8202419: Avoid creating Permission constants early
authorredestad
Mon, 30 Apr 2018 16:27:23 +0200
changeset 49925 3deb300f0e55
parent 49924 84d0fe3cefd4
child 49926 b7c2996d690b
8202419: Avoid creating Permission constants early Reviewed-by: alanb, mullan
src/java.base/share/classes/java/lang/Thread.java
src/java.base/share/classes/java/lang/reflect/AccessibleObject.java
src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
src/java.base/share/classes/sun/security/util/SecurityConstants.java
--- a/src/java.base/share/classes/java/lang/Thread.java	Mon Apr 30 15:03:08 2018 +0200
+++ b/src/java.base/share/classes/java/lang/Thread.java	Mon Apr 30 16:27:23 2018 +0200
@@ -425,7 +425,8 @@
          */
         if (security != null) {
             if (isCCLOverridden(getClass())) {
-                security.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
+                security.checkPermission(
+                        SecurityConstants.SUBCLASS_IMPLEMENTATION_PERMISSION);
             }
         }
 
@@ -1703,10 +1704,6 @@
         return m;
     }
 
-
-    private static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION =
-                    new RuntimePermission("enableContextClassLoaderOverride");
-
     /** cache of subclass security audit results */
     /* Replace with ConcurrentReferenceHashMap when/if it appears in a future
      * release */
--- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Mon Apr 30 15:03:08 2018 +0200
+++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java	Mon Apr 30 16:27:23 2018 +0200
@@ -35,6 +35,7 @@
 import jdk.internal.reflect.Reflection;
 import jdk.internal.reflect.ReflectionFactory;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.SecurityConstants;
 
 /**
  * The {@code AccessibleObject} class is the base class for {@code Field},
@@ -73,17 +74,14 @@
  */
 public class AccessibleObject implements AnnotatedElement {
 
-    /**
-     * The Permission object that is used to check whether a client
-     * has sufficient privilege to defeat Java language access
-     * control checks.
-     */
-    private static final java.security.Permission ACCESS_PERMISSION =
-        new ReflectPermission("suppressAccessChecks");
-
     static void checkPermission() {
         SecurityManager sm = System.getSecurityManager();
-        if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
+        if (sm != null) {
+            // SecurityConstants.ACCESS_PERMISSION is used to check
+            // whether a client has sufficient privilege to defeat Java
+            // language access control checks.
+            sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
+        }
     }
 
     /**
--- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java	Mon Apr 30 15:03:08 2018 +0200
+++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java	Mon Apr 30 16:27:23 2018 +0200
@@ -47,6 +47,7 @@
 import jdk.internal.misc.VM;
 import sun.reflect.misc.ReflectUtil;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.SecurityConstants;
 
 /** <P> The master factory for all reflective objects, both those in
     java.lang.reflect (Fields, Methods, Constructors) as well as their
@@ -63,8 +64,6 @@
 public class ReflectionFactory {
 
     private static boolean initted = false;
-    private static final Permission reflectionFactoryAccessPerm
-        = new RuntimePermission("reflectionFactoryAccess");
     private static final ReflectionFactory soleInstance = new ReflectionFactory();
     // Provides access to package-private mechanisms in java.lang.reflect
     private static volatile LangReflectAccess langReflectAccess;
@@ -129,8 +128,8 @@
     public static ReflectionFactory getReflectionFactory() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            // TO DO: security.checkReflectionFactoryAccess();
-            security.checkPermission(reflectionFactoryAccessPerm);
+            security.checkPermission(
+                SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION);
         }
         return soleInstance;
     }
--- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java	Mon Apr 30 15:03:08 2018 +0200
+++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java	Mon Apr 30 16:27:23 2018 +0200
@@ -25,12 +25,10 @@
 
 package sun.security.util;
 
+import java.lang.reflect.ReflectPermission;
 import java.net.SocketPermission;
 import java.net.NetPermission;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.Permission;
-import java.security.BasicPermission;
 import java.security.SecurityPermission;
 import java.security.AllPermission;
 import sun.security.action.GetPropertyAction;
@@ -131,6 +129,10 @@
     public static final RuntimePermission GET_STACK_TRACE_PERMISSION =
        new RuntimePermission("getStackTrace");
 
+    // java.lang.Thread
+    public static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION =
+        new RuntimePermission("enableContextClassLoaderOverride");
+
     // java.security.AccessControlContext
     public static final SecurityPermission CREATE_ACC_PERMISSION =
        new SecurityPermission("createAccessControlContext");
@@ -149,4 +151,13 @@
 
     public static final String PROVIDER_VER =
         GetPropertyAction.privilegedGetProperty("java.specification.version");
+
+    // java.lang.reflect.AccessibleObject
+    public static final ReflectPermission ACCESS_PERMISSION =
+        new ReflectPermission("suppressAccessChecks");
+
+    // sun.reflect.ReflectionFactory
+    public static final RuntimePermission REFLECTION_FACTORY_ACCESS_PERMISSION =
+        new RuntimePermission("reflectionFactoryAccess");
+
 }