42 OopHandle CDSProtectionDomain::_shared_protection_domains;
43 OopHandle CDSProtectionDomain::_shared_jar_urls;
44 OopHandle CDSProtectionDomain::_shared_jar_manifests;
45
46 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
47 // the given InstanceKlass.
48 // Returns the ProtectionDomain for the InstanceKlass.
49 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
50 int index = ik->shared_classpath_index();
51 assert(index >= 0, "Sanity");
52 const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(index);
53 Symbol* class_name = ik->name();
54
55 if (cl->is_modules_image()) {
56 // For shared app/platform classes originated from the run-time image:
57 // The ProtectionDomains are cached in the corresponding ModuleEntries
58 // for fast access by the VM.
59 // all packages from module image are already created during VM bootstrap in
60 // Modules::define_module().
61 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
62 ModuleEntry* mod_entry = pkg_entry->module();
63 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
64 } else {
65 // For shared app/platform classes originated from JAR files on the class path:
66 // Each of the 3 CDSProtectionDomain::_shared_xxx arrays has the same length
67 // as the shared classpath table in the shared archive.
68 //
69 // If a shared InstanceKlass k is loaded from the class path, let
70 //
71 // index = k->shared_classpath_index();
72 //
73 // AOTClassLocationConfig::_runtime_instance->_array->at(index) identifies the JAR file that contains k.
74 //
75 // k's protection domain is:
76 //
77 // ProtectionDomain pd = _shared_protection_domains[index];
78 //
79 // and k's Package is initialized using
80 //
81 // manifest = _shared_jar_manifests[index];
82 // url = _shared_jar_urls[index];
83 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
84 //
85 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
86 // the corresponding CDSProtectionDomain::get_shared_xxx() function.
87 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
88 Handle url = get_shared_jar_url(index, CHECK_NH);
89 int index_offset = index - AOTClassLocationConfig::runtime()->app_cp_start_index();
90 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
91 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
92 // define_shared_package only needs to be called once for each package in a jar specified
93 // in the shared class path.
94 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
95 if (pkg_entry != nullptr) {
96 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
97 }
98 }
99 } else {
100 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
101 }
102 return get_shared_protection_domain(class_loader, index, url, THREAD);
103 }
104 }
105
106 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
107 ResourceMark rm(THREAD);
108 Handle pkgname_string;
109 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
110 if (pkg != nullptr) { // Package prefix found
111 const char* pkgname = pkg->as_klass_external_name();
112 pkgname_string = java_lang_String::create_from_str(pkgname,
113 CHECK_(pkgname_string));
114 }
115 return pkgname_string;
116 }
117
118 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
119 PackageEntry* pkg_entry = ik->package();
120 if (CDSConfig::is_using_full_module_graph() && ik->in_aot_cache() && pkg_entry != nullptr) {
189 atomic_set_shared_jar_manifest(shared_path_index, manifest());
190 }
191 manifest = Handle(THREAD, shared_jar_manifest(shared_path_index));
192 assert(manifest.not_null(), "sanity");
193 return manifest;
194 }
195
196 Handle CDSProtectionDomain::get_shared_jar_url(int shared_path_index, TRAPS) {
197 Handle url_h;
198 if (shared_jar_url(shared_path_index) == nullptr) {
199 const char* path = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index)->path();
200 oop result_oop = to_file_URL(path, url_h, CHECK_(url_h));
201 atomic_set_shared_jar_url(shared_path_index, result_oop);
202 }
203
204 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
205 assert(url_h.not_null(), "sanity");
206 return url_h;
207 }
208
209 oop CDSProtectionDomain::to_file_URL(const char* path, Handle url_h, TRAPS) {
210 JavaValue result(T_OBJECT);
211 Handle path_string = java_lang_String::create_from_str(path, CHECK_NULL);
212 JavaCalls::call_static(&result,
213 vmClasses::jdk_internal_loader_ClassLoaders_klass(),
214 vmSymbols::toFileURL_name(),
215 vmSymbols::toFileURL_signature(),
216 path_string, CHECK_NULL);
217 return result.get_oop();
218 }
219
220 // Get the ProtectionDomain associated with the CodeSource from the classloader.
221 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
222 Handle url, TRAPS) {
223 // CodeSource cs = new CodeSource(url, null);
224 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
225 vmSymbols::url_code_signer_array_void_signature(),
226 url, Handle(), CHECK_NH);
227
228 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
|
42 OopHandle CDSProtectionDomain::_shared_protection_domains;
43 OopHandle CDSProtectionDomain::_shared_jar_urls;
44 OopHandle CDSProtectionDomain::_shared_jar_manifests;
45
46 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
47 // the given InstanceKlass.
48 // Returns the ProtectionDomain for the InstanceKlass.
49 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
50 int index = ik->shared_classpath_index();
51 assert(index >= 0, "Sanity");
52 const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(index);
53 Symbol* class_name = ik->name();
54
55 if (cl->is_modules_image()) {
56 // For shared app/platform classes originated from the run-time image:
57 // The ProtectionDomains are cached in the corresponding ModuleEntries
58 // for fast access by the VM.
