From 455fd39d4988f452546f679c0aa78d2e6d104961 Mon Sep 17 00:00:00 2001 From: Harold Seigel Date: Thu, 7 Mar 2013 11:49:38 -0500 Subject: [PATCH 001/136] 7158805: Better rewriting of nested subroutine calls Reviewed-by: mschoene, coleenp --- hotspot/src/share/vm/memory/allocation.cpp | 30 +++++++++----------- hotspot/src/share/vm/memory/allocation.hpp | 23 +++++++++++---- hotspot/src/share/vm/oops/generateOopMap.cpp | 20 +++++++++---- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/hotspot/src/share/vm/memory/allocation.cpp b/hotspot/src/share/vm/memory/allocation.cpp index f83eada8192..675d86f8cdc 100644 --- a/hotspot/src/share/vm/memory/allocation.cpp +++ b/hotspot/src/share/vm/memory/allocation.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -248,7 +248,7 @@ class ChunkPool: public CHeapObj { ChunkPool(size_t size) : _size(size) { _first = NULL; _num_chunks = _num_used = 0; } // Allocate a new chunk from the pool (might expand the pool) - _NOINLINE_ void* allocate(size_t bytes) { + _NOINLINE_ void* allocate(size_t bytes, AllocFailType alloc_failmode) { assert(bytes == _size, "bad size"); void* p = NULL; // No VM lock can be taken inside ThreadCritical lock, so os::malloc @@ -258,9 +258,9 @@ class ChunkPool: public CHeapObj { p = get_first(); } if (p == NULL) p = os::malloc(bytes, mtChunk, CURRENT_PC); - if (p == NULL) + if (p == NULL && alloc_failmode == AllocFailStrategy::EXIT_OOM) { vm_exit_out_of_memory(bytes, "ChunkPool::allocate"); - + } return p; } @@ -357,7 +357,7 @@ class ChunkPoolCleaner : public PeriodicTask { //-------------------------------------------------------------------------------------- // Chunk implementation -void* Chunk::operator new(size_t requested_size, size_t length) { +void* Chunk::operator new (size_t requested_size, AllocFailType alloc_failmode, size_t length) { // requested_size is equal to sizeof(Chunk) but in order for the arena // allocations to come out aligned as expected the size must be aligned // to expected arean alignment. @@ -365,13 +365,14 @@ void* Chunk::operator new(size_t requested_size, size_t length) { assert(ARENA_ALIGN(requested_size) == aligned_overhead_size(), "Bad alignment"); size_t bytes = ARENA_ALIGN(requested_size) + length; switch (length) { - case Chunk::size: return ChunkPool::large_pool()->allocate(bytes); - case Chunk::medium_size: return ChunkPool::medium_pool()->allocate(bytes); - case Chunk::init_size: return ChunkPool::small_pool()->allocate(bytes); + case Chunk::size: return ChunkPool::large_pool()->allocate(bytes, alloc_failmode); + case Chunk::medium_size: return ChunkPool::medium_pool()->allocate(bytes, alloc_failmode); + case Chunk::init_size: return ChunkPool::small_pool()->allocate(bytes, alloc_failmode); default: { - void *p = os::malloc(bytes, mtChunk, CALLER_PC); - if (p == NULL) + void* p = os::malloc(bytes, mtChunk, CALLER_PC); + if (p == NULL && alloc_failmode == AllocFailStrategy::EXIT_OOM) { vm_exit_out_of_memory(bytes, "Chunk::new"); + } return p; } } @@ -425,7 +426,7 @@ NOT_PRODUCT(volatile jint Arena::_instance_count = 0;) Arena::Arena(size_t init_size) { size_t round_size = (sizeof (char *)) - 1; init_size = (init_size+round_size) & ~round_size; - _first = _chunk = new (init_size) Chunk(init_size); + _first = _chunk = new (AllocFailStrategy::EXIT_OOM, init_size) Chunk(init_size); _hwm = _chunk->bottom(); // Save the cached hwm, max _max = _chunk->top(); set_size_in_bytes(init_size); @@ -433,7 +434,7 @@ Arena::Arena(size_t init_size) { } Arena::Arena() { - _first = _chunk = new (Chunk::init_size) Chunk(Chunk::init_size); + _first = _chunk = new (AllocFailStrategy::EXIT_OOM, Chunk::init_size) Chunk(Chunk::init_size); _hwm = _chunk->bottom(); // Save the cached hwm, max _max = _chunk->top(); set_size_in_bytes(Chunk::init_size); @@ -540,12 +541,9 @@ void* Arena::grow(size_t x, AllocFailType alloc_failmode) { size_t len = MAX2(x, (size_t) Chunk::size); Chunk *k = _chunk; // Get filled-up chunk address - _chunk = new (len) Chunk(len); + _chunk = new (alloc_failmode, len) Chunk(len); if (_chunk == NULL) { - if (alloc_failmode == AllocFailStrategy::EXIT_OOM) { - signal_out_of_memory(len * Chunk::aligned_overhead_size(), "Arena::grow"); - } return NULL; } if (k) k->set_next(_chunk); // Append new chunk to end of linked list diff --git a/hotspot/src/share/vm/memory/allocation.hpp b/hotspot/src/share/vm/memory/allocation.hpp index bc01b0135b0..a5371b7aa1b 100644 --- a/hotspot/src/share/vm/memory/allocation.hpp +++ b/hotspot/src/share/vm/memory/allocation.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -274,7 +274,7 @@ class Chunk: CHeapObj { Chunk* _next; // Next Chunk in list const size_t _len; // Size of this Chunk public: - void* operator new(size_t size, size_t length); + void* operator new(size_t size, AllocFailType alloc_failmode, size_t length); void operator delete(void* p); Chunk(size_t length); @@ -337,10 +337,15 @@ protected: void signal_out_of_memory(size_t request, const char* whence) const; - void check_for_overflow(size_t request, const char* whence) const { + bool check_for_overflow(size_t request, const char* whence, + AllocFailType alloc_failmode = AllocFailStrategy::EXIT_OOM) const { if (UINTPTR_MAX - request < (uintptr_t)_hwm) { + if (alloc_failmode == AllocFailStrategy::RETURN_NULL) { + return false; + } signal_out_of_memory(request, whence); } + return true; } public: @@ -364,7 +369,8 @@ protected: assert(is_power_of_2(ARENA_AMALLOC_ALIGNMENT) , "should be a power of 2"); x = ARENA_ALIGN(x); debug_only(if (UseMallocOnly) return