8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
Reviewed-by: alanb, coleenp, hseigel, mchung
--- a/make/hotspot/symbols/symbols-unix Thu Nov 30 13:31:30 2017 +0530
+++ b/make/hotspot/symbols/symbols-unix Thu Nov 30 07:54:28 2017 -0500
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
JVM_ArrayCopy
JVM_AssertionStatusDirectives
JVM_CallStackWalk
-JVM_ClassDepth
-JVM_ClassLoaderDepth
JVM_Clone
JVM_ConstantPoolGetClassAt
JVM_ConstantPoolGetClassAtIfLoaded
@@ -47,8 +45,6 @@
JVM_ConstantPoolGetTagAt
JVM_ConstantPoolGetUTF8At
JVM_CountStackFrames
-JVM_CurrentClassLoader
-JVM_CurrentLoadedClass
JVM_CurrentThread
JVM_CurrentTimeMillis
JVM_DefineClass
--- a/make/mapfiles/libjava/mapfile-vers Thu Nov 30 13:31:30 2017 +0530
+++ b/make/mapfiles/libjava/mapfile-vers Thu Nov 30 07:54:28 2017 -0500
@@ -205,10 +205,6 @@
Java_java_lang_Runtime_runFinalization0;
Java_java_lang_Runtime_totalMemory;
Java_java_lang_Runtime_availableProcessors;
- Java_java_lang_SecurityManager_classDepth;
- Java_java_lang_SecurityManager_classLoaderDepth0;
- Java_java_lang_SecurityManager_currentClassLoader0;
- Java_java_lang_SecurityManager_currentLoadedClass0;
Java_java_lang_SecurityManager_getClassContext;
Java_java_lang_Shutdown_halt0;
Java_java_lang_StackTraceElement_initStackTraceElement;
--- a/src/hotspot/share/prims/jvm.cpp Thu Nov 30 13:31:30 2017 +0530
+++ b/src/hotspot/share/prims/jvm.cpp Thu Nov 30 07:54:28 2017 -0500
@@ -3137,64 +3137,6 @@
// java.lang.SecurityManager ///////////////////////////////////////////////////////////////////////
-static bool is_trusted_frame(JavaThread* jthread, vframeStream* vfst) {
- assert(jthread->is_Java_thread(), "must be a Java thread");
- if (jthread->privileged_stack_top() == NULL) return false;
- if (jthread->privileged_stack_top()->frame_id() == vfst->frame_id()) {
- oop loader = jthread->privileged_stack_top()->class_loader();
- if (loader == NULL) return true;
- bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
- if (trusted) return true;
- }
- return false;
-}
-
-JVM_ENTRY(jclass, JVM_CurrentLoadedClass(JNIEnv *env))
- JVMWrapper("JVM_CurrentLoadedClass");
- ResourceMark rm(THREAD);
-
- for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
- // if a method in a class in a trusted loader is in a doPrivileged, return NULL
- bool trusted = is_trusted_frame(thread, &vfst);
- if (trusted) return NULL;
-
- Method* m = vfst.method();
- if (!m->is_native()) {
- InstanceKlass* holder = m->method_holder();
- oop loader = holder->class_loader();
- if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
- return (jclass) JNIHandles::make_local(env, holder->java_mirror());
- }
- }
- }
- return NULL;
-JVM_END
-
-
-JVM_ENTRY(jobject, JVM_CurrentClassLoader(JNIEnv *env))
- JVMWrapper("JVM_CurrentClassLoader");
- ResourceMark rm(THREAD);
-
- for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
-
- // if a method in a class in a trusted loader is in a doPrivileged, return NULL
- bool trusted = is_trusted_frame(thread, &vfst);
- if (trusted) return NULL;
-
- Method* m = vfst.method();
- if (!m->is_native()) {
- InstanceKlass* holder = m->method_holder();
- assert(holder->is_klass(), "just checking");
- oop loader = holder->class_loader();
- if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
- return JNIHandles::make_local(env, loader);
- }
- }
- }
- return NULL;
-JVM_END
-
-
JVM_ENTRY(jobjectArray, JVM_GetClassContext(JNIEnv *env))
JVMWrapper("JVM_GetClassContext");
ResourceMark rm(THREAD);
@@ -3234,58 +3176,6 @@
JVM_END
-JVM_ENTRY(jint, JVM_ClassDepth(JNIEnv *env, jstring name))
- JVMWrapper("JVM_ClassDepth");
- ResourceMark rm(THREAD);
- Handle h_name (THREAD, JNIHandles::resolve_non_null(name));
