changeset 7447:bb0ec4661eb8

8012917: ObjectStreamClass and ObjectStreamField should be CallerSensitive aware Reviewed-by: mchung
author chegar
date Mon, 22 Apr 2013 11:08:27 +0100
parents 783ed53bce0b
children 10558009e439
files src/share/classes/java/io/ObjectStreamClass.java src/share/classes/java/io/ObjectStreamField.java
diffstat 2 files changed, 9 insertions(+), 22 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 10:55:14 2013 +0100
+++ b/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 11:08:27 2013 +0100
@@ -49,6 +49,8 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import sun.misc.Unsafe;
+import sun.reflect.CallerSensitive;
+import sun.reflect.Reflection;
 import sun.reflect.ReflectionFactory;
 import sun.reflect.misc.ReflectUtil;
 
@@ -259,12 +261,13 @@
      *
      * @return  the <code>Class</code> instance that this descriptor represents
      */
+    @CallerSensitive
     public Class<?> forClass() {
         if (cl == null) {
             return null;
         }
-        ClassLoader ccl = ObjectStreamField.getCallerClassLoader();
-        if (ReflectUtil.needsPackageAccessCheck(ccl, cl.getClassLoader())) {
+        Class<?> caller = Reflection.getCallerClass();
+        if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
             ReflectUtil.checkPackageAccess(cl);
         }
         return cl;
--- a/src/share/classes/java/io/ObjectStreamField.java	Mon Apr 22 10:55:14 2013 +0100
+++ b/src/share/classes/java/io/ObjectStreamField.java	Mon Apr 22 11:08:27 2013 +0100
@@ -26,6 +26,7 @@
 package java.io;
 
 import java.lang.reflect.Field;
+import sun.reflect.CallerSensitive;
 import sun.reflect.Reflection;
 import sun.reflect.misc.ReflectUtil;
 
@@ -159,32 +160,15 @@
      * @return  a <code>Class</code> object representing the type of the
      *          serializable field
      */
+    @CallerSensitive
     public Class<?> getType() {
-        ClassLoader ccl = getCallerClassLoader();
-        if (ReflectUtil.needsPackageAccessCheck(ccl, type.getClassLoader())) {
+        Class<?> caller = Reflection.getCallerClass();
+        if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) {
             ReflectUtil.checkPackageAccess(type);
         }
         return type;
     }
 
-    // Returns the invoker's class loader.
-    // This is package private because it is accessed from ObjectStreamClass.
-    // NOTE: This must always be invoked when there is exactly one intervening
-    // frame from the core libraries on the stack between this method's
-    // invocation and the desired invoker. The frame count of 3 is determined
-    // as follows:
-    //
-    // 0: Reflection.getCallerClass
-    // 1: getCallerClassLoader()
-    // 2: ObjectStreamField.getType() or ObjectStreamClass.forClass()
-    // 3: the caller we want to check
-    //
-    // NOTE: copied from java.lang.ClassLoader and modified.
-    static ClassLoader getCallerClassLoader() {
-        Class caller = Reflection.getCallerClass(3);
-        return caller.getClassLoader();
-    }
-
     /**
      * Returns character encoding of field type.  The encoding is as follows:
      * <blockquote><pre>