jdk-sandbox: comparison jdk/src/java.base/share/classes/java/lang/SecurityManager.java

equal deleted inserted replaced

-:937cb78b2016
+:eef9383d25cb
 /*
-* Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package java.lang;
-import java.security.*;
+import java.lang.RuntimePermission;
+import java.lang.module.ModuleDescriptor;
+import java.lang.module.ModuleDescriptor.Exports;
+import java.lang.module.ModuleDescriptor.Opens;
+import java.lang.reflect.Layer;
+import java.lang.reflect.Member;
+import java.lang.reflect.Module;
 import java.io.FileDescriptor;
 import java.io.File;
 import java.io.FilePermission;
+import java.net.InetAddress;
+import java.net.SocketPermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.security.SecurityPermission;
+import java.util.HashSet;
+import java.util.Objects;
 import java.util.PropertyPermission;
-import java.lang.RuntimePermission;
+import java.util.Set;
-import java.net.SocketPermission;
+import java.util.stream.Collectors;
-import java.net.NetPermission;
+import java.util.stream.Stream;
-import java.util.Hashtable;
-import java.net.InetAddress;
-import java.lang.reflect.*;
-import java.net.URL;
 import jdk.internal.reflect.CallerSensitive;
 import sun.security.util.SecurityConstants;
 /**
 packages[i++] = s;
 }
 }
 }
-if (packages == null)
+if (packages == null) {
 packages = new String[0];
+}
 return packages;
 }
-/**
+// The non-exported packages of the modules in the boot layer that are
-* Throws a <code>SecurityException</code> if the
+// loaded by the platform class loader or its ancestors. A non-exported
-* calling thread is not allowed to access the package specified by
+// package is a package that either is not exported at all by its containing
-* the argument.
+// module or is exported in a qualified fashion by its containing module.
-* <p>
+private static final Set<String> nonExportedPkgs;
-* This method is used by the <code>loadClass</code> method of class
-* loaders.
+static {
-* <p>
+// Get the modules in the boot layer
-* This method first gets a list of
+Stream<Module> bootLayerModules = Layer.boot().modules().stream();
-* restricted packages by obtaining a comma-separated list from
-* a call to
+// Filter out the modules loaded by the boot or platform loader
-* <code>java.security.Security.getProperty("package.access")</code>,
+PrivilegedAction<Set<Module>> pa = () ->
-* and checks to see if <code>pkg</code> starts with or equals
+bootLayerModules.filter(SecurityManager::isBootOrPlatformModule)
-* any of the restricted packages. If it does, then
+.collect(Collectors.toSet());
-* <code>checkPermission</code> gets called with the
+Set<Module> modules = AccessController.doPrivileged(pa);
-* <code>RuntimePermission("accessClassInPackage."+pkg)</code>
-* permission.
+// Filter out the non-exported packages
-* <p>
+nonExportedPkgs = modules.stream()
-* If this method is overridden, then
+.map(Module::getDescriptor)
-* <code>super.checkPackageAccess</code> should be called
+.map(SecurityManager::nonExportedPkgs)
-* as the first line in the overridden method.
+.flatMap(Set::stream)
+.collect(Collectors.toSet());
+}
+/**
+* Returns true if the module's loader is the boot or platform loader.
+*/
+private static boolean isBootOrPlatformModule(Module m) {
+return m.getClassLoader() == null ||
+m.getClassLoader() == ClassLoader.getPlatformClassLoader();
+}
+/**
+* Returns the non-exported packages of the specified module.
+*/
+private static Set<String> nonExportedPkgs(ModuleDescriptor md) {
+// start with all packages in the module
+Set<String> pkgs = new HashSet<>(md.packages());
+// remove the non-qualified exported packages
+md.exports().stream()
+.filter(p -> !p.isQualified())
+.map(Exports::source)
+.forEach(pkgs::remove);
+// remove the non-qualified open packages
+md.opens().stream()
+.filter(p -> !p.isQualified())
+.map(Opens::source)
+.forEach(pkgs::remove);
+return pkgs;
+}
+/**
+* Throws a {@code SecurityException} if the calling thread is not allowed
+* to access the specified package.
+* <p>
+* This method is called by the {@code loadClass} method of class loaders.
+* <p>
+* This method checks if the specified package starts with or equals
+* any of the packages in the {@code package.access} Security Property.
+* An implementation may also check the package against an additional
+* list of restricted packages as noted below. If the package is restricted,
+* {@link #checkPermission(Permission)} is called with a
+* {@code RuntimePermission("accessClassInPackage."+pkg)} permission.
+* <p>
+* If this method is overridden, then {@code super.checkPackageAccess}
+* should be called as the first line in the overridden method.
+*
+* @implNote
+* This implementation also restricts all non-exported packages of modules
+* loaded by {@linkplain ClassLoader#getPlatformClassLoader
