2003-10-25 Bryce McKinlay
* java/lang/reflect/AccessibleObject.java (secureSetAccessible):
Don't check for AccessibleObject. Update javadocs.
Index: AccessibleObject.java
===================================================================
RCS file: /cvs/gcc/gcc/libjava/java/lang/reflect/AccessibleObject.java,v
retrieving revision 1.7
diff -u -r1.7 AccessibleObject.java
--- AccessibleObject.java 22 Jan 2002 22:40:20 -0000 1.7
+++ AccessibleObject.java 25 Oct 2003 02:43:07 -0000
@@ -59,8 +59,7 @@
{
/**
* True if this object is marked accessible, which means the reflected
- * object bypasses normal security checks. NOTEDon't try messing
- * with this by reflection. You'll mess yourself up.
+ * object bypasses normal security checks.
*/
// default visibility for use by inherited classes
boolean flag = false;
@@ -88,19 +87,11 @@
* security check. If a security manager exists, it is checked for
* ReflectPermission("suppressAccessChecks")
.
*
- * If flag
is true, and the initial security check succeeds,
- * this can still fail if a forbidden object is encountered, leaving the
- * array half-modified. At the moment, the forbidden members are:
- *
- * - Any Constructor for java.lang.Class
- * - Any AccessibleObject for java.lang.reflect.AccessibleObject
- * (this is not specified by Sun, but it closes a big security hole
- * where you can use reflection to bypass the security checks that
- * reflection is supposed to provide)
- *
- * (Sun has not specified others, but good candidates might include
- * ClassLoader, String, and such. However, the more checks we do, the
- * slower this method gets).
+ * It is forbidden to set the accessibility flag to true on any constructor
+ * for java.lang.Class. This will result in a SecurityException. If the
+ * SecurityException is thrown for any of the passed AccessibleObjects,
+ * the accessibility flag will be set on AccessibleObjects in the array prior
+ * to the one which resulted in the exception.
*
* @param array the array of accessible objects
* @param flag the desired state of accessibility, true to bypass security
@@ -121,19 +112,8 @@
* manager exists, it is checked for
* ReflectPermission("suppressAccessChecks")
.
*
- * If flag
is true, and the initial security check succeeds,
- * this will still fail for a forbidden object. At the moment, the
- * forbidden members are:
- *
- * - Any Constructor for java.lang.Class
- * - Any AccessibleObject for java.lang.reflect.AccessibleObject
- * (this is not specified by Sun, but it closes a big security hole
- * where you can use reflection to bypass the security checks that
- * reflection is supposed to provide)
- *
- * (Sun has not specified others, but good candidates might include
- * ClassLoader, String, and such. However, the more checks we do, the
- * slower this method gets).
+ * It is forbidden to set the accessibility flag to true on any constructor for
+ * java.lang.Class. This will result in a SecurityException.
*
* @param flag the desired state of accessibility, true to bypass security
* @throws NullPointerException if array is null
@@ -171,9 +151,8 @@
private final void secureSetAccessible(boolean flag)
{
if (flag &&
- ((this instanceof Constructor
- && ((Constructor) this).getDeclaringClass() == Class.class)
- || ((Member) this).getDeclaringClass() == AccessibleObject.class))
+ (this instanceof Constructor
+ && ((Constructor) this).getDeclaringClass() == Class.class))
throw new SecurityException("Cannot make object accessible: " + this);
this.flag = flag;
}