8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
authorvlivanov
Fri, 21 Feb 2014 17:12:23 +0400
changeset 23022 ede1afdc49a2
parent 23021 b4b8495fd392
child 23023 c1aebf9d16a9
8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package 8033278: Missed access checks for Lookup.unreflect* after 8032585 Reviewed-by: jrose, twisti
jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/Test.java
jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p1/T2.java
jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p2/T3.java
--- a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java	Wed Feb 26 10:37:23 2014 +0100
+++ b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java	Fri Feb 21 17:12:23 2014 +0400
@@ -90,35 +90,28 @@
         if (allowedModes == 0)  return false;
         assert((allowedModes & PUBLIC) != 0 &&
                (allowedModes & ~(ALL_ACCESS_MODES|PACKAGE_ALLOWED)) == 0);
-        // Usually refc and defc are the same, but if they differ, verify them both.
-        if (refc != defc) {
-            if (!isClassAccessible(refc, lookupClass, allowedModes)) {
-                // Note that defc is verified in the switch below.
-                return false;
-            }
-            if ((mods & (ALL_ACCESS_MODES|STATIC)) == (PROTECTED|STATIC) &&
-                (allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0) {
-                // Apply the special rules for refc here.
-                if (!isRelatedClass(refc, lookupClass))
-                    return isSamePackage(defc, lookupClass);
-                // If refc == defc, the call to isPublicSuperClass will do
-                // the whole job, since in that case refc (as defc) will be
-                // a superclass of the lookup class.
-            }
+        // The symbolic reference class (refc) must always be fully verified.
+        if (!isClassAccessible(refc, lookupClass, allowedModes)) {
+            return false;
         }
+        // Usually refc and defc are the same, but verify defc also in case they differ.
         if (defc == lookupClass &&
             (allowedModes & PRIVATE) != 0)
             return true;        // easy check; all self-access is OK
         switch (mods & ALL_ACCESS_MODES) {
         case PUBLIC:
-            if (refc != defc)  return true;  // already checked above
-            return isClassAccessible(refc, lookupClass, allowedModes);
+            return true;  // already checked above
         case PROTECTED:
             if ((allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0 &&
                 isSamePackage(defc, lookupClass))
                 return true;
+            if ((allowedModes & PROTECTED) == 0)
+                return false;
+            if ((mods & STATIC) != 0 &&
+                !isRelatedClass(refc, lookupClass))
+                return false;
             if ((allowedModes & PROTECTED) != 0 &&
-                isPublicSuperClass(defc, lookupClass))
+                isSuperClass(defc, lookupClass))
                 return true;
             return false;
         case PACKAGE_ONLY:  // That is, zero.  Unmarked member is package-only access.
@@ -140,8 +133,8 @@
                 lookupClass.isAssignableFrom(refc));
     }
 
-    static boolean isPublicSuperClass(Class<?> defc, Class<?> lookupClass) {
-        return isPublic(getClassModifiers(defc)) && defc.isAssignableFrom(lookupClass);
+    static boolean isSuperClass(Class<?> defc, Class<?> lookupClass) {
+        return defc.isAssignableFrom(lookupClass);
     }
 
     static int getClassModifiers(Class<?> c) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/Test.java	Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/**
+ * @test
+ * @bug 8032585 8033278
+ * @summary JSR292: IllegalAccessError when attempting to invoke protected method from different package
+ *
+ * @compile p1/T2.java p2/T3.java
+ * @run main/othervm p2.T3
+ */
+public class Test {}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p1/T2.java	Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+package p1;
+
+import p2.T3;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodHandles.Lookup;
+import java.lang.invoke.MethodType;
+import java.util.concurrent.Callable;
+
+class T1 {
+    protected        void m1() {}
+    protected static void m2() {}
+}
+
+public class T2 extends T1 {
+    public static void main(String[] args) throws Throwable {
+        Lookup LOOKUP = T3.lookup();
+        Class<IllegalAccessException> IAE = IllegalAccessException.class;
+
+        assertFailure(IAE, () -> LOOKUP.findVirtual(T1.class, "m1", MethodType.methodType(void.class)));
+        assertFailure(IAE, () -> LOOKUP.findStatic(T1.class, "m2", MethodType.methodType(void.class)));
+
+        assertSuccess(() -> LOOKUP.findVirtual(T2.class, "m1", MethodType.methodType(void.class)));
+        assertSuccess(() -> LOOKUP.findVirtual(T3.class, "m1", MethodType.methodType(void.class)));
+
+        assertSuccess(() -> LOOKUP.findStatic(T2.class, "m2", MethodType.methodType(void.class)));
+        assertSuccess(() -> LOOKUP.findStatic(T3.class, "m2", MethodType.methodType(void.class)));
+
+        assertFailure(IAE, () -> LOOKUP.unreflect(T1.class.getDeclaredMethod("m1")));
+        assertFailure(IAE, () -> LOOKUP.unreflect(T1.class.getDeclaredMethod("m2")));
+
+        System.out.println("TEST PASSED");
+    }
+
+    public static void assertFailure(Class<? extends Throwable> expectedError, Callable r) {
+        try {
+            r.call();
+        } catch(Throwable e) {
+            if (expectedError.isAssignableFrom(e.getClass())) {
+                return; // expected error
+            } else {
+                throw new Error("Unexpected error type: "+e.getClass()+"; expected type: "+expectedError, e);
+            }
+        }
+        throw new Error("No error");
+    }
+
+    public static void assertSuccess(Callable r) {
+        try {
+            r.call();
+        } catch(Throwable e) {
+            throw new Error("Unexpected error", e);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p2/T3.java	Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+package p2;
+
+import p1.T2;
+
+import java.lang.invoke.MethodHandles;
+
+public class T3 extends T2 {
+    public static MethodHandles.Lookup lookup() { return MethodHandles.lookup(); }
+}