59 // all packages from module image are already created during VM bootstrap in
60 // Modules::define_module().
61 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
62 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
63 if (archived_pd.not_null()) {
64 return archived_pd;
65 }
66 ModuleEntry* mod_entry = pkg_entry->module();
67 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
68 } else {
69 // For shared app/platform classes originated from JAR files on the class path:
70 // Each of the 3 CDSProtectionDomain::_shared_xxx arrays has the same length
71 // as the shared classpath table in the shared archive.
72 //
73 // If a shared InstanceKlass k is loaded from the class path, let
74 //
75 // index = k->shared_classpath_index();
76 //
77 // AOTClassLocationConfig::_runtime_instance->_array->at(index) identifies the JAR file that contains k.
78 //
79 // k's protection domain is:
80 //
81 // ProtectionDomain pd = _shared_protection_domains[index];
82 //
83 // and k's Package is initialized using
84 //
85 // manifest = _shared_jar_manifests[index];
86 // url = _shared_jar_urls[index];
87 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
88 //
89 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
90 // the corresponding CDSProtectionDomain::get_shared_xxx() function.
91 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
92 Handle url = get_shared_jar_url(index, CHECK_NH);
93 if (!CDSConfig::is_loading_packages()) { // leyden
94 int index_offset = index - AOTClassLocationConfig::runtime()->app_cp_start_index();
95 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
96 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
97 // define_shared_package only needs to be called once for each package in a jar specified
98 // in the shared class path.
99 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
100 if (pkg_entry != nullptr) {
101 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
102 }
103 } else {
104 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
105 }
106 }
107 } // leyden-end
108 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
109 if (archived_pd.not_null()) {
110 return archived_pd;
111 }
112 return get_shared_protection_domain(class_loader, index, url, THREAD);
113 }
114 }
115
116 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
117 ResourceMark rm(THREAD);
118 Handle pkgname_string;
119 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
120 if (pkg != nullptr) { // Package prefix found
121 const char* pkgname = pkg->as_klass_external_name();
122 pkgname_string = java_lang_String::create_from_str(pkgname,
123 CHECK_(pkgname_string));
124 }
125 return pkgname_string;
126 }
127
128 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
129 PackageEntry* pkg_entry = ik->package();
130 if (CDSConfig::is_using_full_module_graph() && ik->in_aot_cache() && pkg_entry != nullptr) {
199 atomic_set_shared_jar_manifest(shared_path_index, manifest());
200 }
201 manifest = Handle(THREAD, shared_jar_manifest(shared_path_index));
202 assert(manifest.not_null(), "sanity");
203 return manifest;
204 }
205
206 Handle CDSProtectionDomain::get_shared_jar_url(int shared_path_index, TRAPS) {
207 Handle url_h;
208 if (shared_jar_url(shared_path_index) == nullptr) {
209 const char* path = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index)->path();
210 oop result_oop = to_file_URL(path, url_h, CHECK_(url_h));
211 atomic_set_shared_jar_url(shared_path_index, result_oop);
212 }
213
214 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
215 assert(url_h.not_null(), "sanity");
216 return url_h;
217 }
218
219
220 Handle CDSProtectionDomain::get_archived_protection_domain(JavaThread* current, InstanceKlass* klass) {
221 oop pd = nullptr;
222
223 if (CDSConfig::is_loading_protection_domains()) {
224 oop mirror;
225 if (klass->has_archived_mirror_index()) {
226 mirror = klass->archived_java_mirror();
227 } else {
228 mirror = klass->java_mirror();
229 }
230
231 if (mirror != nullptr) {
232 pd = java_lang_Class::protection_domain(mirror);
233 }
234 }
235
236 if (log_is_enabled(Info, cds, protectiondomain)) {
237 ResourceMark rm;
238 log_info(cds, protectiondomain)("Archived protection domain for %s = %s", klass->external_name(),
239 (pd == nullptr) ? "none" : "found");
240 }
241
242 if (pd == nullptr) {
243 return Handle();
244 } else {
245 return Handle(current, pd);
246 }
247 }
248
249 oop CDSProtectionDomain::to_file_URL(const char* path, Handle url_h, TRAPS) {
250 JavaValue result(T_OBJECT);
251 Handle path_string = java_lang_String::create_from_str(path, CHECK_NULL);
252 JavaCalls::call_static(&result,
253 vmClasses::jdk_internal_loader_ClassLoaders_klass(),
254 vmSymbols::toFileURL_name(),
255 vmSymbols::toFileURL_signature(),
256 path_string, CHECK_NULL);
257 return result.get_oop();
258 }
259
260 // Get the ProtectionDomain associated with the CodeSource from the classloader.
261 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
262 Handle url, TRAPS) {
263 // CodeSource cs = new CodeSource(url, null);
264 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
265 vmSymbols::url_code_signer_array_void_signature(),
266 url, Handle(), CHECK_NH);
267
268 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
|