1 /* 2 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang.reflect; 27 28 import java.lang.annotation.Annotation; 29 import java.security.AccessController; 30 31 import jdk.internal.reflect.CallerSensitive; 32 import jdk.internal.reflect.Reflection; 33 import jdk.internal.reflect.ReflectionFactory; 34 35 /** 36 * The AccessibleObject class is the base class for Field, Method and 37 * Constructor objects. It provides the ability to flag a reflected 38 * object as suppressing default Java language access control checks 39 * when it is used. The access checks -- <em>module boundaries</em>, 40 * public, default (package) access, protected, and private members -- 41 * are performed when Fields, Methods or Constructors are used to set 42 * or get fields, to invoke methods or to create and initialize new 43 * instances of classes, respectively. Unlike access control specified 44 * in the <cite>The Java™ Language Specification</cite> and 45 * <cite>The Java Virtual Machine Specification</cite>, access checks 46 * with reflected objects assume {@link Module#canRead readability}. 47 * 48 * <p>Setting the {@code accessible} flag in a reflected object 49 * permits sophisticated applications with sufficient privilege, such 50 * as Java Object Serialization or other persistence mechanisms, to 51 * manipulate objects in a manner that would normally be prohibited. 52 * 53 * <p>By default, a reflected object is <em>not</em> accessible. 54 * 55 * @see Field 56 * @see Method 57 * @see Constructor 58 * @see ReflectPermission 59 * 60 * @since 1.2 61 */ 62 public class AccessibleObject implements AnnotatedElement { 63 64 /** 65 * The Permission object that is used to check whether a client 66 * has sufficient privilege to defeat Java language access 67 * control checks. 68 */ 69 private static final java.security.Permission ACCESS_PERMISSION = 70 new ReflectPermission("suppressAccessChecks"); 71 72 static void checkPermission() { 73 SecurityManager sm = System.getSecurityManager(); 74 if (sm != null) sm.checkPermission(ACCESS_PERMISSION); 75 } 76 77 /** 78 * Convenience method to set the {@code accessible} flag for an 79 * array of objects with a single security check (for efficiency). 80 * 81 * <p>This method cannot be used to enable access to an object that is a 82 * {@link Member member} of a class in a different module to the caller and 83 * where the class is in a package that is not exported to the caller's 84 * module. Additionally, if the member is non-public or its declaring 85 * class is non-public, then this method can only be used to enable access 86 * if the package is {@link Module#isOpen(String,Module) open} to at least 87 * the caller's module. 88 * 89 * <p>If there is a security manager, its 90 * {@code checkPermission} method is first called with a 91 * {@code ReflectPermission("suppressAccessChecks")} permission. 92 * 93 * <p>A {@code SecurityException} is also thrown if any of the elements of 94 * the input {@code array} is a {@link java.lang.reflect.Constructor} 95 * object for the class {@code java.lang.Class} and {@code flag} is true. 96 * 97 * @param array the array of AccessibleObjects 98 * @param flag the new value for the {@code accessible} flag 99 * in each object 100 * @throws InaccessibleObjectException if access cannot be enabled 101 * @throws SecurityException if the request is denied. 102 * @see SecurityManager#checkPermission 103 * @see ReflectPermission 104 */ 105 @CallerSensitive 106 public static void setAccessible(AccessibleObject[] array, boolean flag) { 107 checkPermission(); 108 if (flag) { 109 Class<?> caller = Reflection.getCallerClass(); 110 array = array.clone(); 111 for (AccessibleObject ao : array) { 112 ao.checkCanSetAccessible(caller); 113 } 114 } 115 for (AccessibleObject ao : array) { 116 ao.setAccessible0(flag); 117 } 118 } 119 120 /** 121 * Set the {@code accessible} flag for this object to 122 * the indicated boolean value. A value of {@code true} indicates that 123 * the reflected object should suppress Java language access 124 * checking when it is used. A value of {@code false} indicates 125 * that the reflected object should enforce Java language access checks 126 * while assuming readability (as noted in the class description). 