6633872: Policy/PolicyFile leak dynamic ProtectionDomains
Reviewed-by: hawtin
This commit is contained in:
Sean Mullan
parent
309744138c
commit
e06b29685a
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -28,19 +28,17 @@ package java.security;
|
||||
|
||||
import java.io.*;
|
||||
import java.lang.RuntimePermission;
|
||||
import java.lang.reflect.*;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Hashtable;
|
||||
import java.util.Vector;
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.PropertyPermission;
|
||||
|
||||
import java.lang.reflect.*;
|
||||
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.Vector;
|
||||
import java.util.WeakHashMap;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.jca.GetInstance;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.SecurityConstants;
|
||||
|
||||
|
||||
@ -113,8 +111,8 @@ public abstract class Policy {
|
||||
|
||||
private static final Debug debug = Debug.getInstance("policy");
|
||||
|
||||
// Cache mapping ProtectionDomain to PermissionCollection
|
||||
private WeakHashMap<ProtectionDomain, PermissionCollection> pdMapping;
|
||||
// Cache mapping ProtectionDomain.Key to PermissionCollection
|
||||
private WeakHashMap<ProtectionDomain.Key, PermissionCollection> pdMapping;
|
||||
|
||||
/** package private for AccessControlContext */
|
||||
static boolean isSet()
|
||||
@ -307,7 +305,7 @@ public abstract class Policy {
|
||||
synchronized (p) {
|
||||
if (p.pdMapping == null) {
|
||||
p.pdMapping =
|
||||
new WeakHashMap<ProtectionDomain, PermissionCollection>();
|
||||
new WeakHashMap<ProtectionDomain.Key, PermissionCollection>();
|
||||
}
|
||||
}
|
||||
|
||||
@ -323,7 +321,7 @@ public abstract class Policy {
|
||||
|
||||
synchronized (p.pdMapping) {
|
||||
// cache of pd to permissions
|
||||
p.pdMapping.put(policyDomain, policyPerms);
|
||||
p.pdMapping.put(policyDomain.key, policyPerms);
|
||||
}
|
||||
}
|
||||
return;
|
||||
@ -638,7 +636,7 @@ public abstract class Policy {
|
||||
}
|
||||
|
||||
synchronized (pdMapping) {
|
||||
pc = pdMapping.get(domain);
|
||||
pc = pdMapping.get(domain.key);
|
||||
}
|
||||
|
||||
if (pc != null) {
|
||||
@ -697,7 +695,7 @@ public abstract class Policy {
|
||||
}
|
||||
|
||||
synchronized (pdMapping) {
|
||||
pc = pdMapping.get(domain);
|
||||
pc = pdMapping.get(domain.key);
|
||||
}
|
||||
|
||||
if (pc != null) {
|
||||
@ -711,7 +709,7 @@ public abstract class Policy {
|
||||
|
||||
synchronized (pdMapping) {
|
||||
// cache it
|
||||
pdMapping.put(domain, pc);
|
||||
pdMapping.put(domain.key, pc);
|
||||
}
|
||||
|
||||
return pc.implies(permission);
|
||||
@ -747,21 +745,25 @@ public abstract class Policy {
|
||||
this.params = params;
|
||||
}
|
||||
|
||||
public String getType() { return type; }
|
||||
@Override public String getType() { return type; }
|
||||
|
||||
public Policy.Parameters getParameters() { return params; }
|
||||
@Override public Policy.Parameters getParameters() { return params; }
|
||||
|
||||
public Provider getProvider() { return p; }
|
||||
@Override public Provider getProvider() { return p; }
|
||||
|
||||
@Override
|
||||
public PermissionCollection getPermissions(CodeSource codesource) {
|
||||
return spi.engineGetPermissions(codesource);
|
||||
}
|
||||
@Override
|
||||
public PermissionCollection getPermissions(ProtectionDomain domain) {
|
||||
return spi.engineGetPermissions(domain);
|
||||
}
|
||||
@Override
|
||||
public boolean implies(ProtectionDomain domain, Permission perm) {
|
||||
return spi.engineImplies(domain, perm);
|
||||
}
|
||||
@Override
|
||||
public void refresh() {
|
||||
spi.engineRefresh();
|
||||
}
|
||||
@ -803,7 +805,7 @@ public abstract class Policy {
|
||||
* @exception SecurityException - if this PermissionCollection object
|
||||
* has been marked readonly
|
||||
*/
|
||||
public void add(Permission permission) {
|
||||
@Override public void add(Permission permission) {
|
||||
perms.add(permission);
|
||||
}
|
||||
|
||||
@ -816,7 +818,7 @@ public abstract class Policy {
|
||||
* @return true if "permission" is implied by the permissions in
|
||||
* the collection, false if not.
