stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8009559: clean up method handle lookup code

Browse Source 
Reviewed-by: ahgross, jlaskey, attila, sundar
This commit is contained in:
Athijegannathan Sundararajan 2013-03-09 21:49:32 +05:30
parent 4f3800def1
commit d9cd2f6ad3
52 changed files with 680 additions and 351 deletions

2
nashorn/buildtools/nasgen/src/jdk/nashorn/internal/tools/nasgen/StringConstants.java

@ -28,12 +28,12 @@ package jdk.nashorn.internal.tools.nasgen;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Method;
import jdk.internal.org.objectweb.asm.Type;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.objects.PrototypeObject;
import jdk.nashorn.internal.objects.ScriptFunctionImpl;
import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.linker.Lookup;
/**
* String constants used for code generation/instrumentation.

2
nashorn/make/java.security.override

@ -11,4 +11,4 @@
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,jdk.internal.,jdk.nashorn.internal.ir., jdk.nashorn.internal.codegen., jdk.nashorn.internal.parser.
package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,jdk.internal.,jdk.nashorn.internal.ir., jdk.nashorn.internal.codegen., jdk.nashorn.internal.lookup., jdk.nashorn.internal.parser.

47
nashorn/src/jdk/internal/dynalink/beans/CheckRestrictedPackage.java

@ -84,26 +84,55 @@
package jdk.internal.dynalink.beans;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
/**
* A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc. See
* {@link CheckRestrictedPackageInternal} for implementation details.
* A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc.
*/
class CheckRestrictedPackage {
private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext();
/**
* Returns true if the class is either not public, or it resides in a package with restricted access.
* @param clazz the class to test
* @return true if the class is either not public, or it resides in a package with restricted access.
*/
static boolean isRestrictedClass(Class<?> clazz) {
return !Modifier.isPublic(clazz.getModifiers()) ||
(System.getSecurityManager() != null && isRestrictedPackage(clazz.getPackage()));
if(!Modifier.isPublic(clazz.getModifiers())) {
// Non-public classes are always restricted
return true;
}
final SecurityManager sm = System.getSecurityManager();
if(sm == null) {
// No further restrictions if we don't have a security manager
return false;
}
final String name = clazz.getName();
final int i = name.lastIndexOf('.');
if (i == -1) {
// Classes in default package are never restricted
return false;
}
// Do a package access check from within an access control context with no permissions
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, NO_PERMISSIONS_CONTEXT);
} catch(SecurityException e) {
return true;
}
return false;
}
private static boolean isRestrictedPackage(Package pkg) {
// Note: we broke out the actual implementation into CheckRestrictedPackageInternal, so we only load it when
// needed - that is, if we need to check a non-public class with a non-null package, in presence of a security
// manager.
return pkg == null ? false : CheckRestrictedPackageInternal.isRestrictedPackageName(pkg.getName());
private static AccessControlContext createNoPermissionsContext() {
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
}
}