- Handle class_name_str = java_lang_String::internalize_classname(h_name, CHECK_0);
-
- const char* str = java_lang_String::as_utf8_string(class_name_str());
- TempNewSymbol class_name_sym = SymbolTable::probe(str, (int)strlen(str));
- if (class_name_sym == NULL) {
- return -1;
- }
-
- int depth = 0;
-
- for(vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
- if (!vfst.method()->is_native()) {
- InstanceKlass* holder = vfst.method()->method_holder();
- assert(holder->is_klass(), "just checking");
- if (holder->name() == class_name_sym) {
- return depth;
- }
- depth++;
- }
- }
- return -1;
-JVM_END
-
-
-JVM_ENTRY(jint, JVM_ClassLoaderDepth(JNIEnv *env))
- JVMWrapper("JVM_ClassLoaderDepth");
- ResourceMark rm(THREAD);
- int depth = 0;
- for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
- // if a method in a class in a trusted loader is in a doPrivileged, return -1
- bool trusted = is_trusted_frame(thread, &vfst);
- if (trusted) return -1;
-
- Method* m = vfst.method();
- if (!m->is_native()) {
- InstanceKlass* holder = m->method_holder();
- assert(holder->is_klass(), "just checking");
- oop loader = holder->class_loader();
- if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
- return depth;
- }
- depth++;
- }
- }
- return -1;
-JVM_END
-
-
// java.lang.Package ////////////////////////////////////////////////////////////////
--- a/src/java.base/share/classes/java/lang/SecurityManager.java Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/classes/java/lang/SecurityManager.java Thu Nov 30 07:54:28 2017 -0500
@@ -101,7 +101,7 @@
* <code>checkPermission</code> returns quietly. If denied, a
* <code>SecurityException</code> is thrown.
* <p>
- * As of Java 2 SDK v1.2, the default implementation of each of the other
+ * The default implementation of each of the other
* <code>check</code> methods in <code>SecurityManager</code> is to
* call the <code>SecurityManager checkPermission</code> method
* to determine if the calling thread has permission to perform the requested
@@ -197,10 +197,10 @@
* See {@extLink security_guide_permissions
* Permissions in the Java Development Kit (JDK)}
* for permission-related information.
- * This document includes, for example, a table listing the various SecurityManager
+ * This document includes a table listing the various SecurityManager
* <code>check</code> methods and the permission(s) the default
* implementation of each such method requires.
- * It also contains a table of all the version 1.2 methods
+ * It also contains a table of the methods
* that require permissions, and for each such method tells
* which permission it requires.
*
@@ -228,20 +228,7 @@
*
* @since 1.0
*/
-public
-class SecurityManager {
-
- /**
- * This field is <code>true</code> if there is a security check in
- * progress; <code>false</code> otherwise.
- *
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This field is subject to removal in a
- * future version of Java SE.
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected boolean inCheck;
+public class SecurityManager {
/*
* Have we been initialized. Effective against finalizer attacks.
@@ -262,24 +249,6 @@
}
/**
- * Tests if there is a security check in progress.
- *
- * @return the value of the <code>inCheck</code> field. This field
- * should contain <code>true</code> if a security check is
- * in progress,
- * <code>false</code> otherwise.
- * @see java.lang.SecurityManager#inCheck
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- */
- @Deprecated(since="1.2", forRemoval=true)
- public boolean getInCheck() {
- return inCheck;
- }
-
- /**
* Constructs a new <code>SecurityManager</code>.
