aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsundar <none@none>2013-08-09 20:48:44 +0530
committersundar <none@none>2013-08-09 20:48:44 +0530
commit43057911b8202759b9b73f8e7cc401d21317aa23 (patch)
tree8c64cdad4e6adeb4135f9a51c32e9d7d1108e0df
parent1ef9d0145fc2e99ddb2458642d7f194ec65c771a (diff)
downloadnashorn-43057911b8202759b9b73f8e7cc401d21317aa23.tar.gz
8022707: Revisit all doPrivileged blocks
Reviewed-by: jlaskey, hannesw
-rw-r--r--make/project.properties11
-rw-r--r--src/jdk/nashorn/api/scripting/NashornScriptEngine.java33
-rw-r--r--src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java12
-rw-r--r--src/jdk/nashorn/api/scripting/ScriptObjectMirror.java15
-rw-r--r--src/jdk/nashorn/internal/objects/Global.java22
-rw-r--r--src/jdk/nashorn/internal/objects/NativeDebug.java2
-rw-r--r--src/jdk/nashorn/internal/runtime/Context.java57
-rw-r--r--src/jdk/nashorn/internal/runtime/ECMAErrors.java11
-rw-r--r--src/jdk/nashorn/internal/runtime/Logging.java24
-rw-r--r--src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java15
-rw-r--r--src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java5
-rw-r--r--src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java4
-rw-r--r--src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java33
-rw-r--r--src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java2
-rw-r--r--src/jdk/nashorn/internal/runtime/options/Options.java29
-rw-r--r--src/jdk/nashorn/tools/Shell.java15
16 files changed, 185 insertions, 105 deletions
diff --git a/make/project.properties b/make/project.properties
index 081e27b2..5523f6cb 100644
--- a/make/project.properties
+++ b/make/project.properties
@@ -222,11 +222,16 @@ run.test.xms=2G
run.test.user.language=tr
run.test.user.country=TR
-# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods
-run.test.jvmargs.main=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -ea -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError
+run.test.jvmargs.common=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError
+
+#-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M
+# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods
+
+# turn on assertions for tests
+run.test.jvmargs.main=${run.test.jvmargs.common} -ea
#-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M
-run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.main}
+run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.common}
run.test.jvmsecurityargs=-Xverify:all -Djava.security.properties=${basedir}/make/java.security.override -Djava.security.manager -Djava.security.policy=${basedir}/build/nashorn.policy
diff --git a/src/jdk/nashorn/api/scripting/NashornScriptEngine.java b/src/jdk/nashorn/api/scripting/NashornScriptEngine.java
index 5b79846b..063bc08f 100644
--- a/src/jdk/nashorn/api/scripting/NashornScriptEngine.java
+++ b/src/jdk/nashorn/api/scripting/NashornScriptEngine.java
@@ -36,10 +36,13 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.URL;
import java.nio.charset.Charset;
+import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.ResourceBundle;
@@ -71,6 +74,14 @@ import jdk.nashorn.internal.runtime.options.Options;
*/
public final class NashornScriptEngine extends AbstractScriptEngine implements Compilable, Invocable {
+ private static AccessControlContext createPermAccCtxt(final String permName) {
+ final Permissions perms = new Permissions();
+ perms.add(new RuntimePermission(permName));
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ private static final AccessControlContext CREATE_CONTEXT_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_CONTEXT);
+ private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_GLOBAL);
private final ScriptEngineFactory factory;
private final Context nashornContext;
@@ -84,16 +95,9 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
private static final String MESSAGES_RESOURCE = "jdk.nashorn.api.scripting.resources.Messages";
- // Without do privileged, under security manager messages can not be loaded.