252
nashorn/src/jdk/internal/dynalink/beans/CheckRestrictedPackageInternal.java

@ -1,252 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.SecureClassLoader;
/**
* A utility class to check whether a given class is in a package with restricted access e.g. "sun.*". These packages
* are normally listed in the security property "package.access" for most JRE implementations, although we fortunately
* don't rely on it but solely on {@link SecurityManager#checkPackageAccess(String)}).
*
* This class accomplishes the check in a fashion that works reliably even if Dynalink itself (and all the code on the
* stack that led to the invocation) has the permission to access the restricted package.
*
* If Dynalink has a broad set of privileges (notably, it is loaded from boot or extension class path), then it loads
* the {@link RestrictedPackageTester} class into a isolated secure class loader that gives it no permissions
* whatsoever, and uses this completely unprivileged class to subsequently invoke
* {@link SecurityManager#checkPackageAccess(String)}. This will reliably throw a {@link SecurityException} for every
* restricted package even if Dynalink and other code on the stack have the requisite {@code "accessClassInPackage.*"}
* {@link RuntimePermission} privilege.
*
* On the other hand, if Dynalink does not have a broad set of privileges normally granted by the boot or extension
* class path, it will probably lack the privilege to create a new secure class loader into which to load the tester
* class. In this case, it will invoke {@link SecurityManager#checkPackageAccess(String)} itself with the reasoning that
* it will also be sufficient to discover whether a package is restricted or not.
*
* The rationale for this design is that if Dynalink is running as part of a privileged classpath - boot or extension
* class path, it will have all privileges, so a security manager's package access check might succeed if all other code
* on the stack when requesting linking with a particular restricted class is also privileged. A subsequent linking
* request from less privileged code would then also succeed in requesting methods in privileged package. On the other
* hand, if Dynalink is privileged, it will be able to delegate the package access check to the unprivileged class and
* narrow the access based on its result. Finally, if Dynalink itself is unprivileged, it will not be able to load the
* unprivileged class, but then it will also fail the security manager's package access.
*
* With this design, Dynalink effectively restrains itself from giving unauthorized access to restricted packages from
* classes doing the linking in case it itself has access to those packages. The only way to defeat it would be to
* selectively give Dynalink some {@code "accessClassInPackage.*"} permissions while denying it the privilege to
* manipulate class loaders.
*/
class CheckRestrictedPackageInternal {
private static final MethodHandle PACKAGE_ACCESS_CHECK = getPackageAccessCheckMethod();
private static final String TESTER_CLASS_NAME = "jdk.internal.dynalink.beans.RestrictedPackageTester";
/**
* Returns true if the specified package has restricted access.
* @param pkgName the name of the package to check.
* @return true if the specified package has restricted access, false otherwise.
* @throws NullPointerException if pkgName is null, or if there is {@link System#getSecurityManager()} returns null
* as this method is only expected to be invoked in the presence of a security manager.
*/
static boolean isRestrictedPackageName(String pkgName) {
try {
if(PACKAGE_ACCESS_CHECK != null) {
// If we were able to load our unprivileged tester class, use it to check package access
try {
PACKAGE_ACCESS_CHECK.invokeExact(pkgName);
} catch(Error|RuntimeException e) {
throw e;
} catch(Throwable t) {
throw new RuntimeException(t);
}
} else {
// If we didn't have sufficient permissions to load our unprivileged tester class, we're definitely not
// running in a privileged class path, so invoking SecurityManager.checkPackageAccess() directly should
// have the same effect as going through an unprivileged tester.
System.getSecurityManager().checkPackageAccess(pkgName);
}
return false;
} catch(SecurityException e) {
return true;
}
}
private static MethodHandle getPackageAccessCheckMethod() {
try {
return AccessController.doPrivileged(new PrivilegedAction<MethodHandle>() {
@Override
public MethodHandle run() {
return getPackageAccessCheckMethodInternal();
}
});
} catch(SecurityException e) {
// We don't have sufficient privileges to load our tester class into a separate protection domain, so just
// return null so isRestrictedPackageName() will default to itself invoking
// SecurityManager.checkPackageAccess().
return null;
}
}
static MethodHandle getPackageAccessCheckMethodInternal() {
try {
// Can't use MethodHandles.lookup().findStatic() -- even though both this class and the loaded class are in
// the same package, findStatic() will throw an IllegalAccessException since they have different class
// loaders. That's why we have to use unreflect with a setAccessible(true)...
final Method m = getTesterClass().getDeclaredMethod("checkPackageAccess", String.class);
m.setAccessible(true);
return MethodHandles.lookup().unreflect(m);
} catch(IllegalAccessException|NoSuchMethodException e) {
throw new AssertionError(e);
}
}
private static Class<?> getTesterClass() {
final ClassLoader loader = getTesterClassLoader();
try {
final Class<?> checkerClass = Class.forName(TESTER_CLASS_NAME, true, loader);
// Sanity check to ensure we didn't accidentally pick up the class from elsewhere
if(checkerClass.getClassLoader() != loader) {
throw new AssertionError(TESTER_CLASS_NAME + " was loaded from a different class loader");
}
return checkerClass;
} catch(ClassNotFoundException e) {
throw new AssertionError(e);
}
}
private static ClassLoader getTesterClassLoader() {
// We deliberately override loadClass instead of findClass so that we don't give a chance to finding this
// class already loaded anywhere else. Not that there's a big possibility for this, especially since the parent
// class loader is the bootstrap class loader, but still...
return new SecureClassLoader(null) {
@Override
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
if(name.equals(TESTER_CLASS_NAME)) {
final byte[] bytes = getTesterClassBytes();
// Define the class with a protection domain that grants no permissions.
Class<?> clazz = defineClass(name, bytes, 0, bytes.length, new ProtectionDomain(null,
new Permissions()));
if(resolve) {
resolveClass(clazz);
}
return clazz;
}
return super.loadClass(name, resolve);
}
};
}
static byte[] getTesterClassBytes() {
try {
final InputStream in = CheckRestrictedPackage.class.getResourceAsStream("RestrictedPackageTester.class");
try {
final ByteArrayOutputStream out = new ByteArrayOutputStream(2048);
for(;;) {
final int b = in.read();
if(b == -1) {
break;
}
out.write(b);
}
return out.toByteArray();
} finally {
in.close();
}
} catch(IOException e) {
throw new RuntimeException(e);
}
}
}

