diff options
author | Andrew Haley <aph@redhat.com> | 2005-02-16 18:51:25 +0000 |
---|---|---|
committer | Andrew Haley <aph@gcc.gnu.org> | 2005-02-16 18:51:25 +0000 |
commit | 019dac321407d9048889e41e400cdb6381924b77 (patch) | |
tree | 72b158fdd213cd3c9d1c1c7c1c11b22e22998ca2 /libjava | |
parent | d2638db6537096c72a93d820748b2b9d3bba88ab (diff) | |
download | gcc-019dac321407d9048889e41e400cdb6381924b77.tar.gz |
Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext.
2005-02-08 Andrew Haley <aph@redhat.com>
* javax/security/auth/Subject.java (doAsPrivileged): If acc is
null, create a new AccessControlContext.
* java/security/SecureClassLoader.java (protectionDomainCache):
new field.
(defineClass): Create a new protection domain and add it to our
cache.
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
addStub() to keep track of the stub we've exported.
(unexportObject): Call deleteStub().
* java/rmi/server/RemoteObject.java (stubs): New field.
(addStub): New method.
(deleteStub): New method.
(toStub): Rewrite.
* java/lang/VMCompiler.java (loadSharedLibrary): Pass
true to findHelper (tryParents).
* gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
Likewise.
* java/net/URLClassLoader.java (SoURLLoader): Likewise.
* gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
ProtectionDomain.
If tryParents is false, don't scan parent class loaders.
* java/security/Permissions.java (PermissionsHash.implies):
Iterate over the collection and invoke implies() on each
element.
From-SVN: r95111
Diffstat (limited to 'libjava')
-rw-r--r-- | libjava/ChangeLog | 33 | ||||
-rw-r--r-- | libjava/gnu/gcj/runtime/SharedLibHelper.java | 21 | ||||
-rw-r--r-- | libjava/gnu/gcj/runtime/SharedLibLoader.java | 2 | ||||
-rw-r--r-- | libjava/java/lang/VMCompiler.java | 3 | ||||
-rw-r--r-- | libjava/java/net/URLClassLoader.java | 2 | ||||
-rw-r--r-- | libjava/java/rmi/server/RemoteObject.java | 32 | ||||
-rw-r--r-- | libjava/java/rmi/server/UnicastRemoteObject.java | 11 | ||||
-rw-r--r-- | libjava/java/security/Permissions.java | 11 | ||||
-rw-r--r-- | libjava/java/security/SecureClassLoader.java | 26 | ||||
-rw-r--r-- | libjava/javax/security/auth/Subject.java | 4 |
10 files changed, 115 insertions, 30 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog index d6a90bda48d..fdfd3c2e94d 100644 --- a/libjava/ChangeLog +++ b/libjava/ChangeLog @@ -1,5 +1,38 @@ 2005-02-16 Andrew Haley <aph@redhat.com> + +2005-02-08 Andrew Haley <aph@redhat.com> + + * javax/security/auth/Subject.java (doAsPrivileged): If acc is + null, create a new AccessControlContext. + * java/security/SecureClassLoader.java (protectionDomainCache): + new field. + (defineClass): Create a new protection domain and add it to our + cache. + + * java/rmi/server/UnicastRemoteObject.java (exportObject): Call + addStub() to keep track of the stub we've exported. + (unexportObject): Call deleteStub(). + * java/rmi/server/RemoteObject.java (stubs): New field. + (addStub): New method. + (deleteStub): New method. + (toStub): Rewrite. + + * java/lang/VMCompiler.java (loadSharedLibrary): Pass + true to findHelper (tryParents). + * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader): + Likewise. + * java/net/URLClassLoader.java (SoURLLoader): Likewise. + * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass + ProtectionDomain. + If tryParents is false, don't scan parent class loaders. + + * java/security/Permissions.java (PermissionsHash.implies): + Iterate over the collection and invoke implies() on each + element. + +2005-02-16 Andrew Haley <aph@redhat.com> + * gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new fields. (PersistentByteMap): Set name diff --git a/libjava/gnu/gcj/runtime/SharedLibHelper.java b/libjava/gnu/gcj/runtime/SharedLibHelper.java index a0bfe68b83c..912c58e397e 100644 --- a/libjava/gnu/gcj/runtime/SharedLibHelper.java +++ b/libjava/gnu/gcj/runtime/SharedLibHelper.java @@ -28,13 +28,15 @@ public class SharedLibHelper * @parem flags passed to dlopen */ SharedLibHelper(String libname, ClassLoader