1 /*
2 * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /* @test
25 * @summary test access checking by java.lang.invoke.MethodHandles.Lookup
26 * @compile AccessControlTest.java AccessControlTest_subpkg/Acquaintance_remote.java
27 * @run testng/othervm test.java.lang.invoke.AccessControlTest
28 */
29
30 package test.java.lang.invoke;
31
32 import java.lang.invoke.*;
33 import java.lang.reflect.*;
34 import java.lang.reflect.Modifier;
35 import java.util.*;
36 import org.testng.*;
37 import org.testng.annotations.*;
38
39 import static java.lang.invoke.MethodHandles.*;
40 import static java.lang.invoke.MethodHandles.Lookup.*;
41 import static java.lang.invoke.MethodType.*;
42 import static org.testng.Assert.*;
43
44 import test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote;
45
46
47 /**
48 * Test many combinations of Lookup access and cross-class lookupStatic.
49 * @author jrose
50 */
51 public class AccessControlTest {
52 static final Class<?> THIS_CLASS = AccessControlTest.class;
53 // How much output?
54 static int verbosity = 0;
55 static {
56 String vstr = System.getProperty(THIS_CLASS.getSimpleName()+".verbosity");
57 if (vstr == null)
58 vstr = System.getProperty(THIS_CLASS.getName()+".verbosity");
59 if (vstr != null) verbosity = Integer.parseInt(vstr);
60 }
61
62 private class LookupCase implements Comparable<LookupCase> {
63 final Lookup lookup;
64 final Class<?> lookupClass;
65 final int lookupModes;
66 public LookupCase(Lookup lookup) {
67 this.lookup = lookup;
68 this.lookupClass = lookup.lookupClass();
69 this.lookupModes = lookup.lookupModes();
70 assert(lookupString().equals(lookup.toString()));
71 numberOf(lookupClass().getClassLoader()); // assign CL#
72 }
73 public LookupCase(Class<?> lookupClass, int lookupModes) {
74 this.lookup = null;
75 this.lookupClass = lookupClass;
76 this.lookupModes = lookupModes;
77 numberOf(lookupClass().getClassLoader()); // assign CL#
78 }
79
80 public final Class<?> lookupClass() { return lookupClass; }
81 public final int lookupModes() { return lookupModes; }
82
83 public Lookup lookup() { lookup.getClass(); return lookup; }
84
85 @Override
86 public int compareTo(LookupCase that) {
87 Class<?> c1 = this.lookupClass();
88 Class<?> c2 = that.lookupClass();
89 if (c1 != c2) {
90 int cmp = c1.getName().compareTo(c2.getName());
91 if (cmp != 0) return cmp;
92 cmp = numberOf(c1.getClassLoader()) - numberOf(c2.getClassLoader());
93 assert(cmp != 0);
94 return cmp;
95 }
96 return -(this.lookupModes() - that.lookupModes());
97 }
98
99 @Override
100 public boolean equals(Object that) {
101 return (that instanceof LookupCase && equals((LookupCase)that));
102 }
103 public boolean equals(LookupCase that) {
104 return (this.lookupClass() == that.lookupClass() &&
105 this.lookupModes() == that.lookupModes());
106 }
107
108 @Override
109 public int hashCode() {
110 return lookupClass().hashCode() + (lookupModes() * 31);
111 }
112
113 /** Simulate all assertions in the spec. for Lookup.toString. */
114 private String lookupString() {
115 String name = lookupClass.getName();
116 String suffix = "";
117 if (lookupModes == 0)
118 suffix = "/noaccess";
119 else if (lookupModes == PUBLIC)
120 suffix = "/public";
121 else if (lookupModes == (PUBLIC|UNCONDITIONAL))
122 suffix = "/publicLookup";
123 else if (lookupModes == (PUBLIC|MODULE))
124 suffix = "/module";
125 else if (lookupModes == (PUBLIC|MODULE|PACKAGE))
126 suffix = "/package";
127 else if (lookupModes == (PUBLIC|MODULE|PACKAGE|PRIVATE))
128 suffix = "/private";
129 else if (lookupModes == (PUBLIC|MODULE|PACKAGE|PRIVATE|PROTECTED))
130 suffix = "";
131 else
132 suffix = "/#"+Integer.toHexString(lookupModes);
133 return name+suffix;
134 }
135
136 /** Simulate all assertions from the spec. for Lookup.in:
137 * <hr>
138 * Creates a lookup on the specified new lookup class.
139 * [A1] The resulting object will report the specified
140 * class as its own {@link #lookupClass lookupClass}.
141 * <p>
142 * [A2] However, the resulting {@code Lookup} object is guaranteed
143 * to have no more access capabilities than the original.
144 * In particular, access capabilities can be lost as follows:<ul>
145 * <li> [A3] If the old lookup class is in a named module, and the new
146 * lookup class is in a different module {@code M}, then no members, not
147 * even public members in {@code M}'s exported packages, will be accessible.
148 * The exception to this is when this lookup is publicLookup, in which case
149 * public access is not lost.
150 * <li> [A4] If the old lookup class is in an unnamed module, and the new
151 * lookup class is a different module then module access is lost.
152 * <li> [A5] If the new lookup class differs from the old one then UNCONDITIONAL
153 * is lost. If the new lookup class is not within the same package member as the
154 * old one, protected members will not be accessible by virtue of inheritance.
155 * (Protected members may continue to be accessible because of package sharing.)
156 * <li> [A6] If the new lookup class is in a different package than the old one,
157 * protected and default (package) members will not be accessible.
158 * <li> [A7] If the new lookup class is not within the same package member
159 * as the old one, private members will not be accessible.
