infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-05-08 20:49:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

8139905: Add a convenience AccessControlContext factory

Browse Source 
Reviewed-by: hannesw, sundar
This commit is contained in:
Attila Szegedi 2015-10-21 10:41:54 +02:00
parent d62fb19270
commit b49c5c8b09
13 changed files with 211 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/ClassLoaderGetterContextProvider.java
View File

@ -1,110 +0,0 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* This file is available under and governed by the GNU General Public
* License version 2 only, as published by the Free Software Foundation.
* However, the following notice accompanied the original version of this
* file, and Oracle licenses the original version of this file under the BSD
* license:
*/
/*
Copyright 2009-2013 Attila Szegedi
Licensed under both the Apache License, Version 2.0 (the "Apache License")
and the BSD License (the "BSD License"), with licensee being free to
choose either of the two at their discretion.
You may not use this file except in compliance with either the Apache
License or the BSD License.
If you choose to use this file in compliance with the Apache License, the
following notice applies to you:
You may obtain a copy of the Apache License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
If you choose to use this file in compliance with the BSD License, the
following notice applies to you:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package jdk.internal.dynalink;
import java.security.AccessControlContext;
import java.security.Permissions;
import java.security.ProtectionDomain;
/**
* This class exposes a canonical {@link AccessControlContext} with a single {@link RuntimePermission} for
* {@code "getClassLoader"} permission that is used by other parts of the code to narrow their set of permissions when
* they're retrieving class loaders in privileged blocks.
*/
final class ClassLoaderGetterContextProvider {
/**
* Canonical instance of {@link AccessControlContext} with a single {@link RuntimePermission} for
* {@code "getClassLoader"} permission.
*/
static final AccessControlContext GET_CLASS_LOADER_CONTEXT;
static {
final Permissions perms = new Permissions();
perms.add(new RuntimePermission("getClassLoader"));
GET_CLASS_LOADER_CONTEXT = new AccessControlContext(
new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private ClassLoaderGetterContextProvider() {
}
}

7
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/ClassMap.java
View File

@ -85,12 +85,14 @@ package jdk.internal.dynalink;
import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
/**
@ -100,6 +102,9 @@ import jdk.internal.dynalink.internal.InternalTypeUtilities;
* @param <T> the type of the values in the map
*/
abstract class ClassMap<T> {
private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
AccessControlContextFactory.createAccessControlContext("getClassLoader");
private final ConcurrentMap<Class<?>, T> map = new ConcurrentHashMap<>();
private final Map<Class<?>, Reference<T>> weakMap = new WeakHashMap<>();
private final ClassLoader classLoader;
@ -155,7 +160,7 @@ abstract class ClassMap<T> {
public Boolean run() {
return InternalTypeUtilities.canReferenceDirectly(classLoader, clazz.getClassLoader());
}
}, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
}, GET_CLASS_LOADER_CONTEXT);
// If allowed to strongly reference, put it in the fast map
if(canReferenceDirectly) {

7
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/DynamicLinkerFactory.java
View File

@ -86,6 +86,7 @@ package jdk.internal.dynalink;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
import java.lang.invoke.MutableCallSite;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@ -101,6 +102,7 @@ import java.util.ServiceLoader;
import java.util.Set;
import java.util.function.Supplier;
import jdk.internal.dynalink.beans.BeansLinker;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.GuardedInvocation;
import jdk.internal.dynalink.linker.GuardedInvocationTransformer;
import jdk.internal.dynalink.linker.GuardingDynamicLinker;
@ -128,6 +130,9 @@ import jdk.internal.dynalink.linker.support.TypeUtilities;
* category usually includes {@link BeansLinker}.
*/
public final class DynamicLinkerFactory {
private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
AccessControlContextFactory.createAccessControlContext("getClassLoader");
/**
* Default value for {@link #setUnstableRelinkThreshold(int) unstable relink
* threshold}.
@ -495,7 +500,7 @@ public final class DynamicLinkerFactory {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
}, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
}, GET_CLASS_LOADER_CONTEXT);
}
private static void addClasses(final Set<Class<? extends GuardingDynamicLinker>> knownLinkerClasses,

6
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/TypeConverterFactory.java
View File

