OpenJDK / jdk8u / jdk8u / jdk
changeset 12084:dfa1648415a4
8151934: Resolve class resolution
Reviewed-by: chegar
author | robm |
---|---|
date | Tue, 16 Aug 2016 16:09:00 +0100 |
parents | 684fa25fc7eb |
children | 540f55974b7e |
files | src/share/classes/java/net/URLClassLoader.java src/share/classes/sun/misc/JarIndex.java src/share/classes/sun/misc/Launcher.java src/share/classes/sun/misc/URLClassPath.java |
diffstat | 4 files changed, 60 insertions(+), 20 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/net/URLClassLoader.java Thu Aug 11 14:16:21 2016 +0100 +++ b/src/share/classes/java/net/URLClassLoader.java Tue Aug 16 16:09:00 2016 +0100 @@ -103,8 +103,8 @@ if (security != null) { security.checkCreateClassLoader(); } - ucp = new URLClassPath(urls); this.acc = AccessController.getContext(); + ucp = new URLClassPath(urls, acc); } URLClassLoader(URL[] urls, ClassLoader parent, @@ -115,8 +115,8 @@ if (security != null) { security.checkCreateClassLoader(); } - ucp = new URLClassPath(urls); this.acc = acc; + ucp = new URLClassPath(urls, acc); } /** @@ -147,8 +147,8 @@ if (security != null) { security.checkCreateClassLoader(); } - ucp = new URLClassPath(urls); this.acc = AccessController.getContext(); + ucp = new URLClassPath(urls, acc); } URLClassLoader(URL[] urls, AccessControlContext acc) { @@ -158,8 +158,8 @@ if (security != null) { security.checkCreateClassLoader(); } - ucp = new URLClassPath(urls); this.acc = acc; + ucp = new URLClassPath(urls, acc); } /** @@ -191,8 +191,8 @@ if (security != null) { security.checkCreateClassLoader(); } - ucp = new URLClassPath(urls, factory); acc = AccessController.getContext(); + ucp = new URLClassPath(urls, factory, acc); } /* A map (used as a set) to keep track of closeable local resources
--- a/src/share/classes/sun/misc/JarIndex.java Thu Aug 11 14:16:21 2016 +0100 +++ b/src/share/classes/sun/misc/JarIndex.java Tue Aug 16 16:09:00 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,9 +26,11 @@ package sun.misc; import java.io.*; +import java.security.AccessController; import java.util.*; import java.util.jar.*; import java.util.zip.*; +import sun.security.action.GetPropertyAction; /** * This class is used to maintain mappings from packages, classes @@ -72,7 +74,8 @@ * be added to the index. Otherwise, just the directory names are added. */ private static final boolean metaInfFilenames = - "true".equals(System.getProperty("sun.misc.JarIndex.metaInfFilenames")); + "true".equals(AccessController.doPrivileged( + new GetPropertyAction("sun.misc.JarIndex.metaInfFilenames"))); /** * Constructs a new, empty jar index.
