changeset 6364:f6dce3552285

8001330: Improve on checking order 8011896: Add check for invalid offset for new AccessControlContext isAuthorized field Reviewed-by: acorn, hawtin
author mullan
date Thu, 18 Apr 2013 17:53:27 -0400
parents fe514475bc17
children e6b6c254fab2
files src/share/classes/java/security/AccessControlContext.java src/share/classes/java/security/ProtectionDomain.java
diffstat 2 files changed, 16 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/security/AccessControlContext.java	Tue Apr 16 12:20:53 2013 -0700
+++ b/src/share/classes/java/security/AccessControlContext.java	Thu Apr 18 17:53:27 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -79,7 +79,10 @@
 public final class AccessControlContext {
 
     private ProtectionDomain context[];
+    // isPrivileged and isAuthorized are referenced by the VM - do not remove
+    // or change their names
     private boolean isPrivileged;
+    private boolean isAuthorized = false;
 
     // Note: This field is directly used by the virtual machine
     // native codes. Don't touch it.
@@ -165,6 +168,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
+            this.isAuthorized = true;
         }
 
         this.context = acc.context;
@@ -186,6 +190,7 @@
             this.context = context.clone();
         }
         this.combiner = combiner;
+        this.isAuthorized = true;
     }
 
     /**
@@ -193,10 +198,11 @@
      */
 
     AccessControlContext(ProtectionDomain context[],
-                                 boolean isPrivileged)
+                         boolean isPrivileged)
     {
         this.context = context;
         this.isPrivileged = isPrivileged;
+        this.isAuthorized = true;
     }
 
     /**
@@ -477,7 +483,7 @@
     }
 
     private AccessControlContext goCombiner(ProtectionDomain[] current,
-                                        AccessControlContext assigned) {
+                                            AccessControlContext assigned) {
 
         // the assigned ACC's combiner is not null --
         // let the combiner do its thing
@@ -499,6 +505,7 @@
         this.context = combinedPds;
         this.combiner = assigned.combiner;
         this.isPrivileged = false;
+        this.isAuthorized = assigned.isAuthorized;
 
         return this;
     }
--- a/src/share/classes/java/security/ProtectionDomain.java	Tue Apr 16 12:20:53 2013 -0700
+++ b/src/share/classes/java/security/ProtectionDomain.java	Thu Apr 18 17:53:27 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -278,6 +278,11 @@
         return false;
     }
 
+    // called by the VM -- do not remove
+    boolean impliesCreateAccessControlContext() {
+        return implies(SecurityConstants.CREATE_ACC_PERMISSION);
+    }
+
     /**
      * Convert a ProtectionDomain to a String.
      */