OpenE2K
/
gcc
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext. 

2005-02-08  Andrew Haley  <aph@redhat.com>

        * javax/security/auth/Subject.java (doAsPrivileged): If acc is
        null, create a new AccessControlContext.
        * java/security/SecureClassLoader.java (protectionDomainCache):
        new field.
        (defineClass): Create a new protection domain and add it to our
        cache.

        * java/rmi/server/UnicastRemoteObject.java (exportObject): Call
        addStub() to keep track of the stub we've exported.
        (unexportObject): Call deleteStub().
        * java/rmi/server/RemoteObject.java (stubs): New field.
        (addStub): New method.
        (deleteStub): New method.
        (toStub): Rewrite.

        * java/lang/VMCompiler.java (loadSharedLibrary): Pass
        true to findHelper (tryParents).
        * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
        Likewise.
        * java/net/URLClassLoader.java (SoURLLoader): Likewise.
        * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
        ProtectionDomain.
        If tryParents is false, don't scan parent class loaders.

        * java/security/Permissions.java (PermissionsHash.implies):
        Iterate over the collection and invoke implies() on each
        element.

From-SVN: r95111
This commit is contained in:
Andrew Haley 2005-02-16 18:51:25 +00:00 committed by Andrew Haley
parent d2638db653
commit 019dac3214
10 changed files with 115 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
libjava/ChangeLog
View File

@ -1,5 +1,38 @@
2005-02-16 Andrew Haley <aph@redhat.com>
2005-02-08 Andrew Haley <aph@redhat.com>
* javax/security/auth/Subject.java (doAsPrivileged): If acc is
null, create a new AccessControlContext.
* java/security/SecureClassLoader.java (protectionDomainCache):
new field.
(defineClass): Create a new protection domain and add it to our
cache.
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
addStub() to keep track of the stub we've exported.
(unexportObject): Call deleteStub().
* java/rmi/server/RemoteObject.java (stubs): New field.
(addStub): New method.
(deleteStub): New method.
(toStub): Rewrite.
* java/lang/VMCompiler.java (loadSharedLibrary): Pass
true to findHelper (tryParents).
* gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
Likewise.
* java/net/URLClassLoader.java (SoURLLoader): Likewise.
* gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
ProtectionDomain.
If tryParents is false, don't scan parent class loaders.
* java/security/Permissions.java (PermissionsHash.implies):
Iterate over the collection and invoke implies() on each
element.
2005-02-16 Andrew Haley <aph@redhat.com>
* gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new
fields.
(PersistentByteMap): Set name

21
libjava/gnu/gcj/runtime/SharedLibHelper.java
View File

@ -28,13 +28,15 @@ public class SharedLibHelper
* @parem flags passed to dlopen
*/
SharedLibHelper(String libname, ClassLoader parent, CodeSource source,
int flags)
ProtectionDomain domain, int flags)
{
// FIXME: ask security manager first.
loader = parent;
baseName = libname;
domain = new ProtectionDomain(source,
Policy.getPolicy().getPermissions(source));
if (domain == null)
domain = new ProtectionDomain(source,
Policy.getPolicy().getPermissions(source));
this.domain = domain;
this.flags = flags;
}
@ -65,7 +67,14 @@ public class SharedLibHelper
}
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
CodeSource source)
CodeSource source, boolean tryParents)
{
return findHelper (loader, libname, source, null, tryParents);
}
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
CodeSource source, ProtectionDomain domain,
boolean tryParents)
{
synchronized (map)
{
@ -95,7 +104,7 @@ public class SharedLibHelper
return result;
l = l.getParent();
}
while (l != null);
while (tryParents && l != null);
}
}
}
@ -116,7 +125,7 @@ public class SharedLibHelper
return null;
}
}
result = new SharedLibHelper(libname, loader, source, 0);
result = new SharedLibHelper(libname, loader, source, domain, 0);
s.add(new WeakReference(result));
return result;
}

2
libjava/gnu/gcj/runtime/SharedLibLoader.java
View File

@ -39,7 +39,7 @@ public class SharedLibLoader extends ClassLoader
url = null;
}
helper = SharedLibHelper.findHelper(this, libname,
new CodeSource(url, null));
new CodeSource(url, null), true);
}
/** Load a shared library, and asociate a ClassLoader with it.

