Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8230777

MethodType::fromMethodDescriptorString should require security permission if loader is null

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 14
    • core-libs
    • None
    • behavioral
    • low
    • Hide
      If existing code calls `MethodType.fromMethodDescriptorString(desc, null)` and running with security manager without RuntimePermission("getClassLoader"), SecurityException will be thrown. The security policy will need to configure to grant the permission to access class loader.
      Show
      If existing code calls `MethodType.fromMethodDescriptorString(desc, null)` and running with security manager without RuntimePermission("getClassLoader"), SecurityException will be thrown. The security policy will need to configure to grant the permission to access class loader.
    • Java API
    • SE

      Summary

      Change java.lang.invoke.MethodType::fromMethodDescriptorString(String desc, ClassLoader loader to call SecurityManger::checkPermission with RuntimePermission("getClassLoader") if loader parameter is null.

      Problem

      MethodType::fromMethodDescriptorString(String desc, ClassLoader loader default to use the system class loader if loader parameter is null. Cross-loader access is not guarded with RuntimePermission("getClassLoader") permission check when the security manager is present as it is loading classes on behalf of the caller.

      Solution

      MethodType::fromMethodDescriptorString should perform the same security permission check as ClassLoader::getSystemClassLoader does when loader parameter is null. This only impacts existing code that calls this method with loader == null when security manager is present but "getClassLoader" permission is not granted.

      One alternative solution is to require the loader parameter to be non-null but this will impact existing code even it's running with security manager is absent.

      Specification

      The spec of java.lang.invoke.MethodType::fromMethodDescriptorString is updated as follows:

      @@ -1076,9 +1078,8 @@
     /**
      * Finds or creates an instance of a method type, given the spelling of its bytecode descriptor.
      * Convenience method for {@link #methodType(java.lang.Class, java.lang.Class[]) methodType}.
-     * Any class or interface name embedded in the descriptor string
-     * will be resolved by calling {@link ClassLoader#loadClass(java.lang.String)}
-     * on the given loader (or if it is null, on the system class loader).
+     * Any class or interface name embedded in the descriptor string will be
+     * resolved by the given loader (or if it is null, on the system class loader).
      * <p>
      * Note that it is possible to encounter method types which cannot be
      * constructed by this method, because their component types are
@@ -1092,10 +1093,19 @@
      * @throws NullPointerException if the string is null
      * @throws IllegalArgumentException if the string is not well-formed
      * @throws TypeNotPresentException if a named type cannot be found
+     * @throws SecurityException if the security manager is present and
+     *         {@code loader} is {@code null} and the caller does not have the
+     *         {@link RuntimePermission}{@code ("getClassLoader")}
      */

            mchung Mandy Chung (Inactive)
            mchung Mandy Chung (Inactive)
            John Rose
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: