408 #endif //ASSERT |
408 #endif //ASSERT |
409 return result; |
409 return result; |
410 } |
410 } |
411 |
411 |
412 |
412 |
413 bool Reflection::reflect_check_access(Klass* field_class, AccessFlags acc, Klass* target_class, bool is_method_invoke, TRAPS) { |
|
414 // field_class : declaring class |
|
415 // acc : declared field access |
|
416 // target_class : for protected |
|
417 |
|
418 // Check if field or method is accessible to client. Throw an |
|
419 // IllegalAccessException and return false if not. |
|
420 |
|
421 // The "client" is the class associated with the nearest real frame |
|
422 // getCallerClass already skips Method.invoke frames, so pass 0 in |
|
423 // that case (same as classic). |
|
424 ResourceMark rm(THREAD); |
|
425 assert(THREAD->is_Java_thread(), "sanity check"); |
|
426 Klass* client_class = ((JavaThread *)THREAD)->security_get_caller_class(is_method_invoke ? 0 : 1); |
|
427 |
|
428 if (client_class != field_class) { |
|
429 if (!verify_class_access(client_class, field_class, false) |
|
430 || !verify_field_access(client_class, |
|
431 field_class, |
|
432 field_class, |
|
433 acc, |
|
434 false)) { |
|
435 THROW_(vmSymbols::java_lang_IllegalAccessException(), false); |
|
436 } |
|
437 } |
|
438 |
|
439 // Additional test for protected members: JLS 6.6.2 |
|
440 |
|
441 if (acc.is_protected()) { |
|
442 if (target_class != client_class) { |
|
443 if (!is_same_class_package(client_class, field_class)) { |
|
444 if (!target_class->is_subclass_of(client_class)) { |
|
445 THROW_(vmSymbols::java_lang_IllegalAccessException(), false); |
|
446 } |
|
447 } |
|
448 } |
|
449 } |
|
450 |
|
451 // Passed all tests |
|
452 return true; |
|
453 } |
|
454 |
|
455 |
|
456 bool Reflection::verify_class_access(Klass* current_class, Klass* new_class, bool classloader_only) { |
413 bool Reflection::verify_class_access(Klass* current_class, Klass* new_class, bool classloader_only) { |
457 // Verify that current_class can access new_class. If the classloader_only |
414 // Verify that current_class can access new_class. If the classloader_only |
458 // flag is set, we automatically allow any accesses in which current_class |
415 // flag is set, we automatically allow any accesses in which current_class |
459 // doesn't have a classloader. |
416 // doesn't have a classloader. |
460 if ((current_class == NULL) || |
417 if ((current_class == NULL) || |
461 (current_class == new_class) || |
418 (current_class == new_class) || |
462 (new_class->is_public()) || |
419 (new_class->is_public()) || |
463 is_same_class_package(current_class, new_class)) { |
420 is_same_class_package(current_class, new_class)) { |
464 return true; |
421 return true; |
465 } |
422 } |
466 // New (1.4) reflection implementation. Allow all accesses from |
423 // Allow all accesses from sun/reflect/MagicAccessorImpl subclasses to |
467 // sun/reflect/MagicAccessorImpl subclasses to succeed trivially. |
424 // succeed trivially. |
468 if ( JDK_Version::is_gte_jdk14x_version() |
425 if (current_class->is_subclass_of(SystemDictionary::reflect_MagicAccessorImpl_klass())) { |
469 && current_class->is_subclass_of(SystemDictionary::reflect_MagicAccessorImpl_klass())) { |
|
470 return true; |
426 return true; |
471 } |
427 } |
472 |
428 |
473 return can_relax_access_check_for(current_class, new_class, classloader_only); |
429 return can_relax_access_check_for(current_class, new_class, classloader_only); |
474 } |
430 } |
565 |
521 |
566 if (!access.is_private() && is_same_class_package(current_class, field_class)) { |
522 if (!access.is_private() && is_same_class_package(current_class, field_class)) { |
567 return true; |
523 return true; |
568 } |
524 } |
569 |
525 |