3
libjava/java/lang/VMCompiler.java
View File

@ -142,7 +142,8 @@ final class VMCompiler
{
Class c = null;
SharedLibHelper helper
= SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource());
= SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(),
domain, false);
c = helper.findClass (className);
if (c != null)
{

2
libjava/java/net/URLClassLoader.java
View File

@ -543,7 +543,7 @@ public class URLClassLoader extends SecureClassLoader
{
super(classloader, url, overrideURL);
helper = SharedLibHelper.findHelper(classloader, url.getFile(),
noCertCodeSource);
noCertCodeSource, true);
}
Class getClass(String className)

32
libjava/java/rmi/server/RemoteObject.java
View File

@ -45,6 +45,7 @@ import java.lang.reflect.Constructor;
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
import java.rmi.UnmarshalException;
import java.util.WeakHashMap;
public abstract class RemoteObject
implements Remote, Serializable {
@ -53,6 +54,8 @@ public static final long serialVersionUID = -3215090123894869218l;
protected transient RemoteRef ref;
private static final WeakHashMap stubs = new WeakHashMap();
protected RemoteObject() {
this(null);
}
@ -65,21 +68,24 @@ public RemoteRef getRef() {
return (ref);
}
synchronized static void addStub(Remote obj, Remote stub)
{
stubs.put(obj, stub);
}
synchronized static void deleteStub(Remote obj)
{
stubs.remove(obj);
}
public static Remote toStub(Remote obj) throws NoSuchObjectException
{
Class cls = obj.getClass();
String classname = cls.getName();
ClassLoader cl = cls.getClassLoader();
try
{
Class scls = cl.loadClass(classname + "_Stub");
// JDK 1.2 stubs
Class[] stubprototype = new Class[] { RemoteRef.class };
Constructor con = scls.getConstructor(stubprototype);
return (Remote)(con.newInstance(new Object[]{obj}));
}
catch (Exception e) {}
throw new NoSuchObjectException(obj.getClass().getName());
Remote stub = (Remote)stubs.get(obj);
if (stub == null)
throw new NoSuchObjectException(obj.getClass().getName());
return stub;
}
public int hashCode() {

11
libjava/java/rmi/server/UnicastRemoteObject.java
View File

@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
{
sref = new UnicastServerRef(new ObjID (), port, ssf);
}
return (sref.exportObject (obj));
Remote stub = sref.exportObject (obj);
addStub(obj, stub);
return stub;
}
/**
@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
{
if (obj instanceof RemoteObject)
{
deleteStub(obj);
UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
return sref.unexportObject(obj, force);
}
else
//FIX ME
;
{
//FIX ME
;
}
return true;
}

11
libjava/java/security/Permissions.java
View File

@ -228,9 +228,18 @@ class PermissionsHash extends PermissionCollection
* @param perm the permission to check
* @return true if it is implied
*/
// FIXME: Should this method be synchronized?
public boolean implies(Permission perm)
{
return perms.get(perm) != null;
Enumeration elements = elements();
while (elements.hasMoreElements())
{
Permission p = (Permission)elements.nextElement();
if (p.implies(perm))
return true;
}
return false;
}
/**

26
libjava/java/security/SecureClassLoader.java
View File

@ -48,6 +48,8 @@ package java.security;
*/
public class SecureClassLoader extends ClassLoader
{
java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
protected SecureClassLoader(ClassLoader parent)
{
super(parent);
@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader
protected final Class defineClass(String name, byte[] b, int off, int len,
CodeSource cs)
{
// FIXME: Need to cache ProtectionDomains according to 1.3 docs.
if (cs != null)
{
ProtectionDomain protectionDomain
= new ProtectionDomain(cs, getPermissions(cs), this, null);
ProtectionDomain protectionDomain;
synchronized (protectionDomainCache)
{
protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
}
if (protectionDomain == null)
{
protectionDomain
= new ProtectionDomain(cs, getPermissions(cs), this, null);
synchronized (protectionDomainCache)
{
ProtectionDomain domain
= (ProtectionDomain)protectionDomainCache.get(cs);
if (domain == null)
protectionDomainCache.put(cs, protectionDomain);
else
protectionDomain = domain;
}
}
return super.defineClass(name, b, off, len, protectionDomain);
}
else

4
libjava/javax/security/auth/Subject.java
View File

@ -235,7 +235,7 @@ public final class Subject implements Serializable
*/
public static Object doAsPrivileged (final Subject subject,
final PrivilegedExceptionAction action,
final AccessControlContext acc)
AccessControlContext acc)
throws PrivilegedActionException
{
final SecurityManager sm = System.getSecurityManager();
@ -243,6 +243,8 @@ public final class Subject implements Serializable
{
sm.checkPermission (new AuthPermission ("doAsPrivileged"));
}
if (acc == null)
acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
AccessControlContext context =
new AccessControlContext (acc, new SubjectDomainCombiner (subject));
return AccessController.doPrivileged (action, context);