Update doPrivilegedWithCombinerHelper function

When we try to invoke doPrivilegedWithCombiner function to perform a privileged action under an existing context environment, we are used to construct a new context but ignore the parent context. We should take consideration of a combination of the current and parent context, rather than just choose either the current or the parent. This patch eliminates the race condition in issue #19499. Issue: #19499 Signed-off-by: Jinhang Zhang <[email protected]>
eclipse-openj9 · Nov 12, 2024 · 5c436bf · 5c436bf
1 parent 83533e1
commit 5c436bf
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 7 deletions.
diff --git a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java
@@ -350,6 +350,37 @@ public AccessControlContext(ProtectionDomain[] fromContext) {
 	this.containPrivilegedContext = true;
 }
 
+AccessControlContext(ProtectionDomain[] pdArray, @SuppressWarnings("removal") DomainCombiner combiner,
+		AccessControlContext parent, AccessControlContext acc, int authorizeState) {
+	super();
+	switch (authorizeState) {
+	default:
+		// authorizeState can't be STATE_UNKNOWN, callerPD always is NULL
+		throw new IllegalArgumentException();
+	case STATE_AUTHORIZED:
+		if (null != acc) {
+			// when parent combiner is not null, use parent combiner to combine the current context
+			if (combiner != null) {
+				this.context = combiner.combine(pdArray, acc.context);
+				this.domainCombiner = combiner;
+			} else {
+				this.context = combinePDObjs(pdArray, acc.context);
+				this.domainCombiner = acc.domainCombiner;
+			}
+		} else {
+			this.domainCombiner = parent.domainCombiner;
+			this.context = pdArray;
+			this.nextStackAcc = parent;
+		}
+		break;
+	case STATE_NOT_AUTHORIZED:
+		break;
+	}
+	this.doPrivilegedAcc = acc;
+	this.authorizeState = authorizeState;
+	this.containPrivilegedContext = true;
+}
+
 /**
  * Constructs a new instance of this class given a context
  * and a DomainCombiner

diff --git a/jcl/src/java.base/share/classes/java/security/AccessController.java b/jcl/src/java.base/share/classes/java/security/AccessController.java
@@ -1027,13 +1027,10 @@ public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action
 private static AccessControlContext doPrivilegedWithCombinerHelper(AccessControlContext context) {
 	ProtectionDomain domain = getCallerPD(2);
 	ProtectionDomain[] pdArray = (domain == null) ? null : new ProtectionDomain[] { domain };
-	AccessControlContext fixedContext = new AccessControlContext(context, pdArray, getNewAuthorizedState(context, domain));
-	if (context == null) {
-		AccessControlContext parentContext = getContextHelper(true);
-		fixedContext.domainCombiner = parentContext.domainCombiner;
-		fixedContext.nextStackAcc = parentContext;
-	}
-	return fixedContext;
+	AccessControlContext parentContext = getContextHelper(context == null);
+	DomainCombiner domaincombiner = parentContext.getCombiner();
+
+	return new AccessControlContext(pdArray, domaincombiner, parentContext, context, getNewAuthorizedState(context, domain));
 }
 
 }