127 * 128 * <p>This method cannot be used to enable access to an object that is a 129 * {@link Member member} of a class in a different module to the caller and 130 * where the class is in a package that is not exported to the caller's 131 * module. Additionally, if the member is non-public or its declaring 132 * class is non-public, then this method can only be used to enable access 133 * if the package is {@link Module#isOpen(String,Module) open} to at least 134 * the caller's module. 135 * 136 * <p>If there is a security manager, its 137 * {@code checkPermission} method is first called with a 138 * {@code ReflectPermission("suppressAccessChecks")} permission. 139 * 140 * @param flag the new value for the {@code accessible} flag 141 * @throws InaccessibleObjectException if access cannot be enabled 142 * @throws SecurityException if the request is denied 143 * @see SecurityManager#checkPermission 144 * @see ReflectPermission 145 * @see java.lang.invoke.MethodHandles#privateLookupIn 146 */ 147 public void setAccessible(boolean flag) { 148 AccessibleObject.checkPermission(); 149 setAccessible0(flag); 150 } 151 152 void setAccessible0(boolean flag) { 153 this.override = flag; 154 } 155 156 /** 157 * If the given AccessibleObject is a {@code Constructor}, {@code Method} 158 * or {@code Field} then checks that its declaring class is in a package 159 * that can be accessed by the given caller of setAccessible. 160 */ 161 void checkCanSetAccessible(Class<?> caller) { 162 // do nothing, needs to be overridden by Constructor, Method, Field 163 } 164 165 void checkCanSetAccessible(Class<?> caller, Class<?> declaringClass) { 166 Module callerModule = caller.getModule(); 167 Module declaringModule = declaringClass.getModule(); 168 169 if (callerModule == declaringModule) return; 170 if (callerModule == Object.class.getModule()) return; 171 if (!declaringModule.isNamed()) return; 172 173 // package is open to caller 174 String pn = packageName(declaringClass); 175 if (declaringModule.isOpen(pn, callerModule)) 176 return; 177 178 // package is exported to caller and class/member is public 179 boolean isExported = declaringModule.isExported(pn, callerModule); 180 boolean isClassPublic = Modifier.isPublic(declaringClass.getModifiers()); 181 int modifiers; 182 if (this instanceof Executable) { 183 modifiers = ((Executable) this).getModifiers(); 184 } else { 185 modifiers = ((Field) this).getModifiers(); 186 } 187 boolean isMemberPublic = Modifier.isPublic(modifiers); 188 if (isExported && isClassPublic && isMemberPublic) 189 return; 190 191 // not accessible 192 String msg = "Unable to make "; 193 if (this instanceof Field) 194 msg += "field "; 195 msg += this + " accessible: " + declaringModule + " does not \""; 196 if (isClassPublic && isMemberPublic) 197 msg += "exports"; 198 else 199 msg += "opens"; 200 msg += " " + pn + "\" to " + callerModule; 201 Reflection.throwInaccessibleObjectException(msg); 202 } 203 204 /** 205 * Returns the package name of the given class. 206 */ 207 private static String packageName(Class<?> c) { 208 while (c.isArray()) { 209 c = c.getComponentType(); 210 } 211 String pn = c.getPackageName(); 212 return (pn != null) ? pn : ""; 213 } 214 215 /** 216 * Get the value of the {@code accessible} flag for this object. 217 * 218 * @return the value of the object's {@code accessible} flag 219 */ 220 public boolean isAccessible() { 221 return override; 222 } 223 224 /** 225 * Constructor: only used by the Java Virtual Machine. 226 */ 227 protected AccessibleObject() {} 228 229 // Indicates whether language-level access checks are overridden 230 // by this object. Initializes to "false". This field is used by 231 // Field, Method, and Constructor. 232 // 233 // NOTE: for security purposes, this field must not be visible 234 // outside this package. 235 boolean override; 236 237 // Reflection factory used by subclasses for creating field, 238 // method, and constructor accessors. Note that this is called 239 // very early in the bootstrapping process. 