8165271: Fix use of reflection to gain access to private fields
Reviewed-by: mchung
This commit is contained in:
parent
a535d2d833
commit
b27d8f6dd9
@ -321,6 +321,13 @@ class InetAddress implements java.io.Serializable {
|
|||||||
public String getOriginalHostName(InetAddress ia) {
|
public String getOriginalHostName(InetAddress ia) {
|
||||||
return ia.holder.getOriginalHostName();
|
return ia.holder.getOriginalHostName();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public InetAddress getByName(String hostName,
|
||||||
|
InetAddress hostAddress)
|
||||||
|
throws UnknownHostException
|
||||||
|
{
|
||||||
|
return InetAddress.getByName(hostName, hostAddress);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
init();
|
init();
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -51,6 +51,8 @@ import java.util.jar.Manifest;
|
|||||||
|
|
||||||
import jdk.internal.loader.Resource;
|
import jdk.internal.loader.Resource;
|
||||||
import jdk.internal.loader.URLClassPath;
|
import jdk.internal.loader.URLClassPath;
|
||||||
|
import jdk.internal.misc.JavaNetURLClassLoaderAccess;
|
||||||
|
import jdk.internal.misc.SharedSecrets;
|
||||||
import jdk.internal.perf.PerfCounter;
|
import jdk.internal.perf.PerfCounter;
|
||||||
import sun.net.www.ParseUtil;
|
import sun.net.www.ParseUtil;
|
||||||
import sun.security.util.SecurityConstants;
|
import sun.security.util.SecurityConstants;
|
||||||
@ -765,6 +767,14 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static {
|
static {
|
||||||
|
SharedSecrets.setJavaNetURLClassLoaderAccess(
|
||||||
|
new JavaNetURLClassLoaderAccess() {
|
||||||
|
@Override
|
||||||
|
public AccessControlContext getAccessControlContext(URLClassLoader u) {
|
||||||
|
return u.acc;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
ClassLoader.registerAsParallelCapable();
|
ClassLoader.registerAsParallelCapable();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -89,6 +89,11 @@ public class ProtectionDomain {
|
|||||||
AccessController.getContext(), context);
|
AccessController.getContext(), context);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ProtectionDomain[] getProtectDomains(AccessControlContext context) {
|
||||||
|
return context.getContext();
|
||||||
|
}
|
||||||
|
|
||||||
private static AccessControlContext getCombinedACC(
|
private static AccessControlContext getCombinedACC(
|
||||||
AccessControlContext context, AccessControlContext stack) {
|
AccessControlContext context, AccessControlContext stack) {
|
||||||
AccessControlContext acc =
|
AccessControlContext acc =
|
||||||
|
@ -26,6 +26,7 @@
|
|||||||
package jdk.internal.misc;
|
package jdk.internal.misc;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
|
||||||
public interface JavaNetInetAddressAccess {
|
public interface JavaNetInetAddressAccess {
|
||||||
/**
|
/**
|
||||||
@ -33,4 +34,13 @@ public interface JavaNetInetAddressAccess {
|
|||||||
* the given InetAddress object.
|
* the given InetAddress object.
|
||||||
*/
|
*/
|
||||||
String getOriginalHostName(InetAddress ia);
|
String getOriginalHostName(InetAddress ia);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the InetAddress of the provided host. If an InetAddress is provided
|
||||||
|
* then it will be the default address returned for all calls to either
|
||||||
|
* form of getByName. This is required to maintain consistency when
|
||||||
|
* caching addresses and hostnames.
|
||||||
|
*/
|
||||||
|
InetAddress getByName(String hostName, InetAddress hostAddress)
|
||||||
|
throws UnknownHostException;
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,33 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation. Oracle designates this
|
||||||
|
* particular file as subject to the "Classpath" exception as provided
|
||||||
|
* by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package jdk.internal.misc;
|
||||||
|
|
||||||
|
import java.net.URLClassLoader;
|
||||||
|
import java.security.AccessControlContext;
|
||||||
|
|
||||||
|
public interface JavaNetURLClassLoaderAccess {
|
||||||
|
AccessControlContext getAccessControlContext(URLClassLoader u);;
|
||||||
|
}
|
@ -27,6 +27,7 @@ package jdk.internal.misc;
|
|||||||
|
|
||||||
import java.security.AccessControlContext;
|
import java.security.AccessControlContext;
|
||||||
import java.security.PrivilegedAction;
|
import java.security.PrivilegedAction;
|
||||||
|
import java.security.ProtectionDomain;
|
||||||
|
|
||||||
public interface JavaSecurityAccess {
|
public interface JavaSecurityAccess {
|
||||||
|
|
||||||
@ -37,4 +38,5 @@ public interface JavaSecurityAccess {
|
|||||||
<T> T doIntersectionPrivilege(PrivilegedAction<T> action,
|
<T> T doIntersectionPrivilege(PrivilegedAction<T> action,
|
||||||
AccessControlContext context);
|
AccessControlContext context);
|
||||||
|
|
||||||
|
ProtectionDomain[] getProtectDomains(AccessControlContext context);
|