@ -88,11 +88,13 @@ import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
import java.lang.invoke.WrongMethodTypeException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.LinkedList;
import java.util.List;
import java.util.function.Supplier;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.ConversionComparator;
import jdk.internal.dynalink.linker.ConversionComparator.Comparison;
import jdk.internal.dynalink.linker.GuardedInvocation;
@ -107,6 +109,8 @@ import jdk.internal.dynalink.linker.support.TypeUtilities;
* instances and creates appropriate converters for method handles.
*/
final class TypeConverterFactory {
private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
AccessControlContextFactory.createAccessControlContext("getClassLoader");
private final GuardingTypeConverterFactory[] factories;
private final ConversionComparator[] comparators;
@ -172,7 +176,7 @@ final class TypeConverterFactory {
public ClassLoader run() {
return clazz.getClassLoader();
}
}, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
}, GET_CLASS_LOADER_CONTEXT);
}
/**

10
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CallerSensitiveDynamicMethod.java
View File

@ -91,9 +91,11 @@ import java.lang.reflect.Constructor;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.linker.support.Lookup;
/**
@ -103,6 +105,10 @@ import jdk.internal.dynalink.linker.support.Lookup;
* every request.
*/
class CallerSensitiveDynamicMethod extends SingleDynamicMethod {
private static final AccessControlContext GET_LOOKUP_CONTEXT =
AccessControlContextFactory.createAccessControlContext(
CallSiteDescriptor.GET_LOOKUP_PERMISSION);
// Typed as "AccessibleObject" as it can be either a method or a constructor.
// If we were Java8-only, we could use java.lang.reflect.Executable
private final AccessibleObject target;
@ -148,8 +154,8 @@ class CallerSensitiveDynamicMethod extends SingleDynamicMethod {
@Override
MethodHandle getTarget(final CallSiteDescriptor desc) {
final MethodHandles.Lookup lookup = AccessController.doPrivileged(
(PrivilegedAction<MethodHandles.Lookup>)()->desc.getLookup(), null,
CallSiteDescriptor.GET_LOOKUP_PERMISSION);
(PrivilegedAction<MethodHandles.Lookup>)()->desc.getLookup(),
GET_LOOKUP_CONTEXT);
if(target instanceof Method) {
final MethodHandle mh = Lookup.unreflect(lookup, (Method)target);

10
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/CheckRestrictedPackage.java
View File

@ -86,15 +86,15 @@ package jdk.internal.dynalink.beans;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
/**
* A utility class to check whether a given class is in a package with restricted access e.g. "sun.*" etc.
*/
class CheckRestrictedPackage {
private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext();
private static final AccessControlContext NO_PERMISSIONS_CONTEXT =
AccessControlContextFactory.createAccessControlContext();
/**
* Returns true if the class is either not public, or it resides in a package with restricted access.
@ -131,8 +131,4 @@ class CheckRestrictedPackage {
}
return false;
}
private static AccessControlContext createNoPermissionsContext() {
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
}
}

8
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/ClassString.java
View File

@ -85,11 +85,12 @@ package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.LinkedList;
import java.util.List;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
import jdk.internal.dynalink.linker.LinkerServices;
import jdk.internal.dynalink.linker.support.TypeUtilities;
@ -100,7 +101,8 @@ import jdk.internal.dynalink.linker.support.TypeUtilities;
* JLS.
*/
final class ClassString {
private static final Permission GET_CLASS_LOADER_PERMISSION = new RuntimePermission("getClassLoader");
private static final AccessControlContext GET_CLASS_LOADER_CONTEXT =
AccessControlContextFactory.createAccessControlContext("getClassLoader");
/**
* An anonymous inner class used solely to represent the "type" of null values for method applicability checking.
@ -158,7 +160,7 @@ final class ClassString {
}
return true;
}
}, null, GET_CLASS_LOADER_PERMISSION);
}, GET_CLASS_LOADER_CONTEXT);
}
List<MethodHandle> getMaximallySpecifics(final List<MethodHandle> methods, final LinkerServices linkerServices, final boolean varArg) {

15
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/beans/OverloadedDynamicMethod.java
View File

