1 /*
  2  * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.
  8  *
  9  * This code is distributed in the hope that it will be useful, but WITHOUT
 10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 12  * version 2 for more details (a copy is included in the LICENSE file that
 13  * accompanied this code).
 14  *
 15  * You should have received a copy of the GNU General Public License version
 16  * 2 along with this work; if not, write to the Free Software Foundation,
 17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 18  *
 19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 20  * or visit www.oracle.com if you need additional information or have any
 21  * questions.
 22  *
 23  */
 24 
 25 #include "cds/aotClassLocation.hpp"
 26 #include "cds/cdsConfig.hpp"
 27 #include "cds/cdsProtectionDomain.hpp"
 28 #include "classfile/classLoader.hpp"
 29 #include "classfile/classLoaderData.inline.hpp"
 30 #include "classfile/javaClasses.hpp"
 31 #include "classfile/moduleEntry.hpp"
 32 #include "classfile/systemDictionaryShared.hpp"
 33 #include "classfile/vmClasses.hpp"
 34 #include "classfile/vmSymbols.hpp"
 35 #include "memory/oopFactory.hpp"
 36 #include "memory/resourceArea.hpp"
 37 #include "memory/universe.hpp"
 38 #include "oops/instanceKlass.hpp"
 39 #include "oops/refArrayOop.hpp"
 40 #include "oops/symbol.hpp"
 41 #include "runtime/javaCalls.hpp"
 42 
 43 OopHandle CDSProtectionDomain::_shared_protection_domains;
 44 OopHandle CDSProtectionDomain::_shared_jar_urls;
 45 OopHandle CDSProtectionDomain::_shared_jar_manifests;
 46 
 47 // Initializes the java.lang.Package and java.security.ProtectionDomain objects associated with
 48 // the given InstanceKlass.
 49 // Returns the ProtectionDomain for the InstanceKlass.
 50 Handle CDSProtectionDomain::init_security_info(Handle class_loader, InstanceKlass* ik, PackageEntry* pkg_entry, TRAPS) {
 51   int index = ik->shared_classpath_index();
 52   assert(index >= 0, "Sanity");
 53   const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(index);
 54   Symbol* class_name = ik->name();
 55 
 56   if (cl->is_modules_image()) {
 57     // For shared app/platform classes originated from the run-time image:
 58     //   The ProtectionDomains are cached in the corresponding ModuleEntries
 59     //   for fast access by the VM.
 60     // all packages from module image are already created during VM bootstrap in
 61     // Modules::define_module().
 62     assert(pkg_entry != nullptr, "archived class in module image cannot be from unnamed package");
 63     ModuleEntry* mod_entry = pkg_entry->module();
 64     return get_shared_protection_domain(class_loader, mod_entry, THREAD);
 65   } else {
 66     // For shared app/platform classes originated from JAR files on the class path:
 67     //   Each of the 3 CDSProtectionDomain::_shared_xxx arrays has the same length
 68     //   as the shared classpath table in the shared archive.
 69     //
 70     //   If a shared InstanceKlass k is loaded from the class path, let
 71     //
 72     //     index = k->shared_classpath_index();
 73     //
 74     //   AOTClassLocationConfig::_runtime_instance->_array->at(index) identifies the JAR file that contains k.
 75     //
 76     //   k's protection domain is:
 77     //
 78     //     ProtectionDomain pd = _shared_protection_domains[index];
 79     //
 80     //   and k's Package is initialized using
 81     //
 82     //     manifest = _shared_jar_manifests[index];
 83     //     url = _shared_jar_urls[index];
 84     //     define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
 85     //
 86     //   Note that if an element of these 3 _shared_xxx arrays is null, it will be initialized by
 87     //   the corresponding CDSProtectionDomain::get_shared_xxx() function.
 88     Handle manifest = get_shared_jar_manifest(index, CHECK_NH);
 89     Handle url = get_shared_jar_url(index, CHECK_NH);
 90     int index_offset = index - AOTClassLocationConfig::runtime()->app_cp_start_index();
 91     if (index_offset < PackageEntry::max_index_for_defined_in_class_path()) {
 92       if (pkg_entry == nullptr || !pkg_entry->is_defined_by_cds_in_class_path(index_offset)) {
 93         // define_shared_package only needs to be called once for each package in a jar specified
 94         // in the shared class path.
