--- a/jdk/src/share/classes/java/security/AccessControlContext.java Thu Mar 21 13:56:28 2013 +0100
+++ b/jdk/src/share/classes/java/security/AccessControlContext.java Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,10 @@
public final class AccessControlContext {
private ProtectionDomain context[];
+ // isPrivileged and isAuthorized are referenced by the VM - do not remove
+ // or change their names
private boolean isPrivileged;
+ private boolean isAuthorized = false;
// Note: This field is directly used by the virtual machine
// native codes. Don't touch it.
@@ -163,6 +166,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
+ this.isAuthorized = true;
}
this.context = acc.context;
@@ -184,6 +188,7 @@
this.context = context.clone();
}
this.combiner = combiner;
+ this.isAuthorized = true;
}
/**
@@ -191,10 +196,11 @@
*/
AccessControlContext(ProtectionDomain context[],
- boolean isPrivileged)
+ boolean isPrivileged)
{
this.context = context;
this.isPrivileged = isPrivileged;
+ this.isAuthorized = true;
}
/**
@@ -475,7 +481,7 @@
}
private AccessControlContext goCombiner(ProtectionDomain[] current,
- AccessControlContext assigned) {
+ AccessControlContext assigned) {
// the assigned ACC's combiner is not null --
// let the combiner do its thing
@@ -497,6 +503,7 @@
this.context = combinedPds;
this.combiner = assigned.combiner;
this.isPrivileged = false;
+ this.isAuthorized = assigned.isAuthorized;
return this;
}
--- a/jdk/src/share/classes/java/security/AccessController.java Thu Mar 21 13:56:28 2013 +0100
+++ b/jdk/src/share/classes/java/security/AccessController.java Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -304,28 +304,31 @@
/**
- * Performs the specified <code>PrivilegedAction</code> with privileges
- * enabled and restricted by the specified
- * <code>AccessControlContext</code>.
+ * Performs the specified {@code PrivilegedAction} with privileges
+ * enabled and restricted by the specified {@code AccessControlContext}.
* The action is performed with the intersection of the permissions
* possessed by the caller's protection domain, and those possessed
- * by the domains represented by the specified
- * <code>AccessControlContext</code>.
+ * by the domains represented by the specified {@code AccessControlContext}.
+ * <p>
+ * If the action's {@code run} method throws an (unchecked) exception,
+ * it will propagate through this method.
* <p>
- * If the action's <code>run</code> method throws an (unchecked) exception,
- * it will propagate through this method.
+ * If a security manager is installed and the {@code AccessControlContext}
+ * was not created by system code and the caller's {@code ProtectionDomain}
+ * has not been granted the {@literal "createAccessControlContext"}
+ * {@link java.security.SecurityPermission}, then the action is performed
+ * with no permissions.
*
* @param action the action to be performed.
* @param context an <i>access control context</i>
* representing the restriction to be applied to the
* caller's domain's privileges before performing
* the specified action. If the context is
- * <code>null</code>,
- * then no additional restriction is applied.
+ * {@code null}, then no additional restriction is applied.
*
- * @return the value returned by the action's <code>run</code> method.
+ * @return the value returned by the action's {@code run} method.
*
- * @exception NullPointerException if the action is <code>null</code>
+ * @exception NullPointerException if the action is {@code null}
*
* @see #doPrivileged(PrivilegedAction)
* @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
@@ -428,30 +431,34 @@
/**
- * Performs the specified <code>PrivilegedExceptionAction</code> with
+ * Performs the specified {@code PrivilegedExceptionAction} with
* privileges enabled and restricted by the specified
- * <code>AccessControlContext</code>. The action is performed with the
+ * {@code AccessControlContext}. The action is performed with the
* intersection of the permissions possessed by the caller's
* protection domain, and those possessed by the domains represented by the
- * specified <code>AccessControlContext</code>.
+ * specified {@code AccessControlContext}.
+ * <p>
+ * If the action's {@code run} method throws an <i>unchecked</i>
+ * exception, it will propagate through this method.
* <p>
- * If the action's <code>run</code> method throws an <i>unchecked</i>
- * exception, it will propagate through this method.
+ * If a security manager is installed and the {@code AccessControlContext}
+ * was not created by system code and the caller's {@code ProtectionDomain}
+ * has not been granted the {@literal "createAccessControlContext"}
+ * {@link java.security.SecurityPermission}, then the action is performed
+ * with no permissions.
*
* @param action the action to be performed
* @param context an <i>access control context</i>
* representing the restriction to be applied to the
* caller's domain's privileges before performing
* the specified action. If the context is
- * <code>null</code>,
- * then no additional restriction is applied.
+ * {@code null}, then no additional restriction is applied.
*
- * @return the value returned by the action's <code>run</code> method
+ * @return the value returned by the action's {@code run} method
*
* @exception PrivilegedActionException if the specified action's
- * <code>run</code> method
- * threw a <i>checked</i> exception
- * @exception NullPointerException if the action is <code>null</code>
+ * {@code run} method threw a <i>checked</i> exception
+ * @exception NullPointerException if the action is {@code null}
*
* @see #doPrivileged(PrivilegedAction)
* @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
--- a/jdk/src/share/classes/java/security/ProtectionDomain.java Thu Mar 21 13:56:28 2013 +0100
+++ b/jdk/src/share/classes/java/security/ProtectionDomain.java Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -277,6 +277,11 @@
return false;
}
+ // called by the VM -- do not remove
+ boolean impliesCreateAccessControlContext() {
+ return implies(SecurityConstants.CREATE_ACC_PERMISSION);
+ }
+
/**
* Convert a ProtectionDomain to a String.
*/