Allow Policy to restrict loading of classes to Signed or message dige…

…st checked jar files. #5 Added LoadClassPermission, modified SecureClassLoader to check the CodeSource has LoadClassPermission before loading.
pfirmstone · Nov 19, 2024 · cf1d45a · cf1d45a
1 parent 9c17aa8
commit cf1d45a
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 0 deletions.
diff --git a/src/java.base/share/classes/java/security/LoadClassPermission.java b/src/java.base/share/classes/java/security/LoadClassPermission.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package java.security;
+
+/**
+ * When a {@link java.lang.SecurityManager} is in force, this {@link Permission}
+ * is required to load classes with {@link SecureClassLoader}.   This allows
+ * an administrator to prevent class loading from unsigned jar files or other
+ * untrusted {@link java.io.URL}.  
+ * <p>
+ * It is advisable to use either signed jar's
+ * or a secure hash algorithm with a message digest of the file containing
+ * class files.
+ * 
+ * @author Peter Firmstone.
+ */
+public class LoadClassPermission extends BasicPermission {
+
+    /**
+     * Creates a LoadClassPermission, with the name "ALLOW".
+     */
+    public LoadClassPermission(){
+        super("ALLOW");
+    }
+
+}
diff --git a/src/java.base/share/classes/java/security/SecureClassLoader.java b/src/java.base/share/classes/java/security/SecureClassLoader.java
@@ -42,6 +42,8 @@
  * @since 1.2
  */
 public class SecureClassLoader extends ClassLoader {
+
+    private static final Permission LOAD_CLASS_ALLOW = new LoadClassPermission();
 
     /*
      * Map that maps the CodeSource to a ProtectionDomain. The key is a
@@ -227,6 +229,15 @@ public ProtectionDomain apply(CodeSourceKey key) {
                         = SecureClassLoader.this.getPermissions(key.cs);
                 ProtectionDomain pd = new ProtectionDomain(
                         key.cs, perms, SecureClassLoader.this, null);
+                SecurityManager sm = System.getSecurityManager();
+                if (sm != null){
+                    if (!pd.implies(LOAD_CLASS_ALLOW)){
+                        throw new SecurityException(
+                            "java.lang.LoadClassPermission hasn't been granted to this CodeSource: " 
+                                    + key.cs().toString()
+                        );
+                    }
+                }
                 if (DebugHolder.debug != null) {
                     DebugHolder.debug.println(" getPermissions " + pd);
                     DebugHolder.debug.println("");