7
nashorn/src/jdk/internal/dynalink/beans/FacetIntrospector.java

@ -92,7 +92,6 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import jdk.internal.dynalink.support.Lookup;
/**
* Base for classes that expose class field and method information to an {@link AbstractJavaLinker}. There are
@ -161,15 +160,15 @@ abstract class FacetIntrospector {
MethodHandle unreflectGetter(Field field) {
return editMethodHandle(Lookup.PUBLIC.unreflectGetter(field));
return editMethodHandle(SafeUnreflector.unreflectGetter(field));
}
MethodHandle unreflectSetter(Field field) {
return editMethodHandle(Lookup.PUBLIC.unreflectSetter(field));
return editMethodHandle(SafeUnreflector.unreflectSetter(field));
}
MethodHandle unreflect(Method method) {
return editMethodHandle(Lookup.PUBLIC.unreflect(method));
return editMethodHandle(SafeUnreflector.unreflect(method));
}
/**

156
nashorn/src/jdk/internal/dynalink/beans/SafeUnreflector.java Normal file

@ -0,0 +1,156 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import jdk.internal.dynalink.beans.sandbox.Unreflector;
/**
* Provides lookup of unreflected method handles through delegation to an instance of {@link SafeUnreflectorImpl}. If
* Dynalink is run as trusted code, the delegate class is loaded into an isolated zero-permissions protection domain,
* serving as a firebreak against an accidental privilege escalation downstream.
*/
final class SafeUnreflector {
private static final String UNREFLECTOR_IMPL_CLASS_NAME = "jdk.internal.dynalink.beans.SafeUnreflectorImpl";
private static final Unreflector impl = createImpl();
private SafeUnreflector() {
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflect(Method)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param m the method to unreflect
* @return the unreflected method handle.
*/
static MethodHandle unreflect(Method m) {
return impl.unreflect(m);
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflectGetter(Field)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a getter is unreflected
* @return the unreflected field getter handle.
*/
static MethodHandle unreflectGetter(Field f) {
return impl.unreflectGetter(f);
}
/**
* Performs a {@link java.lang.invoke.MethodHandles.Lookup#unreflectSetter(Field)}, converting any encountered
* {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a setter is unreflected
* @return the unreflected field setter handle.
*/
static MethodHandle unreflectSetter(Field f) {
return impl.unreflectSetter(f);
}
static MethodHandle unreflectConstructor(Constructor<?> c) {
return impl.unreflectConstructor(c);
}
private static Unreflector createImpl() {
final Class<?> unreflectorImplClass = AccessController.doPrivileged(new PrivilegedAction<Class<?>>() {
@Override
public Class<?> run() {
return SandboxClassLoader.loadClass(UNREFLECTOR_IMPL_CLASS_NAME);
}
});
try {
return (Unreflector)unreflectorImplClass.newInstance();
} catch(InstantiationException | IllegalAccessException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
}

146
nashorn/src/jdk/internal/dynalink/beans/SafeUnreflectorImpl.java Normal file

@ -0,0 +1,146 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import jdk.internal.dynalink.beans.sandbox.Unreflector;
/**
* Performs lookup of unreflected method handles by delegating to {@link MethodHandles#lookup()} using itself as the
* lookup class. When Dynalink runs as trusted code, this class is loaded into an isolated zero-permissions protection
* domain to stop any accidental privilege escalation.
*/
final class SafeUnreflectorImpl implements Unreflector {
SafeUnreflectorImpl() {
}
@Override
public MethodHandle unreflect(Method m) {
try {
return MethodHandles.lookup().unreflect(m);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect method " + m);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectGetter(Field f) {
try {
return MethodHandles.lookup().unreflectGetter(f);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect getter for field " + f);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectSetter(Field f) {
try {
return MethodHandles.lookup().unreflectSetter(f);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect setter for field " + f);
ee.initCause(e);
throw ee;
}
}
@Override
public MethodHandle unreflectConstructor(Constructor<?> c) {
try {
return MethodHandles.lookup().unreflectConstructor(c);
} catch(IllegalAccessException e) {
final IllegalAccessError ee = new IllegalAccessError("Failed to unreflect constructor " + c);
ee.initCause(e);
throw ee;
}
}
}

