Mercurial > hg > icedtea7-forest-aarch64 > jdk
changeset 7941:9ac8a27d7d19
8057564: JVM hangs at getAgentProperties after attaching to VM with lower
Summary: Create custom Security Descriptor for Named Pipe.
Reviewed-by: mgronlun, dsamersoff, uta
author | sgabdura |
---|---|
date | Tue, 23 Sep 2014 09:06:39 +0200 |
parents | 056ef4238bb4 |
children | 1ed30c084e3d |
files | src/windows/native/sun/tools/attach/WindowsVirtualMachine.c |
diffstat | 1 files changed, 23 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c Fri Sep 19 17:49:42 2014 +0100 +++ b/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c Tue Sep 23 09:06:39 2014 +0200 @@ -23,6 +23,7 @@ * questions. */ #include <windows.h> +#include <Sddl.h> #include <string.h> #include "jni.h" @@ -258,6 +259,25 @@ HANDLE hPipe; char name[MAX_PIPE_NAME_LENGTH]; + SECURITY_ATTRIBUTES sa; + LPSECURITY_ATTRIBUTES lpSA = NULL; + // Custom Security Descriptor is required here to "get" Medium Integrity Level. + // In order to allow Medium Integrity Level clients to open + // and use a NamedPipe created by an High Integrity Level process. + TCHAR *szSD = TEXT("D:") // Discretionary ACL + TEXT("(A;OICI;GRGW;;;WD)") // Allow read/write to Everybody + TEXT("(A;OICI;GA;;;SY)") // Allow full control to System + TEXT("(A;OICI;GA;;;BA)"); // Allow full control to Administrators + + sa.nLength = sizeof(SECURITY_ATTRIBUTES); + sa.bInheritHandle = FALSE; + sa.lpSecurityDescriptor = NULL; + + if (ConvertStringSecurityDescriptorToSecurityDescriptor + (szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL)) { + lpSA = &sa; + } + jstring_to_cstring(env, pipename, name, MAX_PIPE_NAME_LENGTH); hPipe = CreateNamedPipe( @@ -270,7 +290,9 @@ 128, // output buffer size 8192, // input buffer size NMPWAIT_USE_DEFAULT_WAIT, // client time-out - NULL); // default security attribute + lpSA); // security attributes + + LocalFree(sa.lpSecurityDescriptor); if (hPipe == INVALID_HANDLE_VALUE) { JNU_ThrowIOExceptionWithLastError(env, "CreateNamedPipe failed");