malloc(x);) - check_for_overflow(x, "Arena::Amalloc"); + if (!check_for_overflow(x, "Arena::Amalloc", alloc_failmode)) + return NULL; NOT_PRODUCT(inc_bytes_allocated(x);) if (_hwm + x > _max) { return grow(x, alloc_failmode); @@ -378,7 +384,8 @@ protected: void *Amalloc_4(size_t x, AllocFailType alloc_failmode = AllocFailStrategy::EXIT_OOM) { assert( (x&(sizeof(char*)-1)) == 0, "misaligned size" ); debug_only(if (UseMallocOnly) return malloc(x);) - check_for_overflow(x, "Arena::Amalloc_4"); + if (!check_for_overflow(x, "Arena::Amalloc_4", alloc_failmode)) + return NULL; NOT_PRODUCT(inc_bytes_allocated(x);) if (_hwm + x > _max) { return grow(x, alloc_failmode); @@ -399,7 +406,8 @@ protected: size_t delta = (((size_t)_hwm + DALIGN_M1) & ~DALIGN_M1) - (size_t)_hwm; x += delta; #endif - check_for_overflow(x, "Arena::Amalloc_D"); + if (!check_for_overflow(x, "Arena::Amalloc_D", alloc_failmode)) + return NULL; NOT_PRODUCT(inc_bytes_allocated(x);) if (_hwm + x > _max) { return grow(x, alloc_failmode); // grow() returns a result aligned >= 8 bytes. @@ -539,6 +547,9 @@ class ResourceObj ALLOCATION_SUPER_CLASS_SPEC { #define NEW_RESOURCE_ARRAY(type, size)\ (type*) resource_allocate_bytes((size) * sizeof(type)) +#define NEW_RESOURCE_ARRAY_RETURN_NULL(type, size)\ + (type*) resource_allocate_bytes((size) * sizeof(type), AllocFailStrategy::RETURN_NULL) + #define NEW_RESOURCE_ARRAY_IN_THREAD(thread, type, size)\ (type*) resource_allocate_bytes(thread, (size) * sizeof(type)) diff --git a/hotspot/src/share/vm/oops/generateOopMap.cpp b/hotspot/src/share/vm/oops/generateOopMap.cpp index 8c12b7ac77d..9a9dc23d4e8 100644 --- a/hotspot/src/share/vm/oops/generateOopMap.cpp +++ b/hotspot/src/share/vm/oops/generateOopMap.cpp @@ -642,11 +642,21 @@ int GenerateOopMap::next_bb_start_pc(BasicBlock *bb) { // CellType handling methods // +// Allocate memory and throw LinkageError if failure. +#define ALLOC_RESOURCE_ARRAY(var, type, count) \ + var = NEW_RESOURCE_ARRAY_RETURN_NULL(type, count); \ + if (var == NULL) { \ + report_error("Cannot reserve enough memory to analyze this method"); \ + return; \ + } + + void GenerateOopMap::init_state() { _state_len = _max_locals + _max_stack + _max_monitors; - _state = NEW_RESOURCE_ARRAY(CellTypeState, _state_len); + ALLOC_RESOURCE_ARRAY(_state, CellTypeState, _state_len); memset(_state, 0, _state_len * sizeof(CellTypeState)); - _state_vec_buf = NEW_RESOURCE_ARRAY(char, MAX3(_max_locals, _max_stack, _max_monitors) + 1/*for null terminator char */); + int count = MAX3(_max_locals, _max_stack, _max_monitors) + 1/*for null terminator char */; + ALLOC_RESOURCE_ARRAY(_state_vec_buf, char, count); } void GenerateOopMap::make_context_uninitialized() { @@ -905,7 +915,7 @@ void GenerateOopMap::init_basic_blocks() { // But cumbersome since we don't know the stack heights yet. (Nor the // monitor stack heights...) - _basic_blocks = NEW_RESOURCE_ARRAY(BasicBlock, _bb_count); + ALLOC_RESOURCE_ARRAY(_basic_blocks, BasicBlock, _bb_count); // Make a pass through the bytecodes. Count the number of monitorenters. // This can be used an upper bound on the monitor stack depth in programs @@ -976,8 +986,8 @@ void GenerateOopMap::init_basic_blocks() { return; } - CellTypeState *basicBlockState = - NEW_RESOURCE_ARRAY(CellTypeState, bbNo * _state_len); + CellTypeState *basicBlockState; + ALLOC_RESOURCE_ARRAY(basicBlockState, CellTypeState, bbNo * _state_len); memset(basicBlockState, 0, bbNo * _state_len * sizeof(CellTypeState)); // Make a pass over the basicblocks and assign their state vectors. From 6ebc920e1e1f63f3c0b8b44c04b3cc776e522fca Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Fri, 5 Apr 2013 10:18:36 -0400 Subject: [PATCH 002/136] 8001330: Improve on checking order Reviewed-by: acorn, hawtin --- .../src/share/vm/classfile/javaClasses.cpp | 26 ++++++ .../src/share/vm/classfile/javaClasses.hpp | 9 +- hotspot/src/share/vm/classfile/vmSymbols.hpp | 2 + hotspot/src/share/vm/memory/universe.cpp | 21 +++++ hotspot/src/share/vm/memory/universe.hpp | 4 + hotspot/src/share/vm/prims/jvm.cpp | 83 +++++++++++++++++-- 6 files changed, 137 insertions(+), 8 deletions(-) diff --git a/hotspot/src/share/vm/classfile/javaClasses.cpp b/hotspot/src/share/vm/classfile/javaClasses.cpp index fe03d3fb132..0550adc9ebc 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.cpp +++ b/hotspot/src/share/vm/classfile/javaClasses.cpp @@ -2774,6 +2774,7 @@ void java_lang_invoke_CallSite::compute_offsets() { int java_security_AccessControlContext::_context_offset = 0; int java_security_AccessControlContext::_privilegedContext_offset = 0; int java_security_AccessControlContext::_isPrivileged_offset = 0; +int java_security_AccessControlContext::_isAuthorized_offset = -1; void java_security_AccessControlContext::compute_offsets() { assert(_isPrivileged_offset == 0, "offsets should be initialized only once"); @@ -2794,9 +2795,20 @@ void java_security_AccessControlContext::compute_offsets() { fatal("Invalid layout of java.security.AccessControlContext"); } _isPrivileged_offset = fd.offset(); + + // The offset may not be present for bootstrapping with older JDK. + if (ik->find_local_field(vmSymbols::isAuthorized_name(), vmSymbols::bool_signature(), &fd)) { + _isAuthorized_offset = fd.offset(); + } } +bool java_security_AccessControlContext::is_authorized(Handle context) { + assert(context.not_null() && context->klass() == SystemDictionary::AccessControlContext_klass(), "Invalid type"); + assert(_isAuthorized_offset != -1, "should be set"); + return context->bool_field(_isAuthorized_offset) != 