228
nashorn/src/jdk/internal/dynalink/beans/SandboxClassLoader.java Normal file

@ -0,0 +1,228 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PUBLIC;
import static jdk.internal.org.objectweb.asm.Opcodes.ASM4;
import java.io.IOException;
import java.io.InputStream;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.SecureClassLoader;
import java.security.SecureRandom;
import jdk.internal.org.objectweb.asm.ClassReader;
import jdk.internal.org.objectweb.asm.ClassVisitor;
import jdk.internal.org.objectweb.asm.ClassWriter;
import jdk.internal.org.objectweb.asm.MethodVisitor;
/**
* A utility class that can load a class with specified name into an isolated zero-permissions protection domain. It can
* be used to load classes that perform security-sensitive operations with no privileges at all, therefore ensuring such
* operations will only succeed if they would require no permissions, as well as to make sure that if these operations
* bind some part of the security execution context to their results, the bound security context is completely
* unprivileged. Such measures serve as firebreaks against accidental privilege escalation.
*/
final class SandboxClassLoader {
private final String className;
private final String randomizedClassName;
private SandboxClassLoader(String className) {
this.className = className;
final String simpleClassName = className.substring(className.lastIndexOf('.') + 1);
this.randomizedClassName = "randomPackage" + Long.toHexString(new SecureRandom().nextLong()) + "." + simpleClassName;
}
/**
* Load the named class into a zero-permissions protection domain. Even if the class is already loaded into the
* Dynalink's class loader, an independent class is created from the same bytecode, thus the returned class will
* never be identical with the one that might already be loaded. The class to be loaded is supposed to be package
* private and have no public constructors. This is not a functional requirement, but it is enforced to ensure that
* the original class was made adequately inaccessible. The returned class will be public and its constructors will
* be changed to public. The only permission given to the returned class will be
* {@code accessClassInPackage.jdk.internal.dynalink.beans.sandbox}. That package should be used solely to define
* SPI interfaces implemented by the loaded class.
* @param className the fully qualified name of the class to load
* @return the loaded class, renamed to a random package, made public, its constructors made public, and lacking any
* permissions except access to the sandbox package.
* @throws SecurityException if the calling code lacks the {@code createClassLoader} runtime permission. This
* normally means that Dynalink itself is running as untrusted code, and whatever functionality was meant to be
* isolated into an unprivileged class is likely okay to be used directly too.
*/
static Class<?> loadClass(String className) throws SecurityException {
return new SandboxClassLoader(className).loadClass();
}
private Class<?> loadClass() throws SecurityException {
final ClassLoader loader = createClassLoader();
try {
final Class<?> clazz = Class.forName(randomizedClassName, true, loader);
// Sanity check to ensure we didn't accidentally pick up the class from elsewhere
if(clazz.getClassLoader() != loader) {
throw new AssertionError(randomizedClassName + " was loaded from a different class loader");
}
return clazz;
} catch(ClassNotFoundException e) {
throw new AssertionError(e);
}
}
private ClassLoader createClassLoader() throws SecurityException {
final String lclassName = this.randomizedClassName;
// We deliberately override loadClass instead of findClass so that we don't give a chance to finding this
// class already loaded anywhere else. We use this class' loader as the parent class loader as the loaded class
// needs to be able to access implemented interfaces from the sandbox package.
return new SecureClassLoader(getClass().getClassLoader()) {
@Override
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
if(name.equals(lclassName)) {
final byte[] bytes = getClassBytes();
// Define the class with a protection domain that grants (almost) no permissions.
Class<?> clazz = defineClass(name, bytes, 0, bytes.length, createMinimalPermissionsDomain());
if(resolve) {
resolveClass(clazz);
}
return clazz;
}
final int i = name.lastIndexOf('.');
if (i != -1) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPackageAccess(name.substring(0, i));
}
}
return super.loadClass(name, resolve);
}
};
}
/**
* Create a no-permissions protection domain. Except, it's not really a no-permissions protection domain, since we
* need to give the protection domain the permission to access the sandbox package where the interop interfaces are
* defined.
* @return a new (almost) no-permission protection domain.
*/
private static ProtectionDomain createMinimalPermissionsDomain() {
final Permissions p = new Permissions();
p.add(new RuntimePermission("accessClassInPackage.jdk.internal.dynalink.beans.sandbox"));
return new ProtectionDomain(null, p);
}
private byte[] getClassBytes() {
try(final InputStream in = getClass().getResourceAsStream("/" + className.replace('.', '/') + ".class")) {
final ClassReader cr = new ClassReader(in);
final ClassWriter cw = new ClassWriter(cr, 0);
cr.accept(new ClassVisitor(ASM4, cw) {
@Override
public void visit(int version, int access, String name, String signature, String superName,
String[] interfaces) {
// Rename the class to its random name, and make it public (otherwise we won't be able to
// instantiate it). The privileged template class is package-private.
if((access & ACC_PUBLIC) != 0) {
throw new IllegalArgumentException("Class " + className + " must be package-private");
}
super.visit(version, access | ACC_PUBLIC, randomizedClassName.replace('.', '/'),
signature, superName, interfaces);
}
@Override
public MethodVisitor visitMethod(int access, String name, String desc, String signature,
String[] exceptions) {
// Make the constructor(s) public (otherwise we won't be able to instantiate the class). The
// privileged template's constructor(s) should not be public.
final boolean isCtor = "<init>".equals(name);
if(isCtor && ((access & ACC_PUBLIC) != 0)) {
throw new IllegalArgumentException("Class " + className + " must have no public constructors");
}
return super.visitMethod(isCtor ? (access | ACC_PUBLIC) : access, name, desc, signature,
exceptions);
}
}, 0);
return cw.toByteArray();
} catch(IOException e) {
throw new RuntimeException(e);
}
}
}