+* the platform class loader} or its ancestors. A "non-exported package"
+* refers to a package that is not exported to all modules. Specifically,
+* it refers to a package that either is not exported at all by its
+* containing module or is exported in a qualified fashion by its
+* containing module.
 *
 * @param      pkg   the package name.
-* @exception  SecurityException  if the calling thread does not have
+* @throws     SecurityException  if the calling thread does not have
 *             permission to access the specified package.
-* @exception  NullPointerException if the package name argument is
+* @throws     NullPointerException if the package name argument is
-*             <code>null</code>.
+*             {@code null}.
-* @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
+* @see        java.lang.ClassLoader#loadClass(String, boolean) loadClass
-*  loadClass
 * @see        java.security.Security#getProperty getProperty
-* @see        #checkPermission(java.security.Permission) checkPermission
+* @see        #checkPermission(Permission) checkPermission
 */
 public void checkPackageAccess(String pkg) {
-if (pkg == null) {
+Objects.requireNonNull(pkg, "package name can't be null");
-throw new NullPointerException("package name can't be null");
+// check if pkg is not exported to all modules
+if (nonExportedPkgs.contains(pkg)) {
+checkPermission(
+new RuntimePermission("accessClassInPackage." + pkg));
+return;
 }
 String[] restrictedPkgs;
 synchronized (packageAccessLock) {
 /*
 }
 }
 }
 /**
-* Throws a <code>SecurityException</code> if the
+* Throws a {@code SecurityException} if the calling thread is not
-* calling thread is not allowed to define classes in the package
+* allowed to define classes in the specified package.
-* specified by the argument.
+* <p>
-* <p>
+* This method is called by the {@code loadClass} method of some
-* This method is used by the <code>loadClass</code> method of some
 * class loaders.
 * <p>
-* This method first gets a list of restricted packages by
+* This method checks if the specified package starts with or equals
-* obtaining a comma-separated list from a call to
+* any of the packages in the {@code package.definition} Security
-* <code>java.security.Security.getProperty("package.definition")</code>,
+* Property. An implementation may also check the package against an
-* and checks to see if <code>pkg</code> starts with or equals
+* additional list of restricted packages as noted below. If the package
-* any of the restricted packages. If it does, then
+* is restricted, {@link #checkPermission(Permission)} is called with a
-* <code>checkPermission</code> gets called with the
+* {@code RuntimePermission("defineClassInPackage."+pkg)} permission.
-* <code>RuntimePermission("defineClassInPackage."+pkg)</code>
+* <p>
-* permission.
+* If this method is overridden, then {@code super.checkPackageDefinition}
-* <p>
+* should be called as the first line in the overridden method.
-* If this method is overridden, then
+*
-* <code>super.checkPackageDefinition</code> should be called
+* @implNote
-* as the first line in the overridden method.
+* This implementation also restricts all non-exported packages of modules
+* loaded by {@linkplain ClassLoader#getPlatformClassLoader
+* the platform class loader} or its ancestors. A "non-exported package"
+* refers to a package that is not exported to all modules. Specifically,
+* it refers to a package that either is not exported at all by its
+* containing module or is exported in a qualified fashion by its
+* containing module.
 *
 * @param      pkg   the package name.
-* @exception  SecurityException  if the calling thread does not have
+* @throws     SecurityException  if the calling thread does not have
 *             permission to define classes in the specified package.
-* @see        java.lang.ClassLoader#loadClass(java.lang.String, boolean)
+* @throws     NullPointerException if the package name argument is
+*             {@code null}.
+* @see        java.lang.ClassLoader#loadClass(String, boolean)
 * @see        java.security.Security#getProperty getProperty
-* @see        #checkPermission(java.security.Permission) checkPermission
+* @see        #checkPermission(Permission) checkPermission
 */
 public void checkPackageDefinition(String pkg) {
-if (pkg == null) {
+Objects.requireNonNull(pkg, "package name can't be null");
-throw new NullPointerException("package name can't be null");
+// check if pkg is not exported to all modules
+if (nonExportedPkgs.contains(pkg)) {
+checkPermission(
+new RuntimePermission("defineClassInPackage." + pkg));
+return;
 }
 String[] pkgs;
 synchronized (packageDefinitionLock) {
 /*

changeset 43221	eef9383d25cb
parent 39888	bec759b9b909
child 43712	5dfd0950317c