8149161: CSM call Class.forName in com.sun.java.accessibility.util.Translator
authorptbrunet
Tue, 16 Feb 2016 19:38:26 -0600
changeset 36452 a96686eca71d
parent 36451 0f5d1613d67d
child 36453 fdbaecdd2ace
8149161: CSM call Class.forName in com.sun.java.accessibility.util.Translator Summary: add call to checkPackageAccess Reviewed-by: serb, prr Contributed-by: peter.brunet@oracle.com
jdk/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java
--- a/jdk/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java	Fri Feb 12 16:09:39 2016 +0300
+++ b/jdk/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java	Tue Feb 16 19:38:26 2016 -0600
@@ -32,6 +32,7 @@
 import java.awt.*;
 import java.awt.event.*;
 import java.awt.image.*;
+import java.security.AccessControlException;
 // Do not import Swing classes.  This module is intended to work
 // with both Swing and AWT.
 // import javax.swing.*;
@@ -77,7 +78,7 @@
             return null;
         }
         try {
-            t = Class.forName("com.sun.java.accessibility.util.internal"
+            t = Class.forName("com.sun.java.accessibility.util.internal."
                               + c.getSimpleName()
                               + "Translator");
             return t;
@@ -105,6 +106,10 @@
         if (o instanceof Accessible) {
             a = (Accessible)o;
         } else {
+            // About to "newInstance" an object of a class of a restricted package
+            // so ensure the caller is allowed access to that package.
+            String pkg = "com.sun.java.accessibility.util.internal";
+            System.getSecurityManager().checkPackageAccess(pkg);
             Class<?> translatorClass = getTranslatorClass(o.getClass());
             if (translatorClass != null) {
                 try {