*
* <p> If there is a security manager already installed, this method first
@@ -322,198 +291,6 @@
protected native Class<?>[] getClassContext();
/**
- * Returns the class loader of the most recently executing method from
- * a class defined using a non-system class loader. A non-system
- * class loader is defined as being a class loader that is not equal to
- * the system class loader (as returned
- * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
- * <p>
- * This method will return
- * <code>null</code> in the following three cases:
- * <ol>
- * <li>All methods on the execution stack are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li>All methods on the execution stack up to the first
- * "privileged" caller
- * (see {@link java.security.AccessController#doPrivileged})
- * are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li> A call to <code>checkPermission</code> with
- * <code>java.security.AllPermission</code> does not
- * result in a SecurityException.
- *
- * </ol>
- *
- * @return the class loader of the most recent occurrence on the stack
- * of a method from a class defined using a non-system class
- * loader.
- *
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- *
- * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected ClassLoader currentClassLoader() {
- ClassLoader cl = currentClassLoader0();
- if ((cl != null) && hasAllPermission())
- cl = null;
- return cl;
- }
-
- private native ClassLoader currentClassLoader0();
-
- /**
- * Returns the class of the most recently executing method from
- * a class defined using a non-system class loader. A non-system
- * class loader is defined as being a class loader that is not equal to
- * the system class loader (as returned
- * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
- * <p>
- * This method will return
- * <code>null</code> in the following three cases:
- * <ol>
- * <li>All methods on the execution stack are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li>All methods on the execution stack up to the first
- * "privileged" caller
- * (see {@link java.security.AccessController#doPrivileged})
- * are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li> A call to <code>checkPermission</code> with
- * <code>java.security.AllPermission</code> does not
- * result in a SecurityException.
- *
- * </ol>
- *
- * @return the class of the most recent occurrence on the stack
- * of a method from a class defined using a non-system class
- * loader.
- *
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- *
- * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected Class<?> currentLoadedClass() {
- Class<?> c = currentLoadedClass0();
- if ((c != null) && hasAllPermission())
- c = null;
- return c;
- }
-
- /**
- * Returns the stack depth of the specified class.
- *
- * @param name the fully qualified name of the class to search for.
- * @return the depth on the stack frame of the first occurrence of a
- * method from a class with the specified name;
- * <code>-1</code> if such a frame cannot be found.
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected native int classDepth(String name);
-
- /**
- * Returns the stack depth of the most recently executing method
- * from a class defined using a non-system class loader. A non-system
- * class loader is defined as being a class loader that is not equal to
- * the system class loader (as returned
- * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
- * <p>
- * This method will return
- * -1 in the following three cases:
- * <ol>
- * <li>All methods on the execution stack are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li>All methods on the execution stack up to the first
- * "privileged" caller
- * (see {@link java.security.AccessController#doPrivileged})
- * are from classes
- * defined using the system class loader or one of its ancestors.
- *
- * <li> A call to <code>checkPermission</code> with
- * <code>java.security.AllPermission</code> does not
- * result in a SecurityException.
- *
- * </ol>
- *
- * @return the depth on the stack frame of the most recent occurrence of
- * a method from a class defined using a non-system class loader.
- *
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- *
- * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected int classLoaderDepth() {
- int depth = classLoaderDepth0();
- if (depth != -1) {
- if (hasAllPermission())
- depth = -1;
- else
- depth--; // make sure we don't include ourself
- }
- return depth;
- }
-
- private native int classLoaderDepth0();
-
- /**
- * Tests if a method from a class with the specified
- * name is on the execution stack.
- *
- * @param name the fully qualified name of the class.
- * @return <code>true</code> if a method from a class with the specified
- * name is on the execution stack; <code>false</code> otherwise.
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected boolean inClass(String name) {
- return classDepth(name) >= 0;
- }
-
- /**
- * Basically, tests if a method from a class defined using a
- * class loader is on the execution stack.
- *
- * @return <code>true</code> if a call to <code>currentClassLoader</code>
- * has a non-null return value.
- *
- * @deprecated This type of security checking is not recommended.
- * It is recommended that the <code>checkPermission</code>
- * call be used instead. This method is subject to removal in a
- * future version of Java SE.
- * @see #currentClassLoader() currentClassLoader
- */
- @Deprecated(since="1.2", forRemoval=true)
- protected boolean inClassLoader() {
- return currentClassLoader() != null;
- }
-
- /**
* Creates an object that encapsulates the current execution
* environment. The result of this method is used, for example, by the
* three-argument <code>checkConnect</code> method and by the
@@ -1698,64 +1475,32 @@
}
/**
- * Throws a <code>SecurityException</code> if the
- * calling thread is not allowed to access members.
