Permission Analysis Report
Analysis of: org.eclipse.osgi
Detail
Class: org.eclipse.osgi.framework.adaptor