43 OopHandle CDSProtectionDomain::_shared_protection_domains;
44 OopHandle CDSProtectionDomain::_shared_jar_urls;
45 OopHandle CDSProtectionDomain::_shared_jar_manifests;
46
47 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
48 // the given InstanceKlass.
49 // Returns the ProtectionDomain for the InstanceKlass.
50 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
51 int index = ik->shared_classpath_index();
52 assert(index >= 0, "Sanity");
53 SharedClassPathEntry* ent = FileMapInfo::shared_path(index);
54 Symbol* class_name = ik->name();
55
56 if (ent->is_modules_image()) {
57 // For shared app/platform classes originated from the run-time image:
58 // The ProtectionDomains are cached in the corresponding ModuleEntries
59 // for fast access by the VM.
60 // all packages from module image are already created during VM bootstrap in
61 // Modules::define_module().
62 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
63 ModuleEntry* mod_entry = pkg_entry->module();
64 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
65 } else {
66 // For shared app/platform classes originated from JAR files on the class path:
67 // Each of the 3 SystemDictionaryShared::_shared_xxx arrays has the same length
68 // as the shared classpath table in the shared archive (see
69 // FileMap::_shared_path_table in filemap.hpp for details).
70 //
71 // If a shared InstanceKlass k is loaded from the class path, let
72 //
73 // index = k->shared_classpath_index():
74 //
75 // FileMap::_shared_path_table[index] identifies the JAR file that contains k.
76 //
77 // k's protection domain is:
78 //
79 // ProtectionDomain pd = _shared_protection_domains[index];
80 //
81 // and k's Package is initialized using
82 //
83 // manifest = _shared_jar_manifests[index];
84 // url = _shared_jar_urls[index];
85 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
86 //
87 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
88 // the corresponding SystemDictionaryShared::get_shared_xxx() function.
89 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
90 Handle url = get_shared_jar_url(index, CHECK_NH);
91 int index_offset = index - ClassLoaderExt::app_class_paths_start_index();
92 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
93 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
94 // define_shared_package only needs to be called once for each package in a jar specified
95 // in the shared class path.
96 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
97 if (pkg_entry != nullptr) {
98 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
99 }
100 }
101 } else {
102 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
103 }
104 return get_shared_protection_domain(class_loader, index, url, THREAD);
105 }
106 }
107
108 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
109 ResourceMark rm(THREAD);
110 Handle pkgname_string;
111 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
112 if (pkg != nullptr) { // Package prefix found
113 const char* pkgname = pkg->as_klass_external_name();
114 pkgname_string = java_lang_String::create_from_str(pkgname,
115 CHECK_(pkgname_string));
116 }
117 return pkgname_string;
118 }
119
120 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
121 PackageEntry* pkg_entry = ik->package();
122 if (CDSConfig::is_using_full_module_graph() && ik->is_shared() && pkg_entry != nullptr) {
200 Handle url_h;
201 if (shared_jar_url(shared_path_index) == nullptr) {
202 JavaValue result(T_OBJECT);
203 const char* path = FileMapInfo::shared_path_name(shared_path_index);
204 Handle path_string = java_lang_String::create_from_str(path, CHECK_(url_h));
205 Klass* classLoaders_klass =
206 vmClasses::jdk_internal_loader_ClassLoaders_klass();
207 JavaCalls::call_static(&result, classLoaders_klass,
208 vmSymbols::toFileURL_name(),
209 vmSymbols::toFileURL_signature(),
210 path_string, CHECK_(url_h));
211
212 atomic_set_shared_jar_url(shared_path_index, result.get_oop());
213 }
214
215 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
216 assert(url_h.not_null(), "sanity");
217 return url_h;
218 }
219
220 // Get the ProtectionDomain associated with the CodeSource from the classloader.
221 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
222 Handle url, TRAPS) {
223 // CodeSource cs = new CodeSource(url, null);
224 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
225 vmSymbols::url_code_signer_array_void_signature(),
226 url, Handle(), CHECK_NH);
227
228 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
229 Klass* secureClassLoader_klass = vmClasses::SecureClassLoader_klass();
230 JavaValue obj_result(T_OBJECT);
231 JavaCalls::call_virtual(&obj_result, class_loader, secureClassLoader_klass,
232 vmSymbols::getProtectionDomain_name(),
233 vmSymbols::getProtectionDomain_signature(),
234 cs, CHECK_NH);
235 return Handle(THREAD, obj_result.get_oop());
236 }
237
238 // Returns the ProtectionDomain associated with the JAR file identified by the url.
239 Handle CDSProtectionDomain::get_shared_protection_domain(Handle class_loader,
|
43 OopHandle CDSProtectionDomain::_shared_protection_domains;
44 OopHandle CDSProtectionDomain::_shared_jar_urls;
45 OopHandle CDSProtectionDomain::_shared_jar_manifests;
46
47 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
48 // the given InstanceKlass.
49 // Returns the ProtectionDomain for the InstanceKlass.
50 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
51 int index = ik->shared_classpath_index();
52 assert(index >= 0, "Sanity");
53 SharedClassPathEntry* ent = FileMapInfo::shared_path(index);
54 Symbol* class_name = ik->name();
55
56 if (ent->is_modules_image()) {
57 // For shared app/platform classes originated from the run-time image:
58 // The ProtectionDomains are cached in the corresponding ModuleEntries
59 // for fast access by the VM.