160 * <li> [A8] If the new lookup class is not accessible to the old lookup class,
161 * then no members, not even public members, will be accessible.
162 * <li> [A9] (In all other cases, public members will continue to be accessible.)
163 * </ul>
164 * Other than the above cases, the new lookup will have the same
165 * access capabilities as the original. [A10]
166 * <hr>
167 */
168 public LookupCase in(Class<?> c2) {
169 Class<?> c1 = lookupClass();
170 int m1 = lookupModes();
171 int changed = 0;
172 // for the purposes of access control then treat classes in different unnamed
173 // modules as being in the same module.
174 boolean sameModule = (c1.getModule() == c2.getModule()) ||
175 (!c1.getModule().isNamed() && !c2.getModule().isNamed());
176 boolean samePackage = (c1.getClassLoader() == c2.getClassLoader() &&
177 c1.getPackageName().equals(c2.getPackageName()));
178 boolean sameTopLevel = (topLevelClass(c1) == topLevelClass(c2));
179 boolean sameClass = (c1 == c2);
180 assert(samePackage || !sameTopLevel);
181 assert(sameTopLevel || !sameClass);
182 boolean accessible = sameClass;
183 if ((m1 & PACKAGE) != 0) accessible |= samePackage;
184 if ((m1 & PUBLIC ) != 0) accessible |= (c2.getModifiers() & PUBLIC) != 0;
185 if (!sameModule) {
186 if (c1.getModule().isNamed() && (m1 & UNCONDITIONAL) == 0) {
187 accessible = false; // [A3]
188 } else {
189 changed |= (MODULE|PACKAGE|PRIVATE|PROTECTED); // [A3] [A4]
190 }
191 }
192 if (!accessible) {
193 // Different package and no access to c2; lose all access.
194 changed |= (PUBLIC|MODULE|PACKAGE|PRIVATE|PROTECTED); // [A8]
195 }
196 if (!samePackage) {
197 // Different package; loose PACKAGE and lower access.
198 changed |= (PACKAGE|PRIVATE|PROTECTED); // [A6]
199 }
200 if (!sameTopLevel) {
201 // Different top-level class. Lose PRIVATE and PROTECTED access.
202 changed |= (PRIVATE|PROTECTED); // [A5] [A7]
203 }
204 if (!sameClass) {
205 changed |= (UNCONDITIONAL); // [A5]
206 } else {
207 assert(changed == 0); // [A10] (no deprivation if same class)
208 }
209 if (accessible) assert((changed & PUBLIC) == 0); // [A9]
210 int m2 = m1 & ~changed;
211 LookupCase l2 = new LookupCase(c2, m2);
212 assert(l2.lookupClass() == c2); // [A1]
213 assert((m1 | m2) == m1); // [A2] (no elevation of access)
214 return l2;
215 }
216
217 @Override
218 public String toString() {
219 String s = lookupClass().getSimpleName();
220 String lstr = lookupString();
221 int sl = lstr.indexOf('/');
222 if (sl >= 0) s += lstr.substring(sl);
223 ClassLoader cld = lookupClass().getClassLoader();
224 if (cld != THIS_LOADER) s += "/loader#"+numberOf(cld);
225 return s;
226 }
227
228 /** Predict the success or failure of accessing this method. */
229 public boolean willAccess(Method m) {
230 Class<?> c1 = lookupClass();
231 Class<?> c2 = m.getDeclaringClass();
232
233 // publicLookup has access to all public types/members of types in unnamed modules
234 if ((lookupModes & UNCONDITIONAL) != 0
235 && (lookupModes & PUBLIC) != 0
236 && !c2.getModule().isNamed()
237 && Modifier.isPublic(c2.getModifiers())
238 && Modifier.isPublic(m.getModifiers()))
239 return true;
240
241 LookupCase lc = this.in(c2);
242 int m1 = lc.lookupModes();
243 int m2 = fixMods(m.getModifiers());
244 // allow private lookup on nestmates. Otherwise, privacy is strictly enforced
245 if (c1 != c2 && ((m2 & PRIVATE) == 0 || !c1.isNestmateOf(c2))) {
246 m1 &= ~PRIVATE;
247 }
248 // protected access is sometimes allowed
249 if ((m2 & PROTECTED) != 0) {
250 int prev = m2;
251 m2 |= PACKAGE; // it acts like a package method also
252 if ((lookupModes() & PROTECTED) != 0 &&
253 c2.isAssignableFrom(c1))
254 m2 |= PUBLIC; // from a subclass, it acts like a public method also
255 }
256 if (verbosity >= 2)
257 System.out.format("%s willAccess %s m1=0x%h m2=0x%h => %s%n", this, lc, m1, m2, ((m2 & m1) != 0));
258 return (m2 & m1) != 0;
259 }
260
261 /** Predict the success or failure of accessing this class. */
262 public boolean willAccessClass(Class<?> c2, boolean load) {
263 Class<?> c1 = lookupClass();
264 if (load && c2.getClassLoader() != null) {
265 if (c1.getClassLoader() == null) {
266 // not visible
267 return false;
268 }
269 }
270
271 // publicLookup has access to all public types/members of types in unnamed modules
272 if ((lookupModes & UNCONDITIONAL) != 0
