Mercurial > hg > openjdk > jigsaw > nashorn
view src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java @ 174:5eb1427b6a6d
8011544: Allow subclassing Java classes from script without creating instances
Reviewed-by: jlaskey, sundar
| author | attila |
|---|---|
| date | Thu, 04 Apr 2013 15:53:26 +0200 |
| parents | |
| children |
line wrap: on
line source
/* * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package jdk.nashorn.internal.runtime.linker; import static jdk.internal.org.objectweb.asm.Opcodes.ACC_FINAL; import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PRIVATE; import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PUBLIC; import static jdk.internal.org.objectweb.asm.Opcodes.ACC_STATIC; import static jdk.internal.org.objectweb.asm.Opcodes.ACC_SUPER; import static jdk.internal.org.objectweb.asm.Opcodes.ACONST_NULL; import static jdk.internal.org.objectweb.asm.Opcodes.ALOAD; import static jdk.internal.org.objectweb.asm.Opcodes.ARETURN; import static jdk.internal.org.objectweb.asm.Opcodes.RETURN; import java.security.AccessController; import java.security.AllPermission; import java.security.CodeSigner; import java.security.CodeSource; import java.security.Permissions; import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.security.SecureClassLoader; import jdk.internal.dynalink.beans.StaticClass; import jdk.internal.org.objectweb.asm.ClassWriter; import jdk.internal.org.objectweb.asm.Opcodes; import jdk.internal.org.objectweb.asm.Type; import jdk.internal.org.objectweb.asm.commons.InstructionAdapter; import jdk.nashorn.internal.runtime.Context; import jdk.nashorn.internal.runtime.ScriptObject; /** * This class encapsulates the bytecode of the adapter class and can be used to load it into the JVM as an actual Class. * It can be invoked repeatedly to create multiple adapter classes from the same bytecode; adapter classes that have * class-level overrides must be re-created for every set of such overrides. Note that while this class is named * "class loader", it does not, in fact, extend {@code ClassLoader}, but rather uses them internally. Instances of this * class are normally created by {@link JavaAdapterBytecodeGenerator}. */ class JavaAdapterClassLoader extends JavaAdapterGeneratorBase { private static final Type PRIVILEGED_ACTION_TYPE = Type.getType(PrivilegedAction.class); private static final String PRIVILEGED_ACTION_TYPE_NAME = PRIVILEGED_ACTION_TYPE.getInternalName(); private static final String PRIVILEGED_RUN_METHOD_DESCRIPTOR = Type.getMethodDescriptor(OBJECT_TYPE); private static final ProtectionDomain GENERATED_PROTECTION_DOMAIN = createGeneratedProtectionDomain(); private final String className; private final byte[] classBytes; private final String globalSetterClassName; JavaAdapterClassLoader(String className, byte[] classBytes, String globalSetterClassName) { this.className = className.replace('/', '.'); this.classBytes = classBytes; this.globalSetterClassName = globalSetterClassName.replace('/', '.'); } /** * Loads the generated adapter class into the JVM. * @param parentLoader the parent class loader for the generated class loader * @return the generated adapter class */ StaticClass generateClass(final ClassLoader parentLoader) { return AccessController.doPrivileged(new PrivilegedAction<StaticClass>() { @Override public StaticClass run() { try { return StaticClass.forClass(Class.forName(className, true, createClassLoader(parentLoader))); } catch (final ClassNotFoundException e) { throw new AssertionError(e); // cannot happen } } }); } private static class AdapterLoader extends SecureClassLoader { AdapterLoader(ClassLoader parent) { super(parent); } } static boolean isAdapterClass(Class<?> clazz) { return clazz.getClassLoader() instanceof AdapterLoader; } // Note that the adapter class is created in the protection domain of the class/interface being // extended/implemented, and only the privileged global setter action class is generated in the protection domain // of Nashorn itself. Also note that the creation and loading of the global setter is deferred until it is // required by JVM linker, which will only happen on first invocation of any of the adapted method. We could defer // it even more by separating its invocation into a separate static method on the adapter class, but then someone // with ability to introspect on the class and use setAccessible(true) on it could invoke the method. It's a // security tradeoff... private ClassLoader createClassLoader(final ClassLoader parentLoader) { return new AdapterLoader(parentLoader) { private final ClassLoader myLoader = getClass().getClassLoader(); private final ProtectionDomain myProtectionDomain = getClass().getProtectionDomain(); @Override public Class<?