60 // all packages from module image are already created during VM bootstrap in
61 // Modules::define_module().
62 assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
63 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
64 if (archived_pd.not_null()) {
65 return archived_pd;
66 }
67 ModuleEntry* mod_entry = pkg_entry->module();
68 return get_shared_protection_domain(class_loader, mod_entry, THREAD);
69 } else {
70 // For shared app/platform classes originated from JAR files on the class path:
71 // Each of the 3 SystemDictionaryShared::_shared_xxx arrays has the same length
72 // as the shared classpath table in the shared archive (see
73 // FileMap::_shared_path_table in filemap.hpp for details).
74 //
75 // If a shared InstanceKlass k is loaded from the class path, let
76 //
77 // index = k->shared_classpath_index():
78 //
79 // FileMap::_shared_path_table[index] identifies the JAR file that contains k.
80 //
81 // k's protection domain is:
82 //
83 // ProtectionDomain pd = _shared_protection_domains[index];
84 //
85 // and k's Package is initialized using
86 //
87 // manifest = _shared_jar_manifests[index];
88 // url = _shared_jar_urls[index];
89 // define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
90 //
91 // Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
92 // the corresponding SystemDictionaryShared::get_shared_xxx() function.
93 Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
94 Handle url = get_shared_jar_url(index, CHECK_NH);
95 if (!CDSConfig::is_loading_packages()) {
96 int index_offset = index - ClassLoaderExt::app_class_paths_start_index();
97 if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
98 if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
99 // define_shared_package only needs to be called once for each package in a jar specified
100 // in the shared class path.
101 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
102 if (pkg_entry != nullptr) {
103 pkg_entry->set_defined_by_cds_in_class_path(index_offset);
104 }
105 }
106 } else {
107 define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
108 }
109 }
110 Handle archived_pd = get_archived_protection_domain(THREAD, ik);
111 if (archived_pd.not_null()) {
112 return archived_pd;
113 }
114 return get_shared_protection_domain(class_loader, index, url, THREAD);
115 }
116 }
117
118 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
119 ResourceMark rm(THREAD);
120 Handle pkgname_string;
121 TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
122 if (pkg != nullptr) { // Package prefix found
123 const char* pkgname = pkg->as_klass_external_name();
124 pkgname_string = java_lang_String::create_from_str(pkgname,
125 CHECK_(pkgname_string));
126 }
127 return pkgname_string;
128 }
129
130 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
131 PackageEntry* pkg_entry = ik->package();
132 if (CDSConfig::is_using_full_module_graph() && ik->is_shared() && pkg_entry != nullptr) {
210 Handle url_h;
211 if (shared_jar_url(shared_path_index) == nullptr) {
212 JavaValue result(T_OBJECT);
213 const char* path = FileMapInfo::shared_path_name(shared_path_index);
214 Handle path_string = java_lang_String::create_from_str(path, CHECK_(url_h));
215 Klass* classLoaders_klass =
216 vmClasses::jdk_internal_loader_ClassLoaders_klass();
217 JavaCalls::call_static(&result, classLoaders_klass,
218 vmSymbols::toFileURL_name(),
219 vmSymbols::toFileURL_signature(),
220 path_string, CHECK_(url_h));
221
222 atomic_set_shared_jar_url(shared_path_index, result.get_oop());
223 }
224
225 url_h = Handle(THREAD, shared_jar_url(shared_path_index));
226 assert(url_h.not_null(), "sanity");
227 return url_h;
228 }
229
230 Handle CDSProtectionDomain::get_archived_protection_domain(JavaThread* current, InstanceKlass* klass) {
231 oop pd = nullptr;
232
233 if (CDSConfig::is_loading_protection_domains()) {
234 oop mirror;
235 if (klass->has_archived_mirror_index()) {
236 mirror = klass->archived_java_mirror();
237 } else {
238 mirror = klass->java_mirror();
239 }
240
241 if (mirror != nullptr) {
242 pd = java_lang_Class::protection_domain(mirror);
243 }
244 }
245
246 if (log_is_enabled(Info, cds, protectiondomain)) {
247 ResourceMark rm;
248 log_info(cds, protectiondomain)("Archived protection domain for %s = %s", klass->external_name(),
249 (pd == nullptr) ? "none" : "found");
250 }
251
252 if (pd == nullptr) {
253 return Handle();
254 } else {
255 return Handle(current, pd);
256 }
257 }
258
259 // Get the ProtectionDomain associated with the CodeSource from the classloader.
260 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
261 Handle url, TRAPS) {
262 // CodeSource cs = new CodeSource(url, null);
263 Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
264 vmSymbols::url_code_signer_array_void_signature(),
265 url, Handle(), CHECK_NH);
266
267 // protection_domain = SecureClassLoader.getProtectionDomain(cs);
268 Klass* secureClassLoader_klass = vmClasses::SecureClassLoader_klass();
269 JavaValue obj_result(T_OBJECT);
270 JavaCalls::call_virtual(&obj_result, class_loader, secureClassLoader_klass,
271 vmSymbols::getProtectionDomain_name(),
272 vmSymbols::getProtectionDomain_signature(),
273 cs, CHECK_NH);
274 return Handle(THREAD, obj_result.get_oop());
275 }
276
277 // Returns the ProtectionDomain associated with the JAR file identified by the url.
278 Handle CDSProtectionDomain::get_shared_protection_domain(Handle class_loader,
|