Mercurial > hg > graal-compiler

comparison src/share/vm/prims/jvm.cpp @ 18051:21444610cb92

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8015256: Better class accessibility Summary: Improve protection domain check in forName() Reviewed-by: mchung, acorn, jdn
author coleenp
date Thu, 08 May 2014 17:19:49 -0400
parents 615d83933195
children 54bc75c144b0
comparison
equal deleted inserted replaced
18050:6424a6aac192 18051:21444610cb92
1 /* 1 /*
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 * 4 *
5 * This code is free software; you can redistribute it and/or modify it 5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as 6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
775 trace_class_resolution(k); 775 trace_class_resolution(k);
776 } 776 }
777 return (jclass) JNIHandles::make_local(env, k->java_mirror()); 777 return (jclass) JNIHandles::make_local(env, k->java_mirror());
778 JVM_END 778 JVM_END
779 779
780 // Not used; JVM_FindClassFromCaller replaces this.
780 JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name, 781 JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name,
781 jboolean init, jobject loader, 782 jboolean init, jobject loader,
782 jboolean throwError)) 783 jboolean throwError))
783 JVMWrapper3("JVM_FindClassFromClassLoader %s throw %s", name, 784 JVMWrapper3("JVM_FindClassFromClassLoader %s throw %s", name,
784 throwError ? "error" : "exception"); 785 throwError ? "error" : "exception");
801 trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result))); 802 trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result)));
802 } 803 }
803 return result; 804 return result;
804 JVM_END 805 JVM_END
805 806
807 // Find a class with this name in this loader, using the caller's protection domain.
808 JVM_ENTRY(jclass, JVM_FindClassFromCaller(JNIEnv* env, const char* name,
809 jboolean init, jobject loader,
810 jclass caller))
811 JVMWrapper2("JVM_FindClassFromCaller %s throws ClassNotFoundException", name);
812 // Java libraries should ensure that name is never null...
813 if (name == NULL || (int)strlen(name) > Symbol::max_length()) {
814 // It's impossible to create this class; the name cannot fit
815 // into the constant pool.
816 THROW_MSG_0(vmSymbols::java_lang_ClassNotFoundException(), name);
817 }
818
819 TempNewSymbol h_name = SymbolTable::new_symbol(name, CHECK_NULL);
820
821 oop loader_oop = JNIHandles::resolve(loader);
822 oop from_class = JNIHandles::resolve(caller);
823 oop protection_domain = NULL;
824 // If loader is null, shouldn't call ClassLoader.checkPackageAccess; otherwise get
825 // NPE. Put it in another way, the bootstrap class loader has all permission and
826 // thus no checkPackageAccess equivalence in the VM class loader.
827 // The caller is also passed as NULL by the java code if there is no security
828 // manager to avoid the performance cost of getting the calling class.
829 if (from_class != NULL && loader_oop != NULL) {
830 protection_domain = java_lang_Class::as_Klass(from_class)->protection_domain();
831 }
832
833 Handle h_loader(THREAD, loader_oop);
834 Handle h_prot(THREAD, protection_domain);
835 jclass result = find_class_from_class_loader(env, h_name, init, h_loader,
836 h_prot, false, THREAD);
837
838 if (TraceClassResolution && result != NULL) {
839 trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result)));
840 }
841 return result;
842 JVM_END
806 843
807 JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name, 844 JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name,
808 jboolean init, jclass from)) 845 jboolean init, jclass from))
809 JVMWrapper2("JVM_FindClassFromClass %s", name); 846 JVMWrapper2("JVM_FindClassFromClass %s", name);
810 if (name == NULL || (int)strlen(name) > Symbol::max_length()) { 847 if (name == NULL || (int)strlen(name) > Symbol::max_length()) {
3954 3991
3955 3992
3956 3993
3957 // Shared JNI/JVM entry points ////////////////////////////////////////////////////////////// 3994 // Shared JNI/JVM entry points //////////////////////////////////////////////////////////////
3958 3995
3959 jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init, Handle loader, Handle protection_domain, jboolean throwError, TRAPS) { 3996 jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init,
3997 Handle loader, Handle protection_domain,
3998 jboolean throwError, TRAPS) {
3960 // Security Note: 3999 // Security Note:
3961 // The Java level wrapper will perform the necessary security check allowing 4000 // The Java level wrapper will perform the necessary security check allowing
3962 // us to pass the NULL as the initiating class loader. 4001 // us to pass the NULL as the initiating class loader. The VM is responsible for
4002 // the checkPackageAccess relative to the initiating class loader via the
4003 // protection_domain. The protection_domain is passed as NULL by the java code
4004 // if there is no security manager in 3-arg Class.forName().
3963 Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL); 4005 Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL);
3964 4006
3965 KlassHandle klass_handle(THREAD, klass); 4007 KlassHandle klass_handle(THREAD, klass);
3966 // Check if we should initialize the class 4008 // Check if we should initialize the class
3967 if (init && klass_handle->oop_is_instance()) { 4009 if (init && klass_handle->oop_is_instance()) {