I've just pushed the attached fix for a bug in the reference VMAccessController implementation (PR46775). When Policy.setPolicy was used to set a new Policy object, the default SecurityManager should reflect this change. This wasn't the case prior to this patch as VMAccessController creates ProtectionDomain objects with the two argument constructor which enforces static permissions. This fix replaces these calls with the four argument constructor so the Policy is consulted.
2010-12-02 Andrew John Hughes <ahug...@redhat.com> PR classpath/46775 * vm/reference/java/security/VMAccessController.java: (DEFAULT_CONTEXT): Create ProtectionDomain with four argument constructor (arguments are the same as those implied by the two argument constructor). (getContext()): Create ProtectionDomain instances with four argument constructor using a null Principal array (as before) but including the classloader, which was always null before. -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and IcedTea http://www.gnu.org/software/classpath http://icedtea.classpath.org PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
Index: vm/reference/java/security/VMAccessController.java =================================================================== RCS file: /sources/classpath/classpath/vm/reference/java/security/VMAccessController.java,v retrieving revision 1.8 diff -u -u -r1.8 VMAccessController.java --- vm/reference/java/security/VMAccessController.java 3 Jun 2010 19:14:41 -0000 1.8 +++ vm/reference/java/security/VMAccessController.java 3 Dec 2010 00:45:15 -0000 @@ -71,7 +71,7 @@ Permissions permissions = new Permissions(); permissions.add(new AllPermission()); ProtectionDomain[] domain = new ProtectionDomain[] { - new ProtectionDomain(source, permissions) + new ProtectionDomain(source, permissions, null, null) }; DEFAULT_CONTEXT = new AccessControlContext(domain); } @@ -188,12 +188,13 @@ { Class clazz = classes[i]; String method = methods[i]; + ClassLoader loader = clazz.getClassLoader(); if (DEBUG) { debug("checking " + clazz + "." + method); // subject to getClassLoader RuntimePermission - debug("loader = " + clazz.getClassLoader()); + debug("loader = " + loader); } // If the previous frame was a call to doPrivileged, then this is @@ -225,7 +226,8 @@ // Create a static snapshot of this domain, which may change over time // if the current policy changes. domains.add(new ProtectionDomain(domain.getCodeSource(), - domain.getPermissions())); + domain.getPermissions(), + loader, null)); } if (DEBUG)