4040 */
4141package com .oracle .truffle .js .runtime .java ;
4242
43- import java .lang .reflect .Modifier ;
4443import java .lang .reflect .Proxy ;
45- import java .security .AccessControlContext ;
46- import java .security .AccessController ;
47- import java .security .Permissions ;
48- import java .security .PrivilegedAction ;
49- import java .security .ProtectionDomain ;
50- import java .util .Objects ;
5144
52- import com .oracle .truffle .api .TruffleLanguage ;
5345import com .oracle .truffle .api .CompilerDirectives .TruffleBoundary ;
46+ import com .oracle .truffle .api .TruffleLanguage ;
5447import com .oracle .truffle .js .runtime .Errors ;
5548import com .oracle .truffle .js .runtime .JSContext ;
5649
5750/**
58- * Java interop access check utility methods, mostly taken from Nashorn .
51+ * Java interop access check utility methods.
5952 */
6053public final class JavaAccess {
6154 private JavaAccess () {
6255 }
6356
64- private static final AccessControlContext NO_PERMISSIONS_CONTEXT = createNoPermissionsContext ();
6557 /**
6658 * Permission to use Java reflection/jsr292 from script code.
6759 */
6860 private static final String PERMISSION_JAVA_REFLECTION = "truffle.js.JavaReflection" ;
6961
70- private static AccessControlContext createNoPermissionsContext () {
71- return new AccessControlContext (new ProtectionDomain []{new ProtectionDomain (null , new Permissions ())});
72- }
73-
74- private static void checkPackageAccessInner (final SecurityManager sm , final String pkgName ) {
75- AccessController .doPrivileged (new PrivilegedAction <Void >() {
76- @ Override
77- public Void run () {
78- sm .checkPackageAccess (pkgName );
79- return null ;
80- }
81- }, NO_PERMISSIONS_CONTEXT );
82- }
83-
84- /**
85- * Checks that the given package can be accessed from no permissions context.
86- *
87- * @param sm current security manager instance
88- * @param fullName fully qualified package name
89- * @throw SecurityException if not accessible
90- */
91- public static void checkPackageAccess (final SecurityManager sm , final String fullName ) {
92- Objects .requireNonNull (sm );
93- final int index = fullName .lastIndexOf ('.' );
94- if (index != -1 ) {
95- final String pkgName = fullName .substring (0 , index );
96- checkPackageAccessInner (sm , pkgName );
97- }
98- }
99-
100- /**
101- * Returns true if the class is either not public, or it resides in a package with restricted
102- * access.
103- *
104- * @param clazz the class to test
105- * @return true if the class is either not public, or it resides in a package with restricted
106- * access.
107- */
108- public static boolean isRestrictedClass (final Class <?> clazz ) {
109- if (!Modifier .isPublic (clazz .getModifiers ())) {
110- // Non-public classes are always restricted
111- return true ;
112- }
113- final SecurityManager sm = System .getSecurityManager ();
114- if (sm == null ) {
115- // No further restrictions if we don't have a security manager
116- return false ;
117- }
118- final String name = clazz .getName ();
119- final int i = name .lastIndexOf ('.' );
120- if (i == -1 ) {
121- // Classes in default package are never restricted
122- return false ;
123- }
124- final String pkgName = name .substring (0 , i );
125- // Do a package access check from within an access control context with no permissions
126- try {
127- checkPackageAccessInner (sm , pkgName );
128- } catch (final SecurityException e ) {
129- return true ;
130- }
131- return false ;
132- }
133-
13462 public static boolean isReflectionClass (final Class <?> type ) {
13563 // Class or ClassLoader subclasses
13664 if (type == Class .class || ClassLoader .class .isAssignableFrom (type )) {
@@ -173,48 +101,6 @@ private static void checkReflectionPermission(final SecurityManager sm) {
173101 sm .checkPermission (new RuntimePermission (PERMISSION_JAVA_REFLECTION ));
174102 }
175103
176- /**
177- * Checks that the given Class can be accessed from no permissions context.
178- *
179- * @param clazz Class object
180- * @throws SecurityException if not accessible
181- */
182- public static void checkPackageAccess (final Class <?> clazz ) {
183- final SecurityManager sm = System .getSecurityManager ();
184- if (sm != null ) {
185- Class <?> bottomClazz = clazz ;
186- while (bottomClazz .isArray ()) {
187- bottomClazz = bottomClazz .getComponentType ();
188- }
189- checkPackageAccess (sm , bottomClazz .getName ());
190- }
191- }
192-
193- /**
194- * Checks that the given Class can be accessed from no permissions context.
195- *
196- * @param clazz Class object
197- * @return true if package is accessible, false otherwise
198- */
199- private static boolean isAccessiblePackage (final Class <?> clazz ) {
200- try {
201- checkPackageAccess (clazz );
202- return true ;
203- } catch (final SecurityException se ) {
204- return false ;
205- }
206- }
207-
208- /**
209- * Checks that the given Class is public and it can be accessed from no permissions context.
210- *
211- * @param clazz Class object to check
212- * @return true if Class is accessible, false otherwise
213- */
214- public static boolean isAccessibleClass (final Class <?> clazz ) {
215- return Modifier .isPublic (clazz .getModifiers ()) && isAccessiblePackage (clazz );
216- }
217-
218104 public static boolean isReflectionAllowed (JSContext context ) {
219105 TruffleLanguage .Env env = context .getRealm ().getEnv ();
220106 if (env != null && env .isHostLookupAllowed ()) {
@@ -235,8 +121,6 @@ public static void checkAccess(Class<?>[] types, JSContext context) {
235121 if (sm != null ) {
236122 boolean allowReflection = JavaAccess .isReflectionAllowed (context );
237123 for (final Class <?> type : types ) {
238- // check for restricted package access
239- JavaAccess .checkPackageAccess (type );
240124 // check for classes, interfaces in reflection
241125 JavaAccess .checkReflectionAccess (type , true , allowReflection );
242126 }
0 commit comments