273 && (lookupModes & PUBLIC) != 0
274 && (!c2.getModule().isNamed())
275 && Modifier.isPublic(c2.getModifiers()))
276 return true;
277
278 LookupCase lc = this.in(c2);
279 int m1 = lc.lookupModes();
280 boolean r = false;
281 if (m1 == 0) {
282 r = false;
283 } else {
284 int m2 = fixMods(c2.getModifiers());
285 if ((m2 & PUBLIC) != 0) {
286 r = true;
287 } else if ((m1 & PACKAGE) != 0 && c1.getPackage() == c2.getPackage()) {
288 r = true;
289 }
290 }
291 if (verbosity >= 2) {
292 System.out.println(this+" willAccessClass "+lc+" c1="+c1+" c2="+c2+" => "+r);
293 }
294 return r;
295 }
296 }
297
298 private static Class<?> topLevelClass(Class<?> cls) {
299 Class<?> c = cls;
300 for (Class<?> ec; (ec = c.getEnclosingClass()) != null; )
301 c = ec;
302 assert(c.getEnclosingClass() == null);
303 assert(c == cls || cls.getEnclosingClass() != null);
304 return c;
305 }
306
307 private final TreeSet<LookupCase> CASES = new TreeSet<>();
311 { if (THIS_LOADER != null) LOADERS.add(THIS_LOADER); } // #1
312
313 private LookupCase lookupCase(String name) {
314 for (LookupCase lc : CASES) {
315 if (lc.toString().equals(name))
316 return lc;
317 }
318 throw new AssertionError(name);
319 }
320
321 private int numberOf(ClassLoader cl) {
322 if (cl == null) return 0;
323 int i = LOADERS.indexOf(cl);
324 if (i < 0) {
325 i = LOADERS.size();
326 LOADERS.add(cl);
327 }
328 return i+1;
329 }
330
331 private void addLookupEdge(LookupCase l1, Class<?> c2, LookupCase l2) {
332 TreeSet<LookupCase> edges = CASE_EDGES.get(l2);
333 if (edges == null) CASE_EDGES.put(l2, edges = new TreeSet<>());
334 if (edges.add(l1)) {
335 Class<?> c1 = l1.lookupClass();
336 assert(l2.lookupClass() == c2); // [A1]
337 int m1 = l1.lookupModes();
338 int m2 = l2.lookupModes();
339 assert((m1 | m2) == m1); // [A2] (no elevation of access)
340 LookupCase expect = l1.in(c2);
341 if (!expect.equals(l2))
342 System.out.println("*** expect "+l1+" => "+expect+" but got "+l2);
343 assertEquals(l2, expect);
344 }
345 }
346
347 private void makeCases(Lookup[] originalLookups) {
348 // make initial set of lookup test cases
349 CASES.clear(); LOADERS.clear(); CASE_EDGES.clear();
350 ArrayList<Class<?>> classes = new ArrayList<>();
351 for (Lookup l : originalLookups) {
352 CASES.add(new LookupCase(l));
353 classes.remove(l.lookupClass()); // no dups please
354 classes.add(l.lookupClass());
355 }
356 System.out.println("loaders = "+LOADERS);
357 int rounds = 0;
358 for (int lastCount = -1; lastCount != CASES.size(); ) {
359 lastCount = CASES.size(); // if CASES grow in the loop we go round again
360 for (LookupCase lc1 : CASES.toArray(new LookupCase[0])) {
361 for (Class<?> c2 : classes) {
362 LookupCase lc2 = new LookupCase(lc1.lookup().in(c2));
363 addLookupEdge(lc1, c2, lc2);
364 CASES.add(lc2);
365 }
366 }
367 rounds++;
368 }
369 System.out.println("filled in "+CASES.size()+" cases from "+originalLookups.length+" original cases in "+rounds+" rounds");
370 if (false) {
371 System.out.println("CASES: {");
372 for (LookupCase lc : CASES) {
373 System.out.println(lc);
374 Set<LookupCase> edges = CASE_EDGES.get(lc);
375 if (edges != null)
376 for (LookupCase prev : edges) {
377 System.out.println("\t"+prev);
378 }
379 }
380 System.out.println("}");
381 }
382 }
383
384 @Test public void test() {
385 makeCases(lookups());
386 if (verbosity > 0) {
387 verbosity += 9;
388 Method pro_in_self = targetMethod(THIS_CLASS, PROTECTED, methodType(void.class));
389 testOneAccess(lookupCase("AccessControlTest/public"), pro_in_self, "find");
390 testOneAccess(lookupCase("Remote_subclass/public"), pro_in_self, "find");
391 testOneAccess(lookupCase("Remote_subclass"), pro_in_self, "find");
392 verbosity -= 9;
393 }
394 Set<Class<?>> targetClassesDone = new HashSet<>();
395 for (LookupCase targetCase : CASES) {
396 Class<?> targetClass = targetCase.lookupClass();
397 if (!targetClassesDone.add(targetClass)) continue; // already saw this one
398 String targetPlace = placeName(targetClass);
399 if (targetPlace == null) continue; // Object, String, not a target
400 for (int targetAccess : ACCESS_CASES) {
401 MethodType methodType = methodType(void.class);
402 Method method = targetMethod(targetClass, targetAccess, methodType);
403 // Try to access target method from various contexts.
