Mercurial > hg > graal-compiler
changeset 14125:e09829e6680f
implement initial security model for Graal (JBS:GRAAL-22)
author | Doug Simon <doug.simon@oracle.com> |
---|---|
date | Mon, 10 Mar 2014 18:14:24 +0100 |
parents | 7ad529321294 |
children | 976f44f08fb3 |
files | graal/com.oracle.graal.api.runtime/src/com/oracle/graal/api/runtime/Graal.java graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/HotSpotGraalRuntime.java graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/replacements/HotSpotReplacementsUtil.java |
diffstat | 3 files changed, 35 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/graal/com.oracle.graal.api.runtime/src/com/oracle/graal/api/runtime/Graal.java Mon Mar 10 16:26:10 2014 +0100 +++ b/graal/com.oracle.graal.api.runtime/src/com/oracle/graal/api/runtime/Graal.java Mon Mar 10 18:14:24 2014 +0100 @@ -22,13 +22,26 @@ */ package com.oracle.graal.api.runtime; +import java.lang.reflect.*; + +import sun.reflect.*; + public class Graal { private static GraalRuntime runtime; private static native GraalRuntime initializeRuntime(); + public static final java.security.Permission ACCESS_PERMISSION = new ReflectPermission("allowGraalAccess"); + public static GraalRuntime getRuntime() { + Class cc = Reflection.getCallerClass(); + if (cc.getClassLoader() != null) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(ACCESS_PERMISSION); + } + } return runtime; } @@ -41,6 +54,13 @@ } public static <T> T getRequiredCapability(Class<T> clazz) { + Class cc = Reflection.getCallerClass(); + if (cc.getClassLoader() != null) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(ACCESS_PERMISSION); + } + } T t = getRuntime().getCapability(clazz); if (t == null) { String javaHome = System.getProperty("java.home");
--- a/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/HotSpotGraalRuntime.java Mon Mar 10 16:26:10 2014 +0100 +++ b/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/HotSpotGraalRuntime.java Mon Mar 10 18:14:24 2014 +0100 @@ -30,6 +30,7 @@ import java.util.*; import sun.misc.*; +import sun.reflect.*; import com.oracle.graal.api.code.*; import com.oracle.graal.api.meta.*; @@ -59,10 +60,21 @@ * Gets the singleton {@link HotSpotGraalRuntime} object. */ public static HotSpotGraalRuntime runtime() { + Class cc = Reflection.getCallerClass(); + if (cc != null && cc.getClassLoader() != null) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(Graal.ACCESS_PERMISSION); + } + } assert instance != null; return instance; } + static { + Reflection.registerFieldsToFilter(HotSpotGraalRuntime.class, new String[]{"instance"}); + } + /** * Do deferred initialization. */
--- a/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/replacements/HotSpotReplacementsUtil.java Mon Mar 10 16:26:10 2014 +0100 +++ b/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/replacements/HotSpotReplacementsUtil.java Mon Mar 10 18:14:24 2014 +0100 @@ -46,6 +46,9 @@ */ public class HotSpotReplacementsUtil { + // Must be @Fold as the security checks in HotSpotGraalRuntime.runtime() + // don't work well inside snippets + @Fold public static HotSpotVMConfig config() { return runtime().getConfig(); }