8221530: Caller sensitive methods not handling caller = null when invoked by JNI code with no java frames on stack
Reviewed-by: alanb, dholmes, sundar
--- a/make/test/JtregNativeJdk.gmk Sat Apr 06 21:05:58 2019 +0800
+++ b/make/test/JtregNativeJdk.gmk Sat Apr 06 21:16:40 2019 +0800
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -72,6 +72,8 @@
BUILD_JDK_JTREG_EXECUTABLES_LIBS_exeJliLaunchTest := -ljli
endif
+BUILD_JDK_JTREG_EXECUTABLES_LIBS_exeCallerAccessTest := -ljvm
+
ifeq ($(call isTargetOs, macosx), true)
BUILD_JDK_JTREG_LIBRARIES_CFLAGS_libTestMainKeyWindow := -ObjC
BUILD_JDK_JTREG_LIBRARIES_LIBS_libTestMainKeyWindow := -framework JavaVM \
--- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java Sat Apr 06 21:05:58 2019 +0800
+++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java Sat Apr 06 21:16:40 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,7 +56,10 @@
* {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
* set fields, to invoke methods, or to create and initialize new instances of
* classes, respectively. Every reflected object checks that the code using it
- * is in an appropriate class, package, or module. </p>
+ * is in an appropriate class, package, or module. The check when invoked by
+ * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
+ * class on the stack only succeeds if the member and the declaring class are
+ * public, and the class is in a package that is exported to all modules. </p>
*
* <p> The one variation from Java language access control is that the checks
* by reflected objects assume readability. That is, the module containing
@@ -670,6 +673,13 @@
private boolean slowVerifyAccess(Class<?> caller, Class<?> memberClass,
Class<?> targetClass, int modifiers)
{
+
+ if (caller == null) {
+ // No caller frame when a native thread attaches to the VM
+ // only allow access to a public accessible member
+ return Reflection.verifyPublicMemberAccess(memberClass, modifiers);
+ }
+
if (!Reflection.verifyMemberAccess(caller, memberClass, targetClass, modifiers)) {
// access denied
return false;
--- a/src/java.base/share/classes/jdk/internal/reflect/Reflection.java Sat Apr 06 21:05:58 2019 +0800
+++ b/src/java.base/share/classes/jdk/internal/reflect/Reflection.java Sat Apr 06 21:16:40 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -122,6 +122,9 @@
Class<?> targetClass,
int modifiers)
{
+ Objects.requireNonNull(currentClass);
+ Objects.requireNonNull(memberClass);
+
if (currentClass == memberClass) {
// Always succeeds
return true;
@@ -201,6 +204,22 @@
return true;
}
+ /*
+ * Verify if a member is public and memberClass is a public type
+ * in a package that is unconditionally exported and
+ * return {@code true}if it is granted.
+ *
+ * @param memberClass the declaring class of the member being accessed
+ * @param modifiers the member's access modifiers
+ * @return {@code true} if the member is public and in a publicly accessible type
+ */
+ public static boolean verifyPublicMemberAccess(Class<?> memberClass, int modifiers) {
+ Module m = memberClass.getModule();
+ return Modifier.isPublic(modifiers)
+ && m.isExported(memberClass.getPackageName())
+ && Modifier.isPublic(Reflection.getClassAccessFlags(memberClass));
+ }
+
/**
* Returns {@code true} if memberClass's module exports memberClass's
* package to currentModule.
@@ -325,8 +344,10 @@
Class<?> memberClass,
Class<?> targetClass,
int modifiers)
- throws IllegalAccessException
{
+ if (currentClass == null)
+ return newIllegalAccessException(memberClass, modifiers);
+
String currentSuffix = "";
String memberSuffix = "";
Module m1 = currentClass.getModule();
@@ -356,6 +377,36 @@
}
/**
+ * Returns an IllegalAccessException with an exception message where
+ * there is no caller frame.
+ */
+ private static IllegalAccessException newIllegalAccessException(Class<?> memberClass,
+ int modifiers)
+ {
+ String memberSuffix = "";
+ Module m2 = memberClass.getModule();
+ if (m2.isNamed())
+ memberSuffix = " (in " + m2 + ")";
+
+ String memberPackageName = memberClass.getPackageName();
+
+ String msg = "JNI attached native thread (null caller frame) cannot access ";
+ if (m2.isExported(memberPackageName)) {
+
+ // module access okay so include the modifiers in the message
+ msg += "a member of " + memberClass + memberSuffix +
+ " with modifiers \"" + Modifier.toString(modifiers) + "\"";
+
+ } else {
+ // module access failed
+ msg += memberClass + memberSuffix+ " because "
+ + m2 + " does not export " + memberPackageName;
+ }
+
+ return new IllegalAccessException(msg);
+ }
+
+ /**
* Returns true if {@code currentClass} and {@code memberClass}
* are nestmates - that is, if they have the same nesthost as
* determined by the VM.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/lang/reflect/exeCallerAccessTest/CallerAccessTest.java Sat Apr 06 21:16:40 2019 +0800
