Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8012917: ObjectStreamClass and ObjectStreamField should be CallerSensitive aware
authorchegar
Mon, 22 Apr 2013 11:08:27 +0100
changeset 18238 d1ed51b53296
parent 18237 54af2a0e06da
child 18239 4af5dc2d5794
8012917: ObjectStreamClass and ObjectStreamField should be CallerSensitive aware Reviewed-by: mchung
jdk/src/share/classes/java/io/ObjectStreamClass.java file | annotate | diff | comparison | revisions
jdk/src/share/classes/java/io/ObjectStreamField.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 10:55:14 2013 +0100
+++ b/jdk/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 11:08:27 2013 +0100
@@ -49,6 +49,8 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import sun.misc.Unsafe;
+import sun.reflect.CallerSensitive;
+import sun.reflect.Reflection;
 import sun.reflect.ReflectionFactory;
 import sun.reflect.misc.ReflectUtil;
 
@@ -259,12 +261,13 @@
      *
      * @return  the <code>Class</code> instance that this descriptor represents
      */
+    @CallerSensitive
     public Class<?> forClass() {
         if (cl == null) {
             return null;
         }
-        ClassLoader ccl = ObjectStreamField.getCallerClassLoader();
-        if (ReflectUtil.needsPackageAccessCheck(ccl, cl.getClassLoader())) {
+        Class<?> caller = Reflection.getCallerClass();
+        if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
             ReflectUtil.checkPackageAccess(cl);
         }
         return cl;
--- a/jdk/src/share/classes/java/io/ObjectStreamField.java	Mon Apr 22 10:55:14 2013 +0100
+++ b/jdk/src/share/classes/java/io/ObjectStreamField.java	Mon Apr 22 11:08:27 2013 +0100
@@ -26,6 +26,7 @@
 package java.io;
 
 import java.lang.reflect.Field;
+import sun.reflect.CallerSensitive;
 import sun.reflect.Reflection;
 import sun.reflect.misc.ReflectUtil;
 
@@ -159,32 +160,15 @@
      * @return  a <code>Class</code> object representing the type of the
      *          serializable field
      */
+    @CallerSensitive
     public Class<?> getType() {
-        ClassLoader ccl = getCallerClassLoader();
-        if (ReflectUtil.needsPackageAccessCheck(ccl, type.getClassLoader())) {
+        Class<?> caller = Reflection.getCallerClass();
+        if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) {
             ReflectUtil.checkPackageAccess(type);
         }
         return type;
     }
 
-    // Returns the invoker's class loader.
-    // This is package private because it is accessed from ObjectStreamClass.
-    // NOTE: This must always be invoked when there is exactly one intervening
-    // frame from the core libraries on the stack between this method's
-    // invocation and the desired invoker. The frame count of 3 is determined
-    // as follows:
-    //
-    // 0: Reflection.getCallerClass
-    // 1: getCallerClassLoader()
-    // 2: ObjectStreamField.getType() or ObjectStreamClass.forClass()
-    // 3: the caller we want to check
-    //
-    // NOTE: copied from java.lang.ClassLoader and modified.
-    static ClassLoader getCallerClassLoader() {
-        Class caller = Reflection.getCallerClass(3);
-        return caller.getClassLoader();
-    }
-
     /**
      * Returns character encoding of field type.  The encoding is as follows:
      * <blockquote><pre>
jdk-sandbox