404 for (LookupCase sourceCase : CASES) {
405 testOneAccess(sourceCase, method, "findClass");
406 testOneAccess(sourceCase, method, "accessClass");
407 testOneAccess(sourceCase, method, "find");
408 testOneAccess(sourceCase, method, "unreflect");
409 }
410 }
411 }
412 System.out.println("tested "+testCount+" access scenarios; "+testCountFails+" accesses were denied");
413 }
414
415 private int testCount, testCountFails;
416
417 private void testOneAccess(LookupCase sourceCase, Method method, String kind) {
418 Class<?> targetClass = method.getDeclaringClass();
419 String methodName = method.getName();
420 MethodType methodType = methodType(method.getReturnType(), method.getParameterTypes());
440 case "unreflect":
441 sourceCase.lookup().unreflect(method);
442 break;
443 default:
444 throw new AssertionError(kind);
445 }
446 didAccess = true;
447 } catch (ReflectiveOperationException ex) {
448 accessError = ex;
449 }
450 if (willAccess != didAccess) {
451 System.out.println(sourceCase+" => "+targetClass.getSimpleName()+(isFindOrAccessClass?"":"."+methodName+methodType));
452 System.out.println("fail "+(isFindOrAccessClass?kind:"on "+method)+" ex="+accessError);
453 assertEquals(willAccess, didAccess);
454 }
455 testCount++;
456 if (!didAccess) testCountFails++;
457 }
458
459 static Method targetMethod(Class<?> targetClass, int targetAccess, MethodType methodType) {
460 assert targetAccess != MODULE;
461 String methodName = accessName(targetAccess)+placeName(targetClass);
462 if (verbosity >= 2)
463 System.out.println(targetClass.getSimpleName()+"."+methodName+methodType);
464 try {
465 Method method = targetClass.getDeclaredMethod(methodName, methodType.parameterArray());
466 assertEquals(method.getReturnType(), methodType.returnType());
467 int haveMods = method.getModifiers();
468 assert(Modifier.isStatic(haveMods));
469 assert(targetAccess == fixMods(haveMods));
470 return method;
471 } catch (NoSuchMethodException ex) {
472 throw new AssertionError(methodName, ex);
473 }
474 }
475
476 static String placeName(Class<?> cls) {
477 // return "self", "sibling", "nestmate", etc.
478 if (cls == AccessControlTest.class) return "self";
479 String cln = cls.getSimpleName();
480 int under = cln.lastIndexOf('_');
481 if (under < 0) return null;
482 return cln.substring(under+1);
483 }
484 static String accessName(int acc) {
485 switch (acc) {
486 case PUBLIC: return "pub_in_";
487 case PROTECTED: return "pro_in_";
488 case PACKAGE: return "pkg_in_";
489 case PRIVATE: return "pri_in_";
490 }
491 assert(false);
492 return "?";
493 }
494 // MODULE not a test case at this time
495 private static final int[] ACCESS_CASES = {
496 PUBLIC, PACKAGE, PRIVATE, PROTECTED
497 };
498 /** Return one of the ACCESS_CASES. */
499 static int fixMods(int mods) {
500 mods &= (PUBLIC|PRIVATE|PROTECTED);
501 switch (mods) {
502 case PUBLIC: case PRIVATE: case PROTECTED: return mods;
503 case 0: return PACKAGE;
504 }
505 throw new AssertionError(mods);
506 }
507
508 static Lookup[] lookups() {
509 ArrayList<Lookup> tem = new ArrayList<>();
510 Collections.addAll(tem,
511 AccessControlTest.lookup_in_self(),
512 Inner_nestmate.lookup_in_nestmate(),
513 AccessControlTest_sibling.lookup_in_sibling());
514 if (true) {
515 Collections.addAll(tem,Acquaintance_remote.lookups());
516 } else {
517 try {
|
1 /*
2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /* @test
25 * @summary test access checking by java.lang.invoke.MethodHandles.Lookup
26 * @compile AccessControlTest.java AccessControlTest_subpkg/Acquaintance_remote.java
27 * @run testng/othervm test.java.lang.invoke.AccessControlTest
28 */
29
30 package test.java.lang.invoke;
31
32 import java.lang.invoke.*;
33 import java.lang.reflect.*;
34 import java.lang.reflect.Modifier;
35 import java.util.*;
36 import org.testng.annotations.*;
37
38 import static java.lang.invoke.MethodHandles.*;
39 import static java.lang.invoke.MethodHandles.Lookup.*;
40 import static java.lang.invoke.MethodType.*;
41 import static org.testng.Assert.*;
42
43 import test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote;
44
45
46 /**
47 * Test many combinations of Lookup access and cross-class lookupStatic.
48 * @author jrose
49 */
50 public class AccessControlTest {
51 static final Class<?> THIS_CLASS = AccessControlTest.class;
52 // How much output?
