jdk-sandbox: changeset 16109:eb00701a5769

--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java	Wed Jan 30 11:33:51 2013 +0100
@@ -36,6 +36,7 @@
 
 import javax.management.ObjectName;
 import javax.management.loading.PrivateClassLoader;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class keeps the list of Class Loaders registered in the MBean Server.
@@ -192,6 +193,7 @@
                                final ClassLoader without,
                                final ClassLoader stop)
             throws ClassNotFoundException {
+        ReflectUtil.checkPackageAccess(className);
         final int size = list.length;
         for(int i=0; i<size; i++) {
             try {

--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Wed Jan 30 11:33:51 2013 +0100
@@ -51,6 +51,7 @@
 import javax.management.MBeanRegistrationException;
 import javax.management.MBeanServer;
 import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.NotificationFilter;
 import javax.management.NotificationListener;
@@ -1409,6 +1410,8 @@
         // Default is true.
         final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
 
+        checkNewMBeanServerPermission();
+
         // This constructor happens to disregard the value of the interceptors
         // flag - that is, it always uses the default value - false.
         // This is admitedly a bug, but we chose not to fix it for now
@@ -1494,4 +1497,11 @@
         }
     }
 
+    private static void checkNewMBeanServerPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            Permission perm = new MBeanServerPermission("newMBeanServer");
+            sm.checkPermission(perm);
+        }
+    }
 }

--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Wed Jan 30 11:33:51 2013 +0100
@@ -32,11 +32,13 @@
 import java.io.ObjectInputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.security.Permission;
 import java.util.Map;
 import java.util.logging.Level;
 
 import javax.management.InstanceNotFoundException;
 import javax.management.MBeanException;
+import javax.management.MBeanPermission;
 import javax.management.NotCompliantMBeanException;
 import javax.management.ObjectName;
 import javax.management.OperationsException;
@@ -44,7 +46,7 @@
 import javax.management.RuntimeErrorException;
 import javax.management.RuntimeMBeanException;
 import javax.management.RuntimeOperationsException;
-
+import sun.reflect.misc.ConstructorUtil;
 import sun.reflect.misc.ReflectUtil;
 
 /**
@@ -56,7 +58,6 @@
  * @since 1.5
  */
 public class MBeanInstantiator {
-
     private final ModifiableClassLoaderRepository clr;
     //    private MetaData meta = null;
 
@@ -88,6 +89,7 @@
                              "Exception occurred during object instantiation");
         }
 
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (clr == null) throw new ClassNotFoundException(className);
             theClass = clr.loadClass(className);
@@ -162,6 +164,7 @@
                     continue;
                 }
 
+                ReflectUtil.checkPackageAccess(signature[i]);
                 // Ok we do not have a primitive type ! We need to build
                 // the signature of the method
                 //
@@ -205,6 +208,9 @@
      */
     public Object instantiate(Class<?> theClass)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         Object moi;
 
 
@@ -260,6 +266,9 @@
     public Object instantiate(Class<?> theClass, Object params[],
                               String signature[], ClassLoader loader)
         throws ReflectionException, MBeanException {
+
+        checkMBeanPermission(theClass, null, null, "instantiate");
+
         // Instantiate the new object
 
         // ------------------------------
@@ -407,6 +416,8 @@
             throw new  RuntimeOperationsException(new
              IllegalArgumentException(), "Null className passed in parameter");
         }
+
+        ReflectUtil.checkPackageAccess(className);
         Class<?> theClass;
         if (loaderName == null) {
             // Load the class using the agent class loader
@@ -619,13 +630,13 @@
      **/
     static Class<?> loadClass(String className, ClassLoader loader)
         throws ReflectionException {
-
         Class<?> theClass;
         if (className == null) {
             throw new RuntimeOperationsException(new
                 IllegalArgumentException("The class name cannot be null"),
                               "Exception occurred during object instantiation");
         }
+        ReflectUtil.checkPackageAccess(className);
         try {
             if (loader == null)
                 loader = MBeanInstantiator.class.getClassLoader();
@@ -676,6 +687,7 @@
                 // We need to load the class through the class
                 // loader of the target object.
                 //
+                ReflectUtil.checkPackageAccess(signature[i]);
                 tab[i] = Class.forName(signature[i], false, aLoader);
             }
         } catch (ClassNotFoundException e) {
@@ -701,7 +713,7 @@
 
     private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
         try {
-            return c.getConstructor(params);
+            return ConstructorUtil.getConstructor(c, params);
         } catch (Exception e) {
             return null;
         }
@@ -715,4 +727,18 @@
                                           char.class, boolean.class})
             primitiveClasses.put(c.getName(), c);
     }
+
+    private static void checkMBeanPermission(Class<?> clazz,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions) {
+        SecurityManager sm = System.getSecurityManager();
+        if (clazz != null && sm != null) {
+            Permission perm = new MBeanPermission(clazz.getName(),
+                                                  member,
+                                                  objectName,
+                                                  actions);
+            sm.checkPermission(perm);
+        }
+    }
 }