570 // New (1.4) reflection implementation. Allow all accesses from |
526 // Allow all accesses from sun/reflect/MagicAccessorImpl subclasses to |
571 // sun/reflect/MagicAccessorImpl subclasses to succeed trivially. |
527 // succeed trivially. |
572 if ( JDK_Version::is_gte_jdk14x_version() |
528 if (current_class->is_subclass_of(SystemDictionary::reflect_MagicAccessorImpl_klass())) { |
573 && current_class->is_subclass_of(SystemDictionary::reflect_MagicAccessorImpl_klass())) { |
|
574 return true; |
529 return true; |
575 } |
530 } |
576 |
531 |
577 return can_relax_access_check_for( |
532 return can_relax_access_check_for( |
578 current_class, field_class, classloader_only); |
533 current_class, field_class, classloader_only); |
705 return Handle(THREAD, nt); |
660 return Handle(THREAD, nt); |
706 } |
661 } |
707 |
662 |
708 |
663 |
709 oop Reflection::new_method(methodHandle method, bool for_constant_pool_access, TRAPS) { |
664 oop Reflection::new_method(methodHandle method, bool for_constant_pool_access, TRAPS) { |
710 // In jdk1.2.x, getMethods on an interface erroneously includes <clinit>, thus the complicated assert. |
665 // Allow sun.reflect.ConstantPool to refer to <clinit> methods as java.lang.reflect.Methods. |
711 // Also allow sun.reflect.ConstantPool to refer to <clinit> methods as java.lang.reflect.Methods. |
|
712 assert(!method()->is_initializer() || |
666 assert(!method()->is_initializer() || |
713 (for_constant_pool_access && method()->is_static()) || |
667 (for_constant_pool_access && method()->is_static()), |
714 (method()->name() == vmSymbols::class_initializer_name() |
668 "should call new_constructor instead"); |
715 && method()->method_holder()->is_interface() && JDK_Version::is_jdk12x_version()), "should call new_constructor instead"); |
|
716 instanceKlassHandle holder (THREAD, method->method_holder()); |
669 instanceKlassHandle holder (THREAD, method->method_holder()); |
717 int slot = method->method_idnum(); |
670 int slot = method->method_idnum(); |
718 |
671 |
719 Symbol* signature = method->signature(); |
672 Symbol* signature = method->signature(); |
720 int parameter_count = ArgumentCount(signature).size(); |
673 int parameter_count = ArgumentCount(signature).size(); |
976 Method::name_and_sig_as_C_string(klass(), |
929 Method::name_and_sig_as_C_string(klass(), |
977 reflected_method->name(), |
930 reflected_method->name(), |
978 reflected_method->signature())); |
931 reflected_method->signature())); |
979 } |
932 } |
980 |
933 |
981 // In the JDK 1.4 reflection implementation, the security check is |
|
982 // done at the Java level |
|
983 if (!JDK_Version::is_gte_jdk14x_version()) { |
|
984 |
|
985 // Access checking (unless overridden by Method) |
|
986 if (!override) { |
|
987 if (!(klass->is_public() && reflected_method->is_public())) { |
|
988 bool access = Reflection::reflect_check_access(klass(), reflected_method->access_flags(), target_klass(), is_method_invoke, CHECK_NULL); |
|
989 if (!access) { |
|
990 return NULL; // exception |
|
991 } |
|
992 } |
|
993 } |
|
994 |
|
995 } // !Universe::is_gte_jdk14x_version() |
|
996 |
|
997 assert(ptypes->is_objArray(), "just checking"); |
934 assert(ptypes->is_objArray(), "just checking"); |
998 int args_len = args.is_null() ? 0 : args->length(); |
935 int args_len = args.is_null() ? 0 : args->length(); |
999 // Check number of arguments |
936 // Check number of arguments |
1000 if (ptypes->length() != args_len) { |
937 if (ptypes->length() != args_len) { |
1001 THROW_MSG_0(vmSymbols::java_lang_IllegalArgumentException(), "wrong number of arguments"); |
938 THROW_MSG_0(vmSymbols::java_lang_IllegalArgumentException(), "wrong number of arguments"); |