53 static int verbosity = 0;
54 static {
55 String vstr = System.getProperty(THIS_CLASS.getSimpleName()+".verbosity");
56 if (vstr == null)
57 vstr = System.getProperty(THIS_CLASS.getName()+".verbosity");
58 if (vstr != null) verbosity = Integer.parseInt(vstr);
59 }
60
61 private class LookupCase implements Comparable<LookupCase> {
62 final Lookup lookup;
63 final Class<?> lookupClass;
64 final Class<?> prevLookupClass;
65 final int lookupModes;
66 public LookupCase(Lookup lookup) {
67 this.lookup = lookup;
68 this.lookupClass = lookup.lookupClass();
69 this.prevLookupClass = lookup.previousLookupClass();
70 this.lookupModes = lookup.lookupModes();
71
72 assert(lookupString().equals(lookup.toString()));
73 numberOf(lookupClass().getClassLoader()); // assign CL#
74 }
75 public LookupCase(Class<?> lookupClass, Class<?> prevLookupClass, int lookupModes) {
76 this.lookup = null;
77 this.lookupClass = lookupClass;
78 this.prevLookupClass = prevLookupClass;
79 this.lookupModes = lookupModes;
80 numberOf(lookupClass().getClassLoader()); // assign CL#
81 }
82
83 public final Class<?> lookupClass() { return lookupClass; }
84 public final Class<?> prevLookupClass() { return prevLookupClass; }
85 public final int lookupModes() { return lookupModes; }
86
87 public Lookup lookup() { lookup.getClass(); return lookup; }
88
89 @Override
90 public int compareTo(LookupCase that) {
91 Class<?> c1 = this.lookupClass();
92 Class<?> c2 = that.lookupClass();
93 Class<?> p1 = this.prevLookupClass();
94 Class<?> p2 = that.prevLookupClass();
95 if (c1 != c2) {
96 int cmp = c1.getName().compareTo(c2.getName());
97 if (cmp != 0) return cmp;
98 cmp = numberOf(c1.getClassLoader()) - numberOf(c2.getClassLoader());
99 assert(cmp != 0);
100 return cmp;
101 } else if (p1 != p2){
102 if (p1 == null)
103 return 1;
104 else if (p2 == null)
105 return -1;
106 int cmp = p1.getName().compareTo(p2.getName());
107 if (cmp != 0) return cmp;
108 cmp = numberOf(p1.getClassLoader()) - numberOf(p2.getClassLoader());
109 assert(cmp != 0);
110 return cmp;
111 }
112 return -(this.lookupModes() - that.lookupModes());
113 }
114
115 @Override
116 public boolean equals(Object that) {
117 return (that instanceof LookupCase && equals((LookupCase)that));
118 }
119 public boolean equals(LookupCase that) {
120 return (this.lookupClass() == that.lookupClass() &&
121 this.prevLookupClass() == that.prevLookupClass() &&
122 this.lookupModes() == that.lookupModes());
123 }
124
125 @Override
126 public int hashCode() {
127 return lookupClass().hashCode() + (lookupModes() * 31);
128 }
129
130 /** Simulate all assertions in the spec. for Lookup.toString. */
131 private String lookupString() {
132 String name = lookupClass.getName();
133 if (prevLookupClass != null)
134 name += "/" + prevLookupClass.getName();
135 String suffix = "";
136 if (lookupModes == 0)
137 suffix = "/noaccess";
138 else if (lookupModes == PUBLIC)
139 suffix = "/public";
140 else if (lookupModes == UNCONDITIONAL)
141 suffix = "/publicLookup";
142 else if (lookupModes == (PUBLIC|MODULE))
143 suffix = "/module";
144 else if (lookupModes == (PUBLIC|PACKAGE)
145 || lookupModes == (PUBLIC|MODULE|PACKAGE))
146 suffix = "/package";
147 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE)
148 || lookupModes == (PUBLIC|MODULE|PACKAGE|PRIVATE))
149 suffix = "/private";
150 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE|PROTECTED)
151 || lookupModes == (PUBLIC|MODULE|PACKAGE|PRIVATE|PROTECTED))
152 suffix = "";
153 else
154 suffix = "/#"+Integer.toHexString(lookupModes);
155 return name+suffix;
156 }
157
158 /** Simulate all assertions from the spec. for Lookup.in:
159 * <hr>
160 * Creates a lookup on the specified new lookup class.
161 * [A1] The resulting object will report the specified
162 * class as its own {@link #lookupClass lookupClass}.
163 * [A2] However, the resulting {@code Lookup} object is guaranteed
164 * to have no more access capabilities than the original.
165 * In particular, access capabilities can be lost as follows:<ul>
166 * [A3] If the new lookup class is in a different module from the old one,
167 * i.e. {@link #MODULE MODULE} access is lost.
168 * [A4] If the new lookup class is in a different package
169 * than the old one, protected and default (package) members will not be accessible,
170 * i.e. {@link #PROTECTED PROTECTED} and {@link #PACKAGE PACKAGE} access are lost.
171 * [A5] If the new lookup class is not within the same package member
172 * as the old one, private members will not be accessible, and protected members
173 * will not be accessible by virtue of inheritance,
174 * i.e. {@link #PRIVATE PRIVATE} access is lost.
175 * (Protected members may continue to be accessible because of package sharing.)
176 * [A6] If the new lookup class is not
177 * {@linkplain #accessClass(Class) accessible} to this lookup,
178 * then no members, not even public members, will be accessible
179 * i.e. all access modes are lost.
180 * [A7] If the new lookup class, the old lookup class and the previous lookup class
181 * are all in different modules i.e. teleporting to a third module,
182 * all access modes are lost.
183 * <p>
184 * The new previous lookup class is chosen as follows:
185 * [A8] If the new lookup object has {@link #UNCONDITIONAL UNCONDITIONAL} bit,
186 * the new previous lookup class is {@code null}.
187 * [A9] If the new lookup class is in the same module as the old lookup class,
188 * the new previous lookup class is the old previous lookup class.
189 * [A10] If the new lookup class is in a different module from the old lookup class,
190 * the new previous lookup class is the the old lookup class.
191 *
192 * Other than the above cases, the new lookup will have the same
193 * access capabilities as the original. [A11]
194 * <hr>
195 */
196 public LookupCase in(Class<?> c2) {
197 Class<?> c1 = lookupClass();
198 Module m1 = c1.getModule();
199 Module m2 = c2.getModule();
200 Module m0 = prevLookupClass() != null ? prevLookupClass.getModule() : c1.getModule();
201 int modes1 = lookupModes();
202 int changed = 0;
203 // for the purposes of access control then treat classes in different unnamed
204 // modules as being in the same module.
205 boolean sameModule = (m1 == m2) ||
206 (!m1.isNamed() && !m2.isNamed());
207 boolean samePackage = (c1.getClassLoader() == c2.getClassLoader() &&
208 c1.getPackageName().equals(c2.getPackageName()));
209 boolean sameTopLevel = (topLevelClass(c1) == topLevelClass(c2));
210 boolean sameClass = (c1 == c2);
211 assert(samePackage || !sameTopLevel);
212 assert(sameTopLevel || !sameClass);
213 boolean accessible = sameClass;
214
215 if ((modes1 & PACKAGE) != 0) accessible |= samePackage;
216 if ((modes1 & PUBLIC ) != 0) {
217 if (isModuleAccessible(c2))
218 accessible |= (c2.getModifiers() & PUBLIC) != 0;
219 else
220 accessible = false;
221 }
222 if ((modes1 & UNCONDITIONAL) != 0) {
223 if (m2.isExported(c2.getPackageName()))
224 accessible |= (c2.getModifiers() & PUBLIC) != 0;
225 else
226 accessible = false;
227 }
228 if (!accessible) {
229 // no access to c2; lose all access.