parent, CodeSource source, - int flags) + ProtectionDomain domain, int flags) { // FIXME: ask security manager first. loader = parent; baseName = libname; - domain = new ProtectionDomain(source, - Policy.getPolicy().getPermissions(source)); + if (domain == null) + domain = new ProtectionDomain(source, + Policy.getPolicy().getPermissions(source)); + this.domain = domain; this.flags = flags; } @@ -65,7 +67,14 @@ public class SharedLibHelper } public static SharedLibHelper findHelper (ClassLoader loader, String libname, - CodeSource source) + CodeSource source, boolean tryParents) + { + return findHelper (loader, libname, source, null, tryParents); + } + + public static SharedLibHelper findHelper (ClassLoader loader, String libname, + CodeSource source, ProtectionDomain domain, + boolean tryParents) { synchronized (map) { @@ -95,7 +104,7 @@ public class SharedLibHelper return result; l = l.getParent(); } - while (l != null); + while (tryParents && l != null); } } } @@ -116,7 +125,7 @@ public class SharedLibHelper return null; } } - result = new SharedLibHelper(libname, loader, source, 0); + result = new SharedLibHelper(libname, loader, source, domain, 0); s.add(new WeakReference(result)); return result; } diff --git a/libjava/gnu/gcj/runtime/SharedLibLoader.java b/libjava/gnu/gcj/runtime/SharedLibLoader.java index 1f80bbc8289..b8e6a57de53 100644 --- a/libjava/gnu/gcj/runtime/SharedLibLoader.java +++ b/libjava/gnu/gcj/runtime/SharedLibLoader.java @@ -39,7 +39,7 @@ public class SharedLibLoader extends ClassLoader url = null; } helper = SharedLibHelper.findHelper(this, libname, - new CodeSource(url, null)); + new CodeSource(url, null), true); } /** Load a shared library, and asociate a ClassLoader with it. diff --git a/libjava/java/lang/VMCompiler.java b/libjava/java/lang/VMCompiler.java index 3eb4491ecec..b3f55603487 100644 --- a/libjava/java/lang/VMCompiler.java +++ b/libjava/java/lang/VMCompiler.java @@ -142,7 +142,8 @@ final class VMCompiler { Class c = null; SharedLibHelper helper - = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource()); + = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(), + domain, false); c = helper.findClass (className); if (c != null) { diff --git a/libjava/java/net/URLClassLoader.java b/libjava/java/net/URLClassLoader.java index 0ee2e748a3d..57ea968d780 100644 --- a/libjava/java/net/URLClassLoader.java +++ b/libjava/java/net/URLClassLoader.java @@ -543,7 +543,7 @@ public class URLClassLoader extends SecureClassLoader { super(classloader, url, overrideURL); helper = SharedLibHelper.findHelper(classloader, url.getFile(), - noCertCodeSource); + noCertCodeSource, true); } Class getClass(String className) diff --git a/libjava/java/rmi/server/RemoteObject.java b/libjava/java/rmi/server/RemoteObject.java index 1bc7648c8fc..374fee85797 100644 --- a/libjava/java/rmi/server/RemoteObject.java +++ b/libjava/java/rmi/server/RemoteObject.java @@ -45,6 +45,7 @@ import java.lang.reflect.Constructor; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.UnmarshalException; +import java.util.WeakHashMap; public abstract class RemoteObject implements Remote, Serializable { @@ -53,6 +54,8 @@ public static final long serialVersionUID = -3215090123894869218l; protected transient RemoteRef ref; +private static final WeakHashMap stubs = new WeakHashMap(); + protected RemoteObject() { this(null); } @@ -65,21 +68,24 @@ public RemoteRef getRef() { return (ref); } +synchronized static void addStub(Remote obj, Remote stub) +{ + stubs.put(obj, stub); +} + +synchronized static void deleteStub(Remote obj) +{ + stubs.remove(obj); +} + public static Remote toStub(Remote obj) throws NoSuchObjectException { - Class cls = obj.getClass(); - String classname = cls.getName(); - ClassLoader cl = cls.getClassLoader(); - try - { - Class scls = cl.loadClass(classname + "_Stub"); - // JDK 1.2 stubs - Class[] stubprototype = new Class[] { RemoteRef.class }; - Constructor con = scls.getConstructor(stubprototype); - return (Remote)(con.newInstance(new Object[]{obj})); - } - catch (Exception e) {} - throw new NoSuchObjectException(obj.getClass().getName()); + Remote stub = (Remote)stubs.get(obj); + + if (stub == null) + throw new NoSuchObjectException(obj.getClass().getName()); + + return stub; } public int hashCode() { diff --git a/libjava/java/rmi/server/UnicastRemoteObject.java b/libjava/java/rmi/server/UnicastRemoteObject.java index 6e8fb253820..ed296f03341 100644 --- a/libjava/java/rmi/server/UnicastRemoteObject.java +++ b/libjava/java/rmi/server/UnicastRemoteObject.java @@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException { { sref = new UnicastServerRef(new ObjID (), port, ssf); } - return (sref.exportObject (obj)); + Remote stub = sref.exportObject (obj); + addStub(obj, stub); + return stub; } /** @@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException { { if (obj instanceof RemoteObject) { + deleteStub(obj); UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef(); return sref.unexportObject(obj, force); } else - //FIX ME - ; + { + //FIX ME + ; + } return true; } diff --git a/libjava/java/security/Permissions.java b/libjava/java/security/Permissions.java index d44341c947a..ce63cc2cca2 100644 --- a/libjava/java/security/Permissions.java +++ b/libjava/java/security/Permissions.java @@ -228,9 +228,18 @@ class PermissionsHash extends PermissionCollection * @param perm the permission to check * @return true if it is implied */ + // FIXME: Should this method be synchronized? public boolean implies(Permission perm) { - return perms.get(perm) != null; + Enumeration elements = elements(); + + while (elements.hasMoreElements()) + { + Permission p = (Permission)elements.nextElement(); + if (p.implies(perm)) + return true; + } + return false; } /** diff --git a/libjava/java/security/SecureClassLoader.java b/libjava/java/security/SecureClassLoader.java index 7546edc85e5..89b5e4effce 100644 --- a/libjava/java/security/SecureClassLoader.java +++ b/libjava/java/security/SecureClassLoader.java @@ -48,6 +48,8 @@ package java.security; */ public class SecureClassLoader extends ClassLoader { + java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap(); + protected SecureClassLoader(ClassLoader parent) { super(parent); @@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader protected final Class defineClass(String name, byte[] b, int off, int len, CodeSource cs) { - // FIXME: Need to cache ProtectionDomains according to 1.3 docs. if (cs != null) { - ProtectionDomain protectionDomain - = new ProtectionDomain(cs, getPermissions(cs), this, null); + ProtectionDomain protectionDomain; + + synchronized (protectionDomainCache) + { + protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs); + } + + if (protectionDomain == null) + { + protectionDomain + = new ProtectionDomain(cs, getPermissions(cs), this, null); + synchronized (protectionDomainCache) + { + ProtectionDomain domain + = (ProtectionDomain)protectionDomainCache.get(cs); + if (domain == null) + protectionDomainCache.put(cs, protectionDomain); + else + protectionDomain = domain; + } + } return super.defineClass(name, b, off, len, protectionDomain); } else diff --git a/libjava/javax/security/auth/Subject.java b/libjava/javax/security/auth/Subject.java index 5391acec825..37baecc8aed 100644 --- a/libjava/javax/security/auth/Subject.java +++ b/libjava/javax/security/auth/Subject.java @@ -235,7 +235,7 @@ public final class Subject implements Serializable */ public static Object doAsPrivileged (final Subject subject, final PrivilegedExceptionAction action, - final AccessControlContext acc) + AccessControlContext acc) throws PrivilegedActionException { final SecurityManager sm = System.getSecurityManager(); @@ -243,6 +243,8 @@ public final class Subject implements Serializable { sm.checkPermission (new AuthPermission ("doAsPrivileged")); } + if (acc == null) + acc = new AccessControlContext (new java.security.ProtectionDomain[0]); AccessControlContext context = new AccessControlContext (acc, new SubjectDomainCombiner (subject)); return AccessController.doPrivileged (action, context); |