Re: [cp-patches] FYI: Toolkit fixlet

Thu, 20 Apr 2006 13:02:19 -0700 

Hi Roman,

On Wed, 2006-04-19 at 21:33 +0200, Roman Kennke wrote:
> In Toolkit.getDefaultToolkit() we need to use the system classloader.
> Otherwise the toolkit must be on the bootclasspath in order to be
> loadable. Using the system classloader it is sufficient to have it in

Since getting access to a ClassLoader is a privileged operation and
getDefaultToolkit() can be called from unprivileged code this needs to
be wrapped in a PrivilegedAction. Same for access to the system property
(this was already wrong here). Fixed as follows:

2006-04-20  Mark Wielaard  <[EMAIL PROTECTED]>

    * java/awt/Toolkit.java (getDefaultToolkit): Get classloader in
    PrivilegedAction. Access awt.toolkit through SystemProperties.

There are a couple more cleanups needed in our awt code to make it work
properly when an SecurityManager is installed (a lot of places call
getSystemEventQueue() which is also privileged). A good way to test this
is running netx. The nice thing is that these operations actually fail,
which means out security framework is doing its job :) The hard part is
figuring out when it is appropriate to bypass the security manager in
the core code.

Committed,

Mark

Index: java/awt/Toolkit.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/awt/Toolkit.java,v
retrieving revision 1.39
diff -u -r1.39 Toolkit.java
--- java/awt/Toolkit.java	19 Apr 2006 19:32:26 -0000	1.39
+++ java/awt/Toolkit.java	20 Apr 2006 19:57:07 -0000
@@ -1,5 +1,5 @@
 /* Toolkit.java -- AWT Toolkit superclass
-   Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+   Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
    Free Software Foundation, Inc.
 
 This file is part of GNU Classpath.
@@ -531,11 +531,19 @@
   {
     if (toolkit != null)
       return toolkit;
-    String toolkit_name = System.getProperty("awt.toolkit",
-                                             default_toolkit_name);
+    String toolkit_name = SystemProperties.getProperty("awt.toolkit",
+                                                       default_toolkit_name);
     try
       {
-        ClassLoader cl = ClassLoader.getSystemClassLoader();
+        ClassLoader cl;
+        cl = (ClassLoader) AccessController.doPrivileged
+        (new PrivilegedAction()
+          {
+            public Object run()
+              {
+                return ClassLoader.getSystemClassLoader();
+              }
+          });
         Class cls = cl.loadClass(toolkit_name);
         Object obj = cls.newInstance();
         if (!(obj instanceof Toolkit))

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to