230 changed |= (PUBLIC|MODULE|PACKAGE|PRIVATE|PROTECTED|UNCONDITIONAL); // [A6]
231 }
232 if (m2 != m1 && m0 != m1) {
233 // hop to a third module; lose all access
234 changed |= (PUBLIC|MODULE|PACKAGE|PRIVATE|PROTECTED); // [A7]
235 }
236 if (!sameModule) {
237 changed |= MODULE; // [A3]
238 }
239 if (!samePackage) {
240 // Different package; loose PACKAGE and lower access.
241 changed |= (PACKAGE|PRIVATE|PROTECTED); // [A4]
242 }
243 if (!sameTopLevel) {
244 // Different top-level class. Lose PRIVATE and PROTECTED access.
245 changed |= (PRIVATE|PROTECTED); // [A5]
246 }
247 if (sameClass) {
248 assert(changed == 0); // [A11] (no deprivation if same class)
249 }
250
251 if (accessible) assert((changed & PUBLIC) == 0);
252 int modes2 = modes1 & ~changed;
253 Class<?> plc = (m1 == m2) ? prevLookupClass() : c1; // [A9] [A10]
254 if ((modes1 & UNCONDITIONAL) != 0) plc = null; // [A8]
255 LookupCase l2 = new LookupCase(c2, plc, modes2);
256 assert(l2.lookupClass() == c2); // [A1]
257 assert((modes1 | modes2) == modes1); // [A2] (no elevation of access)
258 assert(l2.prevLookupClass() == null || (modes2 & MODULE) == 0);
259 return l2;
260 }
261
262 LookupCase dropLookupMode(int modeToDrop) {
263 int oldModes = lookupModes();
264 int newModes = oldModes & ~(modeToDrop | PROTECTED);
265 switch (modeToDrop) {
266 case PUBLIC: newModes &= ~(MODULE|PACKAGE|PROTECTED|PRIVATE); break;
267 case MODULE: newModes &= ~(PACKAGE|PRIVATE); break;
268 case PACKAGE: newModes &= ~(PRIVATE); break;
269 case PROTECTED:
270 case PRIVATE:
271 case UNCONDITIONAL: break;
272 default: throw new IllegalArgumentException(modeToDrop + " is not a valid mode to drop");
273 }
274 if (newModes == oldModes) return this; // return self if no change
275 LookupCase l2 = new LookupCase(lookupClass(), prevLookupClass(), newModes);
276 assert((oldModes | newModes) == oldModes); // [A2] (no elevation of access)
277 assert(l2.prevLookupClass() == null || (newModes & MODULE) == 0);
278 return l2;
279 }
280
281 boolean isModuleAccessible(Class<?> c) {
282 Module m1 = lookupClass().getModule();
283 Module m2 = c.getModule();
284 Module m0 = prevLookupClass() != null ? prevLookupClass.getModule() : m1;
285 String pn = c.getPackageName();
286 boolean accessible = m1.canRead(m2) && m2.isExported(pn, m1);
287 if (m1 != m0) {
288 accessible = accessible && m0.canRead(m2) && m2.isExported(pn, m0);
289 }
290 return accessible;
291 }
292
293 @Override
294 public String toString() {
295 String s = lookupClass().getSimpleName();
296 String lstr = lookupString();
297 int sl = lstr.indexOf('/');
298 if (sl >= 0) s += lstr.substring(sl);
299 ClassLoader cld = lookupClass().getClassLoader();
300 if (cld != THIS_LOADER) s += "/loader#"+numberOf(cld);
301 return s;
302 }
303
304 /** Predict the success or failure of accessing this method. */
305 public boolean willAccess(Method m) {
306 Class<?> c1 = lookupClass();
307 Class<?> c2 = m.getDeclaringClass();
308 Module m1 = c1.getModule();
309 Module m2 = c2.getModule();
310 Module m0 = prevLookupClass != null ? prevLookupClass.getModule() : m1;
311 // unconditional has access to all public types/members of types that is in a package
312 // are unconditionally exported
313 if ((lookupModes & UNCONDITIONAL) != 0) {
314 return m2.isExported(c2.getPackageName())
315 && Modifier.isPublic(c2.getModifiers())
316 && Modifier.isPublic(m.getModifiers());
317 }
318
319 // c1 and c2 are in different module
320 if (m1 != m2 || m0 != m2) {
321 return (lookupModes & PUBLIC) != 0
322 && isModuleAccessible(c2)
323 && Modifier.isPublic(c2.getModifiers())
324 && Modifier.isPublic(m.getModifiers());
325 }
326
327 assert(m1 == m2 && prevLookupClass == null);
328
329 if (!willAccessClass(c2, false))
330 return false;
331
332 LookupCase lc = this.in(c2);
333 int modes1 = lc.lookupModes();
334 int modes2 = fixMods(m.getModifiers());
335 // allow private lookup on nestmates. Otherwise, privacy is strictly enforced
336 if (c1 != c2 && ((modes2 & PRIVATE) == 0 || !c1.isNestmateOf(c2))) {
337 modes1 &= ~PRIVATE;
338 }
339 // protected access is sometimes allowed
340 if ((modes2 & PROTECTED) != 0) {
341 int prev = modes2;
342 modes2 |= PACKAGE; // it acts like a package method also
343 if ((lookupModes() & PROTECTED) != 0 &&
344 c2.isAssignableFrom(c1))
345 modes2 |= PUBLIC; // from a subclass, it acts like a public method also
346 }
347 if (verbosity >= 2)
348 System.out.format("%s willAccess %s modes1=0x%h modes2=0x%h => %s%n", lookupString(), lc.lookupString(), modes1, modes2, (modes2 & modes1) != 0);