2
nashorn/src/jdk/internal/dynalink/beans/StaticClassLinker.java

@ -138,7 +138,7 @@ class StaticClassLinker implements TypeBasedGuardingDynamicLinker {
final Constructor<?>[] ctrs = clazz.getConstructors();
final List<MethodHandle> mhs = new ArrayList<>(ctrs.length);
for(int i = 0; i < ctrs.length; ++i) {
mhs.add(drop(Lookup.PUBLIC.unreflectConstructor(ctrs[i])));
mhs.add(drop(SafeUnreflector.unreflectConstructor(ctrs[i])));
}
return createDynamicMethod(mhs, clazz, "<init>");
}

61
nashorn/src/jdk/internal/dynalink/beans/RestrictedPackageTester.java → nashorn/src/jdk/internal/dynalink/beans/sandbox/Unreflector.java

@ -81,33 +81,52 @@
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink.beans;
package jdk.internal.dynalink.beans.sandbox;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
/**
* This class is never referenced directly from code of any other class, but is loaded into a secure class loader that
* gives it no permissions whatsoever, so it can be used to reliably test whether a given package has restricted access
* or not. See {@link CheckRestrictedPackageInternal} for details.
* @author Attila Szegedi
* @version $Id: $
* Interface for creating unreflected method handles. This class is public for implementation purposes and is not part
* of any supported API.
*/
class RestrictedPackageTester implements PrivilegedAction<Void> {
public interface Unreflector {
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflect(Method)} for some lookup object,
* also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param m the method to unreflect
* @return the unreflected method handle.
*/
public MethodHandle unreflect(Method m);
private final String pkgName;
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectGetter(Field)} for some lookup
* object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a getter is unreflected
* @return the unreflected field getter handle.
*/
public MethodHandle unreflectGetter(Field f);
private RestrictedPackageTester(String pkgName) {
this.pkgName = pkgName;
}
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectSetter(Field)} for some lookup
* object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param f the field for which a setter is unreflected
* @return the unreflected field setter handle.
*/
public MethodHandle unreflectSetter(Field f);
static void checkPackageAccess(String pkgName) {
AccessController.doPrivileged(new RestrictedPackageTester(pkgName));
}
/**
* Performs similarly to {@link java.lang.invoke.MethodHandles.Lookup#unreflectConstructor(Constructor)} for some
* lookup object, also converting any encountered {@link IllegalAccessException} into an {@link IllegalAccessError}.
*
* @param c the constructor to unreflect
* @return the unreflected constructor handle.
*/
public MethodHandle unreflectConstructor(Constructor<?> c);
@Override
public Void run() {
System.getSecurityManager().checkPackageAccess(pkgName);
return null;
}
}

2
nashorn/src/jdk/nashorn/internal/codegen/CompilerConstants.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.codegen;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

2
nashorn/src/jdk/nashorn/internal/codegen/FunctionSignature.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.codegen;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodType;
import java.util.ArrayList;

