Mercurial > hg > graal-jvmci-8
comparison src/share/vm/prims/jvm.cpp @ 11010:b295e132102d
8001330: Improve on checking order
Reviewed-by: acorn, hawtin
author | mullan |
---|---|
date | Fri, 05 Apr 2013 10:18:36 -0400 |
parents | cd9ad42dfde0 |
children | ce9ecec70f99 |
comparison
equal
deleted
inserted
replaced
11009:f75faf51e8c4 | 11010:b295e132102d |
---|---|
1142 InstanceKlass::cast(k)->set_protection_domain(pd); | 1142 InstanceKlass::cast(k)->set_protection_domain(pd); |
1143 } | 1143 } |
1144 } | 1144 } |
1145 JVM_END | 1145 JVM_END |
1146 | 1146 |
1147 static bool is_authorized(Handle context, instanceKlassHandle klass, TRAPS) { | |
1148 // If there is a security manager and protection domain, check the access | |
1149 // in the protection domain, otherwise it is authorized. | |
1150 if (java_lang_System::has_security_manager()) { | |
1151 | |
1152 // For bootstrapping, if pd implies method isn't in the JDK, allow | |
1153 // this context to revert to older behavior. | |
1154 // In this case the isAuthorized field in AccessControlContext is also not | |
1155 // present. | |
1156 if (Universe::protection_domain_implies_method() == NULL) { | |
1157 return true; | |
1158 } | |
1159 | |
1160 // Whitelist certain access control contexts | |
1161 if (java_security_AccessControlContext::is_authorized(context)) { | |
1162 return true; | |
1163 } | |
1164 | |
1165 oop prot = klass->protection_domain(); | |
1166 if (prot != NULL) { | |
1167 // Call pd.implies(new SecurityPermission("createAccessControlContext")) | |
1168 // in the new wrapper. | |
1169 methodHandle m(THREAD, Universe::protection_domain_implies_method()); | |
1170 Handle h_prot(THREAD, prot); | |
1171 JavaValue result(T_BOOLEAN); | |
1172 JavaCallArguments args(h_prot); | |
1173 JavaCalls::call(&result, m, &args, CHECK_false); | |
1174 return (result.get_jboolean() != 0); | |
1175 } | |
1176 } | |
1177 return true; | |
1178 } | |
1179 | |
1180 // Create an AccessControlContext with a protection domain with null codesource | |
1181 // and null permissions - which gives no permissions. | |
1182 oop create_dummy_access_control_context(TRAPS) { | |
1183 InstanceKlass* pd_klass = InstanceKlass::cast(SystemDictionary::ProtectionDomain_klass()); | |
1184 // new ProtectionDomain(null,null); | |
1185 oop null_protection_domain = pd_klass->allocate_instance(CHECK_NULL); | |
1186 Handle null_pd(THREAD, null_protection_domain); | |
1187 | |
1188 // new ProtectionDomain[] {pd}; | |
1189 objArrayOop context = oopFactory::new_objArray(pd_klass, 1, CHECK_NULL); | |
1190 context->obj_at_put(0, null_pd()); | |
1191 | |
1192 // new AccessControlContext(new ProtectionDomain[] {pd}) | |
1193 objArrayHandle h_context(THREAD, context); | |
1194 oop result = java_security_AccessControlContext::create(h_context, false, Handle(), CHECK_NULL); | |
1195 return result; | |
1196 } | |
1147 | 1197 |
1148 JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException)) | 1198 JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException)) |
1149 JVMWrapper("JVM_DoPrivileged"); | 1199 JVMWrapper("JVM_DoPrivileged"); |
1150 | 1200 |
1151 if (action == NULL) { | 1201 if (action == NULL) { |
1152 THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action"); | 1202 THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action"); |
1153 } | 1203 } |
1154 | 1204 |
1155 // Stack allocated list of privileged stack elements | 1205 // Compute the frame initiating the do privileged operation and setup the privileged stack |
1156 PrivilegedElement pi; | 1206 vframeStream vfst(thread); |
1207 vfst.security_get_caller_frame(1); | |
1208 | |
1209 if (vfst.at_end()) { | |
1210 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "no caller?"); | |
1211 } | |
1212 | |
1213 Method* method = vfst.method(); | |
1214 instanceKlassHandle klass (THREAD, method->method_holder()); | |
1215 | |
1216 // Check that action object understands "Object run()" | |
1217 Handle h_context; | |
1218 if (context != NULL) { | |
1219 h_context = Handle(THREAD, JNIHandles::resolve(context)); | |
1220 bool authorized = is_authorized(h_context, klass, CHECK_NULL); | |
1221 if (!authorized) { | |
1222 // Create an unprivileged access control object and call it's run function | |
1223 // instead. | |
1224 oop noprivs = create_dummy_access_control_context(CHECK_NULL); | |
1225 h_context = Handle(THREAD, noprivs); | |
1226 } | |
1227 } | |
1157 | 1228 |
1158 // Check that action object understands "Object run()" | 1229 // Check that action object understands "Object run()" |
1159 Handle object (THREAD, JNIHandles::resolve(action)); | 1230 Handle object (THREAD, JNIHandles::resolve(action)); |
1160 | 1231 |
1161 // get run() method | 1232 // get run() method |
1165 methodHandle m (THREAD, m_oop); | 1236 methodHandle m (THREAD, m_oop); |
1166 if (m.is_null() || !m->is_method() || !m()->is_public() || m()->is_static()) { | 1237 if (m.is_null() || !m->is_method() || !m()->is_public() || m()->is_static()) { |
1167 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method"); | 1238 THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method"); |
1168 } | 1239 } |
1169 | 1240 |
1170 // Compute the frame initiating the do privileged operation and setup the privileged stack | 1241 // Stack allocated list of privileged stack elements |
1171 vframeStream vfst(thread); | 1242 PrivilegedElement pi; |
1172 vfst.security_get_caller_frame(1); | |
1173 | |
1174 if (!vfst.at_end()) { | 1243 if (!vfst.at_end()) { |
1175 pi.initialize(&vfst, JNIHandles::resolve(context), thread->privileged_stack_top(), CHECK_NULL); | 1244 pi.initialize(&vfst, h_context(), thread->privileged_stack_top(), CHECK_NULL); |
1176 thread->set_privileged_stack_top(&pi); | 1245 thread->set_privileged_stack_top(&pi); |
1177 } | 1246 } |
1178 | 1247 |
1179 | 1248 |
1180 // invoke the Object run() in the action object. We cannot use call_interface here, since the static type | 1249 // invoke the Object run() in the action object. We cannot use call_interface here, since the static type |