changeset 77:d23a262afc5d jdk6-b28

OPENJDK6-12: Xalan/xerxes classes don't have access to its own internal packages Summary: Added an exception rule for Xalan and Xerxes classes in security checks. Reviewed-by: andrew
author ptisnovs
date Wed, 21 Aug 2013 18:32:25 +0200
parents 0031070f98b0
children 7e2686f33289
files drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/lib/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/cmdline/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/parsers/ObjectFactory.java drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/ObjectFactory.java
diffstat 12 files changed, 130 insertions(+), 46 deletions(-) [+]
line wrap: on
line diff
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/lib/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/lib/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -482,10 +484,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/cmdline/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/cmdline/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -483,12 +485,17 @@
         //class. Restrict the access to the package classes as specified in java.security policy.
         SecurityManager security = System.getSecurityManager();
         try{
-                if (security != null){
+            if (security != null){
+                if (className.startsWith(XALAN_INTERNAL) ||
+                        className.startsWith(XERCES_INTERNAL)) {
+                    cl = null;
+                } else {
                     final int lastDot = className.lastIndexOf(".");
                     String packageName = className;
                     if (lastDot != -1) packageName = className.substring(0, lastDot);
                     security.checkPackageAccess(packageName);
-                 }   
+                }
+            }   
         }catch(SecurityException e){
             throw e;
         }
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -54,6 +54,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME =
@@ -484,10 +486,15 @@
         SecurityManager security = System.getSecurityManager();
         try{
                 if (security != null){
-                    final int lastDot = className.lastIndexOf(".");
-                    String packageName = className;
-                    if (lastDot != -1) packageName = className.substring(0, lastDot);
-                    security.checkPackageAccess(packageName);
+                    if (className.startsWith(XALAN_INTERNAL) ||
+                            className.startsWith(XERCES_INTERNAL)) {
+                        cl = null;
+                    } else {
+                        final int lastDot = className.lastIndexOf(".");
+                        String packageName = className;
+                        if (lastDot != -1) packageName = className.substring(0, lastDot);
+                        security.checkPackageAccess(packageName);
+                    }
                  }   
         }catch(SecurityException e){
             throw e;
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -49,6 +49,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME = "xerces.properties";
@@ -376,10 +378,15 @@
         //restrict the access to package as speicified in java.security policy
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            final int lastDot = className.lastIndexOf(".");
-            String packageName = className;
-            if (lastDot != -1) packageName = className.substring(0, lastDot);
-            security.checkPackageAccess(packageName);
+            if (className.startsWith(XALAN_INTERNAL) ||
+                    className.startsWith(XERCES_INTERNAL)) {
+                cl = null;
+            } else {
+                final int lastDot = className.lastIndexOf(".");
+                String packageName = className;
+                if (lastDot != -1) packageName = className.substring(0, lastDot);
+                security.checkPackageAccess(packageName);
+            }
         }
         Class providerClass;
         if (cl == null) {
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -49,6 +49,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME = "xerces.properties";
@@ -376,10 +378,15 @@
         //restrict the access to package as speicified in java.security policy
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            final int lastDot = className.lastIndexOf(".");
-            String packageName = className;
-            if (lastDot != -1) packageName = className.substring(0, lastDot);
-            security.checkPackageAccess(packageName);
+            if (className.startsWith(XALAN_INTERNAL) ||
+                    className.startsWith(XERCES_INTERNAL)) {
+                cl = null;
+            } else {
+                final int lastDot = className.lastIndexOf(".");
+                String packageName = className;
+                if (lastDot != -1) packageName = className.substring(0, lastDot);
+                security.checkPackageAccess(packageName);
+            }
         }
         Class providerClass;
         if (cl == null) {
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/parsers/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/parsers/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -47,6 +47,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME = "xerces.properties";
@@ -374,10 +376,15 @@
         //restrict the access to package as speicified in java.security policy
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            final int lastDot = className.lastIndexOf(".");
-            String packageName = className;
-            if (lastDot != -1) packageName = className.substring(0, lastDot);
-            security.checkPackageAccess(packageName);
+            if (className.startsWith(XALAN_INTERNAL) ||
+                    className.startsWith(XERCES_INTERNAL)) {
+                cl = null;
+            } else {
+                final int lastDot = className.lastIndexOf(".");
+                String packageName = className;
+                if (lastDot != -1) packageName = className.substring(0, lastDot);
+                security.checkPackageAccess(packageName);
+            }
         }
         Class providerClass;
         if (cl == null) {
--- a/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/ObjectFactory.java	Mon Jul 15 22:04:09 2013 +0100
+++ b/drop_included/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/ObjectFactory.java	Wed Aug 21 18:32:25 2013 +0200
@@ -47,6 +47,8 @@
     //
     // Constants
     //
+    private static final String XALAN_INTERNAL = "com.sun.org.apache.xalan.internal";
+    private static final String XERCES_INTERNAL = "com.sun.org.apache.xerces.internal";
 
     // name of default properties file to look for in JDK's jre/lib directory
     private static final String DEFAULT_PROPERTIES_FILENAME = "xerces.properties";
@@ -374,10 +376,15 @@
         //restrict the access to package as speicified in java.security policy
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            final int lastDot = className.lastIndexOf(".");
-            String packageName = className;
-            if (lastDot != -1) packageName = className.substring(0, lastDot);
-            security.checkPackageAccess(packageName);
+            if (className.startsWith(XALAN_INTERNAL) ||
+                    className.startsWith(XERCES_INTERNAL)) {
+                cl = null;
+            } else {
+                final int lastDot = className.lastIndexOf(".");
+                String packageName = className;
+                if (lastDot != -1) packageName = className.substring(0, lastDot);
+                security.checkPackageAccess(packageName);
+            }
         }
         Class providerClass;
         if (cl == null) {