 95         define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
 96         if (pkg_entry != nullptr) {
 97           pkg_entry->set_defined_by_cds_in_class_path(index_offset);
 98         }
 99       }
100     } else {
101       define_shared_package(class_name, class_loader, manifest, url, CHECK_NH);
102     }
103     return get_shared_protection_domain(class_loader, index, url, THREAD);
104   }
105 }
106 
107 Handle CDSProtectionDomain::get_package_name(Symbol* class_name, TRAPS) {
108   ResourceMark rm(THREAD);
109   Handle pkgname_string;
110   TempNewSymbol pkg = ClassLoader::package_from_class_name(class_name);
111   if (pkg != nullptr) { // Package prefix found
112     const char* pkgname = pkg->as_klass_external_name();
113     pkgname_string = java_lang_String::create_from_str(pkgname,
114                                                        CHECK_(pkgname_string));
115   }
116   return pkgname_string;
117 }
118 
119 PackageEntry* CDSProtectionDomain::get_package_entry_from_class(InstanceKlass* ik, Handle class_loader) {
120   PackageEntry* pkg_entry = ik->package();
121   if (CDSConfig::is_using_full_module_graph() && ik->is_shared() && pkg_entry != nullptr) {
122     assert(MetaspaceShared::is_in_shared_metaspace(pkg_entry), "must be");
123     assert(!ik->defined_by_other_loaders(), "unexpected archived package entry for an unregistered class");
124     return pkg_entry;
125   }
126   TempNewSymbol pkg_name = ClassLoader::package_from_class_name(ik->name());
127   if (pkg_name != nullptr) {
128     pkg_entry = ClassLoaderData::class_loader_data(class_loader())->packages()->lookup_only(pkg_name);
129   } else {
130     pkg_entry = nullptr;
131   }
132   return pkg_entry;
133 }
134 
135 // Define Package for shared app classes from JAR file and also checks for
136 // package sealing (all done in Java code)
137 // See http://docs.oracle.com/javase/tutorial/deployment/jar/sealman.html
138 void CDSProtectionDomain::define_shared_package(Symbol*  class_name,
139                                                    Handle class_loader,
140                                                    Handle manifest,
141                                                    Handle url,
142                                                    TRAPS) {
143   assert(SystemDictionary::is_system_class_loader(class_loader()), "unexpected class loader");
144   // get_package_name() returns a null handle if the class is in unnamed package
145   Handle pkgname_string = get_package_name(class_name, CHECK);
146   if (pkgname_string.not_null()) {
147     Klass* app_classLoader_klass = vmClasses::jdk_internal_loader_ClassLoaders_AppClassLoader_klass();
148     JavaValue result(T_OBJECT);
149     JavaCallArguments args(3);
150     args.set_receiver(class_loader);
151     args.push_oop(pkgname_string);
152     args.push_oop(manifest);
153     args.push_oop(url);
154     JavaCalls::call_virtual(&result, app_classLoader_klass,
155                             vmSymbols::defineOrCheckPackage_name(),
156                             vmSymbols::defineOrCheckPackage_signature(),
157                             &args,
158                             CHECK);
159   }
160 }
161 
162 Handle CDSProtectionDomain::create_jar_manifest(const char* manifest_chars, size_t size, TRAPS) {
163   typeArrayOop buf = oopFactory::new_byteArray((int)size, CHECK_NH);
164   typeArrayHandle bufhandle(THREAD, buf);
165   ArrayAccess<>::arraycopy_from_native(reinterpret_cast<const jbyte*>(manifest_chars),
166                                          buf, typeArrayOopDesc::element_offset<jbyte>(0), size);
167   Handle bais = JavaCalls::construct_new_instance(vmClasses::ByteArrayInputStream_klass(),
168                       vmSymbols::byte_array_void_signature(),
169                       bufhandle, CHECK_NH);
170   // manifest = new Manifest(ByteArrayInputStream)
171   Handle manifest = JavaCalls::construct_new_instance(vmClasses::Jar_Manifest_klass(),