240 static final ReflectionFactory reflectionFactory = 241 AccessController.doPrivileged( 242 new ReflectionFactory.GetReflectionFactoryAction()); 243 244 /** 245 * @throws NullPointerException {@inheritDoc} 246 * @since 1.5 247 */ 248 public <T extends Annotation> T getAnnotation(Class<T> annotationClass) { 249 throw new AssertionError("All subclasses should override this method"); 250 } 251 252 /** 253 * {@inheritDoc} 254 * @throws NullPointerException {@inheritDoc} 255 * @since 1.5 256 */ 257 @Override 258 public boolean isAnnotationPresent(Class<? extends Annotation> annotationClass) { 259 return AnnotatedElement.super.isAnnotationPresent(annotationClass); 260 } 261 262 /** 263 * @throws NullPointerException {@inheritDoc} 264 * @since 1.8 265 */ 266 @Override 267 public <T extends Annotation> T[] getAnnotationsByType(Class<T> annotationClass) { 268 throw new AssertionError("All subclasses should override this method"); 269 } 270 271 /** 272 * @since 1.5 273 */ 274 public Annotation[] getAnnotations() { 275 return getDeclaredAnnotations(); 276 } 277 278 /** 279 * @throws NullPointerException {@inheritDoc} 280 * @since 1.8 281 */ 282 @Override 283 public <T extends Annotation> T getDeclaredAnnotation(Class<T> annotationClass) { 284 // Only annotations on classes are inherited, for all other 285 // objects getDeclaredAnnotation is the same as 286 // getAnnotation. 287 return getAnnotation(annotationClass); 288 } 289 290 /** 291 * @throws NullPointerException {@inheritDoc} 292 * @since 1.8 293 */ 294 @Override 295 public <T extends Annotation> T[] getDeclaredAnnotationsByType(Class<T> annotationClass) { 296 // Only annotations on classes are inherited, for all other 297 // objects getDeclaredAnnotationsByType is the same as 298 // getAnnotationsByType. 299 return getAnnotationsByType(annotationClass); 300 } 301 302 /** 303 * @since 1.5 304 */ 305 public Annotation[] getDeclaredAnnotations() { 306 throw new AssertionError("All subclasses should override this method"); 307 } 308 309 310 // Shared access checking logic. 311 312 // For non-public members or members in package-private classes, 313 // it is necessary to perform somewhat expensive security checks. 314 // If the security check succeeds for a given class, it will 315 // always succeed (it is not affected by the granting or revoking 316 // of permissions); we speed up the check in the common case by 317 // remembering the last Class for which the check succeeded. 318 // 319 // The simple security check for Constructor is to see if 320 // the caller has already been seen, verified, and cached. 321 // (See also Class.newInstance(), which uses a similar method.) 322 // 323 // A more complicated security check cache is needed for Method and Field 324 // The cache can be either null (empty cache), a 2-array of {caller,targetClass}, 325 // or a caller (with targetClass implicitly equal to memberClass). 326 // In the 2-array case, the targetClass is always different from the memberClass. 327 volatile Object securityCheckCache; 328 329 final void checkAccess(Class<?> caller, Class<?> memberClass, 330 Class<?> targetClass, int modifiers) 331 throws IllegalAccessException 332 { 333 if (caller == memberClass) { // quick check 334 return; // ACCESS IS OK 335 } 336 Object cache = securityCheckCache; // read volatile 337 if (targetClass != null // instance member or constructor 338 && Modifier.isProtected(modifiers) 339 && targetClass != memberClass) { 340 // Must match a 2-list of { caller, targetClass }. 341 if (cache instanceof Class[]) { 342 Class<?>[] cache2 = (Class<?>[]) cache; 343 if (cache2[1] == targetClass && 344 cache2[0] == caller) { 345 return; // ACCESS IS OK 346 } 347 // (Test cache[1] first since range check for [1] 348 // subsumes range check for [0].) 349 } 350 } else if (cache == caller) { 351 // Non-protected case (or targetClass == memberClass or static member). 352 return; // ACCESS IS OK 353 } 354 355 // If no return, fall through to the slow path. 356 slowCheckMemberAccess(caller, memberClass, targetClass, modifiers); 357 } 358 359 // Keep all this slow stuff out of line: 360 void slowCheckMemberAccess(Class<?> caller, Class<?> memberClass, 361 Class<?> targetClass, int modifiers) 362 throws IllegalAccessException 363 { 364 Reflection.ensureMemberAccess(caller, memberClass, targetClass, modifiers); 365 366 // Success: Update the cache. 367 Object cache = (targetClass != null 368 && Modifier.isProtected(modifiers) 369 && targetClass != memberClass) 370 ? new Class<?>[] { caller, targetClass } 371 : caller; 372 373 // Note: The two cache elements are not volatile, 374 // but they are effectively final. The Java memory model 375 // guarantees that the initializing stores for the cache 376 // elements will occur before the volatile write. 377 securityCheckCache = cache; // write volatile 378 } 379 }