private static final ResourceBundle MESSAGES_BUNDLE;
static {
- MESSAGES_BUNDLE = AccessController.doPrivileged(
- new PrivilegedAction<ResourceBundle>() {
- @Override
- public ResourceBundle run() {
- return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
- }
- });
+ MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
private static String getMessage(final String msgId, final String... args) {
@@ -128,7 +132,7 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
throw e;
}
}
- });
+ }, CREATE_CONTEXT_ACC_CTXT);
// create new global object
this.global = createNashornGlobal();
@@ -340,7 +344,7 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
throw e;
}
}
- });
+ }, CREATE_GLOBAL_ACC_CTXT);
nashornContext.initGlobal(newGlobal);
@@ -362,10 +366,8 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
}
private void evalEngineScript() throws ScriptException {
- evalSupportScript("resources/engine.js", NashornException.ENGINE_SCRIPT_SOURCE_NAME);
- }
-
- private void evalSupportScript(final String script, final String name) throws ScriptException {
+ final String script = "resources/engine.js";
+ final String name = NashornException.ENGINE_SCRIPT_SOURCE_NAME;
try {
final InputStream is = AccessController.doPrivileged(
new PrivilegedExceptionAction<InputStream>() {
@@ -380,6 +382,9 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
eval(isr);
}
} catch (final PrivilegedActionException | IOException e) {
+ if (Context.DEBUG) {
+ e.printStackTrace();
+ }
throw new ScriptException(e);
} finally {
put(ScriptEngine.FILENAME, null);
diff --git a/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java b/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java
index c1005415..beb0c2a0 100644
--- a/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java
+++ b/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java
@@ -30,6 +30,7 @@ import java.util.Collections;
import java.util.List;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineFactory;
+import jdk.nashorn.internal.runtime.Context;
import jdk.nashorn.internal.runtime.Version;
/**
@@ -136,7 +137,14 @@ public final class NashornScriptEngineFactory implements ScriptEngineFactory {
@Override
public ScriptEngine getScriptEngine() {
- return new NashornScriptEngine(this, getAppClassLoader());
+ try {
+ return new NashornScriptEngine(this, getAppClassLoader());
+ } catch (final RuntimeException e) {
+ if (Context.DEBUG) {
+ e.printStackTrace();
+ }
+ throw e;
+ }
}
/**
@@ -178,7 +186,7 @@ public final class NashornScriptEngineFactory implements ScriptEngineFactory {
private static void checkConfigPermission() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission("nashorn.setConfig"));
+ sm.checkPermission(new RuntimePermission(Context.NASHORN_SET_CONFIG));
}
}
diff --git a/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java b/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java
index 7abf142c..fd2ef88a 100644
--- a/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java
+++ b/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java
@@ -25,14 +25,17 @@
package jdk.nashorn.api.scripting;
+import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.LinkedHashSet;
import java.util.Iterator;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -49,6 +52,14 @@ import jdk.nashorn.internal.runtime.ScriptRuntime;
* netscape.javascript.JSObject interface.
*/
public final class ScriptObjectMirror extends JSObject implements Bindings {
+ private static AccessControlContext getContextAccCtxt() {
+ final Permissions perms = new Permissions();
+ perms.add(new RuntimePermission(Context.NASHORN_GET_CONTEXT));
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ private static final AccessControlContext GET_CONTEXT_ACC_CTXT = getContextAccCtxt();
+
private final ScriptObject sobj;
private final ScriptObject global;
@@ -144,7 +155,7 @@ public final class ScriptObjectMirror extends JSObject implements Bindings {
public Context run() {
return Context.getContext();
}
- });
+ }, GET_CONTEXT_ACC_CTXT);
return wrap(context.eval(global, s, null, null, false), global);
}
});
diff --git a/src/jdk/nashorn/internal/objects/Global.java b/src/jdk/nashorn/internal/objects/Global.java
index 891e0d7c..6d7be378 100644
--- a/src/jdk/nashorn/internal/objects/Global.java
+++ b/src/jdk/nashorn/internal/objects/Global.java
@@ -35,8 +35,6 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.ref.SoftReference;
import java.lang.reflect.Field;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
@@ -420,7 +418,7 @@ public final class Global extends ScriptObject implements GlobalObject, Scope {