- * <p>
- * The default policy is to allow access to PUBLIC members, as well
- * as access to classes that have the same class loader as the caller.
- * In all other cases, this method calls <code>checkPermission</code>
- * with the <code>RuntimePermission("accessDeclaredMembers")
- * </code> permission.
- * <p>
- * If this method is overridden, then a call to
- * <code>super.checkMemberAccess</code> cannot be made,
- * as the default implementation of <code>checkMemberAccess</code>
- * relies on the code being checked being at a stack depth of
- * 4.
+ * Throws a {@code SecurityException} if the calling thread does
+ * not have {@code AllPermission}.
*
* @param clazz the class that reflection is to be performed on.
- *
* @param which type of access, PUBLIC or DECLARED.
- *
- * @exception SecurityException if the caller does not have
- * permission to access members.
- * @exception NullPointerException if the <code>clazz</code> argument is
- * <code>null</code>.
- *
- * @deprecated This method relies on the caller being at a stack depth
- * of 4 which is error-prone and cannot be enforced by the runtime.
- * Users of this method should instead invoke {@link #checkPermission}
- * directly.
- * This method is subject to removal in a future version of Java SE.
- *
- * @see java.lang.reflect.Member
+ * @throws SecurityException if the caller does not have
+ * {@code AllPermission}
+ * @throws NullPointerException if the {@code clazz} argument is
+ * {@code null}
+ * @deprecated This method was originally used to check if the calling
+ * thread was allowed to access members. It relied on the
+ * caller being at a stack depth of 4 which is error-prone and
+ * cannot be enforced by the runtime. The method has been
+ * obsoleted and code should instead use
+ * {@link #checkPermission} to check
+ * {@code RuntimePermission("accessDeclaredMembers")}. This
+ * method is subject to removal in a future version of Java SE.
* @since 1.1
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.8", forRemoval=true)
- @CallerSensitive
public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == null) {
throw new NullPointerException("class can't be null");
}
- if (which != Member.PUBLIC) {
- Class<?> stack[] = getClassContext();
- /*
- * stack depth of 4 should be the caller of one of the
- * methods in java.lang.Class that invoke checkMember
- * access. The stack should look like:
- *
- * someCaller [3]
- * java.lang.Class.someReflectionAPI [2]
- * java.lang.Class.checkMemberAccess [1]
- * SecurityManager.checkMemberAccess [0]
- *
- */
- if ((stack.length<4) ||
- (stack[3].getClassLoader() != clazz.getClassLoader())) {
- checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
- }
- }
+ checkPermission(SecurityConstants.ALL_PERMISSION);
}
/**
@@ -1792,8 +1537,6 @@
checkPermission(new SecurityPermission(target));
}
- private native Class<?> currentLoadedClass0();
-
/**
* Returns the thread group into which to instantiate any new
* thread being created at the time this is being called.
