Mercurial > hg > release > icedtea8-forest-3.0 > jdk

--- a/src/share/classes/sun/rmi/transport/DGCClient.java	Fri May 15 11:24:41 2015 +0300
+++ b/src/share/classes/sun/rmi/transport/DGCClient.java	Sat May 16 02:04:38 2015 +0300
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@

 import java.lang.ref.PhantomReference;
 import java.lang.ref.ReferenceQueue;
+import java.net.SocketPermission;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.HashMap;
@@ -46,6 +47,10 @@
 import sun.rmi.server.Util;
 import sun.security.action.GetLongAction;

+import java.security.AccessControlContext;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+
 /**
  * DGCClient implements the client-side of the RMI distributed garbage
  * collection system.
@@ -113,6 +118,18 @@
     /** ObjID for server-side DGC object */
     private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);

+    /**
+     * An AccessControlContext with only socket permissions,
+     * suitable for an RMIClientSocketFactory.
+     */
+    private static final AccessControlContext SOCKET_ACC;
+    static {
+        Permissions perms = new Permissions();
+        perms.add(new SocketPermission("*", "connect,resolve"));
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        SOCKET_ACC = new AccessControlContext(pd);
+    }
+
     /*
      * Disallow anyone from creating one of these.
      */
@@ -570,13 +587,20 @@
                         }
                     }

-                    if (needRenewal) {
-                        makeDirtyCall(refsToDirty, sequenceNum);
-                    }
+                    boolean needRenewal_ = needRenewal;
+                    Set<RefEntry> refsToDirty_ = refsToDirty;
+                    long sequenceNum_ = sequenceNum;
+                    AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                        public Void run() {
+                            if (needRenewal_) {
+                                makeDirtyCall(refsToDirty_, sequenceNum_);
+                            }

-                    if (!pendingCleans.isEmpty()) {
-                        makeCleanCalls();
-                    }
+                            if (!pendingCleans.isEmpty()) {
+                                makeCleanCalls();
+                            }
+                            return null;
+                        }}, SOCKET_ACC);
                 } while (!removed || !pendingCleans.isEmpty());
             }
         }