|
||||
*/
|
||||
public boolean implies(Permission permission) {
|
||||
@Override public boolean implies(Permission permission) {
|
||||
return perms.implies(permission);
|
||||
}
|
||||
|
||||
@ -826,7 +828,7 @@ public abstract class Policy {
|
||||
*
|
||||
* @return an enumeration of all the Permissions.
|
||||
*/
|
||||
public Enumeration<Permission> elements() {
|
||||
@Override public Enumeration<Permission> elements() {
|
||||
return perms.elements();
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,9 +25,15 @@
|
||||
|
||||
package java.security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Enumeration;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Map;
|
||||
import java.util.WeakHashMap;
|
||||
import sun.misc.JavaSecurityProtectionDomainAccess;
|
||||
import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
|
||||
import sun.misc.SharedSecrets;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.SecurityConstants;
|
||||
|
||||
@ -72,6 +78,11 @@ public class ProtectionDomain {
|
||||
or dynamic (via a policy refresh) */
|
||||
private boolean staticPermissions;
|
||||
|
||||
/*
|
||||
* An object used as a key when the ProtectionDomain is stored in a Map.
|
||||
*/
|
||||
final Key key = new Key();
|
||||
|
||||
private static final Debug debug = Debug.getInstance("domain");
|
||||
|
||||
/**
|
||||
@ -238,7 +249,7 @@ public class ProtectionDomain {
|
||||
/**
|
||||
* Convert a ProtectionDomain to a String.
|
||||
*/
|
||||
public String toString() {
|
||||
@Override public String toString() {
|
||||
String pals = "<no principals>";
|
||||
if (principals != null && principals.length > 0) {
|
||||
StringBuilder palBuf = new StringBuilder("(principals ");
|
||||
@ -396,4 +407,29 @@ public class ProtectionDomain {
|
||||
|
||||
return mergedPerms;
|
||||
}
|
||||
|
||||
/**
|
||||
* Used for storing ProtectionDomains as keys in a Map.
|
||||
*/
|
||||
final class Key {}
|
||||
|
||||
static {
|
||||
SharedSecrets.setJavaSecurityProtectionDomainAccess(
|
||||
new JavaSecurityProtectionDomainAccess() {
|
||||
public ProtectionDomainCache getProtectionDomainCache() {
|
||||
return new ProtectionDomainCache() {
|
||||
private final Map<Key, PermissionCollection> map =
|
||||
Collections.synchronizedMap
|
||||
(new WeakHashMap<Key, PermissionCollection>());
|
||||
public void put(ProtectionDomain pd,
|
||||
PermissionCollection pc) {
|
||||
map.put((pd == null ? null : pd.key), pc);
|
||||
}
|
||||
public PermissionCollection get(ProtectionDomain pd) {
|
||||
return pd == null ? map.get(null) : map.get(pd.key);
|
||||
}
|
||||
};
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Sun designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Sun in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
package sun.misc;
|
||||
|
||||
import java.security.PermissionCollection;
|
||||
import java.security.ProtectionDomain;
|
||||
|
||||
public interface JavaSecurityProtectionDomainAccess {
|
||||
interface ProtectionDomainCache {
|
||||
void put(ProtectionDomain pd, PermissionCollection pc);
|
||||
PermissionCollection get(ProtectionDomain pd);
|
||||
}
|
||||
/**
|
||||
* Returns the ProtectionDomainCache.
|
||||
*/
|
||||
ProtectionDomainCache getProtectionDomainCache();
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -47,6 +47,7 @@ public class SharedSecrets {
|
||||
private static JavaNetAccess javaNetAccess;
|
||||
private static JavaNioAccess javaNioAccess;
|
||||
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
|
||||
private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
|
||||
|
||||
public static JavaUtilJarAccess javaUtilJarAccess() {
|
||||
if (javaUtilJarAccess == null) {
|
||||
@ -113,4 +114,13 @@ public class SharedSecrets {
|
||||
return javaIOFileDescriptorAccess;
|
||||
}
|
||||
|
||||
public static void setJavaSecurityProtectionDomainAccess
|
||||
(JavaSecurityProtectionDomainAccess jspda) {
|
||||
javaSecurityProtectionDomainAccess = jspda;
|
||||
}
|
||||
|
||||
public static JavaSecurityProtectionDomainAccess
|
||||
getJavaSecurityProtectionDomainAccess() {
|
||||
return javaSecurityProtectionDomainAccess;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -65,6 +65,9 @@ import java.lang.reflect.ReflectPermission;
|
||||
import javax.sound.sampled.AudioPermission;
|
||||
import javax.net.ssl.SSLPermission;
|
||||
*/
|
||||
import sun.misc.JavaSecurityProtectionDomainAccess;
|
||||
import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
|
||||
import sun.misc.SharedSecrets;
|
||||
import sun.security.util.Password;
|
||||
import sun.security.util.PolicyUtil;
|
||||
import sun.security.util.PropertyExpander;
|
||||
@ -1105,7 +1108,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
/**
|
||||
* Refreshes the policy object by re-reading all the policy files.
