8221530: Caller sensitive methods not handling caller = null when invoked by JNI code with no java frames on stack
Reviewed-by: alanb, dholmes, sundar
This commit is contained in:
parent
ab361746ec
commit
a5b9e0f7ba
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -72,6 +72,8 @@ else
|
||||
BUILD_JDK_JTREG_EXECUTABLES_LIBS_exeJliLaunchTest := -ljli
|
||||
endif
|
||||
|
||||
BUILD_JDK_JTREG_EXECUTABLES_LIBS_exeCallerAccessTest := -ljvm
|
||||
|
||||
ifeq ($(call isTargetOs, macosx), true)
|
||||
BUILD_JDK_JTREG_LIBRARIES_CFLAGS_libTestMainKeyWindow := -ObjC
|
||||
BUILD_JDK_JTREG_LIBRARIES_LIBS_libTestMainKeyWindow := -framework JavaVM \
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -56,7 +56,10 @@ import sun.security.util.SecurityConstants;
|
||||
* {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
|
||||
* set fields, to invoke methods, or to create and initialize new instances of
|
||||
* classes, respectively. Every reflected object checks that the code using it
|
||||
* is in an appropriate class, package, or module. </p>
|
||||
* is in an appropriate class, package, or module. The check when invoked by
|
||||
* <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
|
||||
* class on the stack only succeeds if the member and the declaring class are
|
||||
* public, and the class is in a package that is exported to all modules. </p>
|
||||
*
|
||||
* <p> The one variation from Java language access control is that the checks
|
||||
* by reflected objects assume readability. That is, the module containing
|
||||
@ -670,6 +673,13 @@ public class AccessibleObject implements AnnotatedElement {
|
||||
private boolean slowVerifyAccess(Class<?> caller, Class<?> memberClass,
|
||||
Class<?> targetClass, int modifiers)
|
||||
{
|
||||
|
||||
if (caller == null) {
|
||||
// No caller frame when a native thread attaches to the VM
|
||||
// only allow access to a public accessible member
|
||||
return Reflection.verifyPublicMemberAccess(memberClass, modifiers);
|
||||
}
|
||||
|
||||
if (!Reflection.verifyMemberAccess(caller, memberClass, targetClass, modifiers)) {
|
||||
// access denied
|
||||
return false;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -122,6 +122,9 @@ public class Reflection {
|
||||
Class<?> targetClass,
|
||||
int modifiers)
|
||||
{
|
||||
Objects.requireNonNull(currentClass);
|
||||
Objects.requireNonNull(memberClass);
|
||||
|
||||
if (currentClass == memberClass) {
|
||||
// Always succeeds
|
||||
return true;
|
||||
@ -201,6 +204,22 @@ public class Reflection {
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify if a member is public and memberClass is a public type
|
||||
* in a package that is unconditionally exported and
|
||||
* return {@code true}if it is granted.
|
||||
*
|
||||
* @param memberClass the declaring class of the member being accessed
|
||||
* @param modifiers the member's access modifiers
|
||||
* @return {@code true} if the member is public and in a publicly accessible type
|
||||
*/
|
||||
public static boolean verifyPublicMemberAccess(Class<?> memberClass, int modifiers) {
|
||||
Module m = memberClass.getModule();
|
||||
return Modifier.isPublic(modifiers)
|
||||
&& m.isExported(memberClass.getPackageName())
|
||||
&& Modifier.isPublic(Reflection.getClassAccessFlags(memberClass));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns {@code true} if memberClass's module exports memberClass's
|
||||
* package to currentModule.
|
||||
@ -325,8 +344,10 @@ public class Reflection {
|
||||
Class<?> memberClass,
|
||||
Class<?> targetClass,
|
||||
int modifiers)
|
||||
throws IllegalAccessException
|
||||
{
|
||||
if (currentClass == null)
|
||||
return newIllegalAccessException(memberClass, modifiers);
|
||||
|
||||
String currentSuffix = "";
|
||||
String memberSuffix = "";
|
||||
Module m1 = currentClass.getModule();
|
||||
@ -355,6 +376,36 @@ public class Reflection {
|
||||
return new IllegalAccessException(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an IllegalAccessException with an exception message where
|
||||
* there is no caller frame.
