--- old/corba/src/java.corba/share/classes/sun/corba/Bridge.java 2017-03-15 12:37:13.000000000 -0700 +++ new/corba/src/java.corba/share/classes/sun/corba/Bridge.java 2017-03-15 12:37:13.000000000 -0700 @@ -59,10 +59,10 @@ * * The code that calls Bridge.get() must have the following Permissions: * *

* All of these permissions are required to obtain and correctly initialize @@ -105,10 +105,10 @@ /** Fetch the Bridge singleton. This requires the following * permissions: *

* @return The singleton instance of the Bridge class * @throws SecurityException if the caller does not have the --- old/jdk/src/java.base/share/classes/java/lang/LiveStackFrame.java 2017-03-15 12:37:14.000000000 -0700 +++ new/jdk/src/java.base/share/classes/java/lang/LiveStackFrame.java 2017-03-15 12:37:13.000000000 -0700 @@ -169,7 +169,7 @@ * it denies access to {@code RuntimePermission("liveStackFrames")}; or * or if the given {@code options} contains * {@link StackWalker.Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE} - * and it denies access to {@code StackFramePermission("retainClassReference")}. + * and it denies access to {@code RuntimePermission("getStackWalkerWithClassReference")}. */ public static StackWalker getStackWalker(Set options) { SecurityManager sm = System.getSecurityManager(); --- old/jdk/src/java.base/share/classes/java/lang/RuntimePermission.java 2017-03-15 12:37:14.000000000 -0700 +++ new/jdk/src/java.base/share/classes/java/lang/RuntimePermission.java 2017-03-15 12:37:14.000000000 -0700 @@ -298,6 +298,14 @@ * * * + * getStackWalkerWithClassReference + * Get a stack walker that can retrieve stack frames with class reference. + * This allows retrieval of Class objects from stack walking. + * This might allow malicious code to access Class objects on the stack + * outside its own context. + * + * + * * setDefaultUncaughtExceptionHandler * Setting the default handler to be used when a thread * terminates abruptly due to an uncaught exception --- old/jdk/src/java.base/share/classes/java/lang/StackWalker.java 2017-03-15 12:37:15.000000000 -0700 +++ new/jdk/src/java.base/share/classes/java/lang/StackWalker.java 2017-03-15 12:37:15.000000000 -0700 @@ -279,7 +279,7 @@ * If a security manager is present and the given {@code option} is * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE}, * it calls its {@link SecurityManager#checkPermission checkPermission} - * method for {@code StackFramePermission("retainClassReference")}. + * method for {@code RuntimePermission("getStackWalkerWithClassReference")}. * * @param option {@link Option stack walking option} * @@ -303,7 +303,7 @@ * If a security manager is present and the given {@code options} contains * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE}, * it calls its {@link SecurityManager#checkPermission checkPermission} - * method for {@code StackFramePermission("retainClassReference")}. + * method for {@code RuntimePermission("getStackWalkerWithClassReference")}. * * @param options {@link Option stack walking option} * @@ -333,7 +333,7 @@ * If a security manager is present and the given {@code options} contains * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE}, * it calls its {@link SecurityManager#checkPermission checkPermission} - * method for {@code StackFramePermission("retainClassReference")}. + * method for {@code RuntimePermission("getStackWalkerWithClassReference")}. * *

* The {@code estimateDepth} specifies the estimate number of stack frames @@ -376,7 +376,7 @@ SecurityManager sm = System.getSecurityManager(); if (sm != null) { if (options.contains(Option.RETAIN_CLASS_REFERENCE)) { - sm.checkPermission(new StackFramePermission("retainClassReference")); + sm.checkPermission(new RuntimePermission("getStackWalkerWithClassReference")); } } } --- old/jdk/test/java/lang/StackWalker/CallerSensitiveMethod/csm/jdk/test/CallerSensitiveTest.java 2017-03-15 12:37:16.000000000 -0700 +++ new/jdk/test/java/lang/StackWalker/CallerSensitiveMethod/csm/jdk/test/CallerSensitiveTest.java 2017-03-15 12:37:15.000000000 -0700 @@ -50,7 +50,7 @@ if (args.length > 0 && args[0].equals("sm")) { sm = true; PermissionCollection perms = new Permissions(); - perms.add(new StackFramePermission("retainClassReference")); + perms.add(new RuntimePermission("getStackWalkerWithClassReference")); Policy.setPolicy(new Policy() { @Override public boolean implies(ProtectionDomain domain, Permission p) { --- old/jdk/test/java/lang/StackWalker/GetCallerClassTest.java 2017-03-15 12:37:16.000000000 -0700 +++ new/jdk/test/java/lang/StackWalker/GetCallerClassTest.java 2017-03-15 12:37:16.000000000 -0700 @@ -55,7 +55,7 @@ public static void main(String... args) throws Exception { if (args.length > 0 && args[0].equals("sm")) { PermissionCollection perms = new Permissions(); - perms.add(new StackFramePermission("retainClassReference")); + perms.add(new RuntimePermission("getStackWalkerWithClassReference")); Policy.setPolicy(new Policy() { @Override public boolean implies(ProtectionDomain domain, Permission p) { --- old/jdk/test/java/lang/StackWalker/stackwalk.policy 2017-03-15 12:37:17.000000000 -0700 +++ new/jdk/test/java/lang/StackWalker/stackwalk.policy 2017-03-15 12:37:17.000000000 -0700 @@ -1,4 +1,4 @@ grant { - permission java.lang.StackFramePermission "retainClassReference"; + permission java.lang.RuntimePermission "getStackWalkerWithClassReference"; }; --- old/jdk/test/java/lang/StackWalker/stackwalktest.policy 2017-03-15 12:37:18.000000000 -0700 +++ new/jdk/test/java/lang/StackWalker/stackwalktest.policy 2017-03-15 12:37:18.000000000 -0700 @@ -1,5 +1,5 @@ grant { - permission java.lang.StackFramePermission "retainClassReference"; + permission java.lang.RuntimePermission "getStackWalkerWithClassReference"; permission java.util.PropertyPermission "seed", "read"; }; --- old/jdk/src/java.base/share/classes/java/lang/StackFramePermission.java 2017-03-15 12:37:18.000000000 -0700 +++ /dev/null 2017-03-15 12:37:18.000000000 -0700 @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package java.lang; - -/** - * Permission to access {@link StackWalker.StackFrame}. - * - * @see java.lang.StackWalker.Option#RETAIN_CLASS_REFERENCE - * @see StackWalker.StackFrame#getDeclaringClass() - */ -public class StackFramePermission extends java.security.BasicPermission { - private static final long serialVersionUID = 2841894854386706014L; - - /** - * Creates a new {@code StackFramePermission} object. - * - * @param name Permission name. Must be "retainClassReference". - * - * @throws IllegalArgumentException if {@code name} is invalid. - * @throws NullPointerException if {@code name} is {@code null}. - */ - public StackFramePermission(String name) { - super(name); - if (!name.equals("retainClassReference")) { - throw new IllegalArgumentException("name: " + name); - } - } -}