Mercurial > hg > release > icedtea7-forest-2.1 > jdk

changeset 4968:2d3faf217561

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8011139: (reflect) Revise checking in getEnclosingClass Reviewed-by: darcy, mchung, ahgross
author jfranck
date Thu, 18 Apr 2013 13:18:28 +0200
parents 871acb7cd95c
children 5e190bcba6be
files src/share/classes/java/lang/Class.java
diffstat 1 files changed, 17 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/lang/Class.java	Fri Apr 19 16:50:10 2013 -0700
+++ b/src/share/classes/java/lang/Class.java	Thu Apr 18 13:18:28 2013 +0200
@@ -1134,13 +1134,9 @@
                 enclosingCandidate = enclosingClass;
         }
 
-        // be very careful not to change the stack depth of this
-        // checkMemberAccess call for security reasons
-        // see java.lang.SecurityManager.checkMemberAccess
-        if (enclosingCandidate != null) {
-            enclosingCandidate.checkMemberAccess(Member.DECLARED,
-                                                 Reflection.getCallerClass(), true);
-        }
+        if (enclosingCandidate != null)
+            enclosingCandidate.checkPackageAccess(
+                    ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
         return enclosingCandidate;
     }
 
@@ -2214,6 +2210,8 @@
      * Check if client is allowed to access members.  If access is denied,
      * throw a SecurityException.
      *
+     * This method also enforces package access.
+     *
      * <p> Default policy: allow all clients access with normal Java access
      * control.
      */
@@ -2234,7 +2232,19 @@
                 // checkMemberAccess of subclasses of SecurityManager as specified.
                 s.checkMemberAccess(this, which);
             }
+            this.checkPackageAccess(ccl, checkProxyInterfaces);
+        }
+    }
 
+    /*
+     * Checks if a client loaded in ClassLoader ccl is allowed to access this
+     * class under the current package access policy. If access is denied,
+     * throw a SecurityException.
+     */
+    private void checkPackageAccess(final ClassLoader ccl, boolean checkProxyInterfaces) {
+        final SecurityManager s = System.getSecurityManager();
+        if (s != null) {
+            final ClassLoader cl = getClassLoader0();
             if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) {
                 String name = this.getName();
                 int i = name.lastIndexOf('.');