|
||||
*/
|
||||
private static IllegalAccessException newIllegalAccessException(Class<?> memberClass,
|
||||
int modifiers)
|
||||
{
|
||||
String memberSuffix = "";
|
||||
Module m2 = memberClass.getModule();
|
||||
if (m2.isNamed())
|
||||
memberSuffix = " (in " + m2 + ")";
|
||||
|
||||
String memberPackageName = memberClass.getPackageName();
|
||||
|
||||
String msg = "JNI attached native thread (null caller frame) cannot access ";
|
||||
if (m2.isExported(memberPackageName)) {
|
||||
|
||||
// module access okay so include the modifiers in the message
|
||||
msg += "a member of " + memberClass + memberSuffix +
|
||||
" with modifiers \"" + Modifier.toString(modifiers) + "\"";
|
||||
|
||||
} else {
|
||||
// module access failed
|
||||
msg += memberClass + memberSuffix+ " because "
|
||||
+ m2 + " does not export " + memberPackageName;
|
||||
}
|
||||
|
||||
return new IllegalAccessException(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if {@code currentClass} and {@code memberClass}
|
||||
* are nestmates - that is, if they have the same nesthost as
|
||||
|
@ -0,0 +1,67 @@
|
||||
/*
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 8221530
|
||||
* @summary Test uses custom launcher that starts VM using JNI that verifies
|
||||
* reflection API with null caller class
|
||||
* @library /test/lib
|
||||
* @run main/native CallerAccessTest
|
||||
*/
|
||||
|
||||
import java.io.File;
|
||||
import java.util.Map;
|
||||
import jdk.test.lib.Platform;
|
||||
import jdk.test.lib.Utils;
|
||||
import jdk.test.lib.process.OutputAnalyzer;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
|
||||
public class CallerAccessTest {
|
||||
public static void main(String[] args) throws IOException {
|
||||
Path launcher = Paths.get(System.getProperty("test.nativepath"), "CallerAccessTest");
|
||||
ProcessBuilder pb = new ProcessBuilder(launcher.toString());
|
||||
Map<String, String> env = pb.environment();
|
||||
|
||||
String libName = Platform.isWindows() ? "bin" : "lib";
|
||||
Path libPath = Paths.get(Utils.TEST_JDK).resolve(libName);
|
||||
String libDir = libPath.toAbsolutePath().toString();
|
||||
String serverDir = libPath.resolve("server").toAbsolutePath().toString();
|
||||
|
||||
// set up shared library path
|
||||
String sharedLibraryPathEnvName = Platform.sharedLibraryPathVariableName();
|
||||
env.compute(sharedLibraryPathEnvName,
|
||||
(k, v) -> (v == null) ? libDir : v + File.pathSeparator + libDir);
|
||||
env.compute(sharedLibraryPathEnvName,
|
||||
(k, v) -> (v == null) ? serverDir : v + File.pathSeparator + serverDir);
|
||||
|
||||
System.out.println("Launching: " + launcher + " shared library path: " +
|
||||
env.get(sharedLibraryPathEnvName));
|
||||
new OutputAnalyzer(pb.start()).shouldHaveExitValue(0);
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,127 @@
|
||||
/*
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "jni.h"
|
||||
#include "assert.h"
|
||||
|
||||
static jclass classClass;
|
||||
static jclass iaeClass;
|
||||
static jmethodID mid_Class_forName;
|
||||
static jmethodID mid_Class_getField;
|
||||
static jmethodID mid_Field_get;
|
||||
|
||||
int getField(JNIEnv *env, char* declaringClass_name, char* field_name);
|
||||
|
||||
int main(int argc, char** args) {
|
||||
JavaVM *jvm;
|
||||
