changeset 10700:71c9aa685da5

8057564: JVM hangs at getAgentProperties after attaching to VM with lower Summary: Create custom Security Descriptor for Named Pipe. Reviewed-by: mgronlun, dsamersoff, uta
author sgabdura
date Mon, 22 Sep 2014 10:47:27 +0200
parents e785dfef65ce
children d245c240f0d7
files src/jdk.attach/windows/native/libattach/VirtualMachineImpl.c
diffstat 1 files changed, 23 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/jdk.attach/windows/native/libattach/VirtualMachineImpl.c	Fri Sep 19 16:34:59 2014 +0200
+++ b/src/jdk.attach/windows/native/libattach/VirtualMachineImpl.c	Mon Sep 22 10:47:27 2014 +0200
@@ -23,6 +23,7 @@
  * questions.
  */
 #include <windows.h>
+#include <Sddl.h>
 #include <string.h>
 
 #include "jni.h"
@@ -258,6 +259,25 @@
     HANDLE hPipe;
     char name[MAX_PIPE_NAME_LENGTH];
 
+    SECURITY_ATTRIBUTES sa;
+    LPSECURITY_ATTRIBUTES lpSA = NULL;
+    // Custom Security Descriptor is required here to "get" Medium Integrity Level.
+    // In order to allow Medium Integrity Level clients to open
+    // and use a NamedPipe created by an High Integrity Level process.
+    TCHAR *szSD = TEXT("D:")                  // Discretionary ACL
+                  TEXT("(A;OICI;GRGW;;;WD)")  // Allow read/write to Everybody
+                  TEXT("(A;OICI;GA;;;SY)")    // Allow full control to System
+                  TEXT("(A;OICI;GA;;;BA)");   // Allow full control to Administrators
+
+    sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+    sa.bInheritHandle = FALSE;
+    sa.lpSecurityDescriptor = NULL;
+
+    if (ConvertStringSecurityDescriptorToSecurityDescriptor
+          (szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL)) {
+        lpSA = &sa;
+    }
+
     jstring_to_cstring(env, pipename, name, MAX_PIPE_NAME_LENGTH);
 
     hPipe = CreateNamedPipe(
@@ -270,7 +290,9 @@
           128,                          // output buffer size
           8192,                         // input buffer size
           NMPWAIT_USE_DEFAULT_WAIT,     // client time-out
-          NULL);                        // default security attribute
+          lpSA);        // security attributes
+
+    LocalFree(sa.lpSecurityDescriptor);
 
     if (hPipe == INVALID_HANDLE_VALUE) {
         char msg[256];