Call SecurityManager.checkPackageAccess from Class Loaders

Fri Jan 26 19:49:00 GMT 2007

This is something we discussed a while ago. gcj never got around to
doing this, so I added the check. However, there were two problems,
which have taken me all day (grr) to fix.
* Class.initializeClass has a nasty habit of swallowing exceptions and
 re-throwing them as NoClassDefFoundErrors. This is wrong, becasue
 we really do need to re-throw the SecurityException.
* When testing I ran into a nasty crash with a user-defined
 SecurityManager. The problem was that
 SecurityManager.checkPackageAccess itself needs to load Security
 classes, and if the user-defined SecurityManager then calls
 checkPackageAccess we have infinite recursion. Interestingly, this
 is Sun bug #4242924.
Most of this is gcj-specific, but the last one may as well be applied
to Classpath.
Testcase to follow.
Andrew.
2007年01月26日 Andrew Haley <aph@redhat.com>
 * java/lang/natClass.cc (initializeClass): Re-throw
 SecurityExceptions.
 * java/lang/natVMClassLoader.cc (loadClass): checkPackageAccess.
 * java/lang/ClassLoader.java: (loadClass): Likewise.
2007年01月26日 Andrew Haley <aph@redhat.com>
 * java/lang/SecurityManager.java: Load and initialize
 java.security.Security.
Index: classpath/java/lang/SecurityManager.java
===================================================================

--- classpath/java/lang/SecurityManager.java	(revision 121113)
+++ classpath/java/lang/SecurityManager.java	(working copy)
@@ -167,6 +167,18 @@
 */
 public SecurityManager()
 {
+ /* "When there is security manager installed, the security manager
+ need to check the package access. However, if the security
+ manager itself uses any unloaded class, it will trigger the
+ classloading, which causes infinite loop. There is no easy
+ legal solution. The workaround will be that security manager
+ can not depend on any unloaded class. In the constructor of
+ security manager, it must transitively load all classes it
+ refers to." Sun bug #4242924. */
+
+ // Load and initialize java.security.Security
+ java.security.Security.getProvider((String)null);
+
 SecurityManager sm = System.getSecurityManager();
 if (sm != null)
 sm.checkPermission(new RuntimePermission("createSecurityManager"));
Index: java/lang/ClassLoader.java
===================================================================
--- java/lang/ClassLoader.java	(revision 121113)
+++ java/lang/ClassLoader.java	(working copy)
@@ -404,6 +404,14 @@
 protected synchronized Class loadClass(String name, boolean resolve)
 throws ClassNotFoundException
 {
+ SecurityManager sm = SecurityManager.current;
+ if (sm != null)
+ {
+	int lastDot = name.lastIndexOf('.');
+	if (lastDot != -1)
+	 sm.checkPackageAccess(name.substring(0, lastDot));
+ }
+
 // Arrays are handled specially.
 Class c;
 if (name.length() > 0 && name.charAt(0) == '[')
Index: java/lang/natClass.cc
===================================================================
--- java/lang/natClass.cc	(revision 121113)
+++ java/lang/natClass.cc	(working copy)
@@ -50,6 +50,7 @@
 #include <java/lang/NullPointerException.h>
 #include <java/lang/RuntimePermission.h>
 #include <java/lang/System.h>
+#include <java/lang/SecurityException.h>
 #include <java/lang/SecurityManager.h>
 #include <java/lang/StringBuffer.h>
 #include <java/lang/VMClassLoader.h>
@@ -690,6 +691,10 @@
 	 {
 	 _Jv_Linker::wait_for_state(this, JV_STATE_LINKED);
 	 }
+	catch (java::lang::SecurityException *x)
+	 {
+	 throw x;
+	 }
 	catch (java::lang::Throwable *x)
 	 {
 	 // Turn into a NoClassDefFoundError.
@@ -727,6 +732,10 @@
 	{
 	 _Jv_InitClass (superclass);
 	}
+ catch (java::lang::SecurityException *x)
+	{
+	 throw x;
+	}
 catch (java::lang::Throwable *except)
 	{
 	 // Caught an exception.
@@ -745,6 +754,10 @@
 if (meth)
 	((void (*) (void)) meth->ncode) ();
 }
+ catch (java::lang::SecurityException *x)
+ {
+ throw x;
+ }
 catch (java::lang::Throwable *except)
 {
 if (! java::lang::Error::class$.isInstance(except))
Index: java/lang/natVMClassLoader.cc
===================================================================
--- java/lang/natVMClassLoader.cc	(revision 121113)
+++ java/lang/natVMClassLoader.cc	(working copy)
@@ -32,8 +32,10 @@
 #include <java/security/ProtectionDomain.h>
 #include <java/lang/ClassFormatError.h>
 #include <java/lang/StringBuffer.h>
+#include <java/lang/SecurityManager.h>
 #include <java/lang/Runtime.h>
 #include <java/util/HashSet.h>
+#include <java/lang/SecurityException.h>
 #include <java/lang/VirtualMachineError.h>
 
 java::lang::Class *
@@ -204,6 +206,16 @@
 jclass
 java::lang::VMClassLoader::loadClass(jstring name, jboolean resolve)
 {
+ using namespace ::java::lang;
+
+ SecurityManager *sm = (SecurityManager *)SecurityManager::current;
+ if (sm)
+ {
+ jint lastDot = name->lastIndexOf('.');
+ if (lastDot != -1)
+	sm->checkPackageAccess(name->substring(0, lastDot));
+ }
+
 // We try the boot loader first, so that the endorsed directory
 // overrides compiled-in classes.
 jclass klass = NULL;
