This is an automated email from the ASF dual-hosted git repository. paulk pushed a commit to branch groovy10582 in repository https://gitbox.apache.org/repos/asf/groovy.git
commit eb4dec1dfe4bf9eb2e25f9e04fa53e83cd4957dc Author: Paul King <[email protected]> AuthorDate: Fri Apr 15 17:12:38 2022 +1000 GROOVY-10582: Funnel checkPermission through VMPlugin (JEP-411) --- src/main/java/groovy/lang/GroovyCodeSource.java | 5 +---- src/main/java/groovy/lang/GroovyShell.java | 7 +------ src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java | 13 +++++++++++++ src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java | 8 ++++++++ .../groovy/console/ui/text/StructuredSyntaxResources.java | 7 +++---- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/src/main/java/groovy/lang/GroovyCodeSource.java b/src/main/java/groovy/lang/GroovyCodeSource.java index 721c55562d..e61e110b0b 100644 --- a/src/main/java/groovy/lang/GroovyCodeSource.java +++ b/src/main/java/groovy/lang/GroovyCodeSource.java @@ -233,10 +233,7 @@ public class GroovyCodeSource { } private static CodeSource createCodeSource(final String codeBase) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new GroovyCodeSourcePermission(codeBase)); - } + VMPluginFactory.getPlugin().checkPermission(new GroovyCodeSourcePermission(codeBase)); try { return new CodeSource(new URL("file", "", codeBase), (java.security.cert.Certificate[]) null); } diff --git a/src/main/java/groovy/lang/GroovyShell.java b/src/main/java/groovy/lang/GroovyShell.java index 57fa108c60..ec2b162148 100644 --- a/src/main/java/groovy/lang/GroovyShell.java +++ b/src/main/java/groovy/lang/GroovyShell.java @@ -456,13 +456,8 @@ public class GroovyShell extends GroovyObjectSupport { * The .class file created from the script is given the supplied codeBase */ public Object evaluate(final String scriptText, final String fileName, final String codeBase) throws CompilationFailedException { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new GroovyCodeSourcePermission(codeBase)); - } - + VMPluginFactory.getPlugin().checkPermission(new GroovyCodeSourcePermission(codeBase)); GroovyCodeSource gcs = VMPluginFactory.getPlugin().doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase)); - return evaluate(gcs); } diff --git a/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java b/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java index a3c62ab979..c46c258d9e 100644 --- a/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java +++ b/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java @@ -29,6 +29,7 @@ import java.lang.invoke.MethodHandle; import java.lang.invoke.MethodHandles; import java.lang.reflect.AccessibleObject; import java.lang.reflect.Method; +import java.security.Permission; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -131,6 +132,18 @@ public interface VMPlugin { */ boolean trySetAccessible(AccessibleObject ao); + /** + * For JVM versions which support it, throws a {@code SecurityException} + * if access to the specified permission is not allowed by the current security policy. + * For JVM versions which don't support it, this operation is a NOP. + * + * @param perm the requested permission. + * @throws SecurityException if access is not permitted based on the current security policy. + * @throws NullPointerException if the permission argument is {@code null}. + * @since 4.0.2 + */ + void checkPermission(Permission perm); + /** * transform meta method * diff --git a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java index cf015f3657..ced0fcb8da 100644 --- a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java +++ b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java @@ -623,6 +623,14 @@ public class Java8 implements VMPlugin { } } + @Override + public void checkPermission(Permission perm) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(perm); + } + } + @Override public <T> T doPrivileged(PrivilegedAction<T> action) { return AccessController.doPrivileged(action); diff --git a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/text/StructuredSyntaxResources.java b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/text/StructuredSyntaxResources.java index 48add966cc..06db330d20 100644 --- a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/text/StructuredSyntaxResources.java +++ b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/text/StructuredSyntaxResources.java @@ -18,6 +18,8 @@ */ package groovy.console.ui.text; +import org.codehaus.groovy.vmplugin.VMPluginFactory; + import java.awt.AWTPermission; import java.awt.Font; import java.awt.Toolkit; @@ -45,10 +47,7 @@ public final class StructuredSyntaxResources { private static Clipboard getSystemClipboard() { try { // if we don't have access to the system clipboard, will throw a security exception - SecurityManager mgr = System.getSecurityManager(); - if (mgr != null) { - mgr.checkPermission(new AWTPermission("accessClipboard")); - } + VMPluginFactory.getPlugin().checkPermission(new AWTPermission("accessClipboard")); return Toolkit.getDefaultToolkit().getSystemClipboard(); } catch (Exception e) {
