summaryrefslogtreecommitdiff
path: root/libjava
diff options
context:
space:
mode:
authorAndrew Haley <aph@redhat.com>2005-02-16 18:51:25 +0000
committerAndrew Haley <aph@gcc.gnu.org>2005-02-16 18:51:25 +0000
commit019dac321407d9048889e41e400cdb6381924b77 (patch)
tree72b158fdd213cd3c9d1c1c7c1c11b22e22998ca2 /libjava
parentd2638db6537096c72a93d820748b2b9d3bba88ab (diff)
downloadgcc-019dac321407d9048889e41e400cdb6381924b77.tar.gz
Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext.
2005-02-08 Andrew Haley <aph@redhat.com> * javax/security/auth/Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext. * java/security/SecureClassLoader.java (protectionDomainCache): new field. (defineClass): Create a new protection domain and add it to our cache. * java/rmi/server/UnicastRemoteObject.java (exportObject): Call addStub() to keep track of the stub we've exported. (unexportObject): Call deleteStub(). * java/rmi/server/RemoteObject.java (stubs): New field. (addStub): New method. (deleteStub): New method. (toStub): Rewrite. * java/lang/VMCompiler.java (loadSharedLibrary): Pass true to findHelper (tryParents). * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader): Likewise. * java/net/URLClassLoader.java (SoURLLoader): Likewise. * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass ProtectionDomain. If tryParents is false, don't scan parent class loaders. * java/security/Permissions.java (PermissionsHash.implies): Iterate over the collection and invoke implies() on each element. From-SVN: r95111
Diffstat (limited to 'libjava')
-rw-r--r--libjava/ChangeLog33
-rw-r--r--libjava/gnu/gcj/runtime/SharedLibHelper.java21
-rw-r--r--libjava/gnu/gcj/runtime/SharedLibLoader.java2
-rw-r--r--libjava/java/lang/VMCompiler.java3
-rw-r--r--libjava/java/net/URLClassLoader.java2
-rw-r--r--libjava/java/rmi/server/RemoteObject.java32
-rw-r--r--libjava/java/rmi/server/UnicastRemoteObject.java11
-rw-r--r--libjava/java/security/Permissions.java11
-rw-r--r--libjava/java/security/SecureClassLoader.java26
-rw-r--r--libjava/javax/security/auth/Subject.java4
10 files changed, 115 insertions, 30 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index d6a90bda48d..fdfd3c2e94d 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,5 +1,38 @@
2005-02-16 Andrew Haley <aph@redhat.com>
+
+2005-02-08 Andrew Haley <aph@redhat.com>
+
+ * javax/security/auth/Subject.java (doAsPrivileged): If acc is
+ null, create a new AccessControlContext.
+ * java/security/SecureClassLoader.java (protectionDomainCache):
+ new field.
+ (defineClass): Create a new protection domain and add it to our
+ cache.
+
+ * java/rmi/server/UnicastRemoteObject.java (exportObject): Call
+ addStub() to keep track of the stub we've exported.
+ (unexportObject): Call deleteStub().
+ * java/rmi/server/RemoteObject.java (stubs): New field.
+ (addStub): New method.
+ (deleteStub): New method.
+ (toStub): Rewrite.
+
+ * java/lang/VMCompiler.java (loadSharedLibrary): Pass
+ true to findHelper (tryParents).
+ * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
+ Likewise.
+ * java/net/URLClassLoader.java (SoURLLoader): Likewise.
+ * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
+ ProtectionDomain.
+ If tryParents is false, don't scan parent class loaders.
+
+ * java/security/Permissions.java (PermissionsHash.implies):
+ Iterate over the collection and invoke implies() on each
+ element.
+
+2005-02-16 Andrew Haley <aph@redhat.com>
+
* gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new
fields.
