8139905: Add a convenience AccessControlContext factory
Reviewed-by: hannesw, sundar
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/ClassLoaderGetterContextProvider.java Tue Oct 20 23:34:46 2015 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * This file is available under and governed by the GNU General Public
- * License version 2 only, as published by the Free Software Foundation.
- * However, the following notice accompanied the original version of this
- * file, and Oracle licenses the original version of this file under the BSD
- * license:
- */
-/*
- Copyright 2009-2013 Attila Szegedi
-
- Licensed under both the Apache License, Version 2.0 (the "Apache License")
- and the BSD License (the "BSD License"), with licensee being free to
- choose either of the two at their discretion.
-
- You may not use this file except in compliance with either the Apache
- License or the BSD License.
-
- If you choose to use this file in compliance with the Apache License, the
- following notice applies to you:
-
- You may obtain a copy of the Apache License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied. See the License for the specific language governing
- permissions and limitations under the License.
-
- If you choose to use this file in compliance with the BSD License, the
- following notice applies to you:
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- * Neither the name of the copyright holder nor the names of
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-package jdk.internal.dynalink;
-
-import java.security.AccessControlContext;
-import java.security.Permissions;
-import java.security.ProtectionDomain;
-
-/**
- * This class exposes a canonical {@link AccessControlContext} with a single {@link RuntimePermission} for
- * {@code "getClassLoader"} permission that is used by other parts of the code to narrow their set of permissions when
- * they're retrieving class loaders in privileged blocks.
- */
-final class ClassLoaderGetterContextProvider {
- /**
- * Canonical instance of {@link AccessControlContext} with a single {@link RuntimePermission} for
- * {@code "getClassLoader"} permission.
- */
- static final AccessControlContext GET_CLASS_LOADER_CONTEXT;
- static {
- final Permissions perms = new Permissions();
- perms.add(new RuntimePermission("getClassLoader"));
- GET_CLASS_LOADER_CONTEXT = new AccessControlContext(
- new ProtectionDomain[] { new ProtectionDomain(null, perms) });
- }
-
- private ClassLoaderGetterContextProvider() {
- }
-}
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/ClassMap.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/ClassMap.java Wed Oct 21 10:41:54 2015 +0200
@@ -85,12 +85,14 @@
import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
/**
@@ -100,6 +102,9 @@
* @param <T> the type of the values in the map
*/
abstract class ClassMap<T> {
+ private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext("getClassLoader");
+
private final ConcurrentMap<Class<?>, T> map = new ConcurrentHashMap<>();
private final Map<Class<?>, Reference<T>> weakMap = new WeakHashMap<>();
private final ClassLoader classLoader;
@@ -155,7 +160,7 @@
public Boolean run() {
return InternalTypeUtilities.canReferenceDirectly(classLoader, clazz.getClassLoader());
}
- }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
+ }, GET_CLASS_LOADER_CONTEXT);
// If allowed to strongly reference, put it in the fast map
if(canReferenceDirectly) {
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/DynamicLinkerFactory.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/DynamicLinkerFactory.java Wed Oct 21 10:41:54 2015 +0200
@@ -86,6 +86,7 @@
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
import java.lang.invoke.MutableCallSite;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@@ -101,6 +102,7 @@
import java.util.Set;
import java.util.function.Supplier;
import jdk.internal.dynalink.beans.BeansLinker;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.GuardedInvocation;
import jdk.internal.dynalink.linker.GuardedInvocationTransformer;
import jdk.internal.dynalink.linker.GuardingDynamicLinker;
@@ -128,6 +130,9 @@
* category usually includes {@link BeansLinker}.
*/
public final class DynamicLinkerFactory {
+ private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext("getClassLoader");
+
/**
* Default value for {@link #setUnstableRelinkThreshold(int) unstable relink
* threshold}.
