# HG changeset patch # User jfranck # Date 1366283908 -7200 # Node ID 2d3faf2175618b8b5596acbbcb69f163b9773db5 # Parent 871acb7cd95cb1dedae326e0e8eb4630f4eb980d 8011139: (reflect) Revise checking in getEnclosingClass Reviewed-by: darcy, mchung, ahgross diff -r 871acb7cd95c -r 2d3faf217561 src/share/classes/java/lang/Class.java --- a/src/share/classes/java/lang/Class.java Fri Apr 19 16:50:10 2013 -0700 +++ b/src/share/classes/java/lang/Class.java Thu Apr 18 13:18:28 2013 +0200 @@ -1134,13 +1134,9 @@ enclosingCandidate = enclosingClass; } - // be very careful not to change the stack depth of this - // checkMemberAccess call for security reasons - // see java.lang.SecurityManager.checkMemberAccess - if (enclosingCandidate != null) { - enclosingCandidate.checkMemberAccess(Member.DECLARED, - Reflection.getCallerClass(), true); - } + if (enclosingCandidate != null) + enclosingCandidate.checkPackageAccess( + ClassLoader.getClassLoader(Reflection.getCallerClass()), true); return enclosingCandidate; } @@ -2214,6 +2210,8 @@ * Check if client is allowed to access members. If access is denied, * throw a SecurityException. * + * This method also enforces package access. + * *

Default policy: allow all clients access with normal Java access * control. */ @@ -2234,7 +2232,19 @@ // checkMemberAccess of subclasses of SecurityManager as specified. s.checkMemberAccess(this, which); } + this.checkPackageAccess(ccl, checkProxyInterfaces); + } + } + /* + * Checks if a client loaded in ClassLoader ccl is allowed to access this + * class under the current package access policy. If access is denied, + * throw a SecurityException. + */ + private void checkPackageAccess(final ClassLoader ccl, boolean checkProxyInterfaces) { + final SecurityManager s = System.getSecurityManager(); + if (s != null) { + final ClassLoader cl = getClassLoader0(); if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) { String name = this.getName(); int i = name.lastIndexOf('.');