1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.nashorn.internal.runtime.linker;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_FINAL;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PRIVATE;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_PUBLIC;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_STATIC;
import static jdk.internal.org.objectweb.asm.Opcodes.ACC_SUPER;
import static jdk.internal.org.objectweb.asm.Opcodes.ACONST_NULL;
import static jdk.internal.org.objectweb.asm.Opcodes.ALOAD;
import static jdk.internal.org.objectweb.asm.Opcodes.ARETURN;
import static jdk.internal.org.objectweb.asm.Opcodes.RETURN;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.SecureClassLoader;
import jdk.internal.dynalink.beans.StaticClass;
import jdk.internal.org.objectweb.asm.ClassWriter;
import jdk.internal.org.objectweb.asm.Opcodes;
import jdk.internal.org.objectweb.asm.Type;
import jdk.internal.org.objectweb.asm.commons.InstructionAdapter;
import jdk.nashorn.internal.runtime.Context;
import jdk.nashorn.internal.runtime.ScriptObject;
/**
* This class encapsulates the bytecode of the adapter class and can be used to load it into the JVM as an actual Class.
* It can be invoked repeatedly to create multiple adapter classes from the same bytecode; adapter classes that have
* class-level overrides must be re-created for every set of such overrides. Note that while this class is named
* "class loader", it does not, in fact, extend {@code ClassLoader}, but rather uses them internally. Instances of this
* class are normally created by {@link JavaAdapterBytecodeGenerator}.
*/
class JavaAdapterClassLoader extends JavaAdapterGeneratorBase {
private static final Type PRIVILEGED_ACTION_TYPE = Type.getType(PrivilegedAction.class);
private static final String PRIVILEGED_ACTION_TYPE_NAME = PRIVILEGED_ACTION_TYPE.getInternalName();
private static final String PRIVILEGED_RUN_METHOD_DESCRIPTOR = Type.getMethodDescriptor(OBJECT_TYPE);
private static final ProtectionDomain GENERATED_PROTECTION_DOMAIN = createGeneratedProtectionDomain();
private final String className;
private final byte[] classBytes;
private final String globalSetterClassName;
JavaAdapterClassLoader(String className, byte[] classBytes, String globalSetterClassName) {
this.className = className.replace('/', '.');
this.classBytes = classBytes;
this.globalSetterClassName = globalSetterClassName.replace('/', '.');
}
/**
* Loads the generated adapter class into the JVM.
* @param parentLoader the parent class loader for the generated class loader
* @return the generated adapter class
*/
StaticClass generateClass(final ClassLoader parentLoader) {
return AccessController.doPrivileged(new PrivilegedAction<StaticClass>() {
@Override
public StaticClass run() {
try {
return StaticClass.forClass(Class.forName(className, true, createClassLoader(parentLoader)));
} catch (final ClassNotFoundException e) {
throw new AssertionError(e); // cannot happen
}
}
});
}
private static class AdapterLoader extends SecureClassLoader {
AdapterLoader(ClassLoader parent) {
super(parent);
}
}
static boolean isAdapterClass(Class<?> clazz) {
return clazz.getClassLoader() instanceof AdapterLoader;
}
// Note that the adapter class is created in the protection domain of the class/interface being
// extended/implemented, and only the privileged global setter action class is generated in the protection domain
// of Nashorn itself. Also note that the creation and loading of the global setter is deferred until it is
// required by JVM linker, which will only happen on first invocation of any of the adapted method. We could defer
// it even more by separating its invocation into a separate static method on the adapter class, but then someone
// with ability to introspect on the class and use setAccessible(true) on it could invoke the method. It's a
// security tradeoff...
private ClassLoader createClassLoader(final ClassLoader parentLoader) {
return new AdapterLoader(parentLoader) {
private final ClassLoader myLoader = getClass().getClassLoader();
private final ProtectionDomain myProtectionDomain = getClass().getProtectionDomain();
@Override
public Class<?> loadClass(final String name, final boolean resolve) throws ClassNotFoundException {
try {
return super.loadClass(name, resolve);
} catch (final SecurityException se) {
// we may be implementing an interface or extending a class that was
// loaded by a loader that prevents package.access. If so, it'd throw
// SecurityException for nashorn's classes!. For adapter's to work, we
// should be able to refer to nashorn classes.
