changeset 13702:e9841bab4f75

8149161: CSM call Class.forName in com.sun.java.accessibility.util.Translator Summary: add call to checkPackageAccess Reviewed-by: serb, prr Contributed-by: peter.brunet@oracle.com
author ptbrunet
date Tue, 16 Feb 2016 19:38:26 -0600
parents ac2935ce7138
children 0d4ce255e581
files src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java
diffstat 1 files changed, 6 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java	Fri Feb 12 16:09:39 2016 +0300
+++ b/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/Translator.java	Tue Feb 16 19:38:26 2016 -0600
@@ -32,6 +32,7 @@
 import java.awt.*;
 import java.awt.event.*;
 import java.awt.image.*;
+import java.security.AccessControlException;
 // Do not import Swing classes.  This module is intended to work
 // with both Swing and AWT.
 // import javax.swing.*;
@@ -77,7 +78,7 @@
             return null;
         }
         try {
-            t = Class.forName("com.sun.java.accessibility.util.internal"
+            t = Class.forName("com.sun.java.accessibility.util.internal."
                               + c.getSimpleName()
                               + "Translator");
             return t;
@@ -105,6 +106,10 @@
         if (o instanceof Accessible) {
             a = (Accessible)o;
         } else {
+            // About to "newInstance" an object of a class of a restricted package
+            // so ensure the caller is allowed access to that package.
+            String pkg = "com.sun.java.accessibility.util.internal";
+            System.getSecurityManager().checkPackageAccess(pkg);
             Class<?> translatorClass = getTranslatorClass(o.getClass());
             if (translatorClass != null) {
                 try {