stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8165271: Fix use of reflection to gain access to private fields

Browse Source 
Reviewed-by: mchung
This commit is contained in:
David Dehaven 2016-10-12 08:47:53 -07:00
parent a535d2d833
commit b27d8f6dd9
8 changed files with 90 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jdk/src/java.base/share/classes/java/net/InetAddress.java
View File

@ -321,6 +321,13 @@ class InetAddress implements java.io.Serializable {
public String getOriginalHostName(InetAddress ia) {
return ia.holder.getOriginalHostName();
}
public InetAddress getByName(String hostName,
InetAddress hostAddress)
throws UnknownHostException
{
return InetAddress.getByName(hostName, hostAddress);
}
}
);
init();

12
jdk/src/java.base/share/classes/java/net/URLClassLoader.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,8 @@ import java.util.jar.Manifest;
import jdk.internal.loader.Resource;
import jdk.internal.loader.URLClassPath;
import jdk.internal.misc.JavaNetURLClassLoaderAccess;
import jdk.internal.misc.SharedSecrets;
import jdk.internal.perf.PerfCounter;
import sun.net.www.ParseUtil;
import sun.security.util.SecurityConstants;
@ -765,6 +767,14 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
}
static {
SharedSecrets.setJavaNetURLClassLoaderAccess(
new JavaNetURLClassLoaderAccess() {
@Override
public AccessControlContext getAccessControlContext(URLClassLoader u) {
return u.acc;
}
}
);
ClassLoader.registerAsParallelCapable();
}
}

5
jdk/src/java.base/share/classes/java/security/ProtectionDomain.java
View File

@ -89,6 +89,11 @@ public class ProtectionDomain {
AccessController.getContext(), context);
}
@Override
public ProtectionDomain[] getProtectDomains(AccessControlContext context) {
return context.getContext();
}
private static AccessControlContext getCombinedACC(
AccessControlContext context, AccessControlContext stack) {
AccessControlContext acc =

10
jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetInetAddressAccess.java
View File

@ -26,6 +26,7 @@
package jdk.internal.misc;
import java.net.InetAddress;
import java.net.UnknownHostException;
public interface JavaNetInetAddressAccess {
/**
@ -33,4 +34,13 @@ public interface JavaNetInetAddressAccess {
* the given InetAddress object.
*/
String getOriginalHostName(InetAddress ia);
/**
* Get the InetAddress of the provided host. If an InetAddress is provided
* then it will be the default address returned for all calls to either
* form of getByName. This is required to maintain consistency when
* caching addresses and hostnames.
*/
InetAddress getByName(String hostName, InetAddress hostAddress)
throws UnknownHostException;
}

33
jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetURLClassLoaderAccess.java Normal file
View File

@ -0,0 +1,33 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.internal.misc;
import java.net.URLClassLoader;
import java.security.AccessControlContext;
public interface JavaNetURLClassLoaderAccess {
AccessControlContext getAccessControlContext(URLClassLoader u);;
}

2
jdk/src/java.base/share/classes/jdk/internal/misc/JavaSecurityAccess.java
View File

@ -27,6 +27,7 @@ package jdk.internal.misc;
import java.security.AccessControlContext;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
public interface JavaSecurityAccess {
@ -37,4 +38,5 @@ public interface JavaSecurityAccess {
<T> T doIntersectionPrivilege(PrivilegedAction<T> action,
AccessControlContext context);
ProtectionDomain[] getProtectDomains(AccessControlContext context);
}

11
jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
View File

@ -57,6 +57,7 @@ public class SharedSecrets {
private static JavaNetHttpCookieAccess javaNetHttpCookieAccess;
private static JavaNetSocketAccess javaNetSocketAccess;
private static JavaNetUriAccess javaNetUriAccess;
private static JavaNetURLClassLoaderAccess javaNetURLClassLoaderAccess;
private static JavaNioAccess javaNioAccess;
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
private static JavaIOFilePermissionAccess javaIOFilePermissionAccess;
@ -144,6 +145,16 @@ public class SharedSecrets {
return javaNetUriAccess;
}
public static void setJavaNetURLClassLoaderAccess(JavaNetURLClassLoaderAccess jnua) {
javaNetURLClassLoaderAccess = jnua;
}
public static JavaNetURLClassLoaderAccess getJavaNetURLClassLoaderAccess() {
if (javaNetURLClassLoaderAccess == null)
unsafe.ensureClassInitialized(java.net.URLClassLoader.class);
return javaNetURLClassLoaderAccess;
}
public static void setJavaNetInetAddressAccess(JavaNetInetAddressAccess jna) {
javaNetInetAddressAccess = jna;
}

32
jdk/src/java.desktop/share/classes/sun/applet/AppletSecurity.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,36 +40,25 @@ import java.util.HashSet;
import java.util.StringTokenizer;
import java.security.*;
import java.lang.reflect.*;
import jdk.internal.misc.JavaNetURLClassLoaderAccess;
import jdk.internal.misc.JavaSecurityAccess;
import jdk.internal.misc.SharedSecrets;
import sun.awt.AWTSecurityManager;
import sun.awt.AppContext;
import sun.awt.AWTPermissions;
import sun.security.util.SecurityConstants;
/**
* This class defines an applet security policy
*
*/
public
class AppletSecurity extends AWTSecurityManager {
//URLClassLoader.acc
private static Field facc = null;
//AccessControlContext.context;
private static Field fcontext = null;
static {
try {
facc = URLClassLoader.class.getDeclaredField("acc");
facc.setAccessible(true);
fcontext = AccessControlContext.class.getDeclaredField("context");
fcontext.setAccessible(true);
} catch (NoSuchFieldException e) {
throw new UnsupportedOperationException(e);
}
}
private static final JavaNetURLClassLoaderAccess JNUCLA
= SharedSecrets.getJavaNetURLClassLoaderAccess();
private static final JavaSecurityAccess JSA = SharedSecrets.getJavaSecurityAccess();
/**
* Construct and initialize.
@ -148,6 +137,7 @@ class AppletSecurity extends AWTSecurityManager {
final ClassLoader currentLoader = context[i].getClassLoader();
if (currentLoader instanceof URLClassLoader) {
URLClassLoader ld = (URLClassLoader)currentLoader;
loader = AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
@ -156,12 +146,12 @@ class AppletSecurity extends AWTSecurityManager {
ProtectionDomain[] pds = null;
try {
acc = (AccessControlContext) facc.get(currentLoader);
acc = JNUCLA.getAccessControlContext(ld);
if (acc == null) {
return null;
}
pds = (ProtectionDomain[]) fcontext.get(acc);
pds = JSA.getProtectDomains(acc);
if (pds == null) {
return null;
}