(PersistentByteMap): Set name
diff --git a/libjava/gnu/gcj/runtime/SharedLibHelper.java b/libjava/gnu/gcj/runtime/SharedLibHelper.java
index a0bfe68b83c..912c58e397e 100644
--- a/libjava/gnu/gcj/runtime/SharedLibHelper.java
+++ b/libjava/gnu/gcj/runtime/SharedLibHelper.java
@@ -28,13 +28,15 @@ public class SharedLibHelper
* @parem flags passed to dlopen
*/
SharedLibHelper(String libname, ClassLoader parent, CodeSource source,
- int flags)
+ ProtectionDomain domain, int flags)
{
// FIXME: ask security manager first.
loader = parent;
baseName = libname;
- domain = new ProtectionDomain(source,
- Policy.getPolicy().getPermissions(source));
+ if (domain == null)
+ domain = new ProtectionDomain(source,
+ Policy.getPolicy().getPermissions(source));
+ this.domain = domain;
this.flags = flags;
}
@@ -65,7 +67,14 @@ public class SharedLibHelper
}
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
- CodeSource source)
+ CodeSource source, boolean tryParents)
+ {
+ return findHelper (loader, libname, source, null, tryParents);
+ }
+
+ public static SharedLibHelper findHelper (ClassLoader loader, String libname,
+ CodeSource source, ProtectionDomain domain,
+ boolean tryParents)
{
synchronized (map)
{
@@ -95,7 +104,7 @@ public class SharedLibHelper
return result;
l = l.getParent();
}
- while (l != null);
+ while (tryParents && l != null);
}
}
}
@@ -116,7 +125,7 @@ public class SharedLibHelper
return null;
}
}
- result = new SharedLibHelper(libname, loader, source, 0);
+ result = new SharedLibHelper(libname, loader, source, domain, 0);
s.add(new WeakReference(result));
return result;
}
diff --git a/libjava/gnu/gcj/runtime/SharedLibLoader.java b/libjava/gnu/gcj/runtime/SharedLibLoader.java
index 1f80bbc8289..b8e6a57de53 100644
--- a/libjava/gnu/gcj/runtime/SharedLibLoader.java
+++ b/libjava/gnu/gcj/runtime/SharedLibLoader.java
@@ -39,7 +39,7 @@ public class SharedLibLoader extends ClassLoader
url = null;
}
helper = SharedLibHelper.findHelper(this, libname,
- new CodeSource(url, null));
+ new CodeSource(url, null), true);
}
/** Load a shared library, and asociate a ClassLoader with it.
diff --git a/libjava/java/lang/VMCompiler.java b/libjava/java/lang/VMCompiler.java
index 3eb4491ecec..b3f55603487 100644
--- a/libjava/java/lang/VMCompiler.java
+++ b/libjava/java/lang/VMCompiler.java
@@ -142,7 +142,8 @@ final class VMCompiler
{
Class c = null;
SharedLibHelper helper
- = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource());
+ = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(),
+ domain, false);
c = helper.findClass (className);
if (c != null)
{
diff --git a/libjava/java/net/URLClassLoader.java b/libjava/java/net/URLClassLoader.java
index 0ee2e748a3d..57ea968d780 100644
--- a/libjava/java/net/URLClassLoader.java
+++ b/libjava/java/net/URLClassLoader.java
@@ -543,7 +543,7 @@ public class URLClassLoader extends SecureClassLoader
{
super(classloader, url, overrideURL);
helper = SharedLibHelper.findHelper(classloader, url.getFile(),
- noCertCodeSource);
+ noCertCodeSource, true);
}
Class getClass(String className)
diff --git a/libjava/java/rmi/server/RemoteObject.java b/libjava/java/rmi/server/RemoteObject.java
index 1bc7648c8fc..374fee85797 100644
--- a/libjava/java/rmi/server/RemoteObject.java
+++ b/libjava/java/rmi/server/RemoteObject.java
@@ -45,6 +45,7 @@ import java.lang.reflect.Constructor;
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
import java.rmi.UnmarshalException;
+import java.util.WeakHashMap;
public abstract class RemoteObject
implements Remote, Serializable {
@@ -53,6 +54,8 @@ public static final long serialVersionUID = -3215090123894869218l;
protected transient RemoteRef ref;
+private static final WeakHashMap stubs = new WeakHashMap();
+
protected RemoteObject() {
this(null);
}
@@ -65,21 +68,24 @@ public RemoteRef getRef() {
return (ref);
}
+synchronized static void addStub(Remote obj, Remote stub)
+{
+ stubs.put(obj, stub);
+}
+
+synchronized static void deleteStub(Remote obj)
+{
+ stubs.remove(obj);
+}
+
public static Remote toStub(Remote obj) throws NoSuchObjectException
{
- Class cls = obj.getClass();
- String classname = cls.getName();
- ClassLoader cl = cls.getClassLoader();
- try
- {
