/* * Copyright (C) 2014 The Android Open Source Project * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.lang.reflect; import java.lang.annotation.Annotation; /** * The AccessibleObject class is the base class for Field, Method and * Constructor objects. It provides the ability to flag a reflected * object as suppressing default Java language access control checks * when it is used. The access checks--for public, default (package) * access, protected, and private members--are performed when Fields, * Methods or Constructors are used to set or get fields, to invoke * methods, or to create and initialize new instances of classes, * respectively. * *

Setting the {@code accessible} flag in a reflected object * permits sophisticated applications with sufficient privilege, such * as Java Object Serialization or other persistence mechanisms, to * manipulate objects in a manner that would normally be prohibited. * *

By default, a reflected object is not accessible. * * @see Field * @see Method * @see Constructor * @see ReflectPermission * * @since 1.2 */ public class AccessibleObject implements AnnotatedElement { /** * Convenience method to set the {@code accessible} flag for an * array of objects with a single security check (for efficiency). * *

First, if there is a security manager, its * {@code checkPermission} method is called with a * {@code ReflectPermission("suppressAccessChecks")} permission. * *

A {@code SecurityException} is raised if {@code flag} is * {@code true} but accessibility of any of the elements of the input * {@code array} may not be changed (for example, if the element * object is a {@link Constructor} object for the class {@link * java.lang.Class}). In the event of such a SecurityException, the * accessibility of objects is set to {@code flag} for array elements * upto (and excluding) the element for which the exception occurred; the * accessibility of elements beyond (and including) the element for which * the exception occurred is unchanged. * * @param array the array of AccessibleObjects * @param flag the new value for the {@code accessible} flag * in each object * @throws SecurityException if the request is denied. * @see SecurityManager#checkPermission * @see java.lang.RuntimePermission */ public static void setAccessible(AccessibleObject[] array, boolean flag) throws SecurityException { for (int i = 0; i < array.length; i++) { setAccessible0(array[i], flag); } } /** * Set the {@code accessible} flag for this object to * the indicated boolean value. A value of {@code true} indicates that * the reflected object should suppress Java language access * checking when it is used. A value of {@code false} indicates * that the reflected object should enforce Java language access checks. * *

First, if there is a security manager, its * {@code checkPermission} method is called with a * {@code ReflectPermission("suppressAccessChecks")} permission. * *

A {@code SecurityException} is raised if {@code flag} is * {@code true} but accessibility of this object may not be changed * (for example, if this element object is a {@link Constructor} object for * the class {@link java.lang.Class}). * *

A {@code SecurityException} is raised if this object is a {@link * java.lang.reflect.Constructor} object for the class * {@code java.lang.Class}, and {@code flag} is true. * * @param flag the new value for the {@code accessible} flag * @throws SecurityException if the request is denied. * @see SecurityManager#checkPermission * @see java.lang.RuntimePermission */ public void setAccessible(boolean flag) throws SecurityException { setAccessible0(this, flag); } /* Check that you aren't exposing java.lang.Class. or sensitive fields in java.lang.Class. */ private static void setAccessible0(AccessibleObject obj, boolean flag) throws SecurityException { if (obj instanceof Constructor && flag == true) { Constructor c = (Constructor)obj; // Android-changed: Added additional checks below. Class clazz = c.getDeclaringClass(); if (c.getDeclaringClass() == Class.class) { throw new SecurityException("Can not make a java.lang.Class" + " constructor accessible"); } else if (clazz == Method.class) { throw new SecurityException("Can not make a java.lang.reflect.Method" + " constructor accessible"); } else if (clazz == Field.class) { throw new SecurityException("Can not make a java.lang.reflect.Field" + " constructor accessible"); } } obj.override = flag; } /** * Get the value of the {@code accessible} flag for this object. * * @return the value of the object's {@code accessible} flag */ public boolean isAccessible() { return override; } /** * Constructor: only used by the Java Virtual Machine. */ protected AccessibleObject() {} // Indicates whether language-level access checks are overridden // by this object. Initializes to "false". This field is used by // Field, Method, and Constructor. // // NOTE: for security purposes, this field must not be visible // outside this package. boolean override; /** * @throws NullPointerException {@inheritDoc} * @since 1.5 */ public T getAnnotation(Class annotationClass) { throw new AssertionError("All subclasses should override this method"); } /** * {@inheritDoc} * @throws NullPointerException {@inheritDoc} * @since 1.5 */ @Override public boolean isAnnotationPresent(Class annotationClass) { return AnnotatedElement.super.isAnnotationPresent(annotationClass); } /** * @throws NullPointerException {@inheritDoc} * @since 1.8 */ @Override public T[] getAnnotationsByType(Class annotationClass) { throw new AssertionError("All subclasses should override this method"); } /** * @since 1.5 */ public Annotation[] getAnnotations() { return getDeclaredAnnotations(); } /** * @throws NullPointerException {@inheritDoc} * @since 1.8 */ @Override public T getDeclaredAnnotation(Class annotationClass) { // Only annotations on classes are inherited, for all other // objects getDeclaredAnnotation is the same as // getAnnotation. return getAnnotation(annotationClass); } /** * @throws NullPointerException {@inheritDoc} * @since 1.8 */ @Override public T[] getDeclaredAnnotationsByType(Class annotationClass) { // Only annotations on classes are inherited, for all other // objects getDeclaredAnnotationsByType is the same as // getAnnotationsByType. return getAnnotationsByType(annotationClass); } /** * @since 1.5 */ public Annotation[] getDeclaredAnnotations() { throw new AssertionError("All subclasses should override this method"); } }