JNIEnv *env;
|
||||
JavaVMInitArgs vm_args;
|
||||
JavaVMOption options[1];
|
||||
jint rc;
|
||||
|
||||
vm_args.version = JNI_VERSION_1_2;
|
||||
vm_args.nOptions = 0;
|
||||
vm_args.options = options;
|
||||
|
||||
if ((rc = JNI_CreateJavaVM(&jvm, (void**)&env, &vm_args)) != JNI_OK) {
|
||||
printf("ERROR: cannot create VM.\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
classClass = (*env)->FindClass(env, "java/lang/Class");
|
||||
iaeClass = (*env)->FindClass(env, "java/lang/IllegalAccessException");
|
||||
mid_Class_forName = (*env)->GetStaticMethodID(env, classClass, "forName",
|
||||
"(Ljava/lang/String;)Ljava/lang/Class;");
|
||||
assert(mid_Class_forName != NULL);
|
||||
|
||||
mid_Class_getField = (*env)->GetMethodID(env, classClass, "getField",
|
||||
"(Ljava/lang/String;)Ljava/lang/reflect/Field;");
|
||||
assert(mid_Class_getField != NULL);
|
||||
|
||||
jclass fieldClass = (*env)->FindClass(env, "java/lang/reflect/Field");
|
||||
mid_Field_get = (*env)->GetMethodID(env, fieldClass, "get", "(Ljava/lang/Object;)Ljava/lang/Object;");
|
||||
assert(mid_Class_getField != NULL);
|
||||
|
||||
// can access to public member of an exported type
|
||||
if ((rc = getField(env, "java.lang.Integer", "TYPE")) != 0) {
|
||||
printf("ERROR: fail to access java.lang.Integer::TYPE\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
// expect IAE to jdk.internal.misc.Unsafe class
|
||||
if ((rc = getField(env, "jdk.internal.misc.Unsafe", "INVALID_FIELD_OFFSET")) == 0) {
|
||||
printf("ERROR: IAE not thrown\n");
|
||||
exit(-1);
|
||||
}
|
||||
if (checkAndClearIllegalAccessExceptionThrown(env) != JNI_TRUE) {
|
||||
printf("ERROR: exception is not an instance of IAE\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
// expect IAE to jdk.internal.misc.Unsafe class
|
||||
if ((rc = getField(env, "jdk.internal.misc.Unsafe", "INVALID_FIELD_OFFSET")) == 0) {
|
||||
printf("ERROR: IAE not thrown\n");
|
||||
exit(-1);
|
||||
}
|
||||
if (checkAndClearIllegalAccessExceptionThrown(env) != JNI_TRUE) {
|
||||
printf("ERROR: exception is not an instance of IAE\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
(*jvm)->DestroyJavaVM(jvm);
|
||||
}
|
||||
|
||||
int checkAndClearIllegalAccessExceptionThrown(JNIEnv *env) {
|
||||
jthrowable t = (*env)->ExceptionOccurred(env);
|
||||
if ((*env)->IsInstanceOf(env, t, iaeClass) == JNI_TRUE) {
|
||||
(*env)->ExceptionClear(env);
|
||||
return JNI_TRUE;
|
||||
}
|
||||
return JNI_FALSE;
|
||||
}
|
||||
|
||||
int getField(JNIEnv *env, char* declaringClass_name, char* field_name) {
|
||||
jobject c = (*env)->CallStaticObjectMethod(env, classClass, mid_Class_forName,
|
||||
(*env)->NewStringUTF(env, declaringClass_name));
|
||||
if ((*env)->ExceptionOccurred(env) != NULL) {
|
||||
(*env)->ExceptionDescribe(env);
|
||||
return 1;
|
||||
}
|
||||
|
||||
jobject f = (*env)->CallObjectMethod(env, c, mid_Class_getField, (*env)->NewStringUTF(env, field_name));
|
||||
if ((*env)->ExceptionOccurred(env) != NULL) {
|
||||
(*env)->ExceptionDescribe(env);
|
||||
return 2;
|
||||
}
|
||||
|
||||
jobject v = (*env)->CallObjectMethod(env, f, mid_Field_get, c);
|
||||
if ((*env)->ExceptionOccurred(env) != NULL) {
|
||||
(*env)->ExceptionDescribe(env);
|
||||
return 3;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user