@ -87,9 +87,7 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Collections;
@ -101,6 +99,7 @@ import java.util.Map;
import java.util.Set;
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.beans.ApplicableOverloadedMethods.ApplicabilityTest;
import jdk.internal.dynalink.internal.AccessControlContextFactory;
import jdk.internal.dynalink.internal.InternalTypeUtilities;
import jdk.internal.dynalink.linker.LinkerServices;
@ -231,14 +230,10 @@ class OverloadedDynamicMethod extends DynamicMethod {
}
}
private static final AccessControlContext GET_CALL_SITE_CLASS_LOADER_CONTEXT;
static {
final Permissions perms = new Permissions();
perms.add(new RuntimePermission("getClassLoader"));
perms.add(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
GET_CALL_SITE_CLASS_LOADER_CONTEXT = new AccessControlContext(
new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext GET_CALL_SITE_CLASS_LOADER_CONTEXT =
AccessControlContextFactory.createAccessControlContext(
new RuntimePermission("getClassLoader"),
CallSiteDescriptor.GET_LOOKUP_PERMISSION);
private static ClassLoader getCallSiteClassLoader(final CallSiteDescriptor callSiteDescriptor) {
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {

77
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/internal/dynalink/internal/AccessControlContextFactory.java Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.internal.dynalink.internal;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.stream.Stream;
/**
* Utility class for creating permission-restricting {@link AccessControlContext}s.
*/
public final class AccessControlContextFactory {
private AccessControlContextFactory () {
}
/**
* Creates an access control context with no permissions.
* @return an access control context with no permissions.
*/
public static AccessControlContext createAccessControlContext() {
return createAccessControlContext(new Permission[0]);
}
/**
* Creates an access control context limited to only the specified permissions.
* @param permissions the permissions for the newly created access control context.
* @return a new access control context limited to only the specified permissions.
*/
public static AccessControlContext createAccessControlContext(final Permission... permissions) {
final Permissions perms = new Permissions();
for(final Permission permission: permissions) {
perms.add(permission);
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
/**
* Creates an access control context limited to only the {@link RuntimePermission}s
* of the given names.
* @param runtimePermissionNames the names of runtime permissions for the
* newly created access control context.
* @return a new access control context limited to only the runtime
* permissions with the specified names.
*/
public static AccessControlContext createAccessControlContext(final String... runtimePermissionNames) {
return createAccessControlContext(makeRuntimePermissions(runtimePermissionNames));
}
private static Permission[] makeRuntimePermissions(final String... runtimePermissionNames) {
return Stream.of(runtimePermissionNames).map(RuntimePermission::new).toArray(Permission[]::new);
}
}

77
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/AccessControlContextFactory.java Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.nashorn.internal.runtime;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.stream.Stream;
/**
* Utility class for creating permission-restricting {@link AccessControlContext}s.
*/
public final class AccessControlContextFactory {
private AccessControlContextFactory () {
}
/**
* Creates an access control context with no permissions.
* @return an access control context with no permissions.
*/
public static AccessControlContext createAccessControlContext() {
return createAccessControlContext(new Permission[0]);
}
/**
* Creates an access control context limited to only the specified permissions.
* @param permissions the permissions for the newly created access control context.
* @return a new access control context limited to only the specified permissions.
*/
public static AccessControlContext createAccessControlContext(final Permission... permissions) {
final Permissions perms = new Permissions();
for(final Permission permission: permissions) {
perms.add(permission);
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
/**
* Creates an access control context limited to only the {@link RuntimePermission}s
* of the given names.
* @param runtimePermissionNames the names of runtime permissions for the
* newly created access control context.
* @return a new access control context limited to only the runtime
* permissions with the specified names.
*/
public static AccessControlContext createAccessControlContext(final String... runtimePermissionNames) {
return createAccessControlContext(makeRuntimePermissions(runtimePermissionNames));
}
private static Permission[] makeRuntimePermissions(final String... runtimePermissionNames) {
return Stream.of(runtimePermissionNames).map(RuntimePermission::new).toArray(Permission[]::new);
}
}

9
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/ScriptFunction.java
View File