--- a/src/share/classes/sun/misc/Launcher.java Thu Aug 11 14:16:21 2016 +0100 +++ b/src/share/classes/sun/misc/Launcher.java Tue Aug 16 16:09:00 2016 +0100 @@ -408,7 +408,7 @@ } else { urls = new URL[0]; } - bcp = new URLClassPath(urls, factory); + bcp = new URLClassPath(urls, factory, null); bcp.initLookupCache(null); } }
--- a/src/share/classes/sun/misc/URLClassPath.java Thu Aug 11 14:16:21 2016 +0100 +++ b/src/share/classes/sun/misc/URLClassPath.java Tue Aug 16 16:09:00 2016 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,6 +44,7 @@ import java.net.URLStreamHandler; import java.net.URLStreamHandlerFactory; import java.io.*; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.AccessControlException; import java.security.CodeSigner; @@ -67,6 +68,7 @@ private static final boolean DEBUG; private static final boolean DEBUG_LOOKUP_CACHE; private static final boolean DISABLE_JAR_CHECKING; + private static final boolean DISABLE_ACC_CHECKING; static { JAVA_VERSION = java.security.AccessController.doPrivileged( @@ -78,6 +80,10 @@ String p = java.security.AccessController.doPrivileged( new GetPropertyAction("sun.misc.URLClassPath.disableJarChecking")); DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false; + + p = AccessController.doPrivileged( + new GetPropertyAction("jdk.net.URLClassPath.disableRestrictedPermissions")); + DISABLE_ACC_CHECKING = p != null ? p.equals("true") || p.equals("") : false; } /* The original search path of URLs. */ @@ -98,6 +104,11 @@ /* Whether this URLClassLoader has been closed yet */ private boolean closed = false; + /* The context to be used when loading classes and resources. If non-null + * this is the context that was captured during the creation of the + * URLClassLoader. null implies no additional security restrictions. */ + private final AccessControlContext acc; + /** * Creates a new URLClassPath for the given URLs. The URLs will be * searched in the order specified for classes and resources. A URL @@ -107,8 +118,12 @@ * @param urls the directory and JAR file URLs to search for classes * and resources * @param factory the URLStreamHandlerFactory to use when creating new URLs + * @param acc the context to be used when loading classes and resources, may + * be null */ - public URLClassPath(URL[] urls, URLStreamHandlerFactory factory) { + public URLClassPath(URL[] urls, + URLStreamHandlerFactory factory, + AccessControlContext acc) { for (int i = 0; i < urls.length; i++) { path.add(urls[i]); } @@ -116,10 +131,22 @@ if (factory != null) { jarHandler = factory.createURLStreamHandler("jar"); } + if (DISABLE_ACC_CHECKING) + this.acc = null; + else + this.acc = acc; } + /** + * Constructs a URLClassPath with no additional security restrictions. + * Used by code that implements the class path. + */ public URLClassPath(URL[] urls) { - this(urls, null); + this(urls, null, null); + } + + public URLClassPath(URL[] urls, AccessControlContext acc) { + this(urls, null, acc); } public synchronized List<IOException> closeLoaders() { @@ -499,6 +526,14 @@ } catch (IOException e) { // Silently ignore for now... continue; + } catch (SecurityException se) { + // Always silently ignore. The context, if there is one, that + // this URLClassPath was given during construction will never + // have permission to access the URL. + if (DEBUG) { + System.err.println("Failed to access " + url + ", " + se ); + } + continue; } // Finally, add the Loader to the search path. validateLookupCache(loaders.size(), urlNoFragString); @@ -527,10 +562,10 @@ return new Loader(url); } } else { - return new JarLoader(url, jarHandler, lmap); + return new JarLoader(url, jarHandler, lmap, acc); } } - }); + }, acc); } catch (java.security.PrivilegedActionException pae) { throw (IOException)pae.getException(); } @@ -755,11 +790,12 @@ */ static class JarLoader extends Loader { private JarFile jar; - private URL csu; + private final URL csu; private JarIndex index; private MetaIndex metaIndex; private URLStreamHandler handler; - private HashMap<String, Loader> lmap; + private final HashMap<String, Loader> lmap; + private final AccessControlContext acc; private boolean closed = false; private static final sun.misc.JavaUtilZipFileAccess zipAccess = sun.misc.SharedSecrets.getJavaUtilZipFileAccess(); @@ -769,13 +805,15 @@ * a JAR file. */ JarLoader(URL url, URLStreamHandler jarHandler, - HashMap<String, Loader> loaderMap) + HashMap<String, Loader> loaderMap, + AccessControlContext acc) throws IOException { super(new URL("jar", "", -1, url + "!/", jarHandler)); csu = url; handler = jarHandler; lmap = loaderMap; + this.acc = acc; if (!isOptimizable(url)) { ensureOpen(); @@ -859,8 +897,7 @@ } return null; } - } - ); + }, acc); } catch (java.security.PrivilegedActionException pae) { throw (IOException)pae.getException(); } @@ -1054,9 +1091,9 @@ new PrivilegedExceptionAction<JarLoader>() { public JarLoader run() throws IOException { return new JarLoader(url, handler, - lmap); + lmap, acc); } - }); + }, acc); /* this newly opened jar file has its own index, * merge it into the parent's index, taking into