[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch #3174] Default implementation of VMAccessController.getStack
From: |
Mark Wielaard |
Subject: |
Re: [patch #3174] Default implementation of VMAccessController.getStack |
Date: |
Sun, 04 Jul 2004 20:28:36 +0200 |
Hi,
On Fri, 2004-07-02 at 05:16, Casey Marshall wrote:
> Attaching a new patch, that provides a simpler, but secure,
> implementation of getStack. It returns and empty stack, which will
> resolve to no permissions whatsoever. Thus, this implementation denys
> ANY attempt to access a protected resource, even by system classes.
>
> This also fixes a bug in AccessControlContext, so it checks if the set
> of ProtectionDomains is empty.
Thanks a lot. I am finally convinced that we need such a default
implementation for 0.10 because we would break all existing runtimes
otherwise. (The ServiceRegistry depends on access controller working.)
I am committing as follows:
2004-07-01 Casey Marshall <address@hidden>
* java/security/AccessControlContext.java
(checkPermission): check for empty context.
* vm/reference/java/security/VMAccessController.java
(getContext): combine debugging statements.
(getStack): implemented.
* NEWS: Describe new platform dependent VMAccessController class.
Thanks,
Mark
Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.2282
diff -u -r1.2282 ChangeLog
--- ChangeLog 4 Jul 2004 16:50:52 -0000 1.2282
+++ ChangeLog 4 Jul 2004 18:26:50 -0000
@@ -1,3 +1,13 @@
+2004-07-01 Casey Marshall <address@hidden>
+
+ * java/security/AccessControlContext.java
+ (checkPermission): check for empty context.
+ * vm/reference/java/security/VMAccessController.java
+ (getContext): combine debugging statements.
+ (getStack): implemented.
+
+ * NEWS: Describe new platform dependent VMAccessController class.
+
2004-07-04 Mark Wielaard <address@hidden>
* java/lang/System.java (static): Add (fake) ASCII support to
Index: NEWS
===================================================================
RCS file: /cvsroot/classpath/classpath/NEWS,v
retrieving revision 1.42
diff -u -r1.42 NEWS
--- NEWS 28 Jun 2004 19:39:06 -0000 1.42
+++ NEWS 4 Jul 2004 18:26:50 -0000
@@ -21,6 +21,16 @@
a default implementation written in java. For efficiency and to
prevent spurious wakeups a real 'native' runtime version can be supplied.
+* There is a new java.security.VMAccessController class that runtimes need
+ to implement to properly support SecurityManagers. The default
+ implementation that comes with GNU Classpath makes sure that ANY attempt
+ to access a protected resource is denied when a SecurityManager is
+ installed. Which is pretty secure, but also no very useful.
+ Please see the documentation in
+ vm/reference/java/security/VMAccessController.java,
+ and please give feedback on the GNU Classpath mailinglist whether or not
+ the current AccessController framework is flexible enough.
+
New in release 0.09 (2004/02/02)
* Includes updated GNU JAXP version from 2004-02-01.
Index: java/security/AccessControlContext.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/AccessControlContext.java,v
retrieving revision 1.8
diff -u -r1.8 AccessControlContext.java
--- java/security/AccessControlContext.java 3 Jun 2004 13:21:35 -0000
1.8
+++ java/security/AccessControlContext.java 4 Jul 2004 18:26:50 -0000
@@ -118,6 +118,8 @@
*/
public void checkPermission(Permission perm) throws AccessControlException
{
+ if (protectionDomains.length == 0)
+ throw new AccessControlException ("permission not granted");
for (int i = 0; i < protectionDomains.length; i++)
if (!protectionDomains[i].implies(perm))
throw new AccessControlException ("permission not granted");
Index: vm/reference/java/security/VMAccessController.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/vm/reference/java/security/VMAccessController.java,v
retrieving revision 1.1
diff -u -r1.1 VMAccessController.java
--- vm/reference/java/security/VMAccessController.java 3 Jun 2004 09:16:58
-0000 1.1
+++ vm/reference/java/security/VMAccessController.java 4 Jul 2004 18:26:50
-0000
@@ -169,9 +169,11 @@
Class clazz = classes[i];
String method = methods[i];
- if (DEBUG) debug (">>> checking " + clazz + "." + method);
-
- if (DEBUG) debug (">>> loader = " + clazz.getClassLoader());
+ if (DEBUG)
+ {
+ debug (">>> checking " + clazz + "." + method);
+ debug (">>> loader = " + clazz.getClassLoader());
+ }
if (clazz.equals (AccessController.class)
&& method.equals ("doPrivileged"))
@@ -226,11 +228,15 @@
* <i>i</i>. The arrays are clean; it will only contain Java methods,
* and no element of the list should be null.
*
- * <p>XXX note: this interface (VMAccessController) would possibly be
- * cleaner if we had a method similar to this, but returned an array
- * of java.lang.reflect.Method objects. Then, instead of having this
- * much logic in this class, we put everything in AccessController,
- * and simply have this single getStack method for a VM to implement.
+ * <p>The default implementation returns an empty stack, which will be
+ * interpreted as having no permissions whatsoever.
+ *
+ * @return A pair of arrays describing the current call stack. The first
+ * element is an array of Class objects, and the second is an array
+ * of Strings comprising the method names.
*/
- private static native Object[][] getStack();
+ private static Object[][] getStack()
+ {
+ return new Object[][] { new Class[0], new String[0] };
+ }
}
signature.asc
Description: This is a digitally signed message part