1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. Oracle designates this 9 * particular file as subject to the "Classpath" exception as provided 10 * by Oracle in the LICENSE file that accompanied this code. 11 * 12 * This code is distributed in the hope that it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 * version 2 for more details (a copy is included in the LICENSE file that 16 * accompanied this code). 17 * 18 * You should have received a copy of the GNU General Public License version 19 * 2 along with this work; if not, write to the Free Software Foundation, 20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 * 22 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 23 * or visit www.oracle.com if you need additional information or have any 24 * questions. 25 */ 26 27 package java.lang.reflect; 28 29 import java.lang.annotation.Annotation; 30 31 /** 32 * The AccessibleObject class is the base class for Field, Method and 33 * Constructor objects. It provides the ability to flag a reflected 34 * object as suppressing default Java language access control checks 35 * when it is used. The access checks--for public, default (package) 36 * access, protected, and private members--are performed when Fields, 37 * Methods or Constructors are used to set or get fields, to invoke 38 * methods, or to create and initialize new instances of classes, 39 * respectively. 40 * 41 * <p>Setting the {@code accessible} flag in a reflected object 42 * permits sophisticated applications with sufficient privilege, such 43 * as Java Object Serialization or other persistence mechanisms, to 44 * manipulate objects in a manner that would normally be prohibited. 45 * 46 * <p>By default, a reflected object is <em>not</em> accessible. 47 * 48 * @see Field 49 * @see Method 50 * @see Constructor 51 * @see ReflectPermission 52 * 53 * @since 1.2 54 */ 55 public class AccessibleObject implements AnnotatedElement { 56 57 // Android-removed: Code associated with SecurityManager calls. 58 /* 59 /** 60 * The Permission object that is used to check whether a client 61 * has sufficient privilege to defeat Java language access 62 * control checks. 63 * 64 static final private java.security.Permission ACCESS_PERMISSION = 65 new ReflectPermission("suppressAccessChecks"); 66 */ 67 68 /** 69 * Convenience method to set the {@code accessible} flag for an 70 * array of objects with a single security check (for efficiency). 71 * 72 * <p>First, if there is a security manager, its 73 * {@code checkPermission} method is called with a 74 * {@code ReflectPermission("suppressAccessChecks")} permission. 75 * 76 * <p>A {@code SecurityException} is raised if {@code flag} is 77 * {@code true} but accessibility of any of the elements of the input 78 * {@code array} may not be changed (for example, if the element 79 * object is a {@link Constructor} object for the class {@link 80 * java.lang.Class}). In the event of such a SecurityException, the 81 * accessibility of objects is set to {@code flag} for array elements 82 * upto (and excluding) the element for which the exception occurred; the 83 * accessibility of elements beyond (and including) the element for which 84 * the exception occurred is unchanged. 85 * 86 * @param array the array of AccessibleObjects 87 * @param flag the new value for the {@code accessible} flag 88 * in each object 89 * @throws SecurityException if the request is denied. 90 * @see SecurityManager#checkPermission 91 * @see java.lang.RuntimePermission 92 */ setAccessible(AccessibleObject[] array, boolean flag)93 public static void setAccessible(AccessibleObject[] array, boolean flag) 94 throws SecurityException { 95 // Android-removed: SecurityManager calls. 96 // SecurityManager sm = System.getSecurityManager(); 97 // if (sm != null) sm.checkPermission(ACCESS_PERMISSION); 98 for (int i = 0; i < array.length; i++) { 99 setAccessible0(array[i], flag); 100 } 101 } 102 103 /** 104 * Set the {@code accessible} flag for this object to 105 * the indicated boolean value. A value of {@code true} indicates that 106 * the reflected object should suppress Java language access 107 * checking when it is used. A value of {@code false} indicates 108 * that the reflected object should enforce Java language access checks. 