Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8165271: Fix use of reflection to gain access to private fields
authorddehaven
Wed, 12 Oct 2016 08:47:53 -0700
changeset 41596 a6382b6ba29d
parent 41595 f1213215e135
child 41597 7e064180ddaa
8165271: Fix use of reflection to gain access to private fields Reviewed-by: mchung
jdk/src/java.base/share/classes/java/net/InetAddress.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/java/net/URLClassLoader.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/java/security/ProtectionDomain.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetInetAddressAccess.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetURLClassLoaderAccess.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/jdk/internal/misc/JavaSecurityAccess.java file | annotate | diff | comparison | revisions
jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java file | annotate | diff | comparison | revisions
jdk/src/java.desktop/share/classes/sun/applet/AppletSecurity.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/java/net/InetAddress.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/java/net/InetAddress.java	Wed Oct 12 08:47:53 2016 -0700
@@ -321,6 +321,13 @@
                     public String getOriginalHostName(InetAddress ia) {
                         return ia.holder.getOriginalHostName();
                     }
+
+                    public InetAddress getByName(String hostName,
+                                                 InetAddress hostAddress)
+                            throws UnknownHostException
+                    {
+                        return InetAddress.getByName(hostName, hostAddress);
+                    }
                 }
         );
         init();
--- a/jdk/src/java.base/share/classes/java/net/URLClassLoader.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/java/net/URLClassLoader.java	Wed Oct 12 08:47:53 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,8 @@
 
 import jdk.internal.loader.Resource;
 import jdk.internal.loader.URLClassPath;
+import jdk.internal.misc.JavaNetURLClassLoaderAccess;
+import jdk.internal.misc.SharedSecrets;
 import jdk.internal.perf.PerfCounter;
 import sun.net.www.ParseUtil;
 import sun.security.util.SecurityConstants;
@@ -765,6 +767,14 @@
     }
 
     static {
+        SharedSecrets.setJavaNetURLClassLoaderAccess(
+            new JavaNetURLClassLoaderAccess() {
+                @Override
+                public AccessControlContext getAccessControlContext(URLClassLoader u) {
+                    return u.acc;
+                }
+            }
+        );
         ClassLoader.registerAsParallelCapable();
     }
 }
--- a/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java	Wed Oct 12 08:47:53 2016 -0700
@@ -89,6 +89,11 @@
                 AccessController.getContext(), context);
         }
 
+        @Override
+        public ProtectionDomain[] getProtectDomains(AccessControlContext context) {
+            return context.getContext();
+        }
+
         private static AccessControlContext getCombinedACC(
             AccessControlContext context, AccessControlContext stack) {
             AccessControlContext acc =
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetInetAddressAccess.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetInetAddressAccess.java	Wed Oct 12 08:47:53 2016 -0700
@@ -26,6 +26,7 @@
 package jdk.internal.misc;
 
 import java.net.InetAddress;
+import java.net.UnknownHostException;
 
 public interface JavaNetInetAddressAccess {
     /**
@@ -33,4 +34,13 @@
      * the given InetAddress object.
      */
     String getOriginalHostName(InetAddress ia);
+
+    /**
+     * Get the InetAddress of the provided host. If an InetAddress is provided
+     * then it will be the default address returned for all calls to either
+     * form of getByName. This is required to maintain consistency when
+     * caching addresses and hostnames.
+     */
+    InetAddress getByName(String hostName, InetAddress hostAddress)
+            throws UnknownHostException;
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaNetURLClassLoaderAccess.java	Wed Oct 12 08:47:53 2016 -0700
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.misc;
+
+import java.net.URLClassLoader;
+import java.security.AccessControlContext;
+
+public interface JavaNetURLClassLoaderAccess {
+    AccessControlContext getAccessControlContext(URLClassLoader u);;
+}
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/JavaSecurityAccess.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaSecurityAccess.java	Wed Oct 12 08:47:53 2016 -0700
@@ -27,6 +27,7 @@
 
 import java.security.AccessControlContext;
 import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 
 public interface JavaSecurityAccess {
 
