8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
8033278: Missed access checks for Lookup.unreflect* after 8032585
Reviewed-by: jrose, twisti
--- a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java Wed Feb 26 10:37:23 2014 +0100
+++ b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java Fri Feb 21 17:12:23 2014 +0400
@@ -90,35 +90,28 @@
if (allowedModes == 0) return false;
assert((allowedModes & PUBLIC) != 0 &&
(allowedModes & ~(ALL_ACCESS_MODES|PACKAGE_ALLOWED)) == 0);
- // Usually refc and defc are the same, but if they differ, verify them both.
- if (refc != defc) {
- if (!isClassAccessible(refc, lookupClass, allowedModes)) {
- // Note that defc is verified in the switch below.
- return false;
- }
- if ((mods & (ALL_ACCESS_MODES|STATIC)) == (PROTECTED|STATIC) &&
- (allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0) {
- // Apply the special rules for refc here.
- if (!isRelatedClass(refc, lookupClass))
- return isSamePackage(defc, lookupClass);
- // If refc == defc, the call to isPublicSuperClass will do
- // the whole job, since in that case refc (as defc) will be
- // a superclass of the lookup class.
- }
+ // The symbolic reference class (refc) must always be fully verified.
+ if (!isClassAccessible(refc, lookupClass, allowedModes)) {
+ return false;
}
+ // Usually refc and defc are the same, but verify defc also in case they differ.
if (defc == lookupClass &&
(allowedModes & PRIVATE) != 0)
return true; // easy check; all self-access is OK
switch (mods & ALL_ACCESS_MODES) {
case PUBLIC:
- if (refc != defc) return true; // already checked above
- return isClassAccessible(refc, lookupClass, allowedModes);
+ return true; // already checked above
case PROTECTED:
if ((allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0 &&
isSamePackage(defc, lookupClass))
return true;
+ if ((allowedModes & PROTECTED) == 0)
+ return false;
+ if ((mods & STATIC) != 0 &&
+ !isRelatedClass(refc, lookupClass))
+ return false;
if ((allowedModes & PROTECTED) != 0 &&
- isPublicSuperClass(defc, lookupClass))
+ isSuperClass(defc, lookupClass))
return true;
return false;
case PACKAGE_ONLY: // That is, zero. Unmarked member is package-only access.
@@ -140,8 +133,8 @@
lookupClass.isAssignableFrom(refc));
}
- static boolean isPublicSuperClass(Class<?> defc, Class<?> lookupClass) {
- return isPublic(getClassModifiers(defc)) && defc.isAssignableFrom(lookupClass);
+ static boolean isSuperClass(Class<?> defc, Class<?> lookupClass) {
+ return defc.isAssignableFrom(lookupClass);
}
static int getClassModifiers(Class<?> c) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/Test.java Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/**
+ * @test
+ * @bug 8032585 8033278
+ * @summary JSR292: IllegalAccessError when attempting to invoke protected method from different package
+ *
+ * @compile p1/T2.java p2/T3.java
+ * @run main/othervm p2.T3
+ */
+public class Test {}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p1/T2.java Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+package p1;
+
+import p2.T3;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodHandles.Lookup;
+import java.lang.invoke.MethodType;
+import java.util.concurrent.Callable;
+
+class T1 {
+ protected void m1() {}
+ protected static void m2() {}
+}
+
+public class T2 extends T1 {
+ public static void main(String[] args) throws Throwable {
+ Lookup LOOKUP = T3.lookup();
+ Class<IllegalAccessException> IAE = IllegalAccessException.class;
+
+ assertFailure(IAE, () -> LOOKUP.findVirtual(T1.class, "m1", MethodType.methodType(void.class)));
+ assertFailure(IAE, () -> LOOKUP.findStatic(T1.class, "m2", MethodType.methodType(void.class)));
+
+ assertSuccess(() -> LOOKUP.findVirtual(T2.class, "m1", MethodType.methodType(void.class)));
+ assertSuccess(() -> LOOKUP.findVirtual(T3.class, "m1", MethodType.methodType(void.class)));
+
+ assertSuccess(() -> LOOKUP.findStatic(T2.class, "m2", MethodType.methodType(void.class)));
+ assertSuccess(() -> LOOKUP.findStatic(T3.class, "m2", MethodType.methodType(void.class)));
+
+ assertFailure(IAE, () -> LOOKUP.unreflect(T1.class.getDeclaredMethod("m1")));
+ assertFailure(IAE, () -> LOOKUP.unreflect(T1.class.getDeclaredMethod("m2")));
+
+ System.out.println("TEST PASSED");
+ }
+
+ public static void assertFailure(Class<? extends Throwable> expectedError, Callable r) {
+ try {
+ r.call();
+ } catch(Throwable e) {
+ if (expectedError.isAssignableFrom(e.getClass())) {
+ return; // expected error
+ } else {
+ throw new Error("Unexpected error type: "+e.getClass()+"; expected type: "+expectedError, e);
+ }
+ }
+ throw new Error("No error");
+ }
+
+ public static void assertSuccess(Callable r) {
+ try {
+ r.call();
+ } catch(Throwable e) {
+ throw new Error("Unexpected error", e);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/invoke/ProtectedMemberDifferentPackage/p2/T3.java Fri Feb 21 17:12:23 2014 +0400
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+package p2;
+
+import p1.T2;
+
+import java.lang.invoke.MethodHandles;
+
+public class T3 extends T2 {
+ public static MethodHandles.Lookup lookup() { return MethodHandles.lookup(); }
+}