@@ -495,7 +500,7 @@
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
- }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
+ }, GET_CLASS_LOADER_CONTEXT);
}
private static void addClasses(final Set<Class<? extends GuardingDynamicLinker>> knownLinkerClasses,
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/TypeConverterFactory.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/TypeConverterFactory.java Wed Oct 21 10:41:54 2015 +0200
@@ -88,11 +88,13 @@
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
import java.lang.invoke.WrongMethodTypeException;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.LinkedList;
import java.util.List;
import java.util.function.Supplier;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.ConversionComparator;
import jdk.internal.dynalink.linker.ConversionComparator.Comparison;
import jdk.internal.dynalink.linker.GuardedInvocation;
@@ -107,6 +109,8 @@
* instances and creates appropriate converters for method handles.
*/
final class TypeConverterFactory {
+ private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext("getClassLoader");
private final GuardingTypeConverterFactory[] factories;
private final ConversionComparator[] comparators;
@@ -172,7 +176,7 @@
public ClassLoader run() {
return clazz.getClassLoader();
}
- }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
+ }, GET_CLASS_LOADER_CONTEXT);
}
/**
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CallerSensitiveDynamicMethod.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CallerSensitiveDynamicMethod.java Wed Oct 21 10:41:54 2015 +0200
@@ -91,9 +91,11 @@
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import jdk.internal.dynalink.CallSiteDescriptor;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.support.Lookup;
/**
@@ -103,6 +105,10 @@
* every request.
*/
class CallerSensitiveDynamicMethod extends SingleDynamicMethod {
+ private static final AccessControlContext GET_LOOKUP_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext(
+ CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+
// Typed as "AccessibleObject" as it can be either a method or a constructor.
// If we were Java8-only, we could use java.lang.reflect.Executable
private final AccessibleObject target;
@@ -148,8 +154,8 @@
@Override
MethodHandle getTarget(final CallSiteDescriptor desc) {
final MethodHandles.Lookup lookup = AccessController.doPrivileged(
- (PrivilegedAction<MethodHandles.Lookup>)()->desc.getLookup(), null,
- CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+ (PrivilegedAction<MethodHandles.Lookup>)()->desc.getLookup(),
+ GET_LOOKUP_CONTEXT);
if(target instanceof Method) {
final MethodHandle mh = Lookup.unreflect(lookup, (Method)target);
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CheckRestrictedPackage.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CheckRestrictedPackage.java Wed Oct 21 10:41:54 2015 +0200
@@ -86,15 +86,15 @@
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
-import java.security.Permissions;
import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
/**
* A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc.
*/
class CheckRestrictedPackage {
- private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext();
+ private static final AccessControlContext NO_PERMISSIONS_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext();
/**
* Returns true if the class is either not public, or it resides in a package with restricted access.
@@ -131,8 +131,4 @@
}
return false;
}
-
- private static AccessControlContext createNoPermissionsContext() {
- return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
- }
}
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/ClassString.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/ClassString.java Wed Oct 21 10:41:54 2015 +0200
@@ -85,11 +85,12 @@
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
+import java.security.AccessControlContext;
import java.security.AccessController;
-import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.LinkedList;
import java.util.List;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
import jdk.internal.dynalink.linker.LinkerServices;
import jdk.internal.dynalink.linker.support.TypeUtilities;
@@ -100,7 +101,8 @@
* JLS.
*/
final class ClassString {
- private static final Permission GET_CLASS_LOADER_PERMISSION = new RuntimePermission("getClassLoader");
+ private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext("getClassLoader");
/**
* An anonymous inner class used solely to represent the "type" of null values for method applicability checking.