0; +} + oop java_security_AccessControlContext::create(objArrayHandle context, bool isPrivileged, Handle privileged_context, TRAPS) { assert(_isPrivileged_offset != 0, "offsets should have been initialized"); // Ensure klass is initialized @@ -2807,6 +2819,8 @@ oop java_security_AccessControlContext::create(objArrayHandle context, bool isPr result->obj_field_put(_context_offset, context()); result->obj_field_put(_privilegedContext_offset, privileged_context()); result->bool_field_put(_isPrivileged_offset, isPrivileged); + // whitelist AccessControlContexts created by the JVM. + result->bool_field_put(_isAuthorized_offset, true); return result; } @@ -2916,6 +2930,15 @@ int java_lang_System::err_offset_in_bytes() { } +bool java_lang_System::has_security_manager() { + InstanceKlass* ik = InstanceKlass::cast(SystemDictionary::System_klass()); + address addr = ik->static_field_addr(static_security_offset); + if (UseCompressedOops) { + return oopDesc::load_decode_heap_oop((narrowOop *)addr) != NULL; + } else { + return oopDesc::load_decode_heap_oop((oop*)addr) != NULL; + } +} int java_lang_Class::_klass_offset; int java_lang_Class::_array_klass_offset; @@ -2976,6 +2999,7 @@ int java_lang_ClassLoader::parent_offset; int java_lang_System::static_in_offset; int java_lang_System::static_out_offset; int java_lang_System::static_err_offset; +int java_lang_System::static_security_offset; int java_lang_StackTraceElement::declaringClass_offset; int java_lang_StackTraceElement::methodName_offset; int java_lang_StackTraceElement::fileName_offset; @@ -3101,6 +3125,7 @@ void JavaClasses::compute_hard_coded_offsets() { java_lang_System::static_in_offset = java_lang_System::hc_static_in_offset * x; java_lang_System::static_out_offset = java_lang_System::hc_static_out_offset * x; java_lang_System::static_err_offset = java_lang_System::hc_static_err_offset * x; + java_lang_System::static_security_offset = java_lang_System::hc_static_security_offset * x; // java_lang_StackTraceElement java_lang_StackTraceElement::declaringClass_offset = java_lang_StackTraceElement::hc_declaringClass_offset * x + header; @@ -3300,6 +3325,7 @@ void JavaClasses::check_offsets() { CHECK_STATIC_OFFSET("java/lang/System", java_lang_System, in, "Ljava/io/InputStream;"); CHECK_STATIC_OFFSET("java/lang/System", java_lang_System, out, "Ljava/io/PrintStream;"); CHECK_STATIC_OFFSET("java/lang/System", java_lang_System, err, "Ljava/io/PrintStream;"); + CHECK_STATIC_OFFSET("java/lang/System", java_lang_System, security, "Ljava/lang/SecurityManager;"); // java.lang.StackTraceElement diff --git a/hotspot/src/share/vm/classfile/javaClasses.hpp b/hotspot/src/share/vm/classfile/javaClasses.hpp index ac0f15e2cee..b0314a6e007 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.hpp +++ b/hotspot/src/share/vm/classfile/javaClasses.hpp @@ -1149,11 +1149,14 @@ class java_security_AccessControlContext: AllStatic { static int _context_offset; static int _privilegedContext_offset; static int _isPrivileged_offset; + static int _isAuthorized_offset; static void compute_offsets(); public: static oop create(objArrayHandle context, bool isPrivileged, Handle privileged_context, TRAPS); + static bool is_authorized(Handle context); + // Debugging/initialization friend class JavaClasses; }; @@ -1213,18 +1216,22 @@ class java_lang_System : AllStatic { enum { hc_static_in_offset = 0, hc_static_out_offset = 1, - hc_static_err_offset = 2 + hc_static_err_offset = 2, + hc_static_security_offset = 3 }; static int static_in_offset; static int static_out_offset; static int static_err_offset; + static int static_security_offset; public: static int in_offset_in_bytes(); static int out_offset_in_bytes(); static int err_offset_in_bytes(); + static bool has_security_manager(); + // Debugging friend class JavaClasses; }; diff --git a/hotspot/src/share/vm/classfile/vmSymbols.hpp b/hotspot/src/share/vm/classfile/vmSymbols.hpp index 1e66346eec5..ab68f3a5ed4 100644 --- a/hotspot/src/share/vm/classfile/vmSymbols.hpp +++ b/hotspot/src/share/vm/classfile/vmSymbols.hpp @@ -94,6 +94,7 @@ template(java_lang_SecurityManager, "java/lang/SecurityManager") \ template(java_security_AccessControlContext, "java/security/AccessControlContext") \ template(java_security_ProtectionDomain, "java/security/ProtectionDomain") \ + template(impliesCreateAccessControlContext_name, "impliesCreateAccessControlContext") \ template(java_io_OutputStream, "java/io/OutputStream") \ template(java_io_Reader, "java/io/Reader") \ template(java_io_BufferedReader, "java/io/BufferedReader") \ @@ -346,6 +347,7 @@ template(contextClassLoader_name, "contextClassLoader") \ template(inheritedAccessControlContext_name, "inheritedAccessControlContext") \ template(isPrivileged_name, "isPrivileged") \ + template(isAuthorized_name, "isAuthorized") \ template(getClassContext_name, "getClassContext") \ template(wait_name, "wait") \ template(checkPackageAccess_name, "checkPackageAccess") \ diff --git a/hotspot/src/share/vm/memory/universe.cpp b/hotspot/src/share/vm/memory/universe.cpp index 90a2276cb93..12d92aae49d 100644 --- a/hotspot/src/share/vm/memory/universe.cpp +++ b/hotspot/src/share/vm/memory/universe.cpp @@ -108,6 +108,7 @@ oop Universe::_the_null_string = NULL; oop Universe::_the_min_jint_string = NULL; LatestMethodOopCache* Universe::_finalizer_register_cache = NULL; LatestMethodOopCache* Universe::_loader_addClass_cache = NULL; +LatestMethodOopCache* Universe::_pd_implies_cache = NULL; ActiveMethodOopsCache* Universe::_reflect_invoke_cache = NULL; oop