Re: [patch #3174] Default implementation of VMAccessController.getStack

[Mark Wielaard]

Hi,

On Fri, 2004-07-02 at 05:16, Casey Marshall wrote:
> Attaching a new patch, that provides a simpler, but secure,
> implementation of getStack. It returns and empty stack, which will
> resolve to no permissions whatsoever. Thus, this implementation denys
> ANY attempt to access a protected resource, even by system classes.
> 
> This also fixes a bug in AccessControlContext, so it checks if the set
> of ProtectionDomains is empty.

Thanks a lot. I am finally convinced that we need such a default
implementation for 0.10 because we would break all existing runtimes
otherwise. (The ServiceRegistry depends on access controller working.)

I am committing as follows:

2004-07-01  Casey Marshall <address@hidden>

       * java/security/AccessControlContext.java
       (checkPermission): check for empty context.
       * vm/reference/java/security/VMAccessController.java
       (getContext): combine debugging statements.
       (getStack): implemented.

       * NEWS: Describe new platform dependent VMAccessController class.

Thanks,

Mark

Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.2282
diff -u -r1.2282 ChangeLog
--- ChangeLog   4 Jul 2004 16:50:52 -0000       1.2282
+++ ChangeLog   4 Jul 2004 18:26:50 -0000
@@ -1,3 +1,13 @@
+2004-07-01  Casey Marshall <address@hidden>
+
+       * java/security/AccessControlContext.java
+       (checkPermission): check for empty context.
+       * vm/reference/java/security/VMAccessController.java
+       (getContext): combine debugging statements.
+       (getStack): implemented.
+
+       * NEWS: Describe new platform dependent VMAccessController class.
+
 2004-07-04  Mark Wielaard  <address@hidden>
 
        * java/lang/System.java (static): Add (fake) ASCII support to
Index: NEWS
===================================================================
RCS file: /cvsroot/classpath/classpath/NEWS,v
retrieving revision 1.42
diff -u -r1.42 NEWS
--- NEWS        28 Jun 2004 19:39:06 -0000      1.42
+++ NEWS        4 Jul 2004 18:26:50 -0000
@@ -21,6 +21,16 @@
   a default implementation written in java. For efficiency and to
   prevent spurious wakeups a real 'native' runtime version can be supplied.
 
+* There is a new java.security.VMAccessController class that runtimes need
+  to implement to properly support SecurityManagers. The default
+  implementation that comes with GNU Classpath makes sure that ANY attempt
+  to access a protected resource is denied when a SecurityManager is
+  installed. Which is pretty secure, but also no very useful.
+  Please see the documentation in
+  vm/reference/java/security/VMAccessController.java,
+  and please give feedback on the GNU Classpath mailinglist whether or not
+  the current AccessController framework is flexible enough.
+
 New in release 0.09 (2004/02/02)
 
 * Includes updated GNU JAXP version from 2004-02-01.
Index: java/security/AccessControlContext.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/AccessControlContext.java,v
retrieving revision 1.8
diff -u -r1.8 AccessControlContext.java
--- java/security/AccessControlContext.java     3 Jun 2004 13:21:35 -0000       
1.8
+++ java/security/AccessControlContext.java     4 Jul 2004 18:26:50 -0000
@@ -118,6 +118,8 @@
    */
   public void checkPermission(Permission perm) throws AccessControlException
   {
+    if (protectionDomains.length == 0)
+      throw new AccessControlException ("permission not granted");
     for (int i = 0; i < protectionDomains.length; i++)
       if (!protectionDomains[i].implies(perm))
         throw new AccessControlException ("permission not granted");
Index: vm/reference/java/security/VMAccessController.java
===================================================================
RCS file: 
/cvsroot/classpath/classpath/vm/reference/java/security/VMAccessController.java,v
retrieving revision 1.1
diff -u -r1.1 VMAccessController.java
--- vm/reference/java/security/VMAccessController.java  3 Jun 2004 09:16:58 
-0000       1.1
+++ vm/reference/java/security/VMAccessController.java  4 Jul 2004 18:26:50 
-0000
@@ -169,9 +169,11 @@
         Class clazz = classes[i];
         String method = methods[i];
 
-        if (DEBUG) debug (">>> checking " + clazz + "." + method);
-
-        if (DEBUG) debug (">>> loader = " + clazz.getClassLoader());
+        if (DEBUG)
+          {
+            debug (">>> checking " + clazz + "." + method);
+            debug (">>> loader = " + clazz.getClassLoader());
+          }
 
         if (clazz.equals (AccessController.class)
             && method.equals ("doPrivileged"))
@@ -226,11 +228,15 @@
    * <i>i</i>. The arrays are clean; it will only contain Java methods,
    * and no element of the list should be null.
    *
-   * <p>XXX note: this interface (VMAccessController) would possibly be
-   * cleaner if we had a method similar to this, but returned an array
-   * of java.lang.reflect.Method objects. Then, instead of having this
-   * much logic in this class, we put everything in AccessController,
-   * and simply have this single getStack method for a VM to implement.
+   * <p>The default implementation returns an empty stack, which will be
+   * interpreted as having no permissions whatsoever.
+   *
+   * @return A pair of arrays describing the current call stack. The first
+   *    element is an array of Class objects, and the second is an array
+   *    of Strings comprising the method names.
    */
-  private static native Object[][] getStack();
+  private static Object[][] getStack()
+  {
+    return new Object[][] { new Class[0], new String[0] };
+  }
 }

signature.asc
Description: This is a digitally signed message part