From 8b412e84f744a3dd4a10259afb94a9875fdf2750 Mon Sep 17 00:00:00 2001
From: Thomas Watson
Date: Tue, 2 May 2017 14:37:09 -0500
Subject: Bug 516069 - reflection code to create permission objects should be
 protected with doPriv

Change-Id: Id08f3a33f835b2eb1e9ad355126a540307588be4
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
---
 .../permadmin/PermissionInfoCollection.java        | 24 ++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

(limited to 'bundles')

diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
index f7d982619..946d6dcb6 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/permadmin/PermissionInfoCollection.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2008, 2016 IBM Corporation and others.
+ * Copyright (c) 2008, 2017 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -12,7 +12,6 @@ package org.eclipse.osgi.internal.permadmin;
 
 import java.io.File;
 import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
 import java.security.*;
 import java.util.*;
 import org.osgi.service.permissionadmin.PermissionInfo;
@@ -52,7 +51,7 @@ public final class PermissionInfoCollection extends PermissionCollection {
 	public boolean implies(Permission perm) {
 		if (hasAllPermission)
 			return true;
-		Class<? extends Permission> permClass = perm.getClass();
+		final Class<? extends Permission> permClass = perm.getClass();
 		PermissionCollection collection;
 		synchronized (cachedPermissionCollections) {
 			collection = cachedPermissionCollections.get(permClass);
@@ -60,11 +59,24 @@ public final class PermissionInfoCollection extends PermissionCollection {
 		// must populate the collection outside of the lock to prevent class loader deadlock
 		if (collection == null) {
 			collection = perm.newPermissionCollection();
-			if (collection == null)
+			if (collection == null) {
 				collection = new PermissionsHash();
+			}
 			try {
-				addPermissions(collection, permClass);
+				final PermissionCollection targetCollection = collection;
+				AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+					@Override
+					public Object run() throws Exception {
+						addPermissions(targetCollection, permClass);
+						return null;
+					}
+
+				});
+
 			} catch (Exception e) {
+				if (e instanceof PrivilegedActionException) {
+					e = ((PrivilegedActionException) e).getException();
+				}
 				throw new SecurityException("Exception creating permissions: " + permClass + ": " + e.getMessage(), e); //$NON-NLS-1$ //$NON-NLS-2$
 			}
 			synchronized (cachedPermissionCollections) {
@@ -83,7 +95,7 @@ public final class PermissionInfoCollection extends PermissionCollection {
 		return permInfos;
 	}
 
-	private void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws NoSuchMethodException, IllegalAccessException, InstantiationException, InvocationTargetException {
+	void addPermissions(PermissionCollection collection, Class<? extends Permission> permClass) throws Exception {
 		String permClassName = permClass.getName();
 		Constructor<? extends Permission> constructor = null;
 		int numArgs = -1;
-- 
cgit v1.2.3