changeset 19263:9ec221c41fb7

Change permission check to RuntimePermission("defineClass")
author alanb
date Mon, 13 Mar 2017 20:36:18 +0000
parents 4469866cb958
children 58d3eedc7440
files src/java.base/share/classes/java/lang/RuntimePermission.java src/java.base/share/classes/java/lang/invoke/MethodHandles.java
diffstat 2 files changed, 12 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/java/lang/RuntimePermission.java	Mon Mar 13 20:31:34 2017 +0000
+++ b/src/java.base/share/classes/java/lang/RuntimePermission.java	Mon Mar 13 20:36:18 2017 +0000
@@ -265,6 +265,16 @@
  * </tr>
  *
  * <tr>
+ *   <td>defineClass</td>
+ *   <td>Define a class with
+ * {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
+ * Lookup.defineClass}.</td>
+ *   <td>This grants code with a suitably privileged {@code Lookup} object
+ * permission to define classes in the same package as the {@code Lookup}'s
+ * lookup class. </td>
+ * </tr>
+ *
+ * <tr>
  *   <td>accessDeclaredMembers</td>
  *   <td>Access to the declared members of a class</td>
  *   <td>This grants code permission to query a class for its public,
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandles.java	Mon Mar 13 20:31:34 2017 +0000
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandles.java	Mon Mar 13 20:36:18 2017 +0000
@@ -890,7 +890,7 @@
          * Specification</em>. </p>
          *
          * <p> If there is a security manager, its {@code checkPermission} method is first called
-         * to check {@code RuntimePermission("getClassLoader")}. </p>
+         * to check {@code RuntimePermission("defineClass")}. </p>
          *
          * @param bytes the class bytes
          * @return the {@code Class} object for the class
@@ -911,7 +911,7 @@
         public Class<?> defineClass(byte[] bytes) throws IllegalAccessException {
             SecurityManager sm = System.getSecurityManager();
             if (sm != null)
-                sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
+                sm.checkPermission(new RuntimePermission("defineClass"));
             if (hasPrivateAccess())
                 throw new UnsupportedOperationException("PRIVATE access not supported");
             if ((lookupModes() & PACKAGE) == 0)