Google Git
Sign in
eclipse / equinox / rt.equinox.framework / refs/tags/I20170502-2000^! / .
commit8b412e84f744a3dd4a10259afb94a9875fdf2750[log] [tgz]
authorThomas Watson <tjwatson@us.ibm.com>Tue May 02 14:37:09 2017 -0500
committerThomas Watson <tjwatson@us.ibm.com>Tue May 02 14:44:57 2017 -0500
tree198c1c080a2e88a244e859767ab2bee556778ee3
parente47d8f4053a90ad799e00b3fa077e4f959eacfb3 [diff]
Bug 516069 - reflection code to create permission objects should be
protected with doPriv

Change-Id: Id08f3a33f835b2eb1e9ad355126a540307588be4
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>

diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
index f7d9826..946d6dc 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2008, 2016 IBM Corporation and others.
+ * Copyright (c) 2008, 2017 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -12,7 +12,6 @@
 
 import java.io.File;
 import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
 import java.security.*;
 import java.util.*;
 import org.osgi.service.permissionadmin.PermissionInfo;
@@ -52,7 +51,7 @@
 	public boolean implies(Permission perm) {
 		if (hasAllPermission)
 			return true;
-		Class<? extends Permission> permClass = perm.getClass();
+		final Class<? extends Permission> permClass = perm.getClass();
 		PermissionCollection collection;
 		synchronized (cachedPermissionCollections) {
 			collection = cachedPermissionCollections.get(permClass);
@@ -60,11 +59,24 @@
 		// must populate the collection outside of the lock to prevent class loader deadlock
 		if (collection == null) {
 			collection = perm.newPermissionCollection();
-			if (collection == null)
+			if (collection == null) {
 				collection = new PermissionsHash();
+			}
 			try {
-				addPermissions(collection, permClass);
+				final PermissionCollection targetCollection = collection;
+				AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+					@Override
+					public Object run() throws Exception {
+						addPermissions(targetCollection, permClass);
+						return null;
+					}
+
+				});
+
 			} catch (Exception e) {
+				if (e instanceof PrivilegedActionException) {
+					e = ((PrivilegedActionException) e).getException();
+				}
 				throw new SecurityException("Exception creating permissions: " + permClass + ": " + e.getMessage(), e); //$NON-NLS-1$ //$NON-NLS-2$
 			}
 			synchronized (cachedPermissionCollections) {
@@ -83,7 +95,7 @@
 		return permInfos;
 	}
 
-	private void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws NoSuchMethodException, IllegalAccessException, InstantiationException, InvocationTargetException {
+	void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws Exception {
 		String permClassName = permClass.getName();
 		Constructor<? extends Permission> constructor = null;
 		int numArgs = -1;