447 accessee_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION)) {
448 return classloader_only &&
449 Verifier::relax_access_for(accessor_ik->class_loader()) &&
450 accessor_ik->protection_domain() == accessee_ik->protection_domain() &&
451 accessor_ik->class_loader() == accessee_ik->class_loader();
452 }
453
454 return false;
455 }
456
457 /*
458 Type Accessibility check for public types: Callee Type T is accessible to Caller Type S if:
459
460 Callee T in Callee T in package PT,
461 unnamed module runtime module MT
462 ------------------------------------------------------------------------------------------------
463
464 Caller S in package If MS is loose: YES If same classloader/package (PS == PT): YES
465 PS, runtime module MS If MS can read T's If same runtime module: (MS == MT): YES
466 unnamed module: YES
467 Else if (MS can read MT (Establish readability) &&
468 MT exports PT to MS or to all modules): YES
469
470 ------------------------------------------------------------------------------------------------
471 Caller S in unnamed YES Readability exists because unnamed module
472 module UM "reads" all modules
473 if (MT exports PT to UM or to all modules): YES
474
475 ------------------------------------------------------------------------------------------------
476
477 Note: a loose module is a module that can read all current and future unnamed modules.
478 */
479 Reflection::VerifyClassAccessResults Reflection::verify_class_access(
480 const Klass* current_class, const Klass* new_class, bool classloader_only) {
481
482 // Verify that current_class can access new_class. If the classloader_only
483 // flag is set, we automatically allow any accesses in which current_class
484 // doesn't have a classloader.
485 if ((current_class == NULL) ||
486 (current_class == new_class) ||
487 is_same_class_package(current_class, new_class)) {
488 return ACCESS_OK;
501 return ACCESS_OK;
502 }
503
504 // Find the module entry for current_class, the accessor
505 ModuleEntry* module_from = current_class->module();
506 // Find the module entry for new_class, the accessee
507 if (new_class->is_objArray_klass()) {
508 new_class = ObjArrayKlass::cast(new_class)->bottom_klass();
509 }
510 if (new_class->is_typeArray_klass()) {
511 // A TypeArray's defining module is java.base, access to the TypeArray is allowed
512 return ACCESS_OK;
513 }
514 ModuleEntry* module_to = new_class->module();
515
516 // both in same (possibly unnamed) module
517 if (module_from == module_to) {
518 return ACCESS_OK;
519 }
520
521 // Acceptable access to a type in an unamed module. Note that since
522 // unnamed modules can read all unnamed modules, this also handles the
523 // case where module_from is also unnamed but in a different class loader.
524 if (!module_to->is_named() &&
525 (module_from->can_read_all_unnamed() || module_from->can_read(module_to))) {
526 return ACCESS_OK;
527 }
528
529 // Establish readability, check if module_from is allowed to read module_to.
530 if (!module_from->can_read(module_to)) {
531 return MODULE_NOT_READABLE;
532 }
533
534 PackageEntry* package_to = new_class->package();
535 assert(package_to != NULL, "can not obtain new_class' package");
536
537 {
538 MutexLocker m1(Module_lock);
539
540 // Once readability is established, if module_to exports T unqualifiedly,
541 // (to all modules), than whether module_from is in the unnamed module
542 // or not does not matter, access is allowed.
543 if (package_to->is_unqual_exported()) {
544 return ACCESS_OK;
545 }
546
547 // Access is allowed if both 1 & 2 hold:
548 // 1. Readability, module_from can read module_to (established above).
549 // 2. Either module_to exports T to module_from qualifiedly.
550 // or
551 // module_to exports T to all unnamed modules and module_from is unnamed.
|
447 accessee_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION)) {
448 return classloader_only &&
449 Verifier::relax_access_for(accessor_ik->class_loader()) &&
450 accessor_ik->protection_domain() == accessee_ik->protection_domain() &&
451 accessor_ik->class_loader() == accessee_ik->class_loader();
452 }
453
454 return false;
455 }
456
457 /*
458 Type Accessibility check for public types: Callee Type T is accessible to Caller Type S if:
459
460 Callee T in Callee T in package PT,
461 unnamed module runtime module MT
462 ------------------------------------------------------------------------------------------------
463
464 Caller S in package If MS is loose: YES If same classloader/package (PS == PT): YES
465 PS, runtime module MS If MS can read T's If same runtime module: (MS == MT): YES
466 unnamed module: YES
467 Else if (MS can read MT (establish readability) &&
468 ((MT exports PT to MS or to all modules) ||
469 (MT is open))): YES
470
471 ------------------------------------------------------------------------------------------------
472 Caller S in unnamed YES Readability exists because unnamed module
473 module UM "reads" all modules
474 if (MT exports PT to UM or to all modules): YES
475
476 ------------------------------------------------------------------------------------------------
477
478 Note: a loose module is a module that can read all current and future unnamed modules.
479 */
480 Reflection::VerifyClassAccessResults Reflection::verify_class_access(
481 const Klass* current_class, const Klass* new_class, bool classloader_only) {
482
483 // Verify that current_class can access new_class. If the classloader_only
484 // flag is set, we automatically allow any accesses in which current_class
485 // doesn't have a classloader.
486 if ((current_class == NULL) ||
487 (current_class == new_class) ||
488 is_same_class_package(current_class, new_class)) {
489 return ACCESS_OK;
502 return ACCESS_OK;
503 }
504
505 // Find the module entry for current_class, the accessor
506 ModuleEntry* module_from = current_class->module();
507 // Find the module entry for new_class, the accessee
508 if (new_class->is_objArray_klass()) {
509 new_class = ObjArrayKlass::cast(new_class)->bottom_klass();
510 }
511 if (new_class->is_typeArray_klass()) {
512 // A TypeArray's defining module is java.base, access to the TypeArray is allowed
513 return ACCESS_OK;
514 }
515 ModuleEntry* module_to = new_class->module();
516
517 // both in same (possibly unnamed) module
518 if (module_from == module_to) {
519 return ACCESS_OK;
520 }
521
522 // Acceptable access to a type in an unnamed module. Note that since
523 // unnamed modules can read all unnamed modules, this also handles the
524 // case where module_from is also unnamed but in a different class loader.
525 if (!module_to->is_named() &&
526 (module_from->can_read_all_unnamed() || module_from->can_read(module_to))) {
527 return ACCESS_OK;
528 }
529
530 // Establish readability, check if module_from is allowed to read module_to.
531 if (!module_from->can_read(module_to)) {
532 return MODULE_NOT_READABLE;
533 }
534
535 // Access is allowed if module_to is open, i.e. all its packages are unqualifiedly exported
536 if (module_to->is_open()) {
537 return ACCESS_OK;
538 }
539
540 PackageEntry* package_to = new_class->package();
541 assert(package_to != NULL, "can not obtain new_class' package");
542
543 {
544 MutexLocker m1(Module_lock);
545
546 // Once readability is established, if module_to exports T unqualifiedly,
547 // (to all modules), than whether module_from is in the unnamed module
548 // or not does not matter, access is allowed.
549 if (package_to->is_unqual_exported()) {
550 return ACCESS_OK;
551 }
552
553 // Access is allowed if both 1 & 2 hold:
554 // 1. Readability, module_from can read module_to (established above).
555 // 2. Either module_to exports T to module_from qualifiedly.
556 // or
557 // module_to exports T to all unnamed modules and module_from is unnamed.
|