109 * 110 * <p>First, if there is a security manager, its 111 * {@code checkPermission} method is called with a 112 * {@code ReflectPermission("suppressAccessChecks")} permission. 113 * 114 * <p>A {@code SecurityException} is raised if {@code flag} is 115 * {@code true} but accessibility of this object may not be changed 116 * (for example, if this element object is a {@link Constructor} object for 117 * the class {@link java.lang.Class}). 118 * 119 * <p>A {@code SecurityException} is raised if this object is a {@link 120 * java.lang.reflect.Constructor} object for the class 121 * {@code java.lang.Class}, and {@code flag} is true. 122 * 123 * @param flag the new value for the {@code accessible} flag 124 * @throws SecurityException if the request is denied. 125 * @see SecurityManager#checkPermission 126 * @see java.lang.RuntimePermission 127 */ setAccessible(boolean flag)128 public void setAccessible(boolean flag) throws SecurityException { 129 // Android-removed: SecurityManager calls. 130 // SecurityManager sm = System.getSecurityManager(); 131 // if (sm != null) sm.checkPermission(ACCESS_PERMISSION); 132 setAccessible0(this, flag); 133 } 134 135 /* Check that you aren't exposing java.lang.Class.<init> or sensitive 136 fields in java.lang.Class. */ setAccessible0(AccessibleObject obj, boolean flag)137 private static void setAccessible0(AccessibleObject obj, boolean flag) 138 throws SecurityException 139 { 140 if (obj instanceof Constructor && flag == true) { 141 Constructor<?> c = (Constructor<?>)obj; 142 // BEGIN Android-changed: Disallow making Method & Field constructors accessible. 143 // if (c.getDeclaringClass() == Class.class) { 144 // throw new SecurityException("Cannot make a java.lang.Class" + 145 // " constructor accessible"); 146 // } 147 148 Class<?> clazz = c.getDeclaringClass(); 149 if (clazz == Class.class) { 150 throw new SecurityException("Can not make a java.lang.Class" + 151 " constructor accessible"); 152 } else if (clazz == Method.class) { 153 throw new SecurityException("Can not make a java.lang.reflect.Method" + 154 " constructor accessible"); 155 } else if (clazz == Field.class) { 156 throw new SecurityException("Can not make a java.lang.reflect.Field" + 157 " constructor accessible"); 158 } 159 // END Android-changed: Disallow making Method & Field constructors accessible. 160 } 161 obj.override = flag; 162 } 163 164 /** 165 * Get the value of the {@code accessible} flag for this object. 166 * 167 * @return the value of the object's {@code accessible} flag 168 */ isAccessible()169 public boolean isAccessible() { 170 return override; 171 } 172 173 /** 174 * Constructor: only used by the Java Virtual Machine. 175 */ AccessibleObject()176 protected AccessibleObject() {} 177 178 // Indicates whether language-level access checks are overridden 179 // by this object. Initializes to "false". This field is used by 180 // Field, Method, and Constructor. 181 // 182 // NOTE: for security purposes, this field must not be visible 183 // outside this package. 184 boolean override; 185 186 // Android-removed: reflectionFactory: it is not used on Android. 187 /* 188 // Reflection factory used by subclasses for creating field, 189 // method, and constructor accessors. Note that this is called 190 // very early in the bootstrapping process. 191 static final ReflectionFactory reflectionFactory = 192 AccessController.doPrivileged( 193 new sun.reflect.ReflectionFactory.GetReflectionFactoryAction()); 194 */ 195 196 /** 197 * @throws NullPointerException {@inheritDoc} 198 * @since 1.5 199 */ getAnnotation(Class<T> annotationClass)200 public <T extends Annotation> T getAnnotation(Class<T> annotationClass) { 201 throw new AssertionError("All subclasses should override this method"); 202 } 203 204 /** 205 * {@inheritDoc} 206 * @throws NullPointerException {@inheritDoc} 207 * @since 1.5 208 */ 209 @Override isAnnotationPresent(Class<? extends Annotation> annotationClass)210 public boolean isAnnotationPresent(Class<? extends Annotation> annotationClass) { 211 return AnnotatedElement.super.isAnnotationPresent(annotationClass); 212 } 213 214 /** 215 * @throws NullPointerException {@inheritDoc} 216 * @since 1.8 217 */ 218 @Override