1142 InstanceKlass::cast(k)->set_protection_domain(pd); |
1142 InstanceKlass::cast(k)->set_protection_domain(pd); |
1143 } |
1143 } |
1144 } |
1144 } |
1145 JVM_END |
1145 JVM_END |
1146 |
1146 |
|
1147 static bool is_authorized(Handle context, instanceKlassHandle klass, TRAPS) { |
|
1148 // If there is a security manager and protection domain, check the access |
|
1149 // in the protection domain, otherwise it is authorized. |
|
1150 if (java_lang_System::has_security_manager()) { |
|
1151 |
|
1152 // For bootstrapping, if pd implies method isn't in the JDK, allow |
|
1153 // this context to revert to older behavior. |
|
1154 // In this case the isAuthorized field in AccessControlContext is also not |
|
1155 // present. |
|
1156 if (Universe::protection_domain_implies_method() == NULL) { |
|
1157 return true; |
|
1158 } |
|
1159 |
|
1160 // Whitelist certain access control contexts |
|
1161 if (java_security_AccessControlContext::is_authorized(context)) { |
|
1162 return true; |
|
1163 } |
|
1164 |
|
1165 oop prot = klass->protection_domain(); |
|
1166 if (prot != NULL) { |
|
1167 // Call pd.implies(new SecurityPermission("createAccessControlContext")) |
|
1168 // in the new wrapper. |
|
1169 methodHandle m(THREAD, Universe::protection_domain_implies_method()); |
|
1170 Handle h_prot(THREAD, prot); |
|
1171 JavaValue result(T_BOOLEAN); |
|
1172 JavaCallArguments args(h_prot); |
|
1173 JavaCalls::call(&result, m, &args, CHECK_false); |
|
1174 return (result.get_jboolean() != 0); |
|
1175 } |
|
1176 } |
|
1177 return true; |
|
1178 } |
|
1179 |
|
1180 // Create an AccessControlContext with a protection domain with null codesource |
|
1181 // and null permissions - which gives no permissions. |
|
1182 oop create_dummy_access_control_context(TRAPS) { |
|
1183 InstanceKlass* pd_klass = InstanceKlass::cast(SystemDictionary::ProtectionDomain_klass()); |
|
1184 // new ProtectionDomain(null,null); |
|
1185 oop null_protection_domain = pd_klass->allocate_instance(CHECK_NULL); |
|
1186 Handle null_pd(THREAD, null_protection_domain); |
|
1187 |
|
1188 // new ProtectionDomain[] {pd}; |
|
1189 objArrayOop context = oopFactory::new_objArray(pd_klass, 1, CHECK_NULL); |
|
1190 context->obj_at_put(0, null_pd()); |
|
1191 |
|
1192 // new AccessControlContext(new ProtectionDomain[] {pd}) |
|
1193 objArrayHandle h_context(THREAD, context); |
|
1194 oop result = java_security_AccessControlContext::create(h_context, false, Handle(), CHECK_NULL); |
|
1195 return result; |
|
1196 } |
1147 |
1197 |
1148 JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException)) |
1198 JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException)) |
1149 JVMWrapper("JVM_DoPrivileged"); |
1199 JVMWrapper("JVM_DoPrivileged"); |
1150 |
1200 |
1151 if (action == NULL) { |
1201 if (action == NULL) { |
1152 THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action"); |
1202 THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action"); |
1153 } |
1203 } |
1154 |
1204 |
1155 // Stack allocated list of privileged stack elements |
1205 // Compute the frame initiating the do privileged operation and setup the privileged stack |
1156 PrivilegedElement pi; |
1206 vframeStream vfst(thread); |
|
1207 vfst.security_get_caller_frame(1); |
|
1208 |
|
1209 if (vfst.at_end()) { |
|
1210 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "no caller?"); |
|
1211 } |
|
1212 |
|
1213 Method* method = vfst.method(); |
|
1214 instanceKlassHandle klass (THREAD, method->method_holder()); |
|
1215 |
|
1216 // Check that action object understands "Object run()" |
|
1217 Handle h_context; |
|
1218 if (context != NULL) { |
|
1219 h_context = Handle(THREAD, JNIHandles::resolve(context)); |
|
1220 bool authorized = is_authorized(h_context, klass, CHECK_NULL); |
|
1221 if (!authorized) { |
|
1222 // Create an unprivileged access control object and call it's run function |
|
1223 // instead. |
|
1224 oop noprivs = create_dummy_access_control_context(CHECK_NULL); |
|
1225 h_context = Handle(THREAD, noprivs); |
|
1226 } |
|
1227 } |
1157 |
1228 |
1158 // Check that action object understands "Object run()" |
1229 // Check that action object understands "Object run()" |
1159 Handle object (THREAD, JNIHandles::resolve(action)); |
1230 Handle object (THREAD, JNIHandles::resolve(action)); |
1160 |
1231 |
1161 // get run() method |
1232 // get run() method |
1165 methodHandle m (THREAD, m_oop); |
1236 methodHandle m (THREAD, m_oop); |
1166 if (m.is_null() || !m->is_method() || !m()->is_public() || m()->is_static()) { |
1237 if (m.is_null() || !m->is_method() || !m()->is_public() || m()->is_static()) { |
1167 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method"); |
1238 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method"); |
1168 } |
1239 } |
1169 |
1240 |
1170 // Compute the frame initiating the do privileged operation and setup the privileged stack |
1241 // Stack allocated list of privileged stack elements |
1171 vframeStream vfst(thread); |
1242 PrivilegedElement pi; |
1172 vfst.security_get_caller_frame(1); |
|
1173 |
|
1174 if (!vfst.at_end()) { |
1243 if (!vfst.at_end()) { |
1175 pi.initialize(&vfst, JNIHandles::resolve(context), thread->privileged_stack_top(), CHECK_NULL); |
1244 pi.initialize(&vfst, h_context(), thread->privileged_stack_top(), CHECK_NULL); |
1176 thread->set_privileged_stack_top(&pi); |
1245 thread->set_privileged_stack_top(&pi); |
1177 } |
1246 } |
1178 |
1247 |
1179 |
1248 |
1180 // invoke the Object run() in the action object. We cannot use call_interface here, since the static type |
1249 // invoke the Object run() in the action object. We cannot use call_interface here, since the static type |