// security check first
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission("nashorn.newGlobal"));
+ sm.checkPermission(new RuntimePermission(Context.NASHORN_CREATE_GLOBAL));
}
// null check on context
@@ -1780,19 +1778,13 @@ public final class Global extends ScriptObject implements GlobalObject, Scope {
}
private static void copyOptions(final ScriptObject options, final ScriptEnvironment scriptEnv) {
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- for (Field f : scriptEnv.getClass().getFields()) {
- try {
- options.set(f.getName(), f.get(scriptEnv), false);
- } catch (final IllegalArgumentException | IllegalAccessException exp) {
- throw new RuntimeException(exp);
- }
- }
- return null;
+ for (Field f : scriptEnv.getClass().getFields()) {
+ try {
+ options.set(f.getName(), f.get(scriptEnv), false);
+ } catch (final IllegalArgumentException | IllegalAccessException exp) {
+ throw new RuntimeException(exp);
}
- });
+ }
}
private void initTypedArray() {
diff --git a/src/jdk/nashorn/internal/objects/NativeDebug.java b/src/jdk/nashorn/internal/objects/NativeDebug.java
index 82757cba..9ee7c99a 100644
--- a/src/jdk/nashorn/internal/objects/NativeDebug.java
+++ b/src/jdk/nashorn/internal/objects/NativeDebug.java
@@ -72,7 +72,7 @@ public final class NativeDebug extends ScriptObject {
public static Object getContext(final Object self) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission("nashorn.getContext"));
+ sm.checkPermission(new RuntimePermission(Context.NASHORN_GET_CONTEXT));
}
return Global.getThisContext();
}
diff --git a/src/jdk/nashorn/internal/runtime/Context.java b/src/jdk/nashorn/internal/runtime/Context.java
index b0e2f15f..8ff85b93 100644
--- a/src/jdk/nashorn/internal/runtime/Context.java
+++ b/src/jdk/nashorn/internal/runtime/Context.java
@@ -64,6 +64,31 @@ import jdk.nashorn.internal.runtime.options.Options;
* This class manages the global state of execution. Context is immutable.
*/
public final class Context {
+ // nashorn specific security runtime access permission names
+ /**
+ * Permission needed to pass arbitrary nashorn command line options when creating Context.
+ */
+ public static final String NASHORN_SET_CONFIG = "nashorn.setConfig";
+
+ /**
+ * Permission needed to create Nashorn Context instance.
+ */
+ public static final String NASHORN_CREATE_CONTEXT = "nashorn.createContext";
+
+ /**
+ * Permission needed to create Nashorn Global instance.
+ */
+ public static final String NASHORN_CREATE_GLOBAL = "nashorn.createGlobal";
+
+ /**
+ * Permission to get current Nashorn Context from thread local storage.
+ */
+ public static final String NASHORN_GET_CONTEXT = "nashorn.getContext";
+
+ /**
+ * Permission to use Java reflection/jsr292 from script code.
+ */
+ public static final String NASHORN_JAVA_REFLECTION = "nashorn.JavaReflection";
/**
* ContextCodeInstaller that has the privilege of installing classes in the Context.
@@ -139,7 +164,7 @@ public final class Context {
public static Context getContext() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission("nashorn.getContext"));
+ sm.checkPermission(new RuntimePermission(NASHORN_GET_CONTEXT));
}
return getContextTrusted();
}
@@ -204,7 +229,20 @@ public final class Context {
private static final ClassLoader myLoader = Context.class.getClassLoader();
private static final StructureLoader sharedLoader;
- private static final AccessControlContext NO_PERMISSIONS_CONTEXT;
+
+ private static AccessControlContext createNoPermAccCtxt() {
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
+ }
+
+ private static AccessControlContext createPermAccCtxt(final String permName) {
+ final Permissions perms = new Permissions();
+ perms.add(new RuntimePermission(permName));
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ private static final AccessControlContext NO_PERMISSIONS_ACC_CTXT = createNoPermAccCtxt();
+ private static final AccessControlContext CREATE_LOADER_ACC_CTXT = createPermAccCtxt("createClassLoader");
+ private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(NASHORN_CREATE_GLOBAL);
static {
sharedLoader = AccessController.doPrivileged(new PrivilegedAction<StructureLoader>() {
@@ -212,8 +250,7 @@ public final class Context {
public StructureLoader run() {
return new StructureLoader(myLoader, null);
}
- });
- NO_PERMISSIONS_CONTEXT = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
+ }, CREATE_LOADER_ACC_CTXT);
}
/**
@@ -254,7 +291,7 @@ public final class Context {
