Skip to content

Commit

Permalink
Tolerate creation of InnocuousThreads - to facilitate use of java.lan…
Browse files Browse the repository at this point in the history
…g.ref.Cleaner backport(#77788) (#91852)

Update the ES security manager to tolerate the creation of the JDK's InnocuousThreads, to facilitate the use of java.lang.ref.Cleaner in ES and dependent code by default. Further details in issue ( #77788 )

resolves #77788
backport note - in 7.17 branch jdk8 is still supported. Therefore in order to recognize jdk.base domain it has to check for classloader == null (meaning it is a bootstrap classloader) instead of comparing modules
backport(#77788)
  • Loading branch information
pgomulka authored Nov 23, 2022
1 parent dcc1b3a commit d16fd6f
Showing 1 changed file with 7 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,12 @@ private void debugThreadGroups(final ThreadGroup caller, final ThreadGroup targe
private static final Permission MODIFY_THREAD_PERMISSION = new RuntimePermission("modifyThread");
private static final Permission MODIFY_ARBITRARY_THREAD_PERMISSION = new ThreadPermission("modifyArbitraryThread");

// Returns true if the given thread is an instance of the JDK's InnocuousThread.
private static boolean isInnocuousThread(Thread t) {
final Class<?> c = t.getClass();
return c.getClassLoader() == null && c.getName().equals("jdk.internal.misc.InnocuousThread");
}

protected void checkThreadAccess(Thread t) {
Objects.requireNonNull(t);

Expand All @@ -165,7 +171,7 @@ protected void checkThreadAccess(Thread t) {

if (target == null) {
return; // its a dead thread, do nothing.
} else if (source.parentOf(target) == false) {
} else if (source.parentOf(target) == false && isInnocuousThread(t) == false) {
checkPermission(MODIFY_ARBITRARY_THREAD_PERMISSION);
}
}
Expand Down

0 comments on commit d16fd6f

Please sign in to comment.