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/**
+ * @test
+ * @bug 8221530
+ * @summary Test uses custom launcher that starts VM using JNI that verifies
+ * reflection API with null caller class
+ * @library /test/lib
+ * @run main/native CallerAccessTest
+ */
+
+import java.io.File;
+import java.util.Map;
+import jdk.test.lib.Platform;
+import jdk.test.lib.Utils;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+public class CallerAccessTest {
+ public static void main(String[] args) throws IOException {
+ Path launcher = Paths.get(System.getProperty("test.nativepath"), "CallerAccessTest");
+ ProcessBuilder pb = new ProcessBuilder(launcher.toString());
+ Map<String, String> env = pb.environment();
+
+ String libName = Platform.isWindows() ? "bin" : "lib";
+ Path libPath = Paths.get(Utils.TEST_JDK).resolve(libName);
+ String libDir = libPath.toAbsolutePath().toString();
+ String serverDir = libPath.resolve("server").toAbsolutePath().toString();
+
+ // set up shared library path
+ String sharedLibraryPathEnvName = Platform.sharedLibraryPathVariableName();
+ env.compute(sharedLibraryPathEnvName,
+ (k, v) -> (v == null) ? libDir : v + File.pathSeparator + libDir);
+ env.compute(sharedLibraryPathEnvName,
+ (k, v) -> (v == null) ? serverDir : v + File.pathSeparator + serverDir);
+
+ System.out.println("Launching: " + launcher + " shared library path: " +
+ env.get(sharedLibraryPathEnvName));
+ new OutputAnalyzer(pb.start()).shouldHaveExitValue(0);
+ }
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/lang/reflect/exeCallerAccessTest/exeCallerAccessTest.c Sat Apr 06 21:16:40 2019 +0800
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "jni.h"
+#include "assert.h"
+
+static jclass classClass;
+static jclass iaeClass;
+static jmethodID mid_Class_forName;
+static jmethodID mid_Class_getField;
+static jmethodID mid_Field_get;
+
+int getField(JNIEnv *env, char* declaringClass_name, char* field_name);
+
+int main(int argc, char** args) {
+ JavaVM *jvm;
+ JNIEnv *env;
+ JavaVMInitArgs vm_args;
+ JavaVMOption options[1];
+ jint rc;
+
+ vm_args.version = JNI_VERSION_1_2;
+ vm_args.nOptions = 0;
+ vm_args.options = options;
+
+ if ((rc = JNI_CreateJavaVM(&jvm, (void**)&env, &vm_args)) != JNI_OK) {
+ printf("ERROR: cannot create VM.\n");
+ exit(-1);
+ }
+
+ classClass = (*env)->FindClass(env, "java/lang/Class");
+ iaeClass = (*env)->FindClass(env, "java/lang/IllegalAccessException");
+ mid_Class_forName = (*env)->GetStaticMethodID(env, classClass, "forName",
+ "(Ljava/lang/String;)Ljava/lang/Class;");
+ assert(mid_Class_forName != NULL);
+
+ mid_Class_getField = (*env)->GetMethodID(env, classClass, "getField",
+ "(Ljava/lang/String;)Ljava/lang/reflect/Field;");
+ assert(mid_Class_getField != NULL);
+
+ jclass fieldClass = (*env)->FindClass(env, "java/lang/reflect/Field");
+ mid_Field_get = (*env)->GetMethodID(env, fieldClass, "get", "(Ljava/lang/Object;)Ljava/lang/Object;");
+ assert(mid_Class_getField != NULL);
+
+ // can access to public member of an exported type
+ if ((rc = getField(env, "java.lang.Integer", "TYPE")) != 0) {
+ printf("ERROR: fail to access java.lang.Integer::TYPE\n");
+ exit(-1);
+ }
+
+ // expect IAE to jdk.internal.misc.Unsafe class
+ if ((rc = getField(env, "jdk.internal.misc.Unsafe", "INVALID_FIELD_OFFSET")) == 0) {
+ printf("ERROR: IAE not thrown\n");
+ exit(-1);
+ }
+ if (checkAndClearIllegalAccessExceptionThrown(env) != JNI_TRUE) {
+ printf("ERROR: exception is not an instance of IAE\n");
+ exit(-1);
+ }
+
+ // expect IAE to jdk.internal.misc.Unsafe class
+ if ((rc = getField(env, "jdk.internal.misc.Unsafe", "INVALID_FIELD_OFFSET")) == 0) {
+ printf("ERROR: IAE not thrown\n");
+ exit(-1);
+ }
+ if (checkAndClearIllegalAccessExceptionThrown(env) != JNI_TRUE) {
+ printf("ERROR: exception is not an instance of IAE\n");
+ exit(-1);
+ }
+
+ (*jvm)->DestroyJavaVM(jvm);
+}
+
+int checkAndClearIllegalAccessExceptionThrown(JNIEnv *env) {
+ jthrowable t = (*env)->ExceptionOccurred(env);
+ if ((*env)->IsInstanceOf(env, t, iaeClass) == JNI_TRUE) {
+ (*env)->ExceptionClear(env);
+ return JNI_TRUE;
+ }
+ return JNI_FALSE;
+}
+
+int getField(JNIEnv *env, char* declaringClass_name, char* field_name) {
+ jobject c = (*env)->CallStaticObjectMethod(env, classClass, mid_Class_forName,
+ (*env)->NewStringUTF(env, declaringClass_name));
+ if ((*env)->ExceptionOccurred(env) != NULL) {
+ (*env)->ExceptionDescribe(env);
+ return 1;
+ }
+
+ jobject f = (*env)->CallObjectMethod(env, c, mid_Class_getField, (*env)->NewStringUTF(env, field_name));
+ if ((*env)->ExceptionOccurred(env) != NULL) {
+ (*env)->ExceptionDescribe(env);
+ return 2;
+ }
+
+ jobject v = (*env)->CallObjectMethod(env, f, mid_Field_get, c);
+ if ((*env)->ExceptionOccurred(env) != NULL) {
+ (*env)->ExceptionDescribe(env);
+ return 3;
+ }
+ return 0;
+}
+