8006611-improve_scripting.patch

/patches/security/20130618/8006611-improve_scripting.patch

https://bitbucket.org/Ringdingcoder/icedtea6 · Patch · 78 lines · 74 code · 4 blank · 0 comment · 0 complexity · c277c3de0f7d8985cd256ec58077cc04 MD5 · raw file

# HG changeset patch
# User sundar
# Date 1365156565 -19800
# Node ID 1d5eff0bd9b504b7191279bfc6a417f6a2e2251f
# Parent  5c9fbf7443a24076a6545cb043102cb2527f62ca
8006611: Improve scripting
Reviewed-by: mchung, jdn

diff --git a/src/share/classes/javax/script/ScriptEngineManager.java b/src/share/classes/javax/script/ScriptEngineManager.java
--- openjdk/jdk/src/share/classes/javax/script/ScriptEngineManager.java
+++ openjdk/jdk/src/share/classes/javax/script/ScriptEngineManager.java
@@ -30,8 +30,6 @@
 import java.security.*;
 import sun.misc.Service;
 import sun.misc.ServiceConfigurationError;
-import sun.reflect.Reflection;
-import sun.security.util.SecurityConstants;
 
 /**
  * The <code>ScriptEngineManager</code> implements a discovery and instantiation
@@ -64,13 +62,7 @@
      */
     public ScriptEngineManager() {
         ClassLoader ctxtLoader = Thread.currentThread().getContextClassLoader();
-        if (canCallerAccessLoader(ctxtLoader)) {
-            if (DEBUG) System.out.println("using " + ctxtLoader);
-            init(ctxtLoader);
-        } else {
-            if (DEBUG) System.out.println("using bootstrap loader");
-            init(null);
-        }
+        init(ctxtLoader);
     }
 
     /**
@@ -418,42 +410,4 @@
 
     /** Global bindings associated with script engines created by this manager. */
     private Bindings globalScope;
-
-    private boolean canCallerAccessLoader(ClassLoader loader) {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            ClassLoader callerLoader = getCallerClassLoader();
-            if (callerLoader != null) {
-                if (loader != callerLoader || !isAncestor(loader, callerLoader)) {
-                    try {
-                        sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
-                    } catch (SecurityException exp) {
-                        if (DEBUG) exp.printStackTrace();
-                        return false;
-                    }
-                } // else fallthru..
-            } // else fallthru..
-        } // else fallthru..
-
-        return true;
-    }
-
-    // Note that this code is same as ClassLoader.getCallerClassLoader().
-    // But, that method is package private and hence we can't call here.
-    private ClassLoader getCallerClassLoader() {
-        Class caller = Reflection.getCallerClass(3);
-        if (caller == null) {
-            return null;
-        }
-        return caller.getClassLoader();
-    }
-
-    // is cl1 ancestor of cl2?
-    private boolean isAncestor(ClassLoader cl1, ClassLoader cl2) {
-        do {
-            cl2 = cl2.getParent();
-            if (cl1 == cl2) return true;
-        } while (cl2 != null);
-        return false;
-    }
 }