getAnnotationsByType(Class<T> annotationClass)219 public <T extends Annotation> T[] getAnnotationsByType(Class<T> annotationClass) { 220 throw new AssertionError("All subclasses should override this method"); 221 } 222 223 /** 224 * @since 1.5 225 */ getAnnotations()226 public Annotation[] getAnnotations() { 227 return getDeclaredAnnotations(); 228 } 229 230 /** 231 * @throws NullPointerException {@inheritDoc} 232 * @since 1.8 233 */ 234 @Override getDeclaredAnnotation(Class<T> annotationClass)235 public <T extends Annotation> T getDeclaredAnnotation(Class<T> annotationClass) { 236 // Only annotations on classes are inherited, for all other 237 // objects getDeclaredAnnotation is the same as 238 // getAnnotation. 239 return getAnnotation(annotationClass); 240 } 241 242 /** 243 * @throws NullPointerException {@inheritDoc} 244 * @since 1.8 245 */ 246 @Override getDeclaredAnnotationsByType(Class<T> annotationClass)247 public <T extends Annotation> T[] getDeclaredAnnotationsByType(Class<T> annotationClass) { 248 // Only annotations on classes are inherited, for all other 249 // objects getDeclaredAnnotationsByType is the same as 250 // getAnnotationsByType. 251 return getAnnotationsByType(annotationClass); 252 } 253 254 /** 255 * @since 1.5 256 */ getDeclaredAnnotations()257 public Annotation[] getDeclaredAnnotations() { 258 throw new AssertionError("All subclasses should override this method"); 259 } 260 261 // BEGIN Android-removed: Shared access checking logic: Not used on Android. 262 /* 263 // For non-public members or members in package-private classes, 264 // it is necessary to perform somewhat expensive security checks. 265 // If the security check succeeds for a given class, it will 266 // always succeed (it is not affected by the granting or revoking 267 // of permissions); we speed up the check in the common case by 268 // remembering the last Class for which the check succeeded. 269 // 270 // The simple security check for Constructor is to see if 271 // the caller has already been seen, verified, and cached. 272 // (See also Class.newInstance(), which uses a similar method.) 273 // 274 // A more complicated security check cache is needed for Method and Field 275 // The cache can be either null (empty cache), a 2-array of {caller,target}, 276 // or a caller (with target implicitly equal to this.clazz). 277 // In the 2-array case, the target is always different from the clazz. 278 volatile Object securityCheckCache; 279 280 void checkAccess(Class<?> caller, Class<?> clazz, Object obj, int modifiers) 281 throws IllegalAccessException 282 { 283 if (caller == clazz) { // quick check 284 return; // ACCESS IS OK 285 } 286 Object cache = securityCheckCache; // read volatile 287 Class<?> targetClass = clazz; 288 if (obj != null 289 && Modifier.isProtected(modifiers) 290 && ((targetClass = obj.getClass()) != clazz)) { 291 // Must match a 2-list of { caller, targetClass }. 292 if (cache instanceof Class[]) { 293 Class<?>[] cache2 = (Class<?>[]) cache; 294 if (cache2[1] == targetClass && 295 cache2[0] == caller) { 296 return; // ACCESS IS OK 297 } 298 // (Test cache[1] first since range check for [1] 299 // subsumes range check for [0].) 300 } 301 } else if (cache == caller) { 302 // Non-protected case (or obj.class == this.clazz). 303 return; // ACCESS IS OK 304 } 305 306 // If no return, fall through to the slow path. 307 slowCheckMemberAccess(caller, clazz, obj, modifiers, targetClass); 308 } 309 310 // Keep all this slow stuff out of line: 311 void slowCheckMemberAccess(Class<?> caller, Class<?> clazz, Object obj, int modifiers, 312 Class<?> targetClass) 313 throws IllegalAccessException 314 { 315 Reflection.ensureMemberAccess(caller, clazz, obj, modifiers); 316 317 // Success: Update the cache. 318 Object cache = ((targetClass == clazz) 319 ? caller 320 : new Class<?>[] { caller, targetClass }); 321 322 // Note: The two cache elements are not volatile, 323 // but they are effectively final. The Java memory model 324 // guarantees that the initializing stores for the cache 325 // elements will occur before the volatile write. 326 securityCheckCache = cache; // write volatile 327 } 328 */ 329 // END Android-removed: Shared access checking logic: Not used on Android. 330 } 331