[kaffe] CVS kaffe (guilhem): Merged VMAccessController in vmspecific section
Kaffe CVS
cvs-commits at kaffe.org
Sat Jan 7 10:08:41 PST 2006
PatchSet 7080
Date: 2006/01/07 17:48:32
Author: guilhem
Branch: HEAD
Tag: (none)
Log:
Merged VMAccessController in vmspecific section
2006-01-07 Guilhem Lavaux <guilhem at kaffe.org>,
Dalibor Topic <robilad at kaffe.org>
* libraries/javalib/vmspecific/java/security/VMAccessController.java:
Merged with new version in classpath.
Members:
ChangeLog:1.4599->1.4600
libraries/javalib/vmspecific/java/security/VMAccessController.java:1.1->1.2
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.4599 kaffe/ChangeLog:1.4600
--- kaffe/ChangeLog:1.4599 Sat Jan 7 05:33:00 2006
+++ kaffe/ChangeLog Sat Jan 7 17:48:32 2006
@@ -1,3 +1,9 @@
+2006-01-07 Guilhem Lavaux <guilhem at kaffe.org>,
+ Dalibor Topic <robilad at kaffe.org>
+
+ * libraries/javalib/vmspecific/java/security/VMAccessController.java:
+ Merged with new version in classpath.
+
2006-01-07 Wolfgang Baer <WBaer at gmx.de>
* libraries/javalib/Makefile.am.in (install-data-local, uninstall-local):
Index: kaffe/libraries/javalib/vmspecific/java/security/VMAccessController.java
diff -u kaffe/libraries/javalib/vmspecific/java/security/VMAccessController.java:1.1 kaffe/libraries/javalib/vmspecific/java/security/VMAccessController.java:1.2
--- kaffe/libraries/javalib/vmspecific/java/security/VMAccessController.java:1.1 Wed Oct 19 20:16:06 2005
+++ kaffe/libraries/javalib/vmspecific/java/security/VMAccessController.java Sat Jan 7 17:48:37 2006
@@ -76,7 +76,7 @@
DEFAULT_CONTEXT = new AccessControlContext(domain);
}
- private static final boolean DEBUG = false;
+ private static final boolean DEBUG = gnu.classpath.Configuration.DEBUG;
private static void debug(String msg)
{
System.err.print(">>> VMAccessController: ");
@@ -135,8 +135,11 @@
stack.removeFirst();
if (stack.isEmpty())
contexts.set(null);
- } else if (DEBUG)
+ }
+ else if (DEBUG)
+ {
debug("no stack during pop?????");
+ }
}
/**
@@ -169,7 +172,7 @@
String[] methods = (String[]) stack[1];
if (DEBUG)
- debug(">>> got trace of length " + classes.length);
+ debug("got trace of length " + classes.length);
HashSet domains = new HashSet();
HashSet seenDomains = new HashSet();
@@ -188,9 +191,9 @@
if (DEBUG)
{
- debug(">>> checking " + clazz + "." + method);
- // subject to getClassLoader RuntimePermission
- debug(">>> loader = " + clazz.getClassLoader());
+ debug("checking " + clazz + "." + method);
+ // subject to getClassLoader RuntimePermission
+ debug("loader = " + clazz.getClassLoader());
}
// If the previous frame was a call to doPrivileged, then this is
@@ -231,16 +234,25 @@
ProtectionDomain[] result = (ProtectionDomain[])
domains.toArray(new ProtectionDomain[domains.size()]);
- // Intersect the derived protection domain with the context supplied
- // to doPrivileged. We use the DomainCombiner fron the popped contest
- // to avoid that SubjectDomainCombiners with Subject information
- // get lost here.
if (context != null)
- context = new AccessControlContext(result, context,
- context.getDomainCombiner());
+ {
+ DomainCombiner dc = context.getDomainCombiner ();
+ // If the supplied context had no explicit DomainCombiner, use
+ // our private version, which computes the intersection of the
+ // context's domains with the derived set.
+ if (dc == null)
+ context = new AccessControlContext
+ (IntersectingDomainCombiner.SINGLETON.combine
+ (result, context.getProtectionDomains ()));
+ // Use the supplied DomainCombiner. This should be secure,
+ // because only trusted code may create an
+ // AccessControlContext with a custom DomainCombiner.
+ else
+ context = new AccessControlContext (result, context, dc);
+ }
// No context was supplied. Return the derived one.
else
- context = new AccessControlContext(result);
+ context = new AccessControlContext (result);
inGetContext.set(Boolean.FALSE);
return context;
@@ -254,11 +266,12 @@
* <i>i</i>. The arrays are clean; it will only contain Java methods,
* and no element of the list should be null.
*
- * <p>XXX note: this interface (VMAccessController) would possibly be
- * cleaner if we had a method similar to this, but returned an array
- * of java.lang.reflect.Method objects. Then, instead of having this
- * much logic in this class, we put everything in AccessController,
- * and simply have this single getStack method for a VM to implement.
+ * <p>The default implementation returns an empty stack, which will be
+ * interpreted as having no permissions whatsoever.
+ *
+ * @return A pair of arrays describing the current call stack. The first
+ * element is an array of Class objects, and the second is an array
+ * of Strings comprising the method names.
*/
private static native Object[][] getStack();
}
More information about the kaffe
mailing list