# HG changeset patch # User redestad # Date 1525093080 -7200 # Mon Apr 30 14:58:00 2018 +0200 # Node ID 4cdca0b7400914794fe5b9cf3bae20ec8fbb1c7c # Parent b708a1e34fcc3f884206cd3706ad5fbfe503ce10 8202419: Avoid creating Permission constants early Reviewed-by: alanb diff --git a/src/java.base/share/classes/java/lang/Thread.java b/src/java.base/share/classes/java/lang/Thread.java --- a/src/java.base/share/classes/java/lang/Thread.java +++ b/src/java.base/share/classes/java/lang/Thread.java @@ -425,7 +425,8 @@ */ if (security != null) { if (isCCLOverridden(getClass())) { - security.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION); + security.checkPermission( + SecurityConstants.SUBCLASS_IMPLEMENTATION_PERMISSION); } } @@ -1703,10 +1704,6 @@ return m; } - - private static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION = - new RuntimePermission("enableContextClassLoaderOverride"); - /** cache of subclass security audit results */ /* Replace with ConcurrentReferenceHashMap when/if it appears in a future * release */ diff --git a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java --- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java +++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java @@ -35,6 +35,7 @@ import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; import sun.security.action.GetPropertyAction; +import sun.security.util.SecurityConstants; /** * The {@code AccessibleObject} class is the base class for {@code Field}, @@ -73,17 +74,14 @@ */ public class AccessibleObject implements AnnotatedElement { - /** - * The Permission object that is used to check whether a client - * has sufficient privilege to defeat Java language access - * control checks. - */ - private static final java.security.Permission ACCESS_PERMISSION = - new ReflectPermission("suppressAccessChecks"); - static void checkPermission() { SecurityManager sm = System.getSecurityManager(); - if (sm != null) sm.checkPermission(ACCESS_PERMISSION); + if (sm != null) { + // SecurityConstants.ACCESS_PERMISSION is used to check + // whether a client has sufficient privilege to defeat Java + // language access control checks. + sm.checkPermission(SecurityConstants.ACCESS_PERMISSION); + } } /** diff --git a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java --- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java +++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java @@ -47,6 +47,7 @@ import jdk.internal.misc.VM; import sun.reflect.misc.ReflectUtil; import sun.security.action.GetPropertyAction; +import sun.security.util.SecurityConstants; /**

The master factory for all reflective objects, both those in java.lang.reflect (Fields, Methods, Constructors) as well as their @@ -63,8 +64,6 @@ public class ReflectionFactory { private static boolean initted = false; - private static final Permission reflectionFactoryAccessPerm - = new RuntimePermission("reflectionFactoryAccess"); private static final ReflectionFactory soleInstance = new ReflectionFactory(); // Provides access to package-private mechanisms in java.lang.reflect private static volatile LangReflectAccess langReflectAccess; @@ -130,7 +129,8 @@ SecurityManager security = System.getSecurityManager(); if (security != null) { // TO DO: security.checkReflectionFactoryAccess(); - security.checkPermission(reflectionFactoryAccessPerm); + security.checkPermission( + SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION); } return soleInstance; } diff --git a/src/java.base/share/classes/sun/security/util/SecurityConstants.java b/src/java.base/share/classes/sun/security/util/SecurityConstants.java --- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java +++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java @@ -25,12 +25,10 @@ package sun.security.util; +import java.lang.reflect.ReflectPermission; import java.net.SocketPermission; import java.net.NetPermission; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.Permission; -import java.security.BasicPermission; import java.security.SecurityPermission; import java.security.AllPermission; import sun.security.action.GetPropertyAction; @@ -131,6 +129,10 @@ public static final RuntimePermission GET_STACK_TRACE_PERMISSION = new RuntimePermission("getStackTrace"); + // java.lang.Thread + public static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION = + new RuntimePermission("enableContextClassLoaderOverride"); + // java.security.AccessControlContext public static final SecurityPermission CREATE_ACC_PERMISSION = new SecurityPermission("createAccessControlContext"); @@ -149,4 +151,13 @@ public static final String PROVIDER_VER = GetPropertyAction.privilegedGetProperty("java.specification.version"); + + // java.lang.reflect.AccessibleObject + public static final ReflectPermission ACCESS_PERMISSION = + new ReflectPermission("suppressAccessChecks"); + + // sun.reflect.ReflectionFactory + public static final RuntimePermission REFLECTION_FACTORY_ACCESS_PERMISSION = + new RuntimePermission("reflectionFactoryAccess"); + }