2
nashorn/src/jdk/nashorn/internal/codegen/ObjectClassGenerator.java

@ -34,7 +34,7 @@ import static jdk.nashorn.internal.codegen.CompilerConstants.JS_OBJECT_PREFIX;
import static jdk.nashorn.internal.codegen.CompilerConstants.MAP;
import static jdk.nashorn.internal.codegen.CompilerConstants.className;
import static jdk.nashorn.internal.codegen.CompilerConstants.constructorNoLookup;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

6
nashorn/src/jdk/nashorn/internal/codegen/RuntimeCallSite.java

@ -28,7 +28,7 @@ package jdk.nashorn.internal.codegen;
import static jdk.nashorn.internal.codegen.CompilerConstants.staticCallNoLookup;
import static jdk.nashorn.internal.codegen.types.Type.BOOLEAN;
import static jdk.nashorn.internal.codegen.types.Type.INT;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.CallSite;
import java.lang.invoke.MethodHandle;
@ -43,8 +43,8 @@ import jdk.nashorn.internal.ir.RuntimeNode;
import jdk.nashorn.internal.ir.RuntimeNode.Request;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.linker.Bootstrap;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
/**
* Optimistic call site that assumes its Object arguments to be of a boxed type.

2
nashorn/src/jdk/nashorn/internal/runtime/linker/Lookup.java → nashorn/src/jdk/nashorn/internal/lookup/Lookup.java

@ -23,7 +23,7 @@
* questions.
*/
package jdk.nashorn.internal.runtime.linker;
package jdk.nashorn.internal.lookup;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;

2
nashorn/src/jdk/nashorn/internal/runtime/linker/MethodHandleFactory.java → nashorn/src/jdk/nashorn/internal/lookup/MethodHandleFactory.java

@ -23,7 +23,7 @@
* questions.
*/
package jdk.nashorn.internal.runtime.linker;
package jdk.nashorn.internal.lookup;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;

2
nashorn/src/jdk/nashorn/internal/runtime/linker/MethodHandleFunctionality.java → nashorn/src/jdk/nashorn/internal/lookup/MethodHandleFunctionality.java

@ -23,7 +23,7 @@
* questions.
*/
package jdk.nashorn.internal.runtime.linker;
package jdk.nashorn.internal.lookup;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

2
nashorn/src/jdk/nashorn/internal/objects/Global.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.io.IOException;
import java.io.PrintWriter;

4
nashorn/src/jdk/nashorn/internal/objects/NativeArguments.java

@ -28,7 +28,7 @@ package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.arrays.ArrayIndex.getArrayIndexNoThrow;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -42,7 +42,7 @@ import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.arrays.ArrayData;
import jdk.nashorn.internal.runtime.arrays.ArrayIndex;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* ECMA 10.6 Arguments Object.

4
nashorn/src/jdk/nashorn/internal/objects/NativeBoolean.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -39,7 +39,7 @@ import jdk.nashorn.internal.objects.annotations.ScriptClass;
import jdk.nashorn.internal.runtime.JSType;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.PrimitiveLookup;
/**

2
nashorn/src/jdk/nashorn/internal/objects/NativeError.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

6
nashorn/src/jdk/nashorn/internal/objects/NativeJSAdapter.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -46,8 +46,8 @@ import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.arrays.ArrayLikeIterator;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
/**
* This class is the implementation of the Nashorn-specific global object named {@code JSAdapter}. It can be

4
nashorn/src/jdk/nashorn/internal/objects/NativeNumber.java

@ -30,7 +30,7 @@ import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.JSType.isRepresentableAsInt;
import static jdk.nashorn.internal.runtime.JSType.isRepresentableAsLong;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -47,7 +47,7 @@ import jdk.nashorn.internal.objects.annotations.Where;
import jdk.nashorn.internal.runtime.JSType;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.PrimitiveLookup;
/**

4
nashorn/src/jdk/nashorn/internal/objects/NativeStrictArguments.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -36,7 +36,7 @@ import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.arrays.ArrayData;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* ECMA 10.6 Arguments Object.

4
nashorn/src/jdk/nashorn/internal/objects/NativeString.java

@ -29,7 +29,7 @@ import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.JSType.isRepresentableAsInt;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.arrays.ArrayIndex.getArrayIndexNoThrow;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -55,7 +55,7 @@ import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
import jdk.nashorn.internal.runtime.arrays.ArrayIndex;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.NashornGuards;
import jdk.nashorn.internal.runtime.linker.PrimitiveLookup;

4
nashorn/src/jdk/nashorn/internal/objects/PrototypeObject.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -34,7 +34,7 @@ import jdk.nashorn.internal.runtime.Property;
import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* Instances of this class serve as "prototype" object for script functions.

2
nashorn/src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java

@ -34,7 +34,7 @@ import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptFunctionData;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* Concrete implementation of ScriptFunction. This sets correct map for the

2
nashorn/src/jdk/nashorn/internal/objects/ScriptFunctionTrampolineImpl.java

@ -1,6 +1,6 @@
package jdk.nashorn.internal.objects;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

8
nashorn/src/jdk/nashorn/internal/runtime/AccessorProperty.java

@ -36,16 +36,16 @@ import static jdk.nashorn.internal.codegen.ObjectClassGenerator.createSetter;
import static jdk.nashorn.internal.codegen.ObjectClassGenerator.getAccessorType;
import static jdk.nashorn.internal.codegen.ObjectClassGenerator.getAccessorTypeIndex;
import static jdk.nashorn.internal.codegen.ObjectClassGenerator.getNumberOfAccessorTypes;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.runtime.linker.MethodHandleFactory.stripName;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import static jdk.nashorn.internal.lookup.MethodHandleFactory.stripName;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import jdk.nashorn.internal.codegen.ObjectClassGenerator;
import jdk.nashorn.internal.codegen.types.Type;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
/**
* An AccessorProperty is the most generic property type. An AccessorProperty is

2
nashorn/src/jdk/nashorn/internal/runtime/Context.java

@ -29,7 +29,7 @@ import static jdk.nashorn.internal.codegen.CompilerConstants.RUN_SCRIPT;
import static jdk.nashorn.internal.codegen.CompilerConstants.STRICT_MODE;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.io.File;
import java.io.IOException;

2
nashorn/src/jdk/nashorn/internal/runtime/FindProperty.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import jdk.nashorn.internal.codegen.ObjectClassGenerator;

2
nashorn/src/jdk/nashorn/internal/runtime/GlobalFunctions.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.JSType.digit;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

4
nashorn/src/jdk/nashorn/internal/runtime/ScriptFunction.java

@ -28,7 +28,7 @@ package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.codegen.CompilerConstants.virtualCallNoLookup;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -38,7 +38,7 @@ import jdk.internal.dynalink.linker.GuardedInvocation;
import jdk.internal.dynalink.linker.LinkRequest;
import jdk.nashorn.internal.codegen.CompilerConstants.Call;
import jdk.nashorn.internal.objects.annotations.SpecializedFunction;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.NashornCallSiteDescriptor;
import jdk.nashorn.internal.runtime.linker.NashornGuards;

2
nashorn/src/jdk/nashorn/internal/runtime/ScriptFunctionData.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

6
nashorn/src/jdk/nashorn/internal/runtime/ScriptObject.java

@ -39,7 +39,7 @@ import static jdk.nashorn.internal.runtime.PropertyDescriptor.WRITABLE;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.arrays.ArrayIndex.getArrayIndexNoThrow;
import static jdk.nashorn.internal.runtime.arrays.ArrayIndex.isValidArrayIndex;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -65,8 +65,8 @@ import jdk.nashorn.internal.objects.AccessorPropertyDescriptor;
import jdk.nashorn.internal.objects.DataPropertyDescriptor;
import jdk.nashorn.internal.runtime.arrays.ArrayData;
import jdk.nashorn.internal.runtime.linker.Bootstrap;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.runtime.linker.MethodHandleFactory;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.NashornCallSiteDescriptor;
import jdk.nashorn.internal.runtime.linker.NashornGuards;

2
nashorn/src/jdk/nashorn/internal/runtime/ScriptingFunctions.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.io.BufferedReader;
import java.io.File;

4
nashorn/src/jdk/nashorn/internal/runtime/SetMethodCreator.java

@ -26,13 +26,13 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.ECMAErrors.referenceError;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.linker.GuardedInvocation;
import jdk.nashorn.internal.codegen.ObjectClassGenerator;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
import jdk.nashorn.internal.runtime.linker.NashornCallSiteDescriptor;
import jdk.nashorn.internal.runtime.linker.NashornGuards;

4
nashorn/src/jdk/nashorn/internal/runtime/SpillProperty.java

@ -25,11 +25,11 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* The SpillProperty is a subclass of AccessorProperties. Anything not in the initial property map

2
nashorn/src/jdk/nashorn/internal/runtime/Undefined.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

