8334394: Race condition in Class::protectionDomain
Reviewed-by: liach, jpai, rriggs, alanb
This commit is contained in:
parent
92de2b2d5f
commit
c3226aaeb8
@ -55,7 +55,9 @@ import java.lang.reflect.TypeVariable;
|
||||
import java.lang.constant.Constable;
|
||||
import java.net.URL;
|
||||
import java.security.AccessController;
|
||||
import java.security.Permissions;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.ProtectionDomain;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
@ -3220,10 +3222,6 @@ public final class Class<T> implements java.io.Serializable,
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/** protection domain returned when the internal domain is null */
|
||||
private static java.security.ProtectionDomain allPermDomain;
|
||||
|
||||
/**
|
||||
* Returns the {@code ProtectionDomain} of this class. If there is a
|
||||
* security manager installed, this method first calls the security
|
||||
@ -3244,7 +3242,7 @@ public final class Class<T> implements java.io.Serializable,
|
||||
* @see java.lang.RuntimePermission
|
||||
* @since 1.2
|
||||
*/
|
||||
public java.security.ProtectionDomain getProtectionDomain() {
|
||||
public ProtectionDomain getProtectionDomain() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
@ -3253,26 +3251,30 @@ public final class Class<T> implements java.io.Serializable,
|
||||
return protectionDomain();
|
||||
}
|
||||
|
||||
// package-private
|
||||
java.security.ProtectionDomain protectionDomain() {
|
||||
java.security.ProtectionDomain pd = getProtectionDomain0();
|
||||
if (pd == null) {
|
||||
if (allPermDomain == null) {
|
||||
java.security.Permissions perms =
|
||||
new java.security.Permissions();
|
||||
perms.add(SecurityConstants.ALL_PERMISSION);
|
||||
allPermDomain =
|
||||
new java.security.ProtectionDomain(null, perms);
|
||||
}
|
||||
pd = allPermDomain;
|
||||
/** Holder for the protection domain returned when the internal domain is null */
|
||||
private static class Holder {
|
||||
private static final ProtectionDomain allPermDomain;
|
||||
static {
|
||||
Permissions perms = new Permissions();
|
||||
perms.add(SecurityConstants.ALL_PERMISSION);
|
||||
allPermDomain = new ProtectionDomain(null, perms);
|
||||
}
|
||||
}
|
||||
|
||||
// package-private
|
||||
ProtectionDomain protectionDomain() {
|
||||
ProtectionDomain pd = getProtectionDomain0();
|
||||
if (pd == null) {
|
||||
return Holder.allPermDomain;
|
||||
} else {
|
||||
return pd;
|
||||
}
|
||||
return pd;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the ProtectionDomain of this class.
|
||||
*/
|
||||
private native java.security.ProtectionDomain getProtectionDomain0();
|
||||
private native ProtectionDomain getProtectionDomain0();
|
||||
|
||||
/*
|
||||
* Return the Virtual Machine's Class object for the named
|
||||
|
80
test/jdk/java/lang/Class/ProtectionDomainRace.java
Normal file
80
test/jdk/java/lang/Class/ProtectionDomainRace.java
Normal file
@ -0,0 +1,80 @@
|
||||
/*
|
||||
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8334394
|
||||
* @summary ensure there is no race condition in Class::protectionDomain
|
||||
* @run main/othervm ProtectionDomainRace
|
||||
*/
|
||||
import javax.security.auth.Subject;
|
||||
import java.security.PrivilegedAction;
|
||||
|
||||
/**
|
||||
* Without the code fix, this test would fail with
|
||||
* java.lang.AssertionError: sun.security.util.ResourcesMgr (PD)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.checkInjectedInvoker(MethodHandleImpl.java:1209)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.makeInjectedInvoker(MethodHandleImpl.java:1110)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller$1.computeValue(MethodHandleImpl.java:1117)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller$1.computeValue(MethodHandleImpl.java:1114)
|
||||
* at java.base/java.lang.ClassValue.getFromHashMap(ClassValue.java:229)
|
||||
* at java.base/java.lang.ClassValue.getFromBackup(ClassValue.java:211)
|
||||
* at java.base/java.lang.ClassValue.get(ClassValue.java:117)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.bindCallerWithInjectedInvoker(MethodHandleImpl.java:1089)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl$BindCaller.bindCaller(MethodHandleImpl.java:1077)
|
||||
* at java.base/java.lang.invoke.MethodHandleImpl.bindCaller(MethodHandleImpl.java:1032)
|
||||
* at java.base/java.lang.invoke.MethodHandles$Lookup.maybeBindCaller(MethodHandles.java:4149)
|
||||
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:4133)
|
||||
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:4077)
|
||||
* at java.base/java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:4326)
|
||||
* at java.base/java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:4274)
|
||||
* at java.base/java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:628)
|
||||
* at java.base/sun.security.util.ResourcesMgr.getBundle(ResourcesMgr.java:54)
|
||||
* at java.base/sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:40)
|
||||
* at java.base/javax.security.auth.Subject.doAs(Subject.java:517)
|
||||
* ...
|
||||
* as the Class::protectionDomain might assign different objects to the (original) allPermDomain field.
|
||||
*/
|
||||
public class ProtectionDomainRace {
|
||||
private static volatile Throwable failed = null;
|
||||
public static void main(String[] args) throws Throwable {
|
||||
PrivilegedAction<?> pa = () -> null;
|
||||
Thread[] threads = new Thread[100];
|
||||
for (int i = 0; i < 100; i++) {
|
||||
threads[i] = new Thread(() -> {
|
||||
try {
|
||||
Subject.doAs(null, pa);
|
||||
} catch (Throwable t) {
|
||||
failed = t;
|
||||
}
|
||||
});
|
||||
threads[i].start();
|
||||
}
|
||||
for (int i = 0; i < 100; i++) {
|
||||
threads[i].join();
|
||||
}
|
||||
if (failed != null) {
|
||||
throw failed;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user