public Context(final Options options, final ErrorManager errors, final PrintWriter out, final PrintWriter err, final ClassLoader appLoader) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission("nashorn.createContext"));
+ sm.checkPermission(new RuntimePermission(NASHORN_CREATE_CONTEXT));
}
this.env = new ScriptEnvironment(options, out, err);
@@ -516,7 +553,7 @@ public final class Context {
@Override
public ScriptObject run() {
try {
- return createGlobal();
+ return newGlobal();
} catch (final RuntimeException e) {
if (Context.DEBUG) {
e.printStackTrace();
@@ -524,7 +561,9 @@ public final class Context {
throw e;
}
}
- });
+ }, CREATE_GLOBAL_ACC_CTXT);
+ // initialize newly created Global instance
+ initGlobal(newGlobal);
setGlobalTrusted(newGlobal);
final Object[] wrapped = args == null? ScriptRuntime.EMPTY_ARRAY : ScriptObjectMirror.wrapArray(args, oldGlobal);
@@ -577,7 +616,7 @@ public final class Context {
sm.checkPackageAccess(fullName.substring(0, index));
return null;
}
- }, NO_PERMISSIONS_CONTEXT);
+ }, NO_PERMISSIONS_ACC_CTXT);
}
}
}
@@ -856,7 +895,7 @@ public final class Context {
public ScriptLoader run() {
return new ScriptLoader(sharedLoader, Context.this);
}
- });
+ }, CREATE_LOADER_ACC_CTXT);
}
private long getUniqueScriptId() {
diff --git a/src/jdk/nashorn/internal/runtime/ECMAErrors.java b/src/jdk/nashorn/internal/runtime/ECMAErrors.java
index 35a0f2f4..5b608f4b 100644
--- a/src/jdk/nashorn/internal/runtime/ECMAErrors.java
+++ b/src/jdk/nashorn/internal/runtime/ECMAErrors.java
@@ -25,8 +25,6 @@
package jdk.nashorn.internal.runtime;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.ResourceBundle;
@@ -40,16 +38,9 @@ import jdk.nashorn.internal.scripts.JS;
public final class ECMAErrors {
private static final String MESSAGES_RESOURCE = "jdk.nashorn.internal.runtime.resources.Messages";
- // Without do privileged, under security manager messages can not be loaded.
private static final ResourceBundle MESSAGES_BUNDLE;
static {
- MESSAGES_BUNDLE = AccessController.doPrivileged(
- new PrivilegedAction<ResourceBundle>() {
- @Override
- public ResourceBundle run() {
- return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
- }
- });
+ MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
/** We assume that compiler generates script classes into the known package. */
diff --git a/src/jdk/nashorn/internal/runtime/Logging.java b/src/jdk/nashorn/internal/runtime/Logging.java
index 39740dd2..54d83b79 100644
--- a/src/jdk/nashorn/internal/runtime/Logging.java
+++ b/src/jdk/nashorn/internal/runtime/Logging.java
@@ -25,6 +25,11 @@
package jdk.nashorn.internal.runtime;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@@ -35,6 +40,7 @@ import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
+import java.util.logging.LoggingPermission;
/**
* Logging system for getting loggers for arbitrary subsystems as
@@ -50,12 +56,20 @@ public final class Logging {
private static final Logger disabledLogger = Logger.getLogger("disabled");
+ private static AccessControlContext createLoggerControlAccCtxt() {
+ final Permissions perms = new Permissions();
+ perms.add(new LoggingPermission("control", null));
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
static {
- try {
- Logging.disabledLogger.setLevel(Level.OFF);
- } catch (final SecurityException e) {
- //ignored
- }
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ Logging.disabledLogger.setLevel(Level.OFF);
+ return null;
+ }
+ }, createLoggerControlAccCtxt());
}
/** Maps logger name to loggers. Names are typically per package */
diff --git a/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java b/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java
index d12df47a..b139da1c 100644
--- a/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java
+++ b/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java
@@ -27,8 +27,11 @@ package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
+import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
@@ -43,6 +46,16 @@ import java.util.Map;
* used to determine if one loader can see the other loader's classes.
*/
final class ClassAndLoader {
+ static AccessControlContext createPermAccCtxt(final String... permNames) {
+ final Permissions perms = new Permissions();
+ for (final String permName : permNames) {
+ perms.add(new RuntimePermission(permName));
+ }
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ private static final AccessControlContext GET_LOADER_ACC_CTXT = createPermAccCtxt("getClassLoader");
+
private final Class<?> representativeClass;
// Don't access this directly; most of the time, use getRetrievedLoader(), or if you know what you're doing,
// getLoader().