- Class scls = cl.loadClass(classname + "_Stub");
- // JDK 1.2 stubs
- Class[] stubprototype = new Class[] { RemoteRef.class };
- Constructor con = scls.getConstructor(stubprototype);
- return (Remote)(con.newInstance(new Object[]{obj}));
- }
- catch (Exception e) {}
- throw new NoSuchObjectException(obj.getClass().getName());
+ Remote stub = (Remote)stubs.get(obj);
+
+ if (stub == null)
+ throw new NoSuchObjectException(obj.getClass().getName());
+
+ return stub;
}
public int hashCode() {
diff --git a/libjava/java/rmi/server/UnicastRemoteObject.java b/libjava/java/rmi/server/UnicastRemoteObject.java
index 6e8fb253820..ed296f03341 100644
--- a/libjava/java/rmi/server/UnicastRemoteObject.java
+++ b/libjava/java/rmi/server/UnicastRemoteObject.java
@@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
{
sref = new UnicastServerRef(new ObjID (), port, ssf);
}
- return (sref.exportObject (obj));
+ Remote stub = sref.exportObject (obj);
+ addStub(obj, stub);
+ return stub;
}
/**
@@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
{
if (obj instanceof RemoteObject)
{
+ deleteStub(obj);
UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
return sref.unexportObject(obj, force);
}
else
- //FIX ME
- ;
+ {
+ //FIX ME
+ ;
+ }
return true;
}
diff --git a/libjava/java/security/Permissions.java b/libjava/java/security/Permissions.java
index d44341c947a..ce63cc2cca2 100644
--- a/libjava/java/security/Permissions.java
+++ b/libjava/java/security/Permissions.java
@@ -228,9 +228,18 @@ class PermissionsHash extends PermissionCollection
* @param perm the permission to check
* @return true if it is implied
*/
+ // FIXME: Should this method be synchronized?
public boolean implies(Permission perm)
{
- return perms.get(perm) != null;
+ Enumeration elements = elements();
+
+ while (elements.hasMoreElements())
+ {
+ Permission p = (Permission)elements.nextElement();
+ if (p.implies(perm))
+ return true;
+ }
+ return false;
}
/**
diff --git a/libjava/java/security/SecureClassLoader.java b/libjava/java/security/SecureClassLoader.java
index 7546edc85e5..89b5e4effce 100644
--- a/libjava/java/security/SecureClassLoader.java
+++ b/libjava/java/security/SecureClassLoader.java
@@ -48,6 +48,8 @@ package java.security;
*/
public class SecureClassLoader extends ClassLoader
{
+ java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
+
protected SecureClassLoader(ClassLoader parent)
{
super(parent);
@@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader
protected final Class defineClass(String name, byte[] b, int off, int len,
CodeSource cs)
{
- // FIXME: Need to cache ProtectionDomains according to 1.3 docs.
if (cs != null)
{
- ProtectionDomain protectionDomain
- = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ ProtectionDomain protectionDomain;
+
+ synchronized (protectionDomainCache)
+ {
+ protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
+ }
+
+ if (protectionDomain == null)
+ {
+ protectionDomain
+ = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ synchronized (protectionDomainCache)
+ {
+ ProtectionDomain domain
+ = (ProtectionDomain)protectionDomainCache.get(cs);
+ if (domain == null)
+ protectionDomainCache.put(cs, protectionDomain);
+ else
+ protectionDomain = domain;
+ }
+ }
return super.defineClass(name, b, off, len, protectionDomain);
}
else
diff --git a/libjava/javax/security/auth/Subject.java b/libjava/javax/security/auth/Subject.java
index 5391acec825..37baecc8aed 100644
--- a/libjava/javax/security/auth/Subject.java
+++ b/libjava/javax/security/auth/Subject.java
@@ -235,7 +235,7 @@ public final class Subject implements Serializable
*/
public static Object doAsPrivileged (final Subject subject,
final PrivilegedExceptionAction action,
- final AccessControlContext acc)
+ AccessControlContext acc)
throws PrivilegedActionException
{
final SecurityManager sm = System.getSecurityManager();
@@ -243,6 +243,8 @@ public final class Subject implements Serializable
{
sm.checkPermission (new AuthPermission ("doAsPrivileged"));
}
+ if (acc == null)
+ acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
AccessControlContext context =
new AccessControlContext (acc, new SubjectDomainCombiner (subject));
return AccessController.doPrivileged (action, context);