Bug 516069 - reflection code to create permission objects should be
protected with doPriv
Change-Id: Id08f3a33f835b2eb1e9ad355126a540307588be4
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
index f7d9826..946d6dc 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2008, 2016 IBM Corporation and others.
+ * Copyright (c) 2008, 2017 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -12,7 +12,6 @@
import java.io.File;
import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
import java.security.*;
import java.util.*;
import org.osgi.service.permissionadmin.PermissionInfo;
@@ -52,7 +51,7 @@
public boolean implies(Permission perm) {
if (hasAllPermission)
return true;
- Class<? extends Permission> permClass = perm.getClass();
+ final Class<? extends Permission> permClass = perm.getClass();
PermissionCollection collection;
synchronized (cachedPermissionCollections) {
collection = cachedPermissionCollections.get(permClass);
@@ -60,11 +59,24 @@
// must populate the collection outside of the lock to prevent class loader deadlock
if (collection == null) {
collection = perm.newPermissionCollection();
- if (collection == null)
+ if (collection == null) {
collection = new PermissionsHash();
+ }
try {
- addPermissions(collection, permClass);
+ final PermissionCollection targetCollection = collection;
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ addPermissions(targetCollection, permClass);
+ return null;
+ }
+
+ });
+
} catch (Exception e) {
+ if (e instanceof PrivilegedActionException) {
+ e = ((PrivilegedActionException) e).getException();
+ }
throw new SecurityException("Exception creating permissions: " + permClass + ": " + e.getMessage(), e); //$NON-NLS-1$ //$NON-NLS-2$
}
synchronized (cachedPermissionCollections) {
@@ -83,7 +95,7 @@
return permInfos;
}
- private void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws NoSuchMethodException, IllegalAccessException, InstantiationException, InvocationTargetException {
+ void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws Exception {
String permClassName = permClass.getName();
Constructor<? extends Permission> constructor = null;
int numArgs = -1;