@@ -158,7 +160,7 @@
}
return true;
}
- }, null, GET_CLASS_LOADER_PERMISSION);
+ }, GET_CLASS_LOADER_CONTEXT);
}
List<MethodHandle> getMaximallySpecifics(final List<MethodHandle> methods, final LinkerServices linkerServices, final boolean varArg) {
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/OverloadedDynamicMethod.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/OverloadedDynamicMethod.java Wed Oct 21 10:41:54 2015 +0200
@@ -87,9 +87,7 @@
import java.lang.invoke.MethodType;
import java.security.AccessControlContext;
import java.security.AccessController;
-import java.security.Permissions;
import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Collections;
@@ -101,6 +99,7 @@
import java.util.Set;
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.beans.ApplicableOverloadedMethods.ApplicabilityTest;
+import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
import jdk.internal.dynalink.linker.LinkerServices;
@@ -231,14 +230,10 @@
}
}
- private static final AccessControlContext GET_CALL_SITE_CLASS_LOADER_CONTEXT;
- static {
- final Permissions perms = new Permissions();
- perms.add(new RuntimePermission("getClassLoader"));
- perms.add(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
- GET_CALL_SITE_CLASS_LOADER_CONTEXT = new AccessControlContext(
- new ProtectionDomain[] { new ProtectionDomain(null, perms) });
- }
+ private static final AccessControlContext GET_CALL_SITE_CLASS_LOADER_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext(
+ new RuntimePermission("getClassLoader"),
+ CallSiteDescriptor.GET_LOOKUP_PERMISSION);
private static ClassLoader getCallSiteClassLoader(final CallSiteDescriptor callSiteDescriptor) {
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/internal/AccessControlContextFactory.java Wed Oct 21 10:41:54 2015 +0200
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.dynalink.internal;
+
+import java.security.AccessControlContext;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+import java.util.stream.Stream;
+
+/**
+ * Utility class for creating permission-restricting {@link AccessControlContext}s.
+ */
+public final class AccessControlContextFactory {
+ private AccessControlContextFactory () {
+ }
+
+ /**
+ * Creates an access control context with no permissions.
+ * @return an access control context with no permissions.
+ */
+ public static AccessControlContext createAccessControlContext() {
+ return createAccessControlContext(new Permission[0]);
+ }
+
+ /**
+ * Creates an access control context limited to only the specified permissions.
+ * @param permissions the permissions for the newly created access control context.
+ * @return a new access control context limited to only the specified permissions.
+ */
+ public static AccessControlContext createAccessControlContext(final Permission... permissions) {
+ final Permissions perms = new Permissions();
+ for(final Permission permission: permissions) {
+ perms.add(permission);
+ }
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ /**
+ * Creates an access control context limited to only the {@link RuntimePermission}s
+ * of the given names.
+ * @param runtimePermissionNames the names of runtime permissions for the
+ * newly created access control context.
+ * @return a new access control context limited to only the runtime
+ * permissions with the specified names.
+ */
+ public static AccessControlContext createAccessControlContext(final String... runtimePermissionNames) {
+ return createAccessControlContext(makeRuntimePermissions(runtimePermissionNames));
+ }
+
+ private static Permission[] makeRuntimePermissions(final String... runtimePermissionNames) {
+ return Stream.of(runtimePermissionNames).map(RuntimePermission::new).toArray(Permission[]::new);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/AccessControlContextFactory.java Wed Oct 21 10:41:54 2015 +0200
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.nashorn.internal.runtime;
+
+import java.security.AccessControlContext;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+import java.util.stream.Stream;
+
+/**
+ * Utility class for creating permission-restricting {@link AccessControlContext}s.
+ */
+public final class AccessControlContextFactory {
+ private AccessControlContextFactory () {
+ }
+
+ /**
+ * Creates an access control context with no permissions.
+ * @return an access control context with no permissions.
+ */
+ public static AccessControlContext createAccessControlContext() {
+ return createAccessControlContext(new Permission[0]);
+ }
+
+ /**
+ * Creates an access control context limited to only the specified permissions.
+ * @param permissions the permissions for the newly created access control context.
+ * @return a new access control context limited to only the specified permissions.
+ */
+ public static AccessControlContext createAccessControlContext(final Permission... permissions) {
+ final Permissions perms = new Permissions();
+ for(final Permission permission: permissions) {
+ perms.add(permission);
+ }
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ /**
+ * Creates an access control context limited to only the {@link RuntimePermission}s
+ * of the given names.