@@ -37,4 +38,5 @@
     <T> T doIntersectionPrivilege(PrivilegedAction<T> action,
                                   AccessControlContext context);
 
+    ProtectionDomain[] getProtectDomains(AccessControlContext context);
 }
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java	Wed Oct 12 08:47:53 2016 -0700
@@ -57,6 +57,7 @@
     private static JavaNetHttpCookieAccess javaNetHttpCookieAccess;
     private static JavaNetSocketAccess javaNetSocketAccess;
     private static JavaNetUriAccess javaNetUriAccess;
+    private static JavaNetURLClassLoaderAccess javaNetURLClassLoaderAccess;
     private static JavaNioAccess javaNioAccess;
     private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
     private static JavaIOFilePermissionAccess javaIOFilePermissionAccess;
@@ -144,6 +145,16 @@
         return javaNetUriAccess;
     }
 
+    public static void setJavaNetURLClassLoaderAccess(JavaNetURLClassLoaderAccess jnua) {
+        javaNetURLClassLoaderAccess = jnua;
+    }
+
+    public static JavaNetURLClassLoaderAccess getJavaNetURLClassLoaderAccess() {
+        if (javaNetURLClassLoaderAccess == null)
+            unsafe.ensureClassInitialized(java.net.URLClassLoader.class);
+        return javaNetURLClassLoaderAccess;
+    }
+
     public static void setJavaNetInetAddressAccess(JavaNetInetAddressAccess jna) {
         javaNetInetAddressAccess = jna;
     }
--- a/jdk/src/java.desktop/share/classes/sun/applet/AppletSecurity.java	Thu Oct 20 11:23:41 2016 -0700
+++ b/jdk/src/java.desktop/share/classes/sun/applet/AppletSecurity.java	Wed Oct 12 08:47:53 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,36 +40,25 @@
 import java.util.StringTokenizer;
 import java.security.*;
 import java.lang.reflect.*;
+import jdk.internal.misc.JavaNetURLClassLoaderAccess;
+import jdk.internal.misc.JavaSecurityAccess;
+import jdk.internal.misc.SharedSecrets;
 import sun.awt.AWTSecurityManager;
 import sun.awt.AppContext;
 import sun.awt.AWTPermissions;
 import sun.security.util.SecurityConstants;
 
 
+
 /**
  * This class defines an applet security policy
  *
  */
 public
 class AppletSecurity extends AWTSecurityManager {
-
-    //URLClassLoader.acc
-    private static Field facc = null;
-
-    //AccessControlContext.context;
-    private static Field fcontext = null;
-
-    static {
-        try {
-            facc = URLClassLoader.class.getDeclaredField("acc");
-            facc.setAccessible(true);
-            fcontext = AccessControlContext.class.getDeclaredField("context");
-            fcontext.setAccessible(true);
-        } catch (NoSuchFieldException e) {
-            throw new UnsupportedOperationException(e);
-        }
-    }
-
+    private static final JavaNetURLClassLoaderAccess JNUCLA
+            = SharedSecrets.getJavaNetURLClassLoaderAccess();
+    private static final JavaSecurityAccess JSA = SharedSecrets.getJavaSecurityAccess();
 
     /**
      * Construct and initialize.
@@ -148,6 +137,7 @@
             final ClassLoader currentLoader = context[i].getClassLoader();
 
             if (currentLoader instanceof URLClassLoader) {
+                URLClassLoader ld = (URLClassLoader)currentLoader;
                 loader = AccessController.doPrivileged(
                     new PrivilegedAction<ClassLoader>() {
                         public ClassLoader run() {
@@ -156,12 +146,12 @@
                             ProtectionDomain[] pds = null;
 
                             try {
-                                acc = (AccessControlContext) facc.get(currentLoader);
+                                acc = JNUCLA.getAccessControlContext(ld);
                                 if (acc == null) {
                                     return null;
                                 }
 
-                                pds = (ProtectionDomain[]) fcontext.get(acc);
+                                pds = JSA.getProtectDomains(acc);
                                 if (pds == null) {
                                     return null;
                                 }
jdk-sandbox