Universe::_out_of_memory_error_java_heap = NULL; oop Universe::_out_of_memory_error_perm_gen = NULL; @@ -224,6 +225,7 @@ void Universe::serialize(SerializeClosure* f, bool do_all) { _finalizer_register_cache->serialize(f); _loader_addClass_cache->serialize(f); _reflect_invoke_cache->serialize(f); + _pd_implies_cache->serialize(f); } void Universe::check_alignment(uintx size, uintx alignment, const char* name) { @@ -648,6 +650,7 @@ jint universe_init() { // Metaspace::initialize_shared_spaces() tries to populate them. Universe::_finalizer_register_cache = new LatestMethodOopCache(); Universe::_loader_addClass_cache = new LatestMethodOopCache(); + Universe::_pd_implies_cache = new LatestMethodOopCache(); Universe::_reflect_invoke_cache = new ActiveMethodOopsCache(); if (UseSharedSpaces) { @@ -1082,6 +1085,23 @@ bool universe_post_init() { Universe::_loader_addClass_cache->init( SystemDictionary::ClassLoader_klass(), m, CHECK_false); + // Setup method for checking protection domain + InstanceKlass::cast(SystemDictionary::ProtectionDomain_klass())->link_class(CHECK_false); + m = InstanceKlass::cast(SystemDictionary::ProtectionDomain_klass())-> + find_method(vmSymbols::impliesCreateAccessControlContext_name(), + vmSymbols::void_boolean_signature()); + // Allow NULL which should only happen with bootstrapping. + if (m != NULL) { + if (m->is_static()) { + // NoSuchMethodException doesn't actually work because it tries to run the + // function before java_lang_Class is linked. Print error and exit. + tty->print_cr("ProtectionDomain.impliesCreateAccessControlContext() has the wrong linkage"); + return false; // initialization failed + } + Universe::_pd_implies_cache->init( + SystemDictionary::ProtectionDomain_klass(), m, CHECK_false);; + } + // The folowing is initializing converter functions for serialization in // JVM.cpp. If we clean up the StrictMath code above we may want to find // a better solution for this as well. @@ -1497,6 +1517,7 @@ bool ActiveMethodOopsCache::is_same_method(Method* const method) const { Method* LatestMethodOopCache::get_Method() { + if (klass() == NULL) return NULL; InstanceKlass* ik = InstanceKlass::cast(klass()); Method* m = ik->method_with_idnum(method_idnum()); assert(m != NULL, "sanity check"); diff --git a/hotspot/src/share/vm/memory/universe.hpp b/hotspot/src/share/vm/memory/universe.hpp index 2bf0b653f58..6c890d6ea46 100644 --- a/hotspot/src/share/vm/memory/universe.hpp +++ b/hotspot/src/share/vm/memory/universe.hpp @@ -176,6 +176,7 @@ class Universe: AllStatic { static oop _the_min_jint_string; // A cache of "-2147483648" as a Java string static LatestMethodOopCache* _finalizer_register_cache; // static method for registering finalizable objects static LatestMethodOopCache* _loader_addClass_cache; // method for registering loaded classes in class loader vector + static LatestMethodOopCache* _pd_implies_cache; // method for checking protection domain attributes static ActiveMethodOopsCache* _reflect_invoke_cache; // method for security checks static oop _out_of_memory_error_java_heap; // preallocated error object (no backtrace) static oop _out_of_memory_error_perm_gen; // preallocated error object (no backtrace) @@ -346,7 +347,10 @@ class Universe: AllStatic { static oop the_min_jint_string() { return _the_min_jint_string; } static Method* finalizer_register_method() { return _finalizer_register_cache->get_Method(); } static Method* loader_addClass_method() { return _loader_addClass_cache->get_Method(); } + + static Method* protection_domain_implies_method() { return _pd_implies_cache->get_Method(); } static ActiveMethodOopsCache* reflect_invoke_cache() { return _reflect_invoke_cache; } + static oop null_ptr_exception_instance() { return _null_ptr_exception_instance; } static oop arithmetic_exception_instance() { return _arithmetic_exception_instance; } static oop virtual_machine_error_instance() { return _virtual_machine_error_instance; } diff --git a/hotspot/src/share/vm/prims/jvm.cpp b/hotspot/src/share/vm/prims/jvm.cpp index 5c31ea1e5ac..628888010db 100644 --- a/hotspot/src/share/vm/prims/jvm.cpp +++ b/hotspot/src/share/vm/prims/jvm.cpp @@ -1144,6 +1144,56 @@ JVM_ENTRY(void, JVM_SetProtectionDomain(JNIEnv *env, jclass cls, jobject protect } JVM_END +static bool is_authorized(Handle context, instanceKlassHandle klass, TRAPS) { + // If there is a security manager and protection domain, check the access + // in the protection domain, otherwise it is authorized. + if (java_lang_System::has_security_manager()) { + + // For bootstrapping, if pd implies method isn't in the JDK, allow + // this context to revert to older behavior. + // In this case the isAuthorized field in AccessControlContext is also not + // present. + if (Universe::protection_domain_implies_method() == NULL) { + return true; + } + + // Whitelist certain access control contexts + if (java_security_AccessControlContext::is_authorized(context)) { + return true; + } + + oop prot = klass->protection_domain(); + if (prot != NULL) { + // Call pd.implies(new SecurityPermission("createAccessControlContext")) + // in the new wrapper. + methodHandle m(THREAD, Universe::protection_domain_implies_method()); + Handle h_prot(THREAD, prot); + JavaValue result(T_BOOLEAN); + JavaCallArguments args(h_prot); + JavaCalls::call(&result, m, &args, CHECK_false); + return (result.get_jboolean() != 0); + } + } + return true; +} + +// Create an AccessControlContext with a protection domain with null codesource +// and null permissions - which gives no permissions. +oop