172                       vmSymbols::input_stream_void_signature(),
173                       bais, CHECK_NH);
174   return manifest;
175 }
176 
177 Handle CDSProtectionDomain::get_shared_jar_manifest(int shared_path_index, TRAPS) {
178   Handle manifest;
179   if (shared_jar_manifest(shared_path_index) == nullptr) {
180     const AOTClassLocation* cl = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index);
181     size_t size = cl->manifest_length();
182     if (size == 0) {
183       return Handle();
184     }
185 
186     // ByteArrayInputStream bais = new ByteArrayInputStream(buf);
187     const char* src = cl->manifest();
188     assert(src != nullptr, "No Manifest data");
189     manifest = create_jar_manifest(src, size, CHECK_NH);
190     atomic_set_shared_jar_manifest(shared_path_index, manifest());
191   }
192   manifest = Handle(THREAD, shared_jar_manifest(shared_path_index));
193   assert(manifest.not_null(), "sanity");
194   return manifest;
195 }
196 
197 Handle CDSProtectionDomain::get_shared_jar_url(int shared_path_index, TRAPS) {
198   Handle url_h;
199   if (shared_jar_url(shared_path_index) == nullptr) {
200     const char* path = AOTClassLocationConfig::runtime()->class_location_at(shared_path_index)->path();
201     oop result_oop = to_file_URL(path, url_h, CHECK_(url_h));
202     atomic_set_shared_jar_url(shared_path_index, result_oop);
203   }
204 
205   url_h = Handle(THREAD, shared_jar_url(shared_path_index));
206   assert(url_h.not_null(), "sanity");
207   return url_h;
208 }
209 
210 oop CDSProtectionDomain::to_file_URL(const char* path, Handle url_h, TRAPS) {
211   JavaValue result(T_OBJECT);
212   Handle path_string = java_lang_String::create_from_str(path, CHECK_NULL);
213   JavaCalls::call_static(&result,
214                          vmClasses::jdk_internal_loader_ClassLoaders_klass(),
215                          vmSymbols::toFileURL_name(),
216                          vmSymbols::toFileURL_signature(),
217                          path_string, CHECK_NULL);
218   return result.get_oop();
219 }
220 
221 // Get the ProtectionDomain associated with the CodeSource from the classloader.
222 Handle CDSProtectionDomain::get_protection_domain_from_classloader(Handle class_loader,
223                                                                       Handle url, TRAPS) {
224   // CodeSource cs = new CodeSource(url, null);
225   Handle cs = JavaCalls::construct_new_instance(vmClasses::CodeSource_klass(),
226                   vmSymbols::url_code_signer_array_void_signature(),
227                   url, Handle(), CHECK_NH);
228 
229   // protection_domain = SecureClassLoader.getProtectionDomain(cs);
230   Klass* secureClassLoader_klass = vmClasses::SecureClassLoader_klass();
231   JavaValue obj_result(T_OBJECT);
232   JavaCalls::call_virtual(&obj_result, class_loader, secureClassLoader_klass,
233                           vmSymbols::getProtectionDomain_name(),
234                           vmSymbols::getProtectionDomain_signature(),
235                           cs, CHECK_NH);
236   return Handle(THREAD, obj_result.get_oop());
237 }
238 
239 // Returns the ProtectionDomain associated with the JAR file identified by the url.
240 Handle CDSProtectionDomain::get_shared_protection_domain(Handle class_loader,
241                                                             int shared_path_index,
242                                                             Handle url,
243                                                             TRAPS) {
244   Handle protection_domain;
245   if (shared_protection_domain(shared_path_index) == nullptr) {
246     Handle pd = get_protection_domain_from_classloader(class_loader, url, CHECK_NH);
247     atomic_set_shared_protection_domain(shared_path_index, pd());
248   }
249 
250   // Acquire from the cache because if another thread beats the current one to
251   // set the shared protection_domain and the atomic_set fails, the current thread
252   // needs to get the updated protection_domain from the cache.
