Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 1.4.2
Affects Version/s: 1.4.1
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
mantis
CPU:

generic
OS:

generic
Verification:
Verified

Description

Name: vrR10176 Date: 08/09/2002

The API spec for method ClassLoader.defineClass(String name, byte[] b, int off, int len) says:

"protected final Class defineClass(String name, byte[] b, int off, int len) throws ClassFormatError
...
  This method assigns a default ProtectionDomain to the newly defined class. The ProtectionDomain
  contains the set of permissions granted when a call to Policy.getPolicy().getPermissions() is made
  with a code source of null,null. The default domain is created on the first invocation of defineClass,
  and re-used on subsequent calls.
..."

But in JDK1.4.1-b18 defineClass() assigns a default ProtectionDomain with empty set of permissions
that does not equal to set of permissions granted when a call to Policy.getPolicy().getPermissions()
is made with a code source of null,null.

To reproduce the issue execute the following test.

------------ DefineClassTest.java -------------------------------
import java.security.ProtectionDomain;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Policy;

public class DefineClassTest extends ClassLoader {

    public static void main(String argv[]) {
        Class c = null;
        DefineClassTest cl = new DefineClassTest();
        byte[] b = {
                (byte)0xca, (byte)0xfe, (byte)0xba, (byte)0xbe, (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x2d,
                (byte)0x00, (byte)0x05, (byte)0x07, (byte)0x00, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x10,
                (byte)0x6a, (byte)0x61, (byte)0x76, (byte)0x61, (byte)0x2f, (byte)0x6c, (byte)0x61, (byte)0x6e,
                (byte)0x67, (byte)0x2f, (byte)0x4f, (byte)0x62, (byte)0x6a, (byte)0x65, (byte)0x63, (byte)0x74,
                (byte)0x07, (byte)0x00, (byte)0x04, (byte)0x01, (byte)0x00, (byte)0x01, (byte)0x41, (byte)0x00,
                (byte)0x01, (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00,
                (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
        };

        // Attempt to load class A
        try {
            c = cl.defineClass("A", b, 0, b.length);
        } catch (Exception e) {
            System.out.println("Exception trying to load class A:" + e);
            return;
        }

        ProtectionDomain pd = c.getProtectionDomain(); //get default ProtectionDomain
        if (pd == null) {
            System.out.println("default ProtectionDomain is not assigned by defineClass()");
            return;
        }

        PermissionCollection pc1 = pd.getPermissions();
        System.out.println("PermissionCollection of default ProtectionDomain: \n" + pc1);

        PermissionCollection pc2 = Policy.getPolicy().getPermissions(new CodeSource(null, null));
        System.out.println("\nexpected PermissionCollection of default ProtectionDomain: \n" + pc2);
    }
}

------------ Logs -------------------------------------------------
$javac -d . DefineClassTest.java
$
$java -version
java version "1.4.1-rc"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-rc-b18)
Java HotSpot(TM) Client VM (build 1.4.1-rc-b18, mixed mode)
$
$java DefineClassTest
PermissionCollection of default ProtectionDomain:
null

expected PermissionCollection of default ProtectionDomain:
java.security.Permissions@a83b8a (
(java.security.AllPermission <all permissions> <all actions>)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.lang.RuntimePermission stopThread)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission os.arch read)
)

$
$
-------------------------------------------------------------------

======================================================================

Attachments

Activity

People

Assignee:: Ramachandran Marti (Inactive)

Reporter:: Rsla Rsla (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2002-08-09 02:34

Updated:: 2002-12-09 15:15

Resolved:: 2002-11-18 23:26

Imported:: 16/Sep/12 2:02 AM

Indexed:: 17/Jul/12 10:05 PM