create_dummy_access_control_context(TRAPS) { + InstanceKlass* pd_klass = InstanceKlass::cast(SystemDictionary::ProtectionDomain_klass()); + // new ProtectionDomain(null,null); + oop null_protection_domain = pd_klass->allocate_instance(CHECK_NULL); + Handle null_pd(THREAD, null_protection_domain); + + // new ProtectionDomain[] {pd}; + objArrayOop context = oopFactory::new_objArray(pd_klass, 1, CHECK_NULL); + context->obj_at_put(0, null_pd()); + + // new AccessControlContext(new ProtectionDomain[] {pd}) + objArrayHandle h_context(THREAD, context); + oop result = java_security_AccessControlContext::create(h_context, false, Handle(), CHECK_NULL); + return result; +} JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException)) JVMWrapper("JVM_DoPrivileged"); @@ -1152,8 +1202,29 @@ JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, job THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action"); } - // Stack allocated list of privileged stack elements - PrivilegedElement pi; + // Compute the frame initiating the do privileged operation and setup the privileged stack + vframeStream vfst(thread); + vfst.security_get_caller_frame(1); + + if (vfst.at_end()) { + THROW_MSG_0(vmSymbols::java_lang_InternalError(), "no caller?"); + } + + Method* method = vfst.method(); + instanceKlassHandle klass (THREAD, method->method_holder()); + + // Check that action object understands "Object run()" + Handle h_context; + if (context != NULL) { + h_context = Handle(THREAD, JNIHandles::resolve(context)); + bool authorized = is_authorized(h_context, klass, CHECK_NULL); + if (!authorized) { + // Create an unprivileged access control object and call it's run function + // instead. + oop noprivs = create_dummy_access_control_context(CHECK_NULL); + h_context = Handle(THREAD, noprivs); + } + } // Check that action object understands "Object run()" Handle object (THREAD, JNIHandles::resolve(action)); @@ -1167,12 +1238,10 @@ JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, job THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method"); } - // Compute the frame initiating the do privileged operation and setup the privileged stack - vframeStream vfst(thread); - vfst.security_get_caller_frame(1); - + // Stack allocated list of privileged stack elements + PrivilegedElement pi; if (!vfst.at_end()) { - pi.initialize(&vfst, JNIHandles::resolve(context), thread->privileged_stack_top(), CHECK_NULL); + pi.initialize(&vfst, h_context(), thread->privileged_stack_top(), CHECK_NULL); thread->set_privileged_stack_top(&pi); } From dec7bd5d024b95ea7bd1747dfa80580e12acb630 Mon Sep 17 00:00:00 2001 From: Sean Coffey Date: Mon, 8 Apr 2013 23:12:03 +0100 Subject: [PATCH 003/136] 8001032: Restrict object access Restrict object access; fix reviewed also by Alexander Fomin Reviewed-by: alanb, ahgross --- .../com_sun_corba_se_impl_orbutil.jmk | 3 +- .../se/impl/activation/ServerManagerImpl.java | 3 +- .../se/impl/interceptors/PIHandlerImpl.java | 3 +- .../se/impl/interceptors/RequestInfoImpl.java | 11 +++-- .../sun/corba/se/impl/io/ValueUtility.java | 10 +++- .../corba/se/impl/javax/rmi/CORBA/Util.java | 11 ++--- .../corba/se/impl/orb/ORBDataParserImpl.java | 3 +- .../com/sun/corba/se/impl/orb/ORBImpl.java | 3 +- .../sun/corba/se/impl/orb/ParserTable.java | 22 +++++---- .../corba/se/impl/orbutil/ORBClassLoader.java | 47 ------------------- .../sun/corba/se/impl/orbutil/ORBUtility.java | 8 ++-- .../LocateReplyMessage_1_2.java | 3 +- .../protocol/giopmsgheaders/MessageBase.java | 8 ++-- .../giopmsgheaders/ReplyMessage_1_0.java | 3 +- .../giopmsgheaders/ReplyMessage_1_1.java | 3 +- .../classes/com/sun/corba/se/spi/orb/ORB.java | 6 +-- .../corba/se/spi/orb/OperationFactory.java | 8 ++-- .../classes/sun/corba/JavaCorbaAccess.java | 3 +- 18 files changed, 61 insertions(+), 97 deletions(-) delete mode 100644 corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBClassLoader.java diff --git a/corba/make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk b/corba/make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk index 465c546ec59..d007b4e374c 100644 --- a/corba/make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk +++ b/corba/make/com/sun/corba/minclude/com_sun_corba_se_impl_orbutil.jmk @@ -1,5 +1,5 @@ # -# Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -39,7 +39,6 @@ com_sun_corba_se_impl_orbutil_java = \ com/sun/corba/se/impl/orbutil/ObjectStreamClassUtil_1_3.java \ com/sun/corba/se/impl/orbutil/ORBConstants.java \ com/sun/corba/se/impl/orbutil/ORBUtility.java \ - com/sun/corba/se/impl/orbutil/ORBClassLoader.java \ com/sun/corba/se/impl/orbutil/RepIdDelegator.java \ com/sun/corba/se/impl/orbutil/RepositoryIdFactory.java \ com/sun/corba/se/impl/orbutil/RepositoryIdStrings.java \ diff --git a/corba/src/share/classes/com/sun/corba/se/impl/activation/ServerManagerImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/activation/ServerManagerImpl.java index 4fde9aad06a..745f0aafadb 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/activation/ServerManagerImpl.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/activation/ServerManagerImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -81,7 +81,6 @@ import com.sun.corba.se.impl.logging.ActivationSystemException ; import com.sun.corba.se.impl.oa.poa.BadServerIdHandler; import com.sun.corba.se.impl.orbutil.ORBConstants; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.util.Utility; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/interceptors/PIHandlerImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/interceptors/PIHandlerImpl.java index e7d7ae27e76..9ad417e464e 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/interceptors/PIHandlerImpl.