||||||
}
|
}
|
||||||
|
@ -57,6 +57,7 @@ public class SharedSecrets {
|
|||||||
private static JavaNetHttpCookieAccess javaNetHttpCookieAccess;
|
private static JavaNetHttpCookieAccess javaNetHttpCookieAccess;
|
||||||
private static JavaNetSocketAccess javaNetSocketAccess;
|
private static JavaNetSocketAccess javaNetSocketAccess;
|
||||||
private static JavaNetUriAccess javaNetUriAccess;
|
private static JavaNetUriAccess javaNetUriAccess;
|
||||||
|
private static JavaNetURLClassLoaderAccess javaNetURLClassLoaderAccess;
|
||||||
private static JavaNioAccess javaNioAccess;
|
private static JavaNioAccess javaNioAccess;
|
||||||
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
|
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
|
||||||
private static JavaIOFilePermissionAccess javaIOFilePermissionAccess;
|
private static JavaIOFilePermissionAccess javaIOFilePermissionAccess;
|
||||||
@ -144,6 +145,16 @@ public class SharedSecrets {
|
|||||||
return javaNetUriAccess;
|
return javaNetUriAccess;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void setJavaNetURLClassLoaderAccess(JavaNetURLClassLoaderAccess jnua) {
|
||||||
|
javaNetURLClassLoaderAccess = jnua;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static JavaNetURLClassLoaderAccess getJavaNetURLClassLoaderAccess() {
|
||||||
|
if (javaNetURLClassLoaderAccess == null)
|
||||||
|
unsafe.ensureClassInitialized(java.net.URLClassLoader.class);
|
||||||
|
return javaNetURLClassLoaderAccess;
|
||||||
|
}
|
||||||
|
|
||||||
public static void setJavaNetInetAddressAccess(JavaNetInetAddressAccess jna) {
|
public static void setJavaNetInetAddressAccess(JavaNetInetAddressAccess jna) {
|
||||||
javaNetInetAddressAccess = jna;
|
javaNetInetAddressAccess = jna;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -40,36 +40,25 @@ import java.util.HashSet;
|
|||||||
import java.util.StringTokenizer;
|
import java.util.StringTokenizer;
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.lang.reflect.*;
|
import java.lang.reflect.*;
|
||||||
|
import jdk.internal.misc.JavaNetURLClassLoaderAccess;
|
||||||
|
import jdk.internal.misc.JavaSecurityAccess;
|
||||||
|
import jdk.internal.misc.SharedSecrets;
|
||||||
import sun.awt.AWTSecurityManager;
|
import sun.awt.AWTSecurityManager;
|
||||||
import sun.awt.AppContext;
|
import sun.awt.AppContext;
|
||||||
import sun.awt.AWTPermissions;
|
import sun.awt.AWTPermissions;
|
||||||
import sun.security.util.SecurityConstants;
|
import sun.security.util.SecurityConstants;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class defines an applet security policy
|
* This class defines an applet security policy
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public
|
public
|
||||||
class AppletSecurity extends AWTSecurityManager {
|
class AppletSecurity extends AWTSecurityManager {
|
||||||
|
private static final JavaNetURLClassLoaderAccess JNUCLA
|
||||||
//URLClassLoader.acc
|
= SharedSecrets.getJavaNetURLClassLoaderAccess();
|
||||||
private static Field facc = null;
|
private static final JavaSecurityAccess JSA = SharedSecrets.getJavaSecurityAccess();
|
||||||
|
|
||||||
//AccessControlContext.context;
|
|
||||||
private static Field fcontext = null;
|
|
||||||
|
|
||||||
static {
|
|
||||||
try {
|
|
||||||
facc = URLClassLoader.class.getDeclaredField("acc");
|
|
||||||
facc.setAccessible(true);
|
|
||||||
fcontext = AccessControlContext.class.getDeclaredField("context");
|
|
||||||
fcontext.setAccessible(true);
|
|
||||||
} catch (NoSuchFieldException e) {
|
|
||||||
throw new UnsupportedOperationException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Construct and initialize.
|
* Construct and initialize.
|
||||||
@ -148,6 +137,7 @@ class AppletSecurity extends AWTSecurityManager {
|
|||||||
final ClassLoader currentLoader = context[i].getClassLoader();
|
final ClassLoader currentLoader = context[i].getClassLoader();
|
||||||
|
|
||||||
if (currentLoader instanceof URLClassLoader) {
|
if (currentLoader instanceof URLClassLoader) {
|
||||||
|
URLClassLoader ld = (URLClassLoader)currentLoader;
|
||||||
loader = AccessController.doPrivileged(
|
loader = AccessController.doPrivileged(
|
||||||
new PrivilegedAction<ClassLoader>() {
|
new PrivilegedAction<ClassLoader>() {
|
||||||
public ClassLoader run() {
|
public ClassLoader run() {
|
||||||
@ -156,12 +146,12 @@ class AppletSecurity extends AWTSecurityManager {
|
|||||||
ProtectionDomain[] pds = null;
|
ProtectionDomain[] pds = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
acc = (AccessControlContext) facc.get(currentLoader);
|
acc = JNUCLA.getAccessControlContext(ld);
|
||||||
if (acc == null) {
|
if (acc == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
pds = (ProtectionDomain[]) fcontext.get(acc);
|
pds = JSA.getProtectDomains(acc);
|
||||||
if (pds == null) {
|
if (pds == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user