1 /*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package jdk.internal.misc;
27
28 import java.security.AccessControlContext;
29 import java.security.AccessController;
30 import java.security.ProtectionDomain;
31 import java.security.PrivilegedAction;
32 import java.util.concurrent.atomic.AtomicInteger;
33
34 /**
35 * A thread that has no permissions, is not a member of any user-defined
36 * ThreadGroup and supports the ability to erase ThreadLocals.
37 */
38 public final class InnocuousThread extends Thread {
39 private static final jdk.internal.misc.Unsafe UNSAFE;
40 private static final long THREAD_LOCALS;
41 private static final long INHERITABLE_THREAD_LOCALS;
42 private static final ThreadGroup INNOCUOUSTHREADGROUP;
43 private static final AccessControlContext ACC;
44 private static final long INHERITEDACCESSCONTROLCONTEXT;
45 private static final long CONTEXTCLASSLOADER;
46
47 private static final AtomicInteger threadNumber = new AtomicInteger(1);
48 private static String newName() {
49 return "InnocuousThread-" + threadNumber.getAndIncrement();
50 }
51
52 /**
53 * Returns a new InnocuousThread with an auto-generated thread name
54 * and its context class loader is set to the system class loader.
55 */
56 public static Thread newThread(Runnable target) {
57 return newThread(newName(), target);
58 }
59
60 /**
61 * Returns a new InnocuousThread with its context class loader
62 * set to the system class loader.
63 */
64 public static Thread newThread(String name, Runnable target) {
65 return new InnocuousThread(INNOCUOUSTHREADGROUP,
66 target,
67 name,
68 ClassLoader.getSystemClassLoader());
69 }
70
71 /**
72 * Returns a new InnocuousThread with an auto-generated thread name.
73 * Its context class loader is set to null.
74 */
75 public static Thread newSystemThread(Runnable target) {
76 return newSystemThread(newName(), target);
77 }
78
79 /**
80 * Returns a new InnocuousThread with null context class loader.
81 */
82 public static Thread newSystemThread(String name, Runnable target) {
83 return new InnocuousThread(INNOCUOUSTHREADGROUP,
84 target, name, null);
85 }
86
87 private InnocuousThread(ThreadGroup group, Runnable target, String name, ClassLoader tccl) {
88 super(group, target, name, 0L, false);
89 UNSAFE.putObjectRelease(this, INHERITEDACCESSCONTROLCONTEXT, ACC);
90 UNSAFE.putObjectRelease(this, CONTEXTCLASSLOADER, tccl);
91 }
92
93 @Override
94 public void setUncaughtExceptionHandler(UncaughtExceptionHandler x) {
95 // silently fail
96 }
97
98 @Override
99 public void setContextClassLoader(ClassLoader cl) {
100 // Allow clearing of the TCCL to remove the reference to the system classloader.
101 if (cl == null)
102 super.setContextClassLoader(null);
103 else
104 throw new SecurityException("setContextClassLoader");
105 }
106
107 /**
108 * Drops all thread locals (and inherited thread locals).
109 */
110 public final void eraseThreadLocals() {
111 UNSAFE.putObject(this, THREAD_LOCALS, null);
112 UNSAFE.putObject(this, INHERITABLE_THREAD_LOCALS, null);
113 }
114
115 // ensure run method is run only once
116 private volatile boolean hasRun;
117
118 @Override
119 public void run() {
120 if (Thread.currentThread() == this && !hasRun) {
121 hasRun = true;
122 super.run();
123 }
124 }
125
126 // Use Unsafe to access Thread group and ThreadGroup parent fields
127 static {
128 try {
129 ACC = new AccessControlContext(new ProtectionDomain[] {
130 new ProtectionDomain(null, null)
131 });
132
133 // Find and use topmost ThreadGroup as parent of new group
134 UNSAFE = jdk.internal.misc.Unsafe.getUnsafe();
135 Class<?> tk = Thread.class;
136 Class<?> gk = ThreadGroup.class;
137
138 THREAD_LOCALS = UNSAFE.objectFieldOffset
139 (tk.getDeclaredField("threadLocals"));
140 INHERITABLE_THREAD_LOCALS = UNSAFE.objectFieldOffset
141 (tk.getDeclaredField("inheritableThreadLocals"));
142 INHERITEDACCESSCONTROLCONTEXT = UNSAFE.objectFieldOffset
143 (tk.getDeclaredField("inheritedAccessControlContext"));
144 CONTEXTCLASSLOADER = UNSAFE.objectFieldOffset
145 (tk.getDeclaredField("contextClassLoader"));
146
147 long tg = UNSAFE.objectFieldOffset(tk.getDeclaredField("group"));
148 long gp = UNSAFE.objectFieldOffset(gk.getDeclaredField("parent"));
149 ThreadGroup group = (ThreadGroup)
150 UNSAFE.getObject(Thread.currentThread(), tg);
151
152 while (group != null) {
153 ThreadGroup parent = (ThreadGroup)UNSAFE.getObject(group, gp);
154 if (parent == null)
155 break;
156 group = parent;
157 }
158 final ThreadGroup root = group;
159 INNOCUOUSTHREADGROUP = AccessController.doPrivileged(
160 new PrivilegedAction<ThreadGroup>() {
161 @Override
162 public ThreadGroup run() {
163 return new ThreadGroup(root, "InnocuousThreadGroup");
164 }
165 });
166 } catch (Exception e) {
167 throw new Error(e);
168 }
169 }
170 }