;
// We deliberately override loadClass instead of findClass so that we don't give a chance to finding this
// class already loaded anywhere else. We use this class' loader as the parent class loader as the loaded class
// needs to be able to access implemented interfaces from the sandbox package.
return new SecureClassLoader(getClass().getClassLoader()) {
@Override
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
if(name.equals(lclassName)) {
final byte[] bytes = getClassBytes();
// Define the class with a protection domain that grants (almost) no permissions.
Class<?> clazz = defineClass(name, bytes, 0, bytes.length, createMinimalPermissionsDomain());
if(resolve) {
resolveClass(clazz);
}
return clazz;
}
final int i = name.lastIndexOf('.');
if (i != -1) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPackageAccess(name.substring(0, i));
}
}
return super.loadClass(name, resolve);
}
};
}
/**
* Create a no-permissions protection domain. Except, it's not really a no-permissions protection domain, since we
* need to give the protection domain the permission to access the sandbox package where the interop interfaces are
* defined.
* @return a new (almost) no-permission protection domain.
*/
private static ProtectionDomain createMinimalPermissionsDomain() {
final Permissions p = new Permissions();
p.add(new RuntimePermission("accessClassInPackage.jdk.internal.dynalink.beans.sandbox"));
return new ProtectionDomain(null, p);
}
private byte[] getClassBytes() {
try(final InputStream in = getClass().getResourceAsStream("/" + className.replace('.', '/') + ".class")) {
final ClassReader cr = new ClassReader(in);
final ClassWriter cw = new ClassWriter(cr, 0);
cr.accept(new ClassVisitor(ASM4, cw) {
@Override
public void visit(int version, int access, String name, String signature, String superName,
String[] interfaces) {
// Rename the class to its random name, and make it public (otherwise we won't be able to
// instantiate it). The privileged template class is package-private.
if((access & ACC_PUBLIC) != 0) {
throw new IllegalArgumentException("Class " + className + " must be package-private");
}
super.visit(version, access | ACC_PUBLIC, randomizedClassName.replace('.', '/'),
signature, superName, interfaces);
}
@Override
public MethodVisitor visitMethod(int access, String name, String desc, String signature,
String[] exceptions) {
// Make the constructor(s) public (otherwise we won't be able to instantiate the class). The
// privileged template's constructor(s) should not be public.
final boolean isCtor = "<init>".equals(name);
if(isCtor && ((access & ACC_PUBLIC) != 0)) {
throw new IllegalArgumentException("Class " + className + " must have no public constructors");
}
return super.visitMethod(isCtor ? (access | ACC_PUBLIC) : access, name, desc, signature,
exceptions);
}
}, 0);
return cw.toByteArray();
} catch(IOException e) {
throw new RuntimeException(e);
}
}
}

View File

@ -1,132 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans.sandbox;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
/**
* Interface for creating unreflected method handles. This class is public for implementation purposes and is not part
* of any supported API.
*/
public interface Unreflector {
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflect(Method)} for some lookup object,
* also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param m the method to unreflect
* @return the unreflected method handle.
*/
public MethodHandle unreflect(Method m);
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectGetter(Field)} for some lookup
* object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a getter is unreflected
* @return the unreflected field getter handle.
*/
public MethodHandle unreflectGetter(Field f);
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectSetter(Field)} for some lookup
* object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a setter is unreflected
* @return the unreflected field setter handle.
*/
public MethodHandle unreflectSetter(Field f);
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectConstructor(Constructor)} for some
* lookup object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param c the constructor to unreflect
* @return the unreflected constructor handle.
*/
public MethodHandle unreflectConstructor(Constructor<?> c);
}

View File

@ -0,0 +1,43 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* JDK-8021129: Test prevention of access to members of restricted classes.
* Note that even though the script runs as trusted, we still don't allow
* access to non-public portions of restricted classes.
*
* @test
* @run
*/
var r1 = new (Java.type("jdk.nashorn.internal.test.models.InternalRunnable"))
r1.run() // Can execute method from an implemented non-restricted interface
print(r1.toString()) // Can execute public method from a superclass
print(r1.restrictedRun === undefined) // Can't see method from a restricted interface
print(r1.canNotInvokeThis === undefined) // Can't see any other public methods
print(r1.invisibleProperty === undefined) // Can't see any other properties
print(r1.canSeeThisField === undefined) // Can't see fields from superclasses
print(r1.canNotSeeThisField === undefined) // Can't see its own fields
var r2 = new (Java.type("jdk.nashorn.test.models.InternalRunnableSuperclass"))
print(r2.canSeeThisField) // Superclass field works fine on its own

View File

@ -0,0 +1,9 @@
InternalRunnable.run() executed!
InternalRunnable.toString() executed!
true
true
true
true
true
19

View File

@ -0,0 +1,71 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.nashorn.internal.test.models;
import java.io.PrintWriter;
import java.io.StringWriter;
public class InternalRunnable implements Runnable, RestrictedRunnable {
// This is a public field in a restricted class; scripts should not see it.
public final int canNotSeeThisField = 42;
private boolean runExecuted = false;
@Override
public void run() {
runExecuted = true;
}
@Override
public void restrictedRun() {
// This is a public method on a restricted interface; scripts should not see it.
throw new AssertionError();
}
@Override
public String toString() {
final StringWriter sw = new StringWriter();
final PrintWriter pw = new PrintWriter(sw);
if(runExecuted) {
pw.println("InternalRunnable.run() executed!");
}
pw.println("InternalRunnable.toString() executed!");
pw.flush();
return sw.toString();
}
public void canNotInvokeThis() {
// This is a public method in a restricted class; scripts should not see it.
throw new AssertionError();
}
public void getInvisibleProperty() {
// This is a public method in a restricted class; scripts should not see it.
throw new AssertionError();
}
}

View File

@ -0,0 +1,34 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.nashorn.internal.test.models;
/**
* Acts as a restricted interface implemented by a restricted class.
*
*/
public interface RestrictedRunnable {
public void restrictedRun();
}

View File

@ -0,0 +1,35 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.nashorn.test.models;
/**
* Acts as a non-restricted superclass for a restricted class.
*
*/
public class InternalRunnableSuperclass {
public final int canSeeThisField = 19;
}