--- a/src/java.base/share/native/include/jvm.h Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/native/include/jvm.h Thu Nov 30 07:54:28 2017 -0500
@@ -262,21 +262,9 @@
/*
* java.lang.SecurityManager
*/
-JNIEXPORT jclass JNICALL
-JVM_CurrentLoadedClass(JNIEnv *env);
-
-JNIEXPORT jobject JNICALL
-JVM_CurrentClassLoader(JNIEnv *env);
-
JNIEXPORT jobjectArray JNICALL
JVM_GetClassContext(JNIEnv *env);
-JNIEXPORT jint JNICALL
-JVM_ClassDepth(JNIEnv *env, jstring name);
-
-JNIEXPORT jint JNICALL
-JVM_ClassLoaderDepth(JNIEnv *env);
-
/*
* java.lang.Package
*/
--- a/src/java.base/share/native/libjava/SecurityManager.c Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/native/libjava/SecurityManager.c Thu Nov 30 07:54:28 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -76,53 +76,3 @@
return JVM_GetClassContext(env);
}
-
-JNIEXPORT jclass JNICALL
-Java_java_lang_SecurityManager_currentLoadedClass0(JNIEnv *env, jobject this)
-{
- /* Make sure the security manager instance is initialized */
- if (!check(env, this)) {
- return NULL; /* exception */
- }
-
- return JVM_CurrentLoadedClass(env);
-}
-
-JNIEXPORT jobject JNICALL
-Java_java_lang_SecurityManager_currentClassLoader0(JNIEnv *env, jobject this)
-{
- /* Make sure the security manager instance is initialized */
- if (!check(env, this)) {
- return NULL; /* exception */
- }
-
- return JVM_CurrentClassLoader(env);
-}
-
-JNIEXPORT jint JNICALL
-Java_java_lang_SecurityManager_classDepth(JNIEnv *env, jobject this,
- jstring name)
-{
- /* Make sure the security manager instance is initialized */
- if (!check(env, this)) {
- return -1; /* exception */
- }
-
- if (name == NULL) {
- JNU_ThrowNullPointerException(env, 0);
- return -1;
- }
-
- return JVM_ClassDepth(env, name);
-}
-
-JNIEXPORT jint JNICALL
-Java_java_lang_SecurityManager_classLoaderDepth0(JNIEnv *env, jobject this)
-{
- /* Make sure the security manager instance is initialized */
- if (!check(env, this)) {
- return -1; /* exception */
- }
-
- return JVM_ClassLoaderDepth(env);
-}
--- a/src/java.desktop/share/classes/sun/applet/AppletSecurity.java Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.desktop/share/classes/sun/applet/AppletSecurity.java Thu Nov 30 07:54:28 2017 -0500
@@ -48,6 +48,8 @@
import sun.awt.AWTPermissions;
import sun.security.util.SecurityConstants;
+import static java.lang.StackWalker.*;
+import static java.lang.StackWalker.Option.*;
/**
@@ -106,11 +108,90 @@
});
}
+ private static final StackWalker walker =
+ AccessController.doPrivileged(
+ (PrivilegedAction<StackWalker>) () ->
+ StackWalker.getInstance(RETAIN_CLASS_REFERENCE));
+ /**
+ * Returns the class loader of the most recently executing method from
+ * a class defined using a non-system class loader. A non-system
+ * class loader is defined as being a class loader that is not equal to
+ * the system class loader (as returned
+ * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
+ * <p>
+ * This method will return
+ * <code>null</code> in the following three cases:
+ * <ol>
+ * <li>All methods on the execution stack are from classes
+ * defined using the system class loader or one of its ancestors.
+ *
+ * <li>All methods on the execution stack up to the first
+ * "privileged" caller
+ * (see {@link java.security.AccessController#doPrivileged})
+ * are from classes
+ * defined using the system class loader or one of its ancestors.
+ *
+ * <li> A call to <code>checkPermission</code> with
+ * <code>java.security.AllPermission</code> does not
+ * result in a SecurityException.
+ * </ol>
+ *
+ * NOTE: This is an implementation of the SecurityManager.currentClassLoader
+ * method that uses StackWalker. SecurityManager.currentClassLoader
+ * has been removed from SE. This is a temporary workaround which is
+ * only needed while applets are still supported.
+ *
+ * @return the class loader of the most recent occurrence on the stack
+ * of a method from a class defined using a non-system class
+ * loader.
+ */
+ private static ClassLoader currentClassLoader() {
+ StackFrame f =
+ walker.walk(s -> s.takeWhile(AppletSecurity::isNonPrivileged)
+ .filter(AppletSecurity::isNonSystemFrame)
+ .findFirst())
+ .orElse(null);
+
+ SecurityManager sm = System.getSecurityManager();
+ if (f != null && sm != null) {
+ try {
+ sm.checkPermission(new AllPermission());
+ } catch (SecurityException se) {
+ return f.getDeclaringClass().getClassLoader();
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns true if the StackFrame is not AccessController.doPrivileged.
+ */
+ private static boolean isNonPrivileged(StackFrame f) {
+ // possibly other doPrivileged variants
+ Class<?> c = f.getDeclaringClass();
+ return c == AccessController.class &&
+ f.getMethodName().equals("doPrivileged");
+ }
+
+ /**
+ * Returns true if the StackFrame is not from a class defined by the
+ * system class loader or one of its ancestors.