349 return (modes2 & modes1) != 0;
350 }
351
352 /** Predict the success or failure of accessing this class. */
353 public boolean willAccessClass(Class<?> c2, boolean load) {
354 Class<?> c1 = lookupClass();
355 if (load && c2.getClassLoader() != null) {
356 if (c1.getClassLoader() == null) {
357 // not visible
358 return false;
359 }
360 }
361
362 Module m1 = c1.getModule();
363 Module m2 = c2.getModule();
364 Module m0 = prevLookupClass != null ? prevLookupClass.getModule() : m1;
365 // unconditional has access to all public types that is in an unconditionally exported package
366 if ((lookupModes & UNCONDITIONAL) != 0) {
367 return m2.isExported(c2.getPackageName()) && Modifier.isPublic(c2.getModifiers());
368 }
369 // c1 and c2 are in different module
370 if (m1 != m2 || m0 != m2) {
371 return (lookupModes & PUBLIC) != 0
372 && isModuleAccessible(c2)
373 && Modifier.isPublic(c2.getModifiers());
374 }
375
376 assert(m1 == m2 && prevLookupClass == null);
377
378 LookupCase lc = this.in(c2);
379 int modes1 = lc.lookupModes();
380 boolean r = false;
381 if (modes1 == 0) {
382 r = false;
383 } else {
384 if (Modifier.isPublic(c2.getModifiers())) {
385 if ((modes1 & MODULE) != 0)
386 r = true;
387 else if ((modes1 & PUBLIC) != 0)
388 r = m1.isExported(c2.getPackageName());
389 } else {
390 if ((modes1 & PACKAGE) != 0 && c1.getPackage() == c2.getPackage())
391 r = true;
392 }
393 }
394 if (verbosity >= 2) {
395 System.out.println(this+" willAccessClass "+lc+" c1="+c1+" c2="+c2+" => "+r);
396 }
397 return r;
398 }
399 }
400
401 private static Class<?> topLevelClass(Class<?> cls) {
402 Class<?> c = cls;
403 for (Class<?> ec; (ec = c.getEnclosingClass()) != null; )
404 c = ec;
405 assert(c.getEnclosingClass() == null);
406 assert(c == cls || cls.getEnclosingClass() != null);
407 return c;
408 }
409
410 private final TreeSet<LookupCase> CASES = new TreeSet<>();
414 { if (THIS_LOADER != null) LOADERS.add(THIS_LOADER); } // #1
415
416 private LookupCase lookupCase(String name) {
417 for (LookupCase lc : CASES) {
418 if (lc.toString().equals(name))
419 return lc;
420 }
421 throw new AssertionError(name);
422 }
423
424 private int numberOf(ClassLoader cl) {
425 if (cl == null) return 0;
426 int i = LOADERS.indexOf(cl);
427 if (i < 0) {
428 i = LOADERS.size();
429 LOADERS.add(cl);
430 }
431 return i+1;
432 }
433
434 private void addLookupEdge(LookupCase l1, Class<?> c2, LookupCase l2, int dropAccess) {
435 TreeSet<LookupCase> edges = CASE_EDGES.get(l2);
436 if (edges == null) CASE_EDGES.put(l2, edges = new TreeSet<>());
437 if (edges.add(l1)) {
438 Class<?> c1 = l1.lookupClass();
439 assert(l2.lookupClass() == c2); // [A1]
440 int m1 = l1.lookupModes();
441 int m2 = l2.lookupModes();
442 assert((m1 | m2) == m1); // [A2] (no elevation of access)
443 LookupCase expect = dropAccess == 0 ? l1.in(c2) : l1.in(c2).dropLookupMode(dropAccess);
444 if (!expect.equals(l2))
445 System.out.println("*** expect "+l1+" => "+expect+" but got "+l2);
446 assertEquals(l2, expect);
447 }
448 }
449
450 private void makeCases(Lookup[] originalLookups) {
451 // make initial set of lookup test cases
452 CASES.clear(); LOADERS.clear(); CASE_EDGES.clear();
453 ArrayList<Class<?>> classes = new ArrayList<>();
454 for (Lookup l : originalLookups) {
455 CASES.add(new LookupCase(l));
456 classes.remove(l.lookupClass()); // no dups please
457 classes.add(l.lookupClass());
458 }
459 System.out.println("loaders = "+LOADERS);
460 int rounds = 0;
461 for (int lastCount = -1; lastCount != CASES.size(); ) {
462 lastCount = CASES.size(); // if CASES grow in the loop we go round again
463 for (LookupCase lc1 : CASES.toArray(new LookupCase[0])) {
464 for (int mode : ACCESS_CASES) {
465 LookupCase lc2 = new LookupCase(lc1.lookup().dropLookupMode(mode));
466 addLookupEdge(lc1, lc1.lookupClass(), lc2, mode);
467 CASES.add(lc2);
468 }
469 for (Class<?> c2 : classes) {
470 LookupCase lc2 = new LookupCase(lc1.lookup().in(c2));
471 addLookupEdge(lc1, c2, lc2, 0);
472 CASES.add(lc2);
473 }
474 }
475 rounds++;
476 }
477 System.out.println("filled in "+CASES.size()+" cases from "+originalLookups.length+" original cases in "+rounds+" rounds");
478 if (false) {
479 System.out.println("CASES: {");
480 for (LookupCase lc : CASES) {
481 System.out.println(lc);
482 Set<LookupCase> edges = CASE_EDGES.get(lc);
483 if (edges != null)
484 for (LookupCase prev : edges) {
485 System.out.println("\t"+prev);
486 }
487 }