|
||||
*/
|
||||
public void refresh() {
|
||||
@Override public void refresh() {
|
||||
init(url);
|
||||
}
|
||||
|
||||
@ -1122,9 +1125,10 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @see java.security.ProtectionDomain
|
||||
*/
|
||||
@Override
|
||||
public boolean implies(ProtectionDomain pd, Permission p) {
|
||||
PolicyInfo pi = policyInfo.get();
|
||||
Map<ProtectionDomain, PermissionCollection> pdMap = pi.getPdMapping();
|
||||
ProtectionDomainCache pdMap = pi.getPdMapping();
|
||||
|
||||
PermissionCollection pc = pdMap.get(pd);
|
||||
|
||||
@ -1170,6 +1174,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
* @return the Permissions granted to the provided
|
||||
* <code>ProtectionDomain</code>.
|
||||
*/
|
||||
@Override
|
||||
public PermissionCollection getPermissions(ProtectionDomain domain) {
|
||||
Permissions perms = new Permissions();
|
||||
|
||||
@ -1205,6 +1210,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @return the set of permissions according to the policy.
|
||||
*/
|
||||
@Override
|
||||
public PermissionCollection getPermissions(CodeSource codesource) {
|
||||
return getPermissions(new Permissions(), codesource);
|
||||
}
|
||||
@ -2198,7 +2204,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
return codesource;
|
||||
}
|
||||
|
||||
public String toString(){
|
||||
@Override public String toString(){
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append(ResourcesMgr.getString("("));
|
||||
sb.append(getCodeSource());
|
||||
@ -2334,7 +2340,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @return false.
|
||||
*/
|
||||
public boolean implies(Permission p) {
|
||||
@Override public boolean implies(Permission p) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -2351,7 +2357,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
* type (class) name, permission name, actions, and
|
||||
* certificates as this object.
|
||||
*/
|
||||
public boolean equals(Object obj) {
|
||||
@Override public boolean equals(Object obj) {
|
||||
if (obj == this)
|
||||
return true;
|
||||
|
||||
@ -2399,7 +2405,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @return a hash code value for this object.
|
||||
*/
|
||||
public int hashCode() {
|
||||
@Override public int hashCode() {
|
||||
int hash = type.hashCode();
|
||||
if (name != null)
|
||||
hash ^= name.hashCode();
|
||||
@ -2418,7 +2424,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @return the empty string "".
|
||||
*/
|
||||
public String getActions() {
|
||||
@Override public String getActions() {
|
||||
return "";
|
||||
}
|
||||
|
||||
@ -2445,7 +2451,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
*
|
||||
* @return information about this SelfPermission.
|
||||
*/
|
||||
public String toString() {
|
||||
@Override public String toString() {
|
||||
return "(SelfPermission " + type + " " + name + " " + actions + ")";
|
||||
}
|
||||
}
|
||||
@ -2467,7 +2473,7 @@ public class PolicyFile extends java.security.Policy {
|
||||
final Map aliasMapping;
|
||||
|
||||
// Maps ProtectionDomain to PermissionCollection
|
||||
private final Map<ProtectionDomain, PermissionCollection>[] pdMapping;
|
||||
private final ProtectionDomainCache[] pdMapping;
|
||||
private java.util.Random random;
|
||||
|
||||
PolicyInfo(int numCaches) {
|
||||
@ -2476,16 +2482,17 @@ public class PolicyFile extends java.security.Policy {
|
||||
Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
|
||||
aliasMapping = Collections.synchronizedMap(new HashMap(11));
|
||||
|
||||
pdMapping = new Map[numCaches];
|
||||
pdMapping = new ProtectionDomainCache[numCaches];
|
||||
JavaSecurityProtectionDomainAccess jspda
|
||||
= SharedSecrets.getJavaSecurityProtectionDomainAccess();
|
||||
for (int i = 0; i < numCaches; i++) {
|
||||
pdMapping[i] = Collections.synchronizedMap
|
||||
(new WeakHashMap<ProtectionDomain, PermissionCollection>());
|
||||
pdMapping[i] = jspda.getProtectionDomainCache();
|
||||
}
|
||||
if (numCaches > 1) {
|
||||
random = new java.util.Random();
|
||||
}
|
||||
}
|
||||
Map<ProtectionDomain, PermissionCollection> getPdMapping() {
|
||||
ProtectionDomainCache getPdMapping() {
|
||||
if (pdMapping.length == 1) {
|
||||
return pdMapping[0];
|
||||
} else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user