andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reduce permissions needed for process ID

Browse Source 
Motiviation:

DefaultChannelId attempts to acquire a default process ID by determining
the process PID. However, to do this it attempts to punch through to the
system classloader, a permission that in the face of a restrictive
security manager is unlikely to be granted. Looking past this, it then
attempts to load a declared method off a reflectively loaded class,
another permission that is not likely to be granted in the face of a
restrictive security manager. However, neither of these permissions are
necessary as the punching through to the system security manager is
completely unneeded, and there is no need to load a public method as a
declared method.

Modifications:

Instead of punching through to the system classloader requiring
restricted permissions, we can just use current classloader. To address
the access declared method permission, we instead just reflectively
obtain the desired public method via Class#getMethod.

Result:

Acquiring the default process ID from the PID will succeed without
requiring the runtime permissions "getClassLoader" and
"accessDeclaredMembers".
This commit is contained in:
Jason Tedor 2016-07-20 10:50:39 -04:00 committed by Norman Maurer
parent 73c0fb0e23
commit d262f7c189
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
transport/src/main/java/io/netty/channel/DefaultChannelId.java
View File

@ -17,8 +17,8 @@
package io.netty.channel;
import io.netty.buffer.ByteBufUtil;
import io.netty.util.internal.MacAddressUtil;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.MacAddressUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.ThreadLocalRandom;
@ -136,7 +136,7 @@ public final class DefaultChannelId implements ChannelId {
}
private static int defaultProcessId() {
final ClassLoader loader = PlatformDependent.getSystemClassLoader();
final ClassLoader loader = PlatformDependent.getClassLoader(DefaultChannelId.class);
String value;
try {
// Invoke java.lang.management.ManagementFactory.getRuntimeMXBean().getName()
@ -145,7 +145,7 @@ public final class DefaultChannelId implements ChannelId {
Method getRuntimeMXBean = mgmtFactoryType.getMethod("getRuntimeMXBean", EmptyArrays.EMPTY_CLASSES);
Object bean = getRuntimeMXBean.invoke(null, EmptyArrays.EMPTY_OBJECTS);
Method getName = runtimeMxBeanType.getDeclaredMethod("getName", EmptyArrays.EMPTY_CLASSES);
Method getName = runtimeMxBeanType.getMethod("getName", EmptyArrays.EMPTY_CLASSES);
value = (String) getName.invoke(bean, EmptyArrays.EMPTY_OBJECTS);
} catch (Exception e) {
logger.debug("Could not invoke ManagementFactory.getRuntimeMXBean().getName(); Android?", e);