+ */
+ private static boolean isNonSystemFrame(StackFrame f) {
+ ClassLoader loader = ClassLoader.getSystemClassLoader();
+ ClassLoader ld = f.getDeclaringClass().getClassLoader();
+ if (ld == null || ld == loader) return false;
+
+ while ((loader = loader.getParent()) != null) {
+ if (ld == loader)
+ return false;
+ }
+ return true;
+ }
+
/**
* get the current (first) instance of an AppletClassLoader on the stack.
*/
- @SuppressWarnings({"deprecation",
- "removal"}) // SecurityManager.currentClassLoader()
private AppletClassLoader currentAppletClassLoader()
{
// try currentClassLoader first
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java Thu Nov 30 07:54:28 2017 -0500
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8004502 8008793 8029886 8186535
+ * @summary Sanity check that the SecurityManager checkMemberAccess method and
+ * methods that used to check AWTPermission now check for AllPermission
+ */
+
+import java.security.AllPermission;
+import java.security.Permission;
+
+public class DepMethodsRequireAllPerm {
+
+ static class MySecurityManager extends SecurityManager {
+ final Class<?> expectedClass;
+
+ MySecurityManager(Class<?> c) {
+ expectedClass = c;
+ }
+
+ @Override
+ public void checkPermission(Permission perm) {
+ if (perm.getClass() != expectedClass)
+ throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
+ super.checkPermission(perm);
+ }
+ }
+
+ public static void main(String[] args) {
+ MySecurityManager sm = new MySecurityManager(AllPermission.class);
+
+ try {
+ sm.checkAwtEventQueueAccess();
+ throw new RuntimeException("SecurityException expected");
+ } catch (SecurityException expected) { }
+
+ try {
+ sm.checkSystemClipboardAccess();
+ throw new RuntimeException("SecurityException expected");
+ } catch (SecurityException expected) { }
+
+ try {
+ sm.checkTopLevelWindow(null);
+ throw new RuntimeException("NullPointException expected");
+ } catch (NullPointerException expected) { }
+
+ if (sm.checkTopLevelWindow(new Object())) {
+ throw new RuntimeException("checkTopLevelWindow expected to return false");
+ }
+
+ try {
+ sm.checkMemberAccess(Object.class, java.lang.reflect.Member.DECLARED);
+ throw new RuntimeException("SecurityException expected");
+ } catch (SecurityException expected) { }
+
+ try {
+ sm.checkMemberAccess(null, java.lang.reflect.Member.DECLARED);
+ throw new RuntimeException("NullPointerException expected");
+ } catch (NullPointerException expected) { }
+ }
+}
--- a/test/jdk/java/lang/SecurityManager/NoAWT.java Thu Nov 30 13:31:30 2017 +0530
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/* @test
- * @bug 8004502 8008793 8029886
- * @summary Sanity check that SecurityManager methods that used to check
- * AWTPermission now check for AllPermission
- */
-
-import java.security.AllPermission;
-import java.security.Permission;
-
-public class NoAWT {
-
- static class MySecurityManager extends SecurityManager {
- final Class<?> expectedClass;
-
- MySecurityManager(Class<?> c) {
- expectedClass = c;
- }
-
- @Override
- public void checkPermission(Permission perm) {
- if (perm.getClass() != expectedClass)
- throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
- super.checkPermission(perm);
- }
- }
-
- public static void main(String[] args) {
- MySecurityManager sm = new MySecurityManager(AllPermission.class);
-
- try {
- sm.checkAwtEventQueueAccess();
- throw new RuntimeException("SecurityException expected");
- } catch (SecurityException expected) { }
-
- try {
- sm.checkSystemClipboardAccess();
- throw new RuntimeException("SecurityException expected");
- } catch (SecurityException expected) { }
-
- try {
- sm.checkTopLevelWindow(null);
- throw new RuntimeException("NullPointException expected");
- } catch (NullPointerException expected) { }
-
- if (sm.checkTopLevelWindow(new Object())) {
- throw new RuntimeException("checkTopLevelWindow expected to return false");
- }
- }
-}