@@ -116,7 +129,7 @@ final class ClassAndLoader {
public ClassAndLoader run() {
return getDefiningClassAndLoaderPrivileged(types);
}
- });
+ }, GET_LOADER_ACC_CTXT);
}
static ClassAndLoader getDefiningClassAndLoaderPrivileged(final Class<?>[] types) {
diff --git a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java
index 2264cae5..efbf7cf6 100644
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java
+++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java
@@ -49,6 +49,7 @@ import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
@@ -868,6 +869,8 @@ final class JavaAdapterBytecodeGenerator {
}
}
+ private static final AccessControlContext GET_DECLARED_MEMBERS_ACC_CTXT = ClassAndLoader.createPermAccCtxt("accessDeclaredMembers");
+
/**
* Creates a collection of methods that are not final, but we still never allow them to be overridden in adapters,
* as explicitly declaring them automatically is a bad idea. Currently, this means {@code Object.finalize()} and
@@ -886,7 +889,7 @@ final class JavaAdapterBytecodeGenerator {
throw new AssertionError(e);
}
}
- });
+ }, GET_DECLARED_MEMBERS_ACC_CTXT);
}
private String getCommonSuperClass(final String type1, final String type2) {
diff --git a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java
index 059ed552..291e4d2f 100644
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java
+++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java
@@ -25,6 +25,7 @@
package jdk.nashorn.internal.runtime.linker;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSigner;
@@ -46,6 +47,7 @@ import jdk.internal.dynalink.beans.StaticClass;
@SuppressWarnings("javadoc")
final class JavaAdapterClassLoader {
private static final ProtectionDomain GENERATED_PROTECTION_DOMAIN = createGeneratedProtectionDomain();
+ private static final AccessControlContext CREATE_LOADER_ACC_CTXT = ClassAndLoader.createPermAccCtxt("createClassLoader");
private final String className;
private volatile byte[] classBytes;
@@ -77,7 +79,7 @@ final class JavaAdapterClassLoader {
throw new AssertionError(e); // cannot happen
}
}
- });
+ }, CREATE_LOADER_ACC_CTXT);
}
// Note that the adapter class is created in the protection domain of the class/interface being
diff --git a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
index 4c005a27..5130f3d6 100644
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
+++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java
@@ -31,9 +31,9 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Modifier;
+import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -70,6 +70,11 @@ import jdk.nashorn.internal.runtime.ScriptObject;
@SuppressWarnings("javadoc")
public final class JavaAdapterFactory {
+ // context with permissions needs for AdapterInfo creation
+ private static final AccessControlContext CREATE_ADAPTER_INFO_ACC_CTXT =
+ ClassAndLoader.createPermAccCtxt("createClassLoader", "getClassLoader",
+ "accessDeclaredMembers", "accessClassInPackage.jdk.nashorn.internal.runtime");
+
/**
* A mapping from an original Class object to AdapterInfo representing the adapter for the class it represents.
*/
@@ -124,17 +129,10 @@ public final class JavaAdapterFactory {
*/
public static MethodHandle getConstructor(final Class<?> sourceType, final Class<?> targetType) throws Exception {
final StaticClass adapterClass = getAdapterClassFor(new Class<?>[] { targetType }, null);
- return AccessController.doPrivileged(new PrivilegedExceptionAction<MethodHandle>() {
- @Override
- public MethodHandle run() throws Exception {
- // NOTE: we use publicLookup(), but none of our adapter constructors are caller sensitive, so this is
- // okay, we won't artificially limit access.
- return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl(
- NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new",
- MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false,
- adapterClass, null)).getInvocation(), adapterClass);
- }
- });
+ return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl(
+ NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new",
+ MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false,
+ adapterClass, null)).getInvocation(), adapterClass);
}
/**
@@ -171,7 +169,7 @@ public final class JavaAdapterFactory {
return (List)Collections.singletonList(clazz);
}
- /**
+ /**
* For a given class, create its adapter class and associated info.
