--- old/src/java.base/share/classes/java/lang/Class.java 2018-03-12 02:31:54.506796800 -0400
+++ new/src/java.base/share/classes/java/lang/Class.java 2018-03-12 02:31:52.982709647 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -3855,26 +3855,39 @@
*
* @return the nest host of this class, or {@code this} if we cannot
* obtain a valid nest host
- *
+ * @throws SecurityException
+ * If a security manager, s, is present and the caller's
+ * class loader is not the same as or an ancestor of the class
+ * loader for the current class and invocation of {@link
+ * SecurityManager#checkPackageAccess s.checkPackageAccess()}
+ * denies access to the package of the current class
* @since 11
*/
+ @CallerSensitive
public Class getNestHost() {
if (isPrimitive() || isArray()) {
return this;
}
+ Class host;
try {
- Class host = getNestHost0();
- // if null then nest membership validation failed, so we
- // act as-if we have no nest-host
- if (host == null) {
- host = this;
- }
- return host;
+ host = getNestHost0();
} catch (LinkageError e) {
// if we couldn't load our nest-host then we
- // again act as-if we have no nest-host
+ // act as-if we have no nest-host
+ return this;
+ }
+ // if null then nest membership validation failed, so we
+ // act as-if we have no nest-host
+ if (host == null || host == this) {
return this;
}
+ // returning a different class requires a security check
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ checkPackageAccess(sm,
+ ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
+ }
+ return host;
}
/**
@@ -3889,10 +3902,18 @@
* @since 11
*/
public boolean isNestmateOf(Class c) {
- // We could use Reflection.areNestmates(this, c) and ignore
- // any IllegalAccessError, but prefer to minimize exception
- // creation by using getNestHost() directly.
- return getNestHost() == c.getNestHost();
+ if (this == c) {
+ return true;
+ }
+ if (isPrimitive() || isArray() ||
+ c.isPrimitive() || c.isArray()) {
+ return false;
+ }
+ try {
+ return getNestHost0() == c.getNestHost0();
+ } catch (LinkageError e) {
+ return false;
+ }
}
private native Class[] getNestMembers0();
@@ -3917,15 +3938,33 @@
* @return an array of all classes and interfaces in the same nest as
* this class
*
- * @throws LinkageError if there is any problem loading or validating
- * a nest member or its nest host
+ * @throws LinkageError
+ * If there is any problem loading or validating a nest member or
+ * its nest host
+ * @throws SecurityException
+ * If a security manager, s, is present and the caller's
+ * class loader is not the same as or an ancestor of the class
+ * loader for the current class and invocation of {@link
+ * SecurityManager#checkPackageAccess s.checkPackageAccess()}
+ * denies access to the package of the current class
*
* @since 11
*/
+ @CallerSensitive
public Class[] getNestMembers() {
if (isPrimitive() || isArray()) {
return new Class[] { this };
}
- return getNestMembers0();
+ Class[] members = getNestMembers0();
+ if (members.length > 1) {
+ // If we return anything other than the current class we need
+ // a security check
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ checkPackageAccess(sm,
+ ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
+ }
+ }
+ return members;
}
}