> loadClass(final String name, final boolean resolve) throws ClassNotFoundException { try { return super.loadClass(name, resolve); } catch (final SecurityException se) { // we may be implementing an interface or extending a class that was // loaded by a loader that prevents package.access. If so, it'd throw // SecurityException for nashorn's classes!. For adapter's to work, we // should be able to refer to nashorn classes. if (name.startsWith("jdk.nashorn.internal.")) { return myLoader.loadClass(name); } throw se; } } @Override protected Class<?> findClass(final String name) throws ClassNotFoundException { if(name.equals(className)) { return defineClass(name, classBytes, 0, classBytes.length, GENERATED_PROTECTION_DOMAIN); } else if(name.equals(globalSetterClassName)) { final byte[] bytes = generatePrivilegedActionClassBytes(globalSetterClassName.replace('.', '/')); return defineClass(name, bytes, 0, bytes.length, myProtectionDomain); } else { throw new ClassNotFoundException(name); } } }; } private static ProtectionDomain createGeneratedProtectionDomain() { // Generated classes need to have AllPermission. Since we require the "createClassLoader" RuntimePermission, we // can create a class loader that'll load new classes with any permissions. Our generated classes are just // delegating adapters, so having AllPermission can't cause anything wrong; the effective set of permissions for // the executing script functions will still be limited by the permissions of the caller and the permissions of // the script. final Permissions permissions = new Permissions(); permissions.add(new AllPermission()); return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions); } /** * Generates a PrivilegedAction implementation class for invoking {@link Context#setGlobal(ScriptObject)} from the * adapter class. */ private static byte[] generatePrivilegedActionClassBytes(final String className) { final ClassWriter w = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS); // class GlobalSetter implements PrivilegedAction { w.visit(Opcodes.V1_7, ACC_SUPER | ACC_FINAL, className, null, OBJECT_TYPE_NAME, new String[] { PRIVILEGED_ACTION_TYPE_NAME }); // private final ScriptObject global; w.visitField(ACC_PRIVATE | ACC_FINAL, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR, null, null).visitEnd(); // private GlobalSetter(ScriptObject global) { InstructionAdapter mv = new InstructionAdapter(w.visitMethod(ACC_PRIVATE, INIT, SET_GLOBAL_METHOD_DESCRIPTOR, null, new String[0])); mv.visitCode(); // super(); mv.visitVarInsn(ALOAD, 0); mv.invokespecial(OBJECT_TYPE_NAME, INIT, VOID_NOARG_METHOD_DESCRIPTOR); // this.global = global; mv.visitVarInsn(ALOAD, 0); mv.visitVarInsn(ALOAD, 1); mv.putfield(className, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR); mv.visitInsn(RETURN); mv.visitEnd(); mv.visitMaxs(0, 0); // public Object run() { mv = new InstructionAdapter(w.visitMethod(ACC_PUBLIC, "run", PRIVILEGED_RUN_METHOD_DESCRIPTOR, null, new String[0])); mv.visitCode(); // Context.setGlobal(this.global); mv.visitVarInsn(ALOAD, 0); mv.getfield(className, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR); mv.invokestatic(CONTEXT_TYPE_NAME, "setGlobal", SET_GLOBAL_METHOD_DESCRIPTOR); // return null; mv.visitInsn(ACONST_NULL); mv.visitInsn(ARETURN); mv.visitEnd(); mv.visitMaxs(0, 0); // static void setGlobal(ScriptObject global) { mv = new InstructionAdapter(w.visitMethod(ACC_STATIC, "setGlobal", SET_GLOBAL_METHOD_DESCRIPTOR, null, new String[0])); mv.visitCode(); // new GlobalSetter(ScriptObject global) mv.anew(Type.getType("L" + className + ";")); mv.dup(); mv.visitVarInsn(ALOAD, 0); mv.invokespecial(className, INIT, SET_GLOBAL_METHOD_DESCRIPTOR); // AccessController.doPrivileged(...) mv.invokestatic(Type.getInternalName(AccessController.class), "doPrivileged", Type.getMethodDescriptor( OBJECT_TYPE, PRIVILEGED_ACTION_TYPE)); mv.pop(); mv.visitInsn(RETURN); mv.visitEnd(); mv.visitMaxs(0, 0); return w.toByteArray(); } }