1049 processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
1050 WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
1051 Boolean result = Caches.subclassAudits.get(key);
1052 if (result == null) {
1053 result = Boolean.valueOf(auditSubclass(cl));
1054 Caches.subclassAudits.putIfAbsent(key, result);
1055 }
1056 if (result.booleanValue()) {
1057 return;
1058 }
1059 sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
1060 }
1061
1062 /**
1063 * Performs reflective checks on given subclass to verify that it doesn't
1064 * override security-sensitive non-final methods. Returns true if subclass
1065 * is "safe", false otherwise.
1066 */
1067 private static boolean auditSubclass(final Class<?> subcl) {
1068 Boolean result = AccessController.doPrivileged(
1069 new PrivilegedAction<Boolean>() {
1070 public Boolean run() {
1071 for (Class<?> cl = subcl;
1072 cl != ObjectOutputStream.class;
1073 cl = cl.getSuperclass())
1074 {
1075 try {
1076 cl.getDeclaredMethod(
1077 "writeUnshared", new Class<?>[] { Object.class });
1078 return Boolean.FALSE;
1079 } catch (NoSuchMethodException ex) {
1080 }
1081 try {
1082 cl.getDeclaredMethod("putFields", (Class<?>[]) null);
1083 return Boolean.FALSE;
1084 } catch (NoSuchMethodException ex) {
1085 }
1086 }
1087 return Boolean.TRUE;
1088 }
1089 }
|
1049 processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
1050 WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
1051 Boolean result = Caches.subclassAudits.get(key);
1052 if (result == null) {
1053 result = Boolean.valueOf(auditSubclass(cl));
1054 Caches.subclassAudits.putIfAbsent(key, result);
1055 }
1056 if (result.booleanValue()) {
1057 return;
1058 }
1059 sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
1060 }
1061
1062 /**
1063 * Performs reflective checks on given subclass to verify that it doesn't
1064 * override security-sensitive non-final methods. Returns true if subclass
1065 * is "safe", false otherwise.
1066 */
1067 private static boolean auditSubclass(final Class<?> subcl) {
1068 Boolean result = AccessController.doPrivileged(
1069 new PrivilegedAction<>() {
1070 public Boolean run() {
1071 for (Class<?> cl = subcl;
1072 cl != ObjectOutputStream.class;
1073 cl = cl.getSuperclass())
1074 {
1075 try {
1076 cl.getDeclaredMethod(
1077 "writeUnshared", new Class<?>[] { Object.class });
1078 return Boolean.FALSE;
1079 } catch (NoSuchMethodException ex) {
1080 }
1081 try {
1082 cl.getDeclaredMethod("putFields", (Class<?>[]) null);
1083 return Boolean.FALSE;
1084 } catch (NoSuchMethodException ex) {
1085 }
1086 }
1087 return Boolean.TRUE;
1088 }
1089 }
|