8176815: Remove StackFramePermission and use RuntimePermission for stack walking
Reviewed-by: alanb, bchristi
--- a/jdk/src/java.base/share/classes/java/lang/LiveStackFrame.java Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/LiveStackFrame.java Wed Mar 15 18:08:46 2017 -0700
@@ -169,7 +169,7 @@
* it denies access to {@code RuntimePermission("liveStackFrames")}; or
* or if the given {@code options} contains
* {@link StackWalker.Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE}
- * and it denies access to {@code StackFramePermission("retainClassReference")}.
+ * and it denies access to {@code RuntimePermission("getStackWalkerWithClassReference")}.
*/
public static StackWalker getStackWalker(Set<StackWalker.Option> options) {
SecurityManager sm = System.getSecurityManager();
--- a/jdk/src/java.base/share/classes/java/lang/RuntimePermission.java Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/RuntimePermission.java Wed Mar 15 18:08:46 2017 -0700
@@ -298,6 +298,14 @@
* </tr>
*
* <tr>
+ * <td>getStackWalkerWithClassReference</td>
+ * <td>Get a stack walker that can retrieve stack frames with class reference.</td>
+ * <td>This allows retrieval of Class objects from stack walking.
+ * This might allow malicious code to access Class objects on the stack
+ * outside its own context.</td>
+ * </tr>
+ *
+ * <tr>
* <td>setDefaultUncaughtExceptionHandler</td>
* <td>Setting the default handler to be used when a thread
* terminates abruptly due to an uncaught exception</td>
--- a/jdk/src/java.base/share/classes/java/lang/StackFramePermission.java Wed Mar 15 17:17:16 2017 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package java.lang;
-
-/**
- * Permission to access {@link StackWalker.StackFrame}.
- *
- * @see java.lang.StackWalker.Option#RETAIN_CLASS_REFERENCE
- * @see StackWalker.StackFrame#getDeclaringClass()
- */
-public class StackFramePermission extends java.security.BasicPermission {
- private static final long serialVersionUID = 2841894854386706014L;
-
- /**
- * Creates a new {@code StackFramePermission} object.
- *
- * @param name Permission name. Must be "retainClassReference".
- *
- * @throws IllegalArgumentException if {@code name} is invalid.
- * @throws NullPointerException if {@code name} is {@code null}.
- */
- public StackFramePermission(String name) {
- super(name);
- if (!name.equals("retainClassReference")) {
- throw new IllegalArgumentException("name: " + name);
- }
- }
-}
--- a/jdk/src/java.base/share/classes/java/lang/StackWalker.java Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/StackWalker.java Wed Mar 15 18:08:46 2017 -0700
@@ -279,7 +279,7 @@
* If a security manager is present and the given {@code option} is
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
- * method for {@code StackFramePermission("retainClassReference")}.
+ * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* @param option {@link Option stack walking option}
*
@@ -303,7 +303,7 @@
* If a security manager is present and the given {@code options} contains
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
- * method for {@code StackFramePermission("retainClassReference")}.
+ * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* @param options {@link Option stack walking option}
*
@@ -333,7 +333,7 @@
* If a security manager is present and the given {@code options} contains
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
- * method for {@code StackFramePermission("retainClassReference")}.
+ * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* <p>
* The {@code estimateDepth} specifies the estimate number of stack frames
@@ -376,7 +376,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (options.contains(Option.RETAIN_CLASS_REFERENCE)) {
- sm.checkPermission(new StackFramePermission("retainClassReference"));
+ sm.checkPermission(new RuntimePermission("getStackWalkerWithClassReference"));
}
}
}
--- a/jdk/test/java/lang/StackWalker/CallerSensitiveMethod/csm/jdk/test/CallerSensitiveTest.java Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/test/java/lang/StackWalker/CallerSensitiveMethod/csm/jdk/test/CallerSensitiveTest.java Wed Mar 15 18:08:46 2017 -0700
@@ -50,7 +50,7 @@
if (args.length > 0 && args[0].equals("sm")) {
sm = true;
PermissionCollection perms = new Permissions();
- perms.add(new StackFramePermission("retainClassReference"));
+ perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission p) {
--- a/jdk/test/java/lang/StackWalker/GetCallerClassTest.java Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/test/java/lang/StackWalker/GetCallerClassTest.java Wed Mar 15 18:08:46 2017 -0700
@@ -55,7 +55,7 @@
public static void main(String... args) throws Exception {
if (args.length > 0 && args[0].equals("sm")) {
PermissionCollection perms = new Permissions();
- perms.add(new StackFramePermission("retainClassReference"));
+ perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
Policy.setPolicy(new Policy() {
@Override
public boolean implies(ProtectionDomain domain, Permission p) {
--- a/jdk/test/java/lang/StackWalker/stackwalk.policy Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/test/java/lang/StackWalker/stackwalk.policy Wed Mar 15 18:08:46 2017 -0700
@@ -1,4 +1,4 @@
grant {
- permission java.lang.StackFramePermission "retainClassReference";
+ permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
};
--- a/jdk/test/java/lang/StackWalker/stackwalktest.policy Wed Mar 15 17:17:16 2017 -0700
+++ b/jdk/test/java/lang/StackWalker/stackwalktest.policy Wed Mar 15 18:08:46 2017 -0700
@@ -1,5 +1,5 @@
grant {
- permission java.lang.StackFramePermission "retainClassReference";
+ permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
permission java.util.PropertyPermission "seed", "read";
};