43 OopHandle CDSProtectionDomain::_shared_protection_domains;
44 OopHandle CDSProtectionDomain::_shared_jar_urls;
45 OopHandle CDSProtectionDomain::_shared_jar_manifests;
46
47 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
48 // the given InstanceKlass.
49 // Returns the ProtectionDomain for the InstanceKlass.
50 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
51 int index = ik->shared_classpath_index();
52 assert(index >= 0, "Sanity");
53 const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(index);
54 Symbol* class_name = ik->name();
55
56 if (cl->is_modules_image()) {
57 // For shared app/platform classes originated from the run-time image:
58 // The ProtectionDomains are cached in the corresponding ModuleEntries
59 // for fast access by the VM.
60 // all packages from module image are already created during VM bootstrap in
61 // Modules::define_module().
62 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
63 ModuleEntry* mod_entry = pkg_entry->module();
64 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
65 } else {
66 // For shared app/platform classes originated from JAR files on the class path:
67 // Each of the 3 CDSProtectionDomain::_shared_xxx arrays has the same length
68 // as the shared classpath table in the shared archive.
69 //
70 // If a shared InstanceKlass k is loaded from the class path, let
71 //
72 // index = k->shared_classpath_index();
73 //
74 // AOTClassLocationConfig::_runtime_instance->_array->at(index) identifies the JAR file that contains k.
75 //
76 // k's protection domain is:
77 //
78 // ProtectionDomain pd = _shared_protection_domains[index];
79 //
80 // and k's Package is initialized using
81 //
82 // manifest = _shared_jar_manifests[index];
83 // url = _shared_jar_urls[index];
84 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
85 //
86 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
87 // the corresponding CDSProtectionDomain::get_shared_xxx() function.
88 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
89 Handle url = get_shared_jar_url(index, CHECK_NH);
90 int index_offset = index - AOTClassLocationConfig::runtime()->app_cp_start_index();
91 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
92 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
93 // define_shared_package only needs to be called once for each package in a jar specified
94 // in the shared class path.
95 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
96 if (pkg_entry != nullptr) {
97 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
98 }
99 }
100 } else {
101 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
102 }
103 return get_shared_protection_domain(class_loader, index, url, THREAD);
104 }
105 }
106
107 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
108 ResourceMark rm(THREAD);
109 Handle pkgname_string;
110 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
111 if (pkg != nullptr) { // Package prefix found
112 const char* pkgname = pkg->as_klass_external_name();
113 pkgname_string = java_lang_String::create_from_str(pkgname,
114 CHECK_(pkgname_string));
115 }
116 return pkgname_string;
117 }
118
119 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
120 PackageEntry* pkg_entry = ik->package();
121 if (CDSConfig::is_using_full_module_graph() && ik->is_shared() && pkg_entry != nullptr) {
191 atomic_set_shared_jar_manifest(shared_path_index, manifest());
192 }
193 manifest = Handle(THREAD, shared_jar_manifest(shared_path_index));
194 assert(manifest.not_null(), "sanity");
195 return manifest;
196 }
197
198 Handle CDSProtectionDomain::get_shared_jar_url(int shared_path_index, TRAPS) {
199 Handle url_h;
200 if (shared_jar_url(shared_path_index) == nullptr) {
201 const char* path = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index)->path();
202 oop result_oop = to_file_URL(path, url_h, CHECK_(url_h));
203 atomic_set_shared_jar_url(shared_path_index, result_oop);
204 }
205
206 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
207 assert(url_h.not_null(), "sanity");
208 return url_h;
209 }
210
211 oop CDSProtectionDomain::to_file_URL(const char* path, Handle url_h, TRAPS) {
212 JavaValue result(T_OBJECT);
213 Handle path_string = java_lang_String::create_from_str(path, CHECK_NULL);
214 JavaCalls::call_static(&result,
215 vmClasses::jdk_internal_loader_ClassLoaders_klass(),
216 vmSymbols::toFileURL_name(),
217 vmSymbols::toFileURL_signature(),
218 path_string, CHECK_NULL);
219 return result.get_oop();
220 }
221
222 // Get the ProtectionDomain associated with the CodeSource from the classloader.
223 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
224 Handle url, TRAPS) {
225 // CodeSource cs = new CodeSource(url, null);
226 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
227 vmSymbols::url_code_signer_array_void_signature(),
228 url, Handle(), CHECK_NH);
229
230 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
|
43 OopHandle CDSProtectionDomain::_shared_protection_domains;
44 OopHandle CDSProtectionDomain::_shared_jar_urls;
45 OopHandle CDSProtectionDomain::_shared_jar_manifests;
46
47 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
48 // the given InstanceKlass.
49 // Returns the ProtectionDomain for the InstanceKlass.
50 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
51 int index = ik->shared_classpath_index();
52 assert(index >= 0, "Sanity");
53 const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(index);
54 Symbol* class_name = ik->name();
55
56 if (cl->is_modules_image()) {
57 // For shared app/platform classes originated from the run-time image:
58 // The ProtectionDomains are cached in the corresponding ModuleEntries
59 // for fast access by the VM.
