changeset 7431:802f5e480c8a

8001330: Improve on checking order Reviewed-by: acorn, hawtin
author mullan
date Fri, 05 Apr 2013 10:17:06 -0400
parents 5ae5c4120014
children e5969bf37f26
files src/share/classes/java/security/AccessControlContext.java src/share/classes/java/security/AccessController.java src/share/classes/java/security/ProtectionDomain.java
diffstat 3 files changed, 44 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/security/AccessControlContext.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/java/security/AccessControlContext.java	Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,10 @@
 public final class AccessControlContext {
 
     private ProtectionDomain context[];
+    // isPrivileged and isAuthorized are referenced by the VM - do not remove
+    // or change their names
     private boolean isPrivileged;
+    private boolean isAuthorized = false;
 
     // Note: This field is directly used by the virtual machine
     // native codes. Don't touch it.
@@ -163,6 +166,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
+            this.isAuthorized = true;
         }
 
         this.context = acc.context;
@@ -184,6 +188,7 @@
             this.context = context.clone();
         }
         this.combiner = combiner;
+        this.isAuthorized = true;
     }
 
     /**
@@ -191,10 +196,11 @@
      */
 
     AccessControlContext(ProtectionDomain context[],
-                                 boolean isPrivileged)
+                         boolean isPrivileged)
     {
         this.context = context;
         this.isPrivileged = isPrivileged;
+        this.isAuthorized = true;
     }
 
     /**
@@ -475,7 +481,7 @@
     }
 
     private AccessControlContext goCombiner(ProtectionDomain[] current,
-                                        AccessControlContext assigned) {
+                                            AccessControlContext assigned) {
 
         // the assigned ACC's combiner is not null --
         // let the combiner do its thing
@@ -497,6 +503,7 @@
         this.context = combinedPds;
         this.combiner = assigned.combiner;
         this.isPrivileged = false;
+        this.isAuthorized = assigned.isAuthorized;
 
         return this;
     }
--- a/src/share/classes/java/security/AccessController.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/java/security/AccessController.java	Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -304,28 +304,31 @@
 
 
     /**
-     * Performs the specified <code>PrivilegedAction</code> with privileges
-     * enabled and restricted by the specified
-     * <code>AccessControlContext</code>.
+     * Performs the specified {@code PrivilegedAction} with privileges
+     * enabled and restricted by the specified {@code AccessControlContext}.
      * The action is performed with the intersection of the permissions
      * possessed by the caller's protection domain, and those possessed
-     * by the domains represented by the specified
-     * <code>AccessControlContext</code>.
+     * by the domains represented by the specified {@code AccessControlContext}.
      * <p>
-     * If the action's <code>run</code> method throws an (unchecked) exception,
+     * If the action's {@code run} method throws an (unchecked) exception,
      * it will propagate through this method.
+     * <p>
+     * If a security manager is installed and the {@code AccessControlContext}
+     * was not created by system code and the caller's {@code ProtectionDomain}
+     * has not been granted the {@literal "createAccessControlContext"}
+     * {@link java.security.SecurityPermission}, then the action is performed
+     * with no permissions.
      *
      * @param action the action to be performed.
      * @param context an <i>access control context</i>
      *                representing the restriction to be applied to the
      *                caller's domain's privileges before performing
      *                the specified action.  If the context is
-     *                <code>null</code>,
-     *                then no additional restriction is applied.
+     *                {@code null}, then no additional restriction is applied.
      *
-     * @return the value returned by the action's <code>run</code> method.
+     * @return the value returned by the action's {@code run} method.
      *
-     * @exception NullPointerException if the action is <code>null</code>
+     * @exception NullPointerException if the action is {@code null}
      *
      * @see #doPrivileged(PrivilegedAction)
      * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
@@ -428,30 +431,34 @@
 
 
     /**
-     * Performs the specified <code>PrivilegedExceptionAction</code> with
+     * Performs the specified {@code PrivilegedExceptionAction} with
      * privileges enabled and restricted by the specified
-     * <code>AccessControlContext</code>.  The action is performed with the
+     * {@code AccessControlContext}.  The action is performed with the
      * intersection of the permissions possessed by the caller's
      * protection domain, and those possessed by the domains represented by the
-     * specified <code>AccessControlContext</code>.
+     * specified {@code AccessControlContext}.
      * <p>
-     * If the action's <code>run</code> method throws an <i>unchecked</i>
+     * If the action's {@code run} method throws an <i>unchecked</i>
      * exception, it will propagate through this method.
+     * <p>
+     * If a security manager is installed and the {@code AccessControlContext}
+     * was not created by system code and the caller's {@code ProtectionDomain}
+     * has not been granted the {@literal "createAccessControlContext"}
+     * {@link java.security.SecurityPermission}, then the action is performed
+     * with no permissions.
      *
      * @param action the action to be performed
      * @param context an <i>access control context</i>
      *                representing the restriction to be applied to the
      *                caller's domain's privileges before performing
      *                the specified action.  If the context is
-     *                <code>null</code>,
-     *                then no additional restriction is applied.
+     *                {@code null}, then no additional restriction is applied.
      *
-     * @return the value returned by the action's <code>run</code> method
+     * @return the value returned by the action's {@code run} method
      *
      * @exception PrivilegedActionException if the specified action's
-     *         <code>run</code> method
-     *         threw a <i>checked</i> exception
-     * @exception NullPointerException if the action is <code>null</code>
+     *         {@code run} method threw a <i>checked</i> exception
+     * @exception NullPointerException if the action is {@code null}
      *
      * @see #doPrivileged(PrivilegedAction)
      * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
--- a/src/share/classes/java/security/ProtectionDomain.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/java/security/ProtectionDomain.java	Fri Apr 05 10:17:06 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -277,6 +277,11 @@
         return false;
     }
 
+    // called by the VM -- do not remove
+    boolean impliesCreateAccessControlContext() {
+        return implies(SecurityConstants.CREATE_ACC_PERMISSION);
+    }
+
     /**
      * Convert a ProtectionDomain to a String.
      */