Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4729130

(spec) set of permissions of default ProtectionDomain is invalid



    • mantis
    • generic
    • generic
    • Verified


      Name: vrR10176 Date: 08/09/2002

      The API spec for method ClassLoader.defineClass(String name, byte[] b, int off, int len) says:

      "protected final Class defineClass(String name, byte[] b, int off, int len) throws ClassFormatError
        This method assigns a default ProtectionDomain to the newly defined class. The ProtectionDomain
        contains the set of permissions granted when a call to Policy.getPolicy().getPermissions() is made
        with a code source of null,null. The default domain is created on the first invocation of defineClass,
        and re-used on subsequent calls.

      But in JDK1.4.1-b18 defineClass() assigns a default ProtectionDomain with empty set of permissions
      that does not equal to set of permissions granted when a call to Policy.getPolicy().getPermissions()
      is made with a code source of null,null.

      To reproduce the issue execute the following test.

      ------------ DefineClassTest.java -------------------------------
      import java.security.ProtectionDomain;
      import java.security.CodeSource;
      import java.security.PermissionCollection;
      import java.security.Policy;

      public class DefineClassTest extends ClassLoader {

          public static void main(String argv[]) {
              Class c = null;
              DefineClassTest cl = new DefineClassTest();
              byte[] b = {
                      (byte)0xca, (byte)0xfe, (byte)0xba, (byte)0xbe, (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x2d,
                      (byte)0x00, (byte)0x05, (byte)0x07, (byte)0x00, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x10,
                      (byte)0x6a, (byte)0x61, (byte)0x76, (byte)0x61, (byte)0x2f, (byte)0x6c, (byte)0x61, (byte)0x6e,
                      (byte)0x67, (byte)0x2f, (byte)0x4f, (byte)0x62, (byte)0x6a, (byte)0x65, (byte)0x63, (byte)0x74,
                      (byte)0x07, (byte)0x00, (byte)0x04, (byte)0x01, (byte)0x00, (byte)0x01, (byte)0x41, (byte)0x00,
                      (byte)0x01, (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00,
                      (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
              // Attempt to load class A
              try {
                  c = cl.defineClass("A", b, 0, b.length);
              } catch (Exception e) {
                  System.out.println("Exception trying to load class A:" + e);
              ProtectionDomain pd = c.getProtectionDomain(); //get default ProtectionDomain
              if (pd == null) {
                  System.out.println("default ProtectionDomain is not assigned by defineClass()");

              PermissionCollection pc1 = pd.getPermissions();
              System.out.println("PermissionCollection of default ProtectionDomain: \n" + pc1);

              PermissionCollection pc2 = Policy.getPolicy().getPermissions(new CodeSource(null, null));
              System.out.println("\nexpected PermissionCollection of default ProtectionDomain: \n" + pc2);

      ------------ Logs -------------------------------------------------
      $javac -d . DefineClassTest.java
      $java -version
      java version "1.4.1-rc"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-rc-b18)
      Java HotSpot(TM) Client VM (build 1.4.1-rc-b18, mixed mode)
      $java DefineClassTest
      PermissionCollection of default ProtectionDomain:

      expected PermissionCollection of default ProtectionDomain:
      java.security.Permissions@a83b8a (
       (java.security.AllPermission <all permissions> <all actions>)
       (java.net.SocketPermission localhost:1024- listen,resolve)
       (java.lang.RuntimePermission stopThread)
       (java.util.PropertyPermission java.specification.vendor read)
       (java.util.PropertyPermission java.vm.specification.vendor read)
       (java.util.PropertyPermission path.separator read)
       (java.util.PropertyPermission java.vm.name read)
       (java.util.PropertyPermission java.class.version read)
       (java.util.PropertyPermission os.name read)
       (java.util.PropertyPermission java.vendor.url read)
       (java.util.PropertyPermission java.vendor read)
       (java.util.PropertyPermission java.vm.vendor read)
       (java.util.PropertyPermission file.separator read)
       (java.util.PropertyPermission os.version read)
       (java.util.PropertyPermission java.vm.version read)
       (java.util.PropertyPermission java.version read)
       (java.util.PropertyPermission line.separator read)
       (java.util.PropertyPermission java.vm.specification.version read)
       (java.util.PropertyPermission java.specification.name read)
       (java.util.PropertyPermission java.vm.specification.name read)
       (java.util.PropertyPermission java.specification.version read)
       (java.util.PropertyPermission os.arch read)






            rmartisunw Ramachandran Marti (Inactive)
            rslasunw Rsla Rsla (Inactive)
            0 Vote for this issue
            1 Start watching this issue