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/interceptors/PIHandlerImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,7 +77,6 @@ import com.sun.corba.se.impl.logging.InterceptorsSystemException; import com.sun.corba.se.impl.logging.ORBUtilSystemException; import com.sun.corba.se.impl.logging.OMGSystemException; import com.sun.corba.se.impl.corba.RequestImpl; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.orbutil.ORBConstants; import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.orbutil.StackImpl; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/interceptors/RequestInfoImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/interceptors/RequestInfoImpl.java index a20de7a3af0..9ef904b02e1 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/interceptors/RequestInfoImpl.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/interceptors/RequestInfoImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,13 +86,14 @@ import com.sun.corba.se.impl.encoding.CDRInputStream_1_0; import com.sun.corba.se.impl.encoding.EncapsOutputStream; import com.sun.corba.se.impl.orbutil.ORBUtility; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.util.RepositoryId; import com.sun.corba.se.impl.logging.InterceptorsSystemException; import com.sun.corba.se.impl.logging.OMGSystemException; +import sun.corba.SharedSecrets; + /** * Implementation of the RequestInfo interface as specified in * orbos/99-12-02 section 5.4.1. @@ -452,7 +453,8 @@ public abstract class RequestInfoImpl // Find the read method on the helper class: String helperClassName = className + "Helper"; - Class helperClass = ORBClassLoader.loadClass( helperClassName ); + Class helperClass = + SharedSecrets.getJavaCorbaAccess().loadClass( helperClassName ); Class[] readParams = new Class[1]; readParams[0] = org.omg.CORBA.portable.InputStream.class; Method readMethod = helperClass.getMethod( "read", readParams ); @@ -512,7 +514,8 @@ public abstract class RequestInfoImpl Class exceptionClass = userException.getClass(); String className = exceptionClass.getName(); String helperClassName = className + "Helper"; - Class helperClass = ORBClassLoader.loadClass( helperClassName ); + Class helperClass = + SharedSecrets.getJavaCorbaAccess().loadClass( helperClassName ); // Find insert( Any, class ) method Class[] insertMethodParams = new Class[2]; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/io/ValueUtility.java b/corba/src/share/classes/com/sun/corba/se/impl/io/ValueUtility.java index 41d85a265fc..20cec8d7b30 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/io/ValueUtility.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/io/ValueUtility.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -98,6 +98,14 @@ public class ValueUtility { public ValueHandlerImpl newValueHandlerImpl() { return ValueHandlerImpl.getInstance(); } + public Class loadClass(String className) throws ClassNotFoundException { + if (Thread.currentThread().getContextClassLoader() != null) { + return Thread.currentThread().getContextClassLoader(). + loadClass(className); + } else { + return ClassLoader.getSystemClassLoader().loadClass(className); + } + } }); } diff --git a/corba/src/share/classes/com/sun/corba/se/impl/javax/rmi/CORBA/Util.java b/corba/src/share/classes/com/sun/corba/se/impl/javax/rmi/CORBA/Util.java index aa2c6483804..7829d52a495 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/javax/rmi/CORBA/Util.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/javax/rmi/CORBA/Util.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -109,12 +109,9 @@ import com.sun.corba.se.impl.logging.OMGSystemException; import com.sun.corba.se.impl.util.Utility; import com.sun.corba.se.impl.util.IdentityHashtable; import com.sun.corba.se.impl.util.JDKBridge; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.logging.UtilSystemException; import com.sun.corba.se.spi.logging.CORBALogDomains; import sun.corba.SharedSecrets; -import sun.corba.JavaCorbaAccess; - /** * Provides utility methods that can be used by stubs and ties to @@ -263,7 +260,7 @@ public class Util implements javax.rmi.CORBA.UtilDelegate return new MarshalException(message,inner); } else if (ex instanceof ACTIVITY_REQUIRED) { try { - Class cl = ORBClassLoader.loadClass( + Class cl = SharedSecrets.getJavaCorbaAccess().loadClass( "javax.activity.ActivityRequiredException"); Class[] params = new Class[2]; params[0] = java.lang.String.class; @@ -279,7 +276,7 @@ public class Util implements javax.rmi.CORBA.UtilDelegate } } else if (ex instanceof ACTIVITY_COMPLETED) { try { - Class cl = ORBClassLoader.loadClass( + Class cl = SharedSecrets.getJavaCorbaAccess().loadClass( "javax.activity.ActivityCompletedException"); Class[] params = new Class[2]; params[0] = java.lang.String.class; @@ -295,7 +292,7 @@ public class Util implements javax.rmi.CORBA.UtilDelegate } } else if (ex instanceof INVALID_ACTIVITY) { try { - Class cl = ORBClassLoader.loadClass( + Class cl = SharedSecrets.getJavaCorbaAccess().loadClass( "javax.activity.InvalidActivityException"); Class[] params = new Class[2]; params[0] = java.lang.String.class; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBDataParserImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBDataParserImpl.java index 46b0627ae35..94bb5d9ee8f 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBDataParserImpl.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBDataParserImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,7 +48,6 @@ import com.sun.corba.se.spi.transport.ReadTimeouts; import com.sun.corba.se.impl.encoding.CodeSetComponentInfo ; import com.sun.corba.se.impl.legacy.connection.USLPort; -import com.sun.corba.se.impl.orbutil.ORBClassLoader ; import com.sun.corba.se.impl.orbutil.ORBConstants ; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java b/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java index 5db85734a95..ee0a535205a 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -152,7 +152,6 @@ import com.sun.corba.se.impl.oa.toa.TOAFactory; import com.sun.corba.se.impl.oa.poa.BadServerIdHandler; import com.sun.corba.se.impl.oa.poa.DelegateImpl; import com.sun.corba.se.impl.oa.poa.POAFactory; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.orbutil.ORBConstants; import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.orbutil.StackImpl; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orb/ParserTable.java b/corba/src/share/classes/com/sun/corba/se/impl/orb/ParserTable.java index 550c4a7f304..6229de4be15 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/orb/ParserTable.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/orb/ParserTable.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,6 @@ import com.sun.corba.se.impl.encoding.OSFCodeSetRegistry ; import com.sun.corba.se.impl.legacy.connection.USLPort ; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; import com.sun.corba.se.impl.oa.poa.BadServerIdHandler ; -import com.sun.corba.se.impl.orbutil.ORBClassLoader ; import com.sun.corba.se.impl.orbutil.ORBConstants ; import com.sun.corba.se.impl.protocol.giopmsgheaders.KeyAddr ; import com.sun.corba.se.impl.protocol.giopmsgheaders.ProfileAddr ; @@ -86,6 +85,8 @@ import com.sun.corba.se.impl.protocol.giopmsgheaders.ReferenceAddr ; import com.sun.corba.se.impl.transport.DefaultIORToSocketInfoImpl; import com.sun.corba.se.impl.transport.DefaultSocketFactoryImpl; +import sun.corba.SharedSecrets; + /** Initialize the parser data for the standard ORB parser. This is used both * to implement ORBDataParserImpl and to provide the basic testing framework * for ORBDataParserImpl. @@ -640,8 +641,8 @@ public class ParserTable { String param = (String)value ; try { - Class legacySocketFactoryClass = - ORBClassLoader.loadClass(param); + Class legacySocketFactoryClass = + SharedSecrets.getJavaCorbaAccess().loadClass(param); // For security reasons avoid creating an instance if // this socket factory class is not one that would fail // the class cast anyway. @@ -670,7 +671,8 @@ public class ParserTable { String param = (String)value ; try { - Class socketFactoryClass = ORBClassLoader.loadClass(param); + Class socketFactoryClass = + SharedSecrets.getJavaCorbaAccess().loadClass(param); // For security reasons avoid creating an instance if // this socket factory class is not one that would fail // the class cast anyway. @@ -699,7 +701,8 @@ public class ParserTable { String param = (String)value ; try { - Class iorToSocketInfoClass = ORBClassLoader.loadClass(param); + Class iorToSocketInfoClass = + SharedSecrets.getJavaCorbaAccess().loadClass(param); // For security reasons avoid creating an instance if // this socket factory class is not one that would fail // the class cast anyway. @@ -728,7 +731,8 @@ public class ParserTable { String param = (String)value ; try { - Class iiopPrimaryToContactInfoClass = ORBClassLoader.loadClass(param); + Class iiopPrimaryToContactInfoClass = + SharedSecrets.getJavaCorbaAccess().loadClass(param); // For security reasons avoid creating an instance if // this socket factory class is not one that would fail // the class cast anyway. @@ -757,8 +761,8 @@ public class ParserTable { String param = (String)value ; try { - Class contactInfoListFactoryClass = - ORBClassLoader.loadClass(param); + Class contactInfoListFactoryClass = + SharedSecrets.getJavaCorbaAccess().loadClass(param); // For security reasons avoid creating an instance if // this socket factory class is not one that would fail // the class cast anyway. diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBClassLoader.java b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBClassLoader.java deleted file mode 100644 index 3e3ba8dcf11..00000000000 --- a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBClassLoader.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package com.sun.corba.se.impl.orbutil; - -/** - * Based on feedback from bug report 4452016, all class loading - * in the ORB is isolated here. It is acceptable to use - * Class.forName only when one is certain that the desired class - * should come from the core JDK. - */ -public class ORBClassLoader -{ - public static Class loadClass(String className) - throws ClassNotFoundException - { - return ORBClassLoader.getClassLoader().loadClass(className); - } - - public static ClassLoader getClassLoader() { - if (Thread.currentThread().getContextClassLoader() != null) - return Thread.currentThread().getContextClassLoader(); - else - return ClassLoader.getSystemClassLoader(); - } -} diff --git a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java index 23d51f9008a..41dba4d9489 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,6 +90,8 @@ import com.sun.corba.se.impl.logging.ORBUtilSystemException ; import com.sun.corba.se.impl.logging.OMGSystemException ; import com.sun.corba.se.impl.ior.iiop.JavaSerializationComponent; +import sun.corba.SharedSecrets; + /** * Handy class full of static functions that don't belong in util.Utility for pure ORB reasons. */ @@ -262,8 +264,8 @@ public final class ORBUtility { { try { String name = classNameOf(strm.read_string()); - SystemException ex - = (SystemException)ORBClassLoader.loadClass(name).newInstance(); + SystemException ex = (SystemException)SharedSecrets. + getJavaCorbaAccess().loadClass(name).newInstance(); ex.minor = strm.read_long(); ex.completed = CompletionStatus.from_int(strm.read_long()); return ex; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/LocateReplyMessage_1_2.java b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/LocateReplyMessage_1_2.java index a3af1ec2a41..8274de69f84 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/LocateReplyMessage_1_2.