1 /*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package jdk.internal.misc;
27
28 import java.security.AccessControlContext;
29 import java.security.AccessController;
30 import java.security.ProtectionDomain;
31 import java.security.PrivilegedAction;
32 import java.util.concurrent.atomic.AtomicInteger;
33
34 /**
35 * A thread that has no permissions, is not a member of any user-defined
36 * ThreadGroup and supports the ability to erase ThreadLocals.
37 */
38 public final class InnocuousThread extends Thread {
39 private static final jdk.internal.misc.Unsafe UNSAFE;
40 private static final long THREAD_LOCALS;
41 private static final long INHERITABLE_THREAD_LOCALS;
42 private static final ThreadGroup INNOCUOUSTHREADGROUP;
43 private static final AccessControlContext ACC;
44 private static final long INHERITEDACCESSCONTROLCONTEXT;
45 private static final long CONTEXTCLASSLOADER;
46
47 private static final AtomicInteger threadNumber = new AtomicInteger(1);
48
49 public InnocuousThread(Runnable target) {
50 this(INNOCUOUSTHREADGROUP, target,
51 "InnocuousThread-" + threadNumber.getAndIncrement());
52 }
53
54 public InnocuousThread(Runnable target, String name) {
55 this(INNOCUOUSTHREADGROUP, target, name);
56 }
57
58 public InnocuousThread(ThreadGroup group, Runnable target, String name) {
59 super(group, target, name, 0L, false);
60 UNSAFE.putOrderedObject(this, INHERITEDACCESSCONTROLCONTEXT, ACC);
61 UNSAFE.putOrderedObject(this, CONTEXTCLASSLOADER, ClassLoader.getSystemClassLoader());
62 }
63
64 @Override
65 public void setUncaughtExceptionHandler(UncaughtExceptionHandler x) {
66 // silently fail
67 }
68
69 @Override
70 public void setContextClassLoader(ClassLoader cl) {
71 // Allow clearing of the TCCL to remove the reference to the system classloader.
72 if (cl == null)
73 super.setContextClassLoader(null);
74 else
75 throw new SecurityException("setContextClassLoader");
76 }
77
78 /**
79 * Drops all thread locals (and inherited thread locals).
80 */
81 public final void eraseThreadLocals() {
82 UNSAFE.putObject(this, THREAD_LOCALS, null);
83 UNSAFE.putObject(this, INHERITABLE_THREAD_LOCALS, null);
84 }
85
86 // ensure run method is run only once
87 private volatile boolean hasRun;
88
89 @Override
90 public void run() {
91 if (Thread.currentThread() == this && !hasRun) {
92 hasRun = true;
93 super.run();
94 }
95 }
96
97 // Use Unsafe to access Thread group and ThreadGroup parent fields
98 static {
99 try {
100 ACC = new AccessControlContext(new ProtectionDomain[] {
101 new ProtectionDomain(null, null)
102 });
103
104 // Find and use topmost ThreadGroup as parent of new group
105 UNSAFE = jdk.internal.misc.Unsafe.getUnsafe();
106 Class<?> tk = Thread.class;
107 Class<?> gk = ThreadGroup.class;
108
109 THREAD_LOCALS = UNSAFE.objectFieldOffset
110 (tk.getDeclaredField("threadLocals"));
111 INHERITABLE_THREAD_LOCALS = UNSAFE.objectFieldOffset
112 (tk.getDeclaredField("inheritableThreadLocals"));
113 INHERITEDACCESSCONTROLCONTEXT = UNSAFE.objectFieldOffset
114 (tk.getDeclaredField("inheritedAccessControlContext"));
115 CONTEXTCLASSLOADER = UNSAFE.objectFieldOffset
116 (tk.getDeclaredField("contextClassLoader"));
117
118 long tg = UNSAFE.objectFieldOffset(tk.getDeclaredField("group"));
119 long gp = UNSAFE.objectFieldOffset(gk.getDeclaredField("parent"));
120 ThreadGroup group = (ThreadGroup)
121 UNSAFE.getObject(Thread.currentThread(), tg);
122
123 while (group != null) {
124 ThreadGroup parent = (ThreadGroup)UNSAFE.getObject(group, gp);
125 if (parent == null)
126 break;
127 group = parent;
128 }
129 final ThreadGroup root = group;
130 INNOCUOUSTHREADGROUP = AccessController.doPrivileged(
131 new PrivilegedAction<ThreadGroup>() {
132 @Override
133 public ThreadGroup run() {
134 return new ThreadGroup(root, "InnocuousThreadGroup");
135 }
136 });
137 } catch (Exception e) {
138 throw new Error(e);
139 }
140 }
141 }