488 System.out.println("}");
489 }
490 }
491
492 @Test public void test() {
493 makeCases(lookups());
494 if (verbosity > 0) {
495 verbosity += 9;
496 Method pro_in_self = targetMethod(THIS_CLASS, PROTECTED, methodType(void.class));
497 testOneAccess(lookupCase("AccessControlTest/module"), pro_in_self, "find");
498 testOneAccess(lookupCase("Remote_subclass/module"), pro_in_self, "find");
499 testOneAccess(lookupCase("Remote_subclass"), pro_in_self, "find");
500 verbosity -= 9;
501 }
502 Set<Class<?>> targetClassesDone = new HashSet<>();
503 for (LookupCase targetCase : CASES) {
504 Class<?> targetClass = targetCase.lookupClass();
505 if (!targetClassesDone.add(targetClass)) continue; // already saw this one
506 String targetPlace = placeName(targetClass);
507 if (targetPlace == null) continue; // Object, String, not a target
508 for (int targetAccess : ACCESS_CASES) {
509 if (targetAccess == MODULE || targetAccess == UNCONDITIONAL)
510 continue;
511 MethodType methodType = methodType(void.class);
512 Method method = targetMethod(targetClass, targetAccess, methodType);
513 // Try to access target method from various contexts.
514 for (LookupCase sourceCase : CASES) {
515 testOneAccess(sourceCase, method, "findClass");
516 testOneAccess(sourceCase, method, "accessClass");
517 testOneAccess(sourceCase, method, "find");
518 testOneAccess(sourceCase, method, "unreflect");
519 }
520 }
521 }
522 System.out.println("tested "+testCount+" access scenarios; "+testCountFails+" accesses were denied");
523 }
524
525 private int testCount, testCountFails;
526
527 private void testOneAccess(LookupCase sourceCase, Method method, String kind) {
528 Class<?> targetClass = method.getDeclaringClass();
529 String methodName = method.getName();
530 MethodType methodType = methodType(method.getReturnType(), method.getParameterTypes());
550 case "unreflect":
551 sourceCase.lookup().unreflect(method);
552 break;
553 default:
554 throw new AssertionError(kind);
555 }
556 didAccess = true;
557 } catch (ReflectiveOperationException ex) {
558 accessError = ex;
559 }
560 if (willAccess != didAccess) {
561 System.out.println(sourceCase+" => "+targetClass.getSimpleName()+(isFindOrAccessClass?"":"."+methodName+methodType));
562 System.out.println("fail "+(isFindOrAccessClass?kind:"on "+method)+" ex="+accessError);
563 assertEquals(willAccess, didAccess);
564 }
565 testCount++;
566 if (!didAccess) testCountFails++;
567 }
568
569 static Method targetMethod(Class<?> targetClass, int targetAccess, MethodType methodType) {
570 String methodName = accessName(targetAccess)+placeName(targetClass);
571 if (verbosity >= 2)
572 System.out.println(targetClass.getSimpleName()+"."+methodName+methodType);
573 try {
574 Method method = targetClass.getDeclaredMethod(methodName, methodType.parameterArray());
575 assertEquals(method.getReturnType(), methodType.returnType());
576 int haveMods = method.getModifiers();
577 assert(Modifier.isStatic(haveMods));
578 assert(targetAccess == fixMods(haveMods));
579 return method;
580 } catch (NoSuchMethodException ex) {
581 throw new AssertionError(methodName, ex);
582 }
583 }
584
585 static String placeName(Class<?> cls) {
586 // return "self", "sibling", "nestmate", etc.
587 if (cls == AccessControlTest.class) return "self";
588 String cln = cls.getSimpleName();
589 int under = cln.lastIndexOf('_');
590 if (under < 0) return null;
591 return cln.substring(under+1);
592 }
593 static String accessName(int acc) {
594 switch (acc) {
595 case PUBLIC: return "pub_in_";
596 case PROTECTED: return "pro_in_";
597 case PACKAGE: return "pkg_in_";
598 case PRIVATE: return "pri_in_";
599 }
600 assert(false);
601 return "?";
602 }
603 private static final int[] ACCESS_CASES = {
604 PUBLIC, PACKAGE, PRIVATE, PROTECTED, MODULE, UNCONDITIONAL
605 };
606 /*
607 * Adjust PUBLIC => PUBLIC|MODULE|UNCONDITIONAL
608 * Adjust 0 => PACKAGE
609 */
610 /** Return one of the ACCESS_CASES. */
611 static int fixMods(int mods) {
612 mods &= (PUBLIC|PRIVATE|PROTECTED);
613 switch (mods) {
614 case PUBLIC: case PRIVATE: case PROTECTED: return mods;
615 case 0: return PACKAGE;
616 }
617 throw new AssertionError(mods);
618 }
619
620 static Lookup[] lookups() {
621 ArrayList<Lookup> tem = new ArrayList<>();
622 Collections.addAll(tem,
623 AccessControlTest.lookup_in_self(),
624 Inner_nestmate.lookup_in_nestmate(),
625 AccessControlTest_sibling.lookup_in_sibling());
626 if (true) {
627 Collections.addAll(tem,Acquaintance_remote.lookups());
628 } else {
629 try {
|