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/LocateReplyMessage_1_2.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,7 +41,6 @@ import com.sun.corba.se.impl.encoding.CDROutputStream; import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.orbutil.ORBConstants; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.spi.logging.CORBALogDomains ; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/MessageBase.java b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/MessageBase.java index b1eb366882a..6559be7fca4 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/MessageBase.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/MessageBase.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,9 +60,10 @@ import com.sun.corba.se.impl.encoding.CDRInputStream_1_0; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.orbutil.ORBConstants; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.impl.protocol.AddressingDispositionException; +import sun.corba.SharedSecrets; + /** * This class acts as the base class for the various GIOP message types. This * also serves as a factory to create various message types. We currently @@ -909,7 +910,8 @@ public abstract class MessageBase implements Message{ SystemException sysEx = null; try { - Class clazz = ORBClassLoader.loadClass(exClassName); + Class clazz = + SharedSecrets.getJavaCorbaAccess().loadClass(exClassName); if (message == null) { sysEx = (SystemException) clazz.newInstance(); } else { diff --git a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_0.java b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_0.java index 8bcc4e8aec6..4d77e3aff0b 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_0.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_0.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,7 +37,6 @@ import com.sun.corba.se.spi.orb.ORB; import com.sun.corba.se.spi.servicecontext.ServiceContexts; import com.sun.corba.se.spi.ior.iiop.GIOPVersion; import com.sun.corba.se.impl.orbutil.ORBUtility; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.spi.ior.IOR; import com.sun.corba.se.impl.encoding.CDRInputStream; diff --git a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_1.java b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_1.java index e22e0fb64f8..65d8578f634 100644 --- a/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_1.java +++ b/corba/src/share/classes/com/sun/corba/se/impl/protocol/giopmsgheaders/ReplyMessage_1_1.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,7 +37,6 @@ import com.sun.corba.se.spi.orb.ORB; import com.sun.corba.se.spi.servicecontext.ServiceContexts; import com.sun.corba.se.spi.ior.iiop.GIOPVersion; import com.sun.corba.se.impl.orbutil.ORBUtility; -import com.sun.corba.se.impl.orbutil.ORBClassLoader; import com.sun.corba.se.spi.ior.IOR; import com.sun.corba.se.impl.encoding.CDRInputStream; diff --git a/corba/src/share/classes/com/sun/corba/se/spi/orb/ORB.java b/corba/src/share/classes/com/sun/corba/se/spi/orb/ORB.java index 306a9f7d2bf..91a691e2b25 100644 --- a/corba/src/share/classes/com/sun/corba/se/spi/orb/ORB.java +++ b/corba/src/share/classes/com/sun/corba/se/spi/orb/ORB.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -97,8 +97,8 @@ import com.sun.corba.se.impl.logging.OMGSystemException ; import com.sun.corba.se.impl.presentation.rmi.PresentationManagerImpl ; -import com.sun.corba.se.impl.orbutil.ORBClassLoader ; import sun.awt.AppContext; +import sun.corba.SharedSecrets; public abstract class ORB extends com.sun.corba.se.org.omg.CORBA.ORB implements Broker, TypeCodeFactory @@ -201,7 +201,7 @@ public abstract class ORB extends com.sun.corba.se.org.omg.CORBA.ORB try { // First try the configured class name, if any - Class cls = ORBClassLoader.loadClass( className ) ; + Class cls = SharedSecrets.getJavaCorbaAccess().loadClass( className ) ; sff = (PresentationManager.StubFactoryFactory)cls.newInstance() ; } catch (Exception exc) { // Use the default. Log the error as a warning. diff --git a/corba/src/share/classes/com/sun/corba/se/spi/orb/OperationFactory.java b/corba/src/share/classes/com/sun/corba/se/spi/orb/OperationFactory.java index eb81eb56be0..d84523b0fd9 100644 --- a/corba/src/share/classes/com/sun/corba/se/spi/orb/OperationFactory.java +++ b/corba/src/share/classes/com/sun/corba/se/spi/orb/OperationFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,9 +35,10 @@ import java.net.MalformedURLException ; import com.sun.corba.se.spi.logging.CORBALogDomains ; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; -import com.sun.corba.se.impl.orbutil.ORBClassLoader ; import com.sun.corba.se.impl.orbutil.ObjectUtility ; +import sun.corba.SharedSecrets; + /** This is a static factory class for commonly used operations * for property parsing. The following operations are supported: *