253   protection_domain = Handle(THREAD, shared_protection_domain(shared_path_index));
254   assert(protection_domain.not_null(), "sanity");
255   return protection_domain;
256 }
257 
258 // Returns the ProtectionDomain associated with the moduleEntry.
259 Handle CDSProtectionDomain::get_shared_protection_domain(Handle class_loader,
260                                                          ModuleEntry* mod, TRAPS) {
261   ClassLoaderData *loader_data = mod->loader_data();
262   if (mod->shared_protection_domain() == nullptr) {
263     Symbol* location = mod->location();
264     if (location != nullptr) {
265       Handle location_string = java_lang_String::create_from_symbol(
266                                      location, CHECK_NH);
267       Handle url;
268       JavaValue result(T_OBJECT);
269       if (location->starts_with("jrt:/")) {
270         url = JavaCalls::construct_new_instance(vmClasses::URL_klass(),
271                                                 vmSymbols::string_void_signature(),
272                                                 location_string, CHECK_NH);
273       } else {
274         Klass* classLoaders_klass =
275           vmClasses::jdk_internal_loader_ClassLoaders_klass();
276         JavaCalls::call_static(&result, classLoaders_klass, vmSymbols::toFileURL_name(),
277                                vmSymbols::toFileURL_signature(),
278                                location_string, CHECK_NH);
279         url = Handle(THREAD, result.get_oop());
280       }
281 
282       Handle pd = get_protection_domain_from_classloader(class_loader, url,
283                                                          CHECK_NH);
284       mod->set_shared_protection_domain(loader_data, pd);
285     }
286   }
287 
288   Handle protection_domain(THREAD, mod->shared_protection_domain());
289   assert(protection_domain.not_null(), "sanity");
290   return protection_domain;
291 }
292 
293 void CDSProtectionDomain::atomic_set_array_index(OopHandle array, int index, oop o) {
294   // Benign race condition:  array.obj_at(index) may already be filled in.
295   // The important thing here is that all threads pick up the same result.
296   // It doesn't matter which racing thread wins, as long as only one
297   // result is used by all threads, and all future queries.
298   refArrayOopDesc::cast(array.resolve())->replace_if_null(index, o);
299 }
300 
301 oop CDSProtectionDomain::shared_protection_domain(int index) {
302   return ((objArrayOop)_shared_protection_domains.resolve())->obj_at(index);
303 }
304 
305 void CDSProtectionDomain::allocate_shared_protection_domain_array(int size, TRAPS) {
306   if (_shared_protection_domains.resolve() == nullptr) {
307     oop spd = oopFactory::new_objArray(
308         vmClasses::ProtectionDomain_klass(), size, CHECK);
309     _shared_protection_domains = OopHandle(Universe::vm_global(), spd);
310   }
311 }
312 
313 oop CDSProtectionDomain::shared_jar_url(int index) {
314   return ((objArrayOop)_shared_jar_urls.resolve())->obj_at(index);
315 }
316 
317 void CDSProtectionDomain::allocate_shared_jar_url_array(int size, TRAPS) {
318   if (_shared_jar_urls.resolve() == nullptr) {
319     oop sju = oopFactory::new_objArray(
320         vmClasses::URL_klass(), size, CHECK);
321     _shared_jar_urls = OopHandle(Universe::vm_global(), sju);
322   }
323 }
324 
325 oop CDSProtectionDomain::shared_jar_manifest(int index) {
326   return ((objArrayOop)_shared_jar_manifests.resolve())->obj_at(index);
327 }
328 
329 void CDSProtectionDomain::allocate_shared_jar_manifest_array(int size, TRAPS) {
330   if (_shared_jar_manifests.resolve() == nullptr) {
331     oop sjm = oopFactory::new_objArray(
332         vmClasses::Jar_Manifest_klass(), size, CHECK);
333     _shared_jar_manifests = OopHandle(Universe::vm_global(), sjm);
334   }
335 }