summaryrefslogtreecommitdiff
path: root/java/openjdk6/files/icedtea/security/7169888.patch
diff options
context:
space:
mode:
Diffstat (limited to 'java/openjdk6/files/icedtea/security/7169888.patch')
-rw-r--r--java/openjdk6/files/icedtea/security/7169888.patch125
1 files changed, 125 insertions, 0 deletions
diff --git a/java/openjdk6/files/icedtea/security/7169888.patch b/java/openjdk6/files/icedtea/security/7169888.patch
new file mode 100644
index 000000000000..537648fc2ae8
--- /dev/null
+++ b/java/openjdk6/files/icedtea/security/7169888.patch
@@ -0,0 +1,125 @@
+# HG changeset patch
+# User dbuck
+# Date 1342799616 25200
+# Node ID 39b599e90c7b33435ca42ae96ed673812a8be3d7
+# Parent 47e7c8e33cd82dade3e84af94bff125cdbdae062
+7169888: Narrowing resource definitions in JMX RMI connector
+Summary: see bugdb 13932219 for details
+Reviewed-by: fparain, vikram
+
+diff --git a/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java b/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
+--- jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
++++ jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -39,11 +39,17 @@
+ import java.rmi.MarshalledObject;
+ import java.rmi.UnmarshalException;
+ import java.rmi.server.Unreferenced;
++
+ import java.security.AccessControlContext;
+ import java.security.AccessController;
++import java.security.Permission;
++import java.security.PermissionCollection;
++import java.security.Permissions;
+ import java.security.PrivilegedAction;
+ import java.security.PrivilegedActionException;
+ import java.security.PrivilegedExceptionAction;
++import java.security.ProtectionDomain;
++
+ import java.util.Arrays;
+ import java.util.Collections;
+ import java.util.Map;
+@@ -60,6 +66,7 @@
+ import javax.management.MBeanException;
+ import javax.management.MBeanInfo;
+ import javax.management.MBeanRegistrationException;
++import javax.management.MBeanPermission;
+ import javax.management.MBeanServer;
+ import javax.management.NotCompliantMBeanException;
+ import javax.management.NotificationFilter;
+@@ -144,15 +151,20 @@
+ this.mbeanServer = rmiServer.getMBeanServer();
+
+ final ClassLoader dcl = defaultClassLoader;
++
+ this.classLoaderWithRepository =
+ AccessController.doPrivileged(
+ new PrivilegedAction<ClassLoaderWithRepository>() {
+ public ClassLoaderWithRepository run() {
+ return new ClassLoaderWithRepository(
+- getClassLoaderRepository(),
++ mbeanServer.getClassLoaderRepository(),
+ dcl);
+ }
+- });
++ },
++
++ withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
++ new RuntimePermission("createClassLoader"))
++ );
+
+ serverCommunicatorAdmin = new
+ RMIServerCommunicatorAdmin(EnvHelp.getServerConnectionTimeout(env));
+@@ -160,6 +172,17 @@
+ this.env = env;
+ }
+
++ private static AccessControlContext withPermissions(Permission ... perms){
++ Permissions col = new Permissions();
++
++ for (Permission thePerm : perms ) {
++ col.add(thePerm);
++ }
++
++ final ProtectionDomain pd = new ProtectionDomain(null, col);
++ return new AccessControlContext( new ProtectionDomain[] { pd });
++ }
++
+ private synchronized ServerNotifForwarder getServerNotifFwd() {
+ // Lazily created when first use. Mainly when
+ // addNotificationListener is first called.
+@@ -1314,16 +1337,6 @@
+ // private methods
+ //------------------------------------------------------------------------
+
+- private ClassLoaderRepository getClassLoaderRepository() {
+- return
+- AccessController.doPrivileged(
+- new PrivilegedAction<ClassLoaderRepository>() {
+- public ClassLoaderRepository run() {
+- return mbeanServer.getClassLoaderRepository();
+- }
+- });
+- }
+-
+ private ClassLoader getClassLoader(final ObjectName name)
+ throws InstanceNotFoundException {
+ try {
+@@ -1333,7 +1346,9 @@
+ public ClassLoader run() throws InstanceNotFoundException {
+ return mbeanServer.getClassLoader(name);
+ }
+- });
++ },
++ withPermissions(new MBeanPermission("*", "getClassLoader"))
++ );
+ } catch (PrivilegedActionException pe) {
+ throw (InstanceNotFoundException) extractException(pe);
+ }
+@@ -1348,7 +1363,9 @@
+ public Object run() throws InstanceNotFoundException {
+ return mbeanServer.getClassLoaderFor(name);
+ }
+- });
++ },
++ withPermissions(new MBeanPermission("*", "getClassLoaderFor"))
++ );
+ } catch (PrivilegedActionException pe) {
+ throw (InstanceNotFoundException) extractException(pe);
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-10 03:26:36 +0000