* @param type the class for which the adapter is created
* @return the adapter info for the class.
@@ -190,12 +188,19 @@ public final class JavaAdapterFactory {
}
superClass = t;
} else {
+ if (interfaces.size() > 65535) {
+ throw new IllegalArgumentException("interface limit exceeded");
+ }
+
interfaces.add(t);
}
+
if(!Modifier.isPublic(mod)) {
return new AdapterInfo(AdaptationResult.Outcome.ERROR_NON_PUBLIC_CLASS, t.getCanonicalName());
}
}
+
+
final Class<?> effectiveSuperClass = superClass == null ? Object.class : superClass;
return AccessController.doPrivileged(new PrivilegedAction<AdapterInfo>() {
@Override
@@ -206,7 +211,7 @@ public final class JavaAdapterFactory {
return new AdapterInfo(e.getAdaptationResult());
}
}
- });
+ }, CREATE_ADAPTER_INFO_ACC_CTXT);
}
private static class AdapterInfo {
diff --git a/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java b/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java
index 1e540231..39f93642 100644
--- a/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java
+++ b/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java
@@ -88,6 +88,6 @@ final class ReflectionCheckLinker implements TypeBasedGuardingDynamicLinker{
}
private static void checkReflectionPermission(final SecurityManager sm) {
- sm.checkPermission(new RuntimePermission("nashorn.JavaReflection"));
+ sm.checkPermission(new RuntimePermission(Context.NASHORN_JAVA_REFLECTION));
}
}
diff --git a/src/jdk/nashorn/internal/runtime/options/Options.java b/src/jdk/nashorn/internal/runtime/options/Options.java
index 737c56b4..900d9dd4 100644
--- a/src/jdk/nashorn/internal/runtime/options/Options.java
+++ b/src/jdk/nashorn/internal/runtime/options/Options.java
@@ -26,8 +26,11 @@
package jdk.nashorn.internal.runtime.options;
import java.io.PrintWriter;
+import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
@@ -39,6 +42,7 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
+import java.util.PropertyPermission;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import java.util.TimeZone;
@@ -51,6 +55,15 @@ import jdk.nashorn.internal.runtime.QuotedStringTokenizer;
* Manages global runtime options.
*/
public final class Options {
+ // permission to just read nashorn.* System properties
+ private static AccessControlContext createPropertyReadAccCtxt() {
+ final Permissions perms = new Permissions();
+ perms.add(new PropertyPermission("nashorn.*", "read"));
+ return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+ }
+
+ private static final AccessControlContext READ_PROPERTY_ACC_CTXT = createPropertyReadAccCtxt();
+
/** Resource tag. */
private final String resource;
@@ -144,7 +157,7 @@ public final class Options {
return false;
}
}
- });
+ }, READ_PROPERTY_ACC_CTXT);
}
/**
@@ -171,7 +184,7 @@ public final class Options {
return defValue;
}
}
- });
+ }, READ_PROPERTY_ACC_CTXT);
}
/**
@@ -198,7 +211,7 @@ public final class Options {
return defValue;
}
}
- });
+ }, READ_PROPERTY_ACC_CTXT);
}
/**
@@ -567,15 +580,7 @@ public final class Options {
private static String definePropPrefix;
static {
- // Without do privileged, under security manager messages can not be
- // loaded.
- Options.bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
- @Override
- public ResourceBundle run() {
- return ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault());
- }
- });
-
+ Options.bundle = ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault());
Options.validOptions = new TreeSet<>();
Options.usage = new HashMap<>();
diff --git a/src/jdk/nashorn/tools/Shell.java b/src/jdk/nashorn/tools/Shell.java
index 55840078..08b576fb 100644
--- a/src/jdk/nashorn/tools/Shell.java
+++ b/src/jdk/nashorn/tools/Shell.java
@@ -34,8 +34,6 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
@@ -68,18 +66,7 @@ public class Shell {
/**
* Shell message bundle.
*/
- private static ResourceBundle bundle;
-
- static {
- // Without do privileged, under security manager messages can not be
- // loaded.
- bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
- @Override
- public ResourceBundle run() {
- return ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault());
- }
- });
- }
+ private static final ResourceBundle bundle = ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault());
/**
* Exit code for command line tool - successful