2
nashorn/src/jdk/nashorn/internal/runtime/UserAccessorProperty.java

@ -26,7 +26,7 @@
package jdk.nashorn.internal.runtime;
import java.lang.invoke.MethodHandle;
import jdk.nashorn.internal.runtime.linker.Lookup;
import jdk.nashorn.internal.lookup.Lookup;
/**
* Property with user defined getters/setters. Actual getter and setter

2
nashorn/src/jdk/nashorn/internal/runtime/WithObject.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.runtime;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

4
nashorn/src/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java

@ -25,6 +25,8 @@
package jdk.nashorn.internal.runtime.linker;
import jdk.nashorn.internal.lookup.MethodHandleFunctionality;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
@ -42,7 +44,7 @@ import netscape.javascript.JSObject;
* A Dynalink linker to handle web browser built-in JS (DOM etc.) objects as well
* as ScriptObjects from other Nashorn contexts.
*/
public final class JSObjectLinker implements TypeBasedGuardingDynamicLinker {
final class JSObjectLinker implements TypeBasedGuardingDynamicLinker {
/**
* Instances of this class are used to represent a method member of a JSObject
*/

2
nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java

@ -41,7 +41,7 @@ import static jdk.internal.org.objectweb.asm.Opcodes.ILOAD;
import static jdk.internal.org.objectweb.asm.Opcodes.ISTORE;
import static jdk.internal.org.objectweb.asm.Opcodes.RETURN;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;

2
nashorn/src/jdk/nashorn/internal/runtime/linker/JavaArgumentConverters.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

3
nashorn/src/jdk/nashorn/internal/runtime/linker/LinkerCallSite.java

@ -25,7 +25,8 @@
package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import jdk.nashorn.internal.lookup.MethodHandleFactory;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;

4
nashorn/src/jdk/nashorn/internal/runtime/linker/NashornBottomLinker.java

@ -27,7 +27,7 @@ package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import jdk.internal.dynalink.CallSiteDescriptor;
@ -46,7 +46,7 @@ import jdk.nashorn.internal.runtime.ScriptRuntime;
* setters for Java objects that couldn't be linked by any other linker, and throw appropriate ECMAScript errors for
* attempts to invoke arbitrary Java objects as functions or constructors.
*/
class NashornBottomLinker implements GuardingDynamicLinker {
final class NashornBottomLinker implements GuardingDynamicLinker {
@Override
public GuardedInvocation getGuardedInvocation(final LinkRequest linkRequest, final LinkerServices linkerServices)

2
nashorn/src/jdk/nashorn/internal/runtime/linker/NashornGuards.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;

4
nashorn/src/jdk/nashorn/internal/runtime/linker/NashornLinker.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -47,7 +47,7 @@ import jdk.nashorn.internal.runtime.Undefined;
* language runtimes by being declared in {@code META-INF/services/jdk.internal.dynalink.linker.GuardingDynamicLinker}
* file of Nashorn's distribution.
*/
public class NashornLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
final class NashornLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
/**
* Returns true if {@code ScriptObject} is assignable from {@code type}, or it is {@code Undefined}.
*/

4
nashorn/src/jdk/nashorn/internal/runtime/linker/NashornPrimitiveLinker.java

@ -25,7 +25,7 @@
package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@ -45,7 +45,7 @@ import jdk.nashorn.internal.runtime.GlobalObject;
* engines. It is used for treatment of strings, boolean, and numbers as JavaScript primitives. Also provides ECMAScript
* primitive type conversions for these types when linking to Java methods.
*/
class NashornPrimitiveLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
final class NashornPrimitiveLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
@Override
public boolean canLinkType(final Class<?> type) {
return canLinkTypeStatic(type);

2
nashorn/src/jdk/nashorn/internal/runtime/linker/NashornStaticClassLinker.java

@ -48,7 +48,7 @@ import jdk.nashorn.internal.runtime.ECMAErrors;
* var r = new Runnable(function() { print("Hello World" })
* </pre>
*/
class NashornStaticClassLinker implements TypeBasedGuardingDynamicLinker {
final class NashornStaticClassLinker implements TypeBasedGuardingDynamicLinker {
private static final GuardingDynamicLinker staticClassLinker = BeansLinker.getLinkerForClass(StaticClass.class);
@Override

3
nashorn/src/jdk/nashorn/internal/runtime/linker/PrimitiveLookup.java

@ -25,7 +25,8 @@
package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.linker.Lookup.MH;
import jdk.nashorn.internal.lookup.Lookup;
import static jdk.nashorn.internal.lookup.Lookup.MH;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;

0
nashorn/test/script/trusted/JDK-8006529.js → nashorn/test/script/currently-failing/JDK-8006529.js