if (name.startsWith("jdk.nashorn.internal.")) {
return myLoader.loadClass(name);
}
throw se;
}
}
@Override
protected Class<?> findClass(final String name) throws ClassNotFoundException {
if(name.equals(className)) {
return defineClass(name, classBytes, 0, classBytes.length, GENERATED_PROTECTION_DOMAIN);
} else if(name.equals(globalSetterClassName)) {
final byte[] bytes = generatePrivilegedActionClassBytes(globalSetterClassName.replace('.', '/'));
return defineClass(name, bytes, 0, bytes.length, myProtectionDomain);
} else {
throw new ClassNotFoundException(name);
}
}
};
}
private static ProtectionDomain createGeneratedProtectionDomain() {
// Generated classes need to have AllPermission. Since we require the "createClassLoader" RuntimePermission, we
// can create a class loader that'll load new classes with any permissions. Our generated classes are just
// delegating adapters, so having AllPermission can't cause anything wrong; the effective set of permissions for
// the executing script functions will still be limited by the permissions of the caller and the permissions of
// the script.
final Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
/**
* Generates a PrivilegedAction implementation class for invoking {@link Context#setGlobal(ScriptObject)} from the
* adapter class.
*/
private static byte[] generatePrivilegedActionClassBytes(final String className) {
final ClassWriter w = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS);
// class GlobalSetter implements PrivilegedAction {
w.visit(Opcodes.V1_7, ACC_SUPER | ACC_FINAL, className, null, OBJECT_TYPE_NAME, new String[] {
PRIVILEGED_ACTION_TYPE_NAME
});
// private final ScriptObject global;
w.visitField(ACC_PRIVATE | ACC_FINAL, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR, null, null).visitEnd();
// private GlobalSetter(ScriptObject global) {
InstructionAdapter mv = new InstructionAdapter(w.visitMethod(ACC_PRIVATE, INIT,
SET_GLOBAL_METHOD_DESCRIPTOR, null, new String[0]));
mv.visitCode();
// super();
mv.visitVarInsn(ALOAD, 0);
mv.invokespecial(OBJECT_TYPE_NAME, INIT, VOID_NOARG_METHOD_DESCRIPTOR);
// this.global = global;
mv.visitVarInsn(ALOAD, 0);
mv.visitVarInsn(ALOAD, 1);
mv.putfield(className, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR);
mv.visitInsn(RETURN);
mv.visitEnd();
mv.visitMaxs(0, 0);
// public Object run() {
mv = new InstructionAdapter(w.visitMethod(ACC_PUBLIC, "run", PRIVILEGED_RUN_METHOD_DESCRIPTOR, null,
new String[0]));
mv.visitCode();
// Context.setGlobal(this.global);
mv.visitVarInsn(ALOAD, 0);
mv.getfield(className, GLOBAL_FIELD_NAME, SCRIPT_OBJECT_TYPE_DESCRIPTOR);
mv.invokestatic(CONTEXT_TYPE_NAME, "setGlobal", SET_GLOBAL_METHOD_DESCRIPTOR);
// return null;
mv.visitInsn(ACONST_NULL);
mv.visitInsn(ARETURN);
mv.visitEnd();
mv.visitMaxs(0, 0);
// static void setGlobal(ScriptObject global) {
mv = new InstructionAdapter(w.visitMethod(ACC_STATIC, "setGlobal", SET_GLOBAL_METHOD_DESCRIPTOR, null,
new String[0]));
mv.visitCode();
// new GlobalSetter(ScriptObject global)
mv.anew(Type.getType("L" + className + ";"));
mv.dup();
mv.visitVarInsn(ALOAD, 0);
mv.invokespecial(className, INIT, SET_GLOBAL_METHOD_DESCRIPTOR);
// AccessController.doPrivileged(...)
mv.invokestatic(Type.getInternalName(AccessController.class), "doPrivileged", Type.getMethodDescriptor(
OBJECT_TYPE, PRIVILEGED_ACTION_TYPE));
mv.pop();
mv.visitInsn(RETURN);
mv.visitEnd();
mv.visitMaxs(0, 0);
return w.toByteArray();
}
}
|