60 // all packages from module image are already created during VM bootstrap in
61 // Modules::define_module().
62 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
63 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
64 if (archived_pd.not_null()) {
65 return archived_pd;
66 }
67 ModuleEntry* mod_entry = pkg_entry->module();
68 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
69 } else {
70 // For shared app/platform classes originated from JAR files on the class path:
71 // Each of the 3 CDSProtectionDomain::_shared_xxx arrays has the same length
72 // as the shared classpath table in the shared archive.
73 //
74 // If a shared InstanceKlass k is loaded from the class path, let
75 //
76 // index = k->shared_classpath_index();
77 //
78 // AOTClassLocationConfig::_runtime_instance->_array->at(index) identifies the JAR file that contains k.
79 //
80 // k's protection domain is:
81 //
82 // ProtectionDomain pd = _shared_protection_domains[index];
83 //
84 // and k's Package is initialized using
85 //
86 // manifest = _shared_jar_manifests[index];
87 // url = _shared_jar_urls[index];
88 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
89 //
90 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
91 // the corresponding CDSProtectionDomain::get_shared_xxx() function.
92 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
93 Handle url = get_shared_jar_url(index, CHECK_NH);
94 if (!CDSConfig::is_loading_packages()) { // leyden
95 int index_offset = index - AOTClassLocationConfig::runtime()->app_cp_start_index();
96 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
97 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
98 // define_shared_package only needs to be called once for each package in a jar specified
99 // in the shared class path.
100 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
101 if (pkg_entry != nullptr) {
102 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
103 }
104 } else {
105 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
106 }
107 }
108 } // leyden-end
109 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
110 if (archived_pd.not_null()) {
111 return archived_pd;
112 }
113 return get_shared_protection_domain(class_loader, index, url, THREAD);
114 }
115 }
116
117 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
118 ResourceMark rm(THREAD);
119 Handle pkgname_string;
120 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
121 if (pkg != nullptr) { // Package prefix found
122 const char* pkgname = pkg->as_klass_external_name();
123 pkgname_string = java_lang_String::create_from_str(pkgname,
124 CHECK_(pkgname_string));
125 }
126 return pkgname_string;
127 }
128
129 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
130 PackageEntry* pkg_entry = ik->package();
131 if (CDSConfig::is_using_full_module_graph() && ik->is_shared() && pkg_entry != nullptr) {
201 atomic_set_shared_jar_manifest(shared_path_index, manifest());
202 }
203 manifest = Handle(THREAD, shared_jar_manifest(shared_path_index));
204 assert(manifest.not_null(), "sanity");
205 return manifest;
206 }
207
208 Handle CDSProtectionDomain::get_shared_jar_url(int shared_path_index, TRAPS) {
209 Handle url_h;
210 if (shared_jar_url(shared_path_index) == nullptr) {
211 const char* path = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index)->path();
212 oop result_oop = to_file_URL(path, url_h, CHECK_(url_h));
213 atomic_set_shared_jar_url(shared_path_index, result_oop);
214 }
215
216 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
217 assert(url_h.not_null(), "sanity");
218 return url_h;
219 }
220
221
222 Handle CDSProtectionDomain::get_archived_protection_domain(JavaThread* current, InstanceKlass* klass) {
223 oop pd = nullptr;
224
225 if (CDSConfig::is_loading_protection_domains()) {
226 oop mirror;
227 if (klass->has_archived_mirror_index()) {
228 mirror = klass->archived_java_mirror();
229 } else {
230 mirror = klass->java_mirror();
231 }
232
233 if (mirror != nullptr) {
234 pd = java_lang_Class::protection_domain(mirror);
235 }
236 }
237
238 if (log_is_enabled(Info, cds, protectiondomain)) {
239 ResourceMark rm;
240 log_info(cds, protectiondomain)("Archived protection domain for %s = %s", klass->external_name(),
241 (pd == nullptr) ? "none" : "found");
242 }
243
244 if (pd == nullptr) {
245 return Handle();
246 } else {
247 return Handle(current, pd);
248 }
249 }
250
251 oop CDSProtectionDomain::to_file_URL(const char* path, Handle url_h, TRAPS) {
252 JavaValue result(T_OBJECT);
253 Handle path_string = java_lang_String::create_from_str(path, CHECK_NULL);
254 JavaCalls::call_static(&result,
255 vmClasses::jdk_internal_loader_ClassLoaders_klass(),
256 vmSymbols::toFileURL_name(),
257 vmSymbols::toFileURL_signature(),
258 path_string, CHECK_NULL);
259 return result.get_oop();
260 }
261
262 // Get the ProtectionDomain associated with the CodeSource from the classloader.
263 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
264 Handle url, TRAPS) {
265 // CodeSource cs = new CodeSource(url, null);
266 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
267 vmSymbols::url_code_signer_array_void_signature(),
268 url, Handle(), CHECK_NH);
269
270 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
|