+ * @param runtimePermissionNames the names of runtime permissions for the
+ * newly created access control context.
+ * @return a new access control context limited to only the runtime
+ * permissions with the specified names.
+ */
+ public static AccessControlContext createAccessControlContext(final String... runtimePermissionNames) {
+ return createAccessControlContext(makeRuntimePermissions(runtimePermissionNames));
+ }
+
+ private static Permission[] makeRuntimePermissions(final String... runtimePermissionNames) {
+ return Stream.of(runtimePermissionNames).map(RuntimePermission::new).toArray(Permission[]::new);
+ }
+}
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java Wed Oct 21 10:41:54 2015 +0200
@@ -29,12 +29,12 @@
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.UnwarrantedOptimismException.INVALID_PROGRAM_POINT;
-
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
import java.lang.invoke.SwitchPoint;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@@ -127,6 +127,9 @@
// Marker object for lazily initialized prototype object
private static final Object LAZY_PROTOTYPE = new Object();
+ private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+
private static PropertyMap createStrictModeMap(final PropertyMap map) {
final int flags = Property.NOT_ENUMERABLE | Property.NOT_CONFIGURABLE;
PropertyMap newMap = map;
@@ -961,8 +964,8 @@
private static Lookup getLookupPrivileged(final CallSiteDescriptor desc) {
// NOTE: we'd rather not make NashornCallSiteDescriptor.getLookupPrivileged public.
- return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->desc.getLookup(), null,
- CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+ return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->desc.getLookup(),
+ GET_LOOKUP_PERMISSION_CONTEXT);
}
private GuardedInvocation createApplyOrCallCall(final boolean isApply, final CallSiteDescriptor desc, final LinkRequest request, final Object[] args) {
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornCallSiteDescriptor.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornCallSiteDescriptor.java Wed Oct 21 10:41:54 2015 +0200
@@ -28,6 +28,7 @@
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap;
@@ -35,6 +36,7 @@
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.support.AbstractCallSiteDescriptor;
import jdk.nashorn.internal.ir.debug.NashornTextifier;
+import jdk.nashorn.internal.runtime.AccessControlContextFactory;
import jdk.nashorn.internal.runtime.ScriptRuntime;
/**
@@ -106,6 +108,9 @@
}
};
+ private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+
private final MethodHandles.Lookup lookup;
private final String operator;
private final String operand;
@@ -208,8 +213,8 @@
if (csd instanceof NashornCallSiteDescriptor) {
return ((NashornCallSiteDescriptor)csd).lookup;
}
- return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->csd.getLookup(), null,
- CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+ return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->csd.getLookup(),
+ GET_LOOKUP_PERMISSION_CONTEXT);
}
@Override
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornLinker.java Tue Oct 20 23:34:46 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornLinker.java Wed Oct 21 10:41:54 2015 +0200
@@ -31,6 +31,7 @@
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Modifier;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
@@ -53,6 +54,7 @@
import jdk.nashorn.api.scripting.ScriptObjectMirror;
import jdk.nashorn.api.scripting.ScriptUtils;
import jdk.nashorn.internal.objects.NativeArray;
+import jdk.nashorn.internal.runtime.AccessControlContextFactory;
import jdk.nashorn.internal.runtime.JSType;
import jdk.nashorn.internal.runtime.ListAdapter;
import jdk.nashorn.internal.runtime.ScriptFunction;
@@ -64,6 +66,9 @@
* includes {@link ScriptFunction} and its subclasses) as well as {@link Undefined}.
*/
final class NashornLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
+ private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
+ AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+
private static final ClassValue<MethodHandle> ARRAY_CONVERTERS = new ClassValue<MethodHandle>() {
@Override
protected MethodHandle computeValue(final Class<?> type) {
@@ -171,7 +176,7 @@
public MethodHandles.Lookup run() {
return lookupSupplier.get();
}
- }, null, CallSiteDescriptor.GET_LOOKUP_PERMISSION);
+ }, GET_LOOKUP_PERMISSION_CONTEXT);
}
/**