--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java	Wed Jan 30 11:33:51 2013 +0100
@@ -38,6 +38,7 @@
 import javax.management.ObjectName;
 import javax.management.ReflectionException;
 import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * Base class for MBeans.  There is one instance of this class for
@@ -131,6 +132,7 @@
                 " is not an instance of " + mbeanInterfaceType.getName();
             throw new NotCompliantMBeanException(msg);
         }
+        ReflectUtil.checkPackageAccess(mbeanInterfaceType);
         this.resource = resource;
         MBeanIntrospector<M> introspector = getMBeanIntrospector();
         this.perInterface = introspector.getPerInterface(mbeanInterfaceType);

--- a/jdk/src/share/classes/java/lang/management/ManagementFactory.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/classes/java/lang/management/ManagementFactory.java	Wed Jan 30 11:33:51 2013 +0100
@@ -802,20 +802,20 @@
      */
     private static void addMXBean(final MBeanServer mbs, final PlatformManagedObject pmo) {
         // Make DynamicMBean out of MXBean by wrapping it with a StandardMBean
-        final DynamicMBean dmbean;
-        if (pmo instanceof DynamicMBean) {
-            dmbean = DynamicMBean.class.cast(pmo);
-        } else if (pmo instanceof NotificationEmitter) {
-            dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
-        } else {
-            dmbean = new StandardMBean(pmo, null, true);
-        }
-
         try {
             AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
                 public Void run() throws InstanceAlreadyExistsException,
                                          MBeanRegistrationException,
                                          NotCompliantMBeanException {
+                    final DynamicMBean dmbean;
+                    if (pmo instanceof DynamicMBean) {
+                        dmbean = DynamicMBean.class.cast(pmo);
+                    } else if (pmo instanceof NotificationEmitter) {
+                        dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
+                    } else {
+                        dmbean = new StandardMBean(pmo, null, true);
+                    }
+
                     mbs.registerMBean(dmbean, pmo.getObjectName());
                     return null;
                 }

--- a/jdk/src/share/lib/security/java.security-linux	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/lib/security/java.security-linux	Wed Jan 30 11:33:51 2013 +0100
@@ -151,8 +151,7 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -176,8 +175,7 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\

--- a/jdk/src/share/lib/security/java.security-macosx	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/lib/security/java.security-macosx	Wed Jan 30 11:33:51 2013 +0100
@@ -152,8 +152,7 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -178,8 +177,7 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\

--- a/jdk/src/share/lib/security/java.security-solaris	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/lib/security/java.security-solaris	Wed Jan 30 11:33:51 2013 +0100
@@ -153,8 +153,7 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -178,8 +177,7 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\

--- a/jdk/src/share/lib/security/java.security-windows	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/src/share/lib/security/java.security-windows	Wed Jan 30 11:33:51 2013 +0100
@@ -152,8 +152,7 @@
                com.sun.xml.internal.ws.,\
                com.sun.imageio.,\
                com.sun.istack.internal.,\
-               com.sun.jmx.defaults.,\
-               com.sun.jmx.remote.util.,\
+               com.sun.jmx.,\
                com.sun.proxy.,\
                com.sun.org.apache.xerces.internal.utils.,\
                com.sun.org.apache.xalan.internal.utils.,\
@@ -177,8 +176,7 @@
                    com.sun.xml.internal.ws.,\
                    com.sun.imageio.,\
                    com.sun.istack.internal.,\
-                   com.sun.jmx.defaults.,\
-                   com.sun.jmx.remote.util.,\
+                   com.sun.jmx.,\
                    com.sun.proxy.,\
                    com.sun.org.apache.xerces.internal.utils.,\
                    com.sun.org.apache.xalan.internal.utils.,\

--- a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java	Wed Jan 30 11:33:51 2013 +0100
@@ -119,9 +119,6 @@
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("monitorRole");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -132,6 +129,9 @@
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");

--- a/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java	Mon Jan 28 15:53:29 2013 -0800
+++ b/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java	Wed Jan 30 11:33:51 2013 +0100
@@ -120,9 +120,6 @@
             System.out.println("Create SimpleStandard MBean");
             SimpleStandard s = new SimpleStandard("delegate");
             mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
-            // Set Security Manager
-            //
-            System.setSecurityManager(new SecurityManager());
             // Create Properties containing the username/password entries
             //
             Properties props = new Properties();
@@ -133,6 +130,9 @@
             HashMap env = new HashMap();
             env.put("jmx.remote.authenticator",
                     new JMXPluggableAuthenticator(props));
+            // Set Security Manager
+            //
+            System.setSecurityManager(new SecurityManager());
             // Create an RMI connector server
             //
             System.out.println("Create an RMI connector server");

author	dfuchs
	Wed, 30 Jan 2013 11:33:51 +0100
changeset 16109	eb00701a5769
parent 16108	e5fcdadc69b2
child 16110	2ce1c415475b

jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/classes/java/lang/management/ManagementFactory.java		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/lib/security/java.security-linux		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/lib/security/java.security-macosx		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/lib/security/java.security-solaris		file \| annotate \| diff \| comparison \| revisions
jdk/src/share/lib/security/java.security-windows		file \| annotate \| diff \| comparison \| revisions
jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java		file \| annotate \| diff \| comparison \| revisions
jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java		file \| annotate \| diff \| comparison \| revisions