@ -29,12 +29,12 @@ import static jdk.nashorn.internal.lookup.Lookup.MH;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import static jdk.nashorn.internal.runtime.ScriptRuntime.UNDEFINED;
import static jdk.nashorn.internal.runtime.UnwarrantedOptimismException.INVALID_PROGRAM_POINT;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
import java.lang.invoke.SwitchPoint;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@ -127,6 +127,9 @@ public class ScriptFunction extends ScriptObject {
// Marker object for lazily initialized prototype object
private static final Object LAZY_PROTOTYPE = new Object();
private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
private static PropertyMap createStrictModeMap(final PropertyMap map) {
final int flags = Property.NOT_ENUMERABLE | Property.NOT_CONFIGURABLE;
PropertyMap newMap = map;
@ -961,8 +964,8 @@ public class ScriptFunction extends ScriptObject {
private static Lookup getLookupPrivileged(final CallSiteDescriptor desc) {
// NOTE: we'd rather not make NashornCallSiteDescriptor.getLookupPrivileged public.
return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->desc.getLookup(), null,
CallSiteDescriptor.GET_LOOKUP_PERMISSION);
return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->desc.getLookup(),
GET_LOOKUP_PERMISSION_CONTEXT);
}
private GuardedInvocation createApplyOrCallCall(final boolean isApply, final CallSiteDescriptor desc, final LinkRequest request, final Object[] args) {

9
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornCallSiteDescriptor.java
View File

@ -28,6 +28,7 @@ package jdk.nashorn.internal.runtime.linker;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodHandles.Lookup;
import java.lang.invoke.MethodType;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap;
@ -35,6 +36,7 @@ import java.util.concurrent.ConcurrentMap;
import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.support.AbstractCallSiteDescriptor;
import jdk.nashorn.internal.ir.debug.NashornTextifier;
import jdk.nashorn.internal.runtime.AccessControlContextFactory;
import jdk.nashorn.internal.runtime.ScriptRuntime;
/**
@ -106,6 +108,9 @@ public final class NashornCallSiteDescriptor extends AbstractCallSiteDescriptor<
}
};
private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
private final MethodHandles.Lookup lookup;
private final String operator;
private final String operand;
@ -208,8 +213,8 @@ public final class NashornCallSiteDescriptor extends AbstractCallSiteDescriptor<
if (csd instanceof NashornCallSiteDescriptor) {
return ((NashornCallSiteDescriptor)csd).lookup;
}
return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->csd.getLookup(), null,
CallSiteDescriptor.GET_LOOKUP_PERMISSION);
return AccessController.doPrivileged((PrivilegedAction<Lookup>)()->csd.getLookup(),
GET_LOOKUP_PERMISSION_CONTEXT);
}
@Override

7
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/NashornLinker.java
View File

@ -31,6 +31,7 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
@ -53,6 +54,7 @@ import jdk.nashorn.api.scripting.JSObject;
import jdk.nashorn.api.scripting.ScriptObjectMirror;
import jdk.nashorn.api.scripting.ScriptUtils;
import jdk.nashorn.internal.objects.NativeArray;
import jdk.nashorn.internal.runtime.AccessControlContextFactory;
import jdk.nashorn.internal.runtime.JSType;
import jdk.nashorn.internal.runtime.ListAdapter;
import jdk.nashorn.internal.runtime.ScriptFunction;
@ -64,6 +66,9 @@ import jdk.nashorn.internal.runtime.Undefined;
* includes {@link ScriptFunction} and its subclasses) as well as {@link Undefined}.
*/
final class NashornLinker implements TypeBasedGuardingDynamicLinker, GuardingTypeConverterFactory, ConversionComparator {
private static final AccessControlContext GET_LOOKUP_PERMISSION_CONTEXT =
AccessControlContextFactory.createAccessControlContext(CallSiteDescriptor.GET_LOOKUP_PERMISSION);
private static final ClassValue<MethodHandle> ARRAY_CONVERTERS = new ClassValue<MethodHandle>() {
@Override
protected MethodHandle computeValue(final Class<?> type) {
@ -171,7 +176,7 @@ final class NashornLinker implements TypeBasedGuardingDynamicLinker, GuardingTyp
public MethodHandles.Lookup run() {
return lookupSupplier.get();
}
}, null, CallSiteDescriptor.GET_LOOKUP_PERMISSION);
}, GET_LOOKUP_PERMISSION_CONTEXT);
}
/**