From 2353a7bf3d2322ac26a686a01975d156b55687c9 Mon Sep 17 00:00:00 2001 From: Casey Marshall Date: Mon, 26 Sep 2005 01:06:45 +0000 Subject: 2005-09-25 Casey Marshall Fixes PR classpath/23916. Fix suggested by Santiago Gala . * java/security/AccessControlContext.java (): update javadoc; check SecurityPermission "createAccessControlContext" if a security manager is set. (getProtectionDomains): new method. * vm/reference/java/security/VMAccessController.java (DEBUG): set to 'gnu.classpath.Configuration.DEBUG.' (pushContext, popContext): add debug statement. (getContext): debug output changes; include the DomainCombiner specified in the AccessControlContext, if any. --- vm/reference/java/security/VMAccessController.java | 42 ++++++++++++++++------ 1 file changed, 31 insertions(+), 11 deletions(-) (limited to 'vm/reference/java') diff --git a/vm/reference/java/security/VMAccessController.java b/vm/reference/java/security/VMAccessController.java index 7058a5e34..da13c6889 100644 --- a/vm/reference/java/security/VMAccessController.java +++ b/vm/reference/java/security/VMAccessController.java @@ -76,7 +76,7 @@ final class VMAccessController DEFAULT_CONTEXT = new AccessControlContext(domain); } - private static final boolean DEBUG = false; + private static final boolean DEBUG = gnu.classpath.Configuration.DEBUG; private static void debug(String msg) { System.err.print(">>> VMAccessController: "); @@ -108,6 +108,8 @@ final class VMAccessController LinkedList stack = (LinkedList) contexts.get(); if (stack == null) { + if (DEBUG) + debug("no stack... creating "); stack = new LinkedList(); contexts.set(stack); } @@ -134,6 +136,10 @@ final class VMAccessController if (stack.isEmpty()) contexts.set(null); } + else if (DEBUG) + { + debug("no stack during pop?????"); + } } /** @@ -166,7 +172,7 @@ final class VMAccessController String[] methods = (String[]) stack[1]; if (DEBUG) - debug(">>> got trace of length " + classes.length); + debug("got trace of length " + classes.length); HashSet domains = new HashSet(); HashSet seenDomains = new HashSet(); @@ -185,8 +191,9 @@ final class VMAccessController if (DEBUG) { - debug(">>> checking " + clazz + "." + method); - debug(">>> loader = " + clazz.getClassLoader()); + debug("checking " + clazz + "." + method); + // subject to getClassLoader RuntimePermission + debug("loader = " + clazz.getClassLoader()); } // If the previous frame was a call to doPrivileged, then this is @@ -198,14 +205,16 @@ final class VMAccessController && method.equals ("doPrivileged")) { // If there was a call to doPrivileged with a supplied context, - // return that context. + // return that context. If using JAAS doAs*, it should be + // a context with a SubjectDomainCombiner LinkedList l = (LinkedList) contexts.get(); if (l != null) context = (AccessControlContext) l.getFirst(); privileged = 1; } - ProtectionDomain domain = clazz.getProtectionDomain(); + // subject to getProtectionDomain RuntimePermission + ProtectionDomain domain = clazz.getProtectionDomain(); if (domain == null) continue; @@ -225,14 +234,25 @@ final class VMAccessController ProtectionDomain[] result = (ProtectionDomain[]) domains.toArray(new ProtectionDomain[domains.size()]); - // Intersect the derived protection domain with the context supplied - // to doPrivileged. if (context != null) - context = new AccessControlContext(result, context, - IntersectingDomainCombiner.SINGLETON); + { + DomainCombiner dc = context.getDomainCombiner (); + // If the supplied context had no explicit DomainCombiner, use + // our private version, which computes the intersection of the + // context's domains with the derived set. + if (dc == null) + context = new AccessControlContext + (IntersectingDomainCombiner.SINGLETON.combine + (result, context.getProtectionDomains ())); + // Use the supplied DomainCombiner. This should be secure, + // because only trusted code may create an + // AccessControlContext with a custom DomainCombiner. + else + context = new AccessControlContext (result, context, dc); + } // No context was supplied. Return the derived one. else - context = new AccessControlContext(result); + context = new AccessControlContext (result); inGetContext.set(Boolean.FALSE); return context; -- cgit v1.2.1