Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8076413: Better JRMP message handling
authorsmarks
Fri, 08 May 2015 15:23:08 -0700
changeset 33280 3aef4137620e
parent 33279 ddef2c0a5c2a
child 33281 0291fb74c7b6
8076413: Better JRMP message handling Reviewed-by: coffeys, igerasim, ahgross
jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCClient.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCClient.java	Thu May 07 09:37:27 2015 +0200
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCClient.java	Fri May 08 15:23:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 
 import java.lang.ref.PhantomReference;
 import java.lang.ref.ReferenceQueue;
+import java.net.SocketPermission;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.HashMap;
@@ -45,6 +46,10 @@
 import sun.rmi.server.UnicastRef;
 import sun.rmi.server.Util;
 
+import java.security.AccessControlContext;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+
 /**
  * DGCClient implements the client-side of the RMI distributed garbage
  * collection system.
@@ -109,6 +114,18 @@
     /** ObjID for server-side DGC object */
     private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
 
+    /**
+     * An AccessControlContext with only socket permissions,
+     * suitable for an RMIClientSocketFactory.
+     */
+    private static final AccessControlContext SOCKET_ACC;
+    static {
+        Permissions perms = new Permissions();
+        perms.add(new SocketPermission("*", "connect,resolve"));
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        SOCKET_ACC = new AccessControlContext(pd);
+    }
+
     /*
      * Disallow anyone from creating one of these.
      */
@@ -566,13 +583,19 @@
                         }
                     }
 
-                    if (needRenewal) {
-                        makeDirtyCall(refsToDirty, sequenceNum);
-                    }
+                    boolean needRenewal_ = needRenewal;
+                    Set<RefEntry> refsToDirty_ = refsToDirty;
+                    long sequenceNum_ = sequenceNum;
+                    AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
+                        if (needRenewal_) {
+                            makeDirtyCall(refsToDirty_, sequenceNum_);
+                        }
 
-                    if (!pendingCleans.isEmpty()) {
-                        makeCleanCalls();
-                    }
+                        if (!pendingCleans.isEmpty()) {
+                            makeCleanCalls();
+                        }
+                        return null;
+                    }, SOCKET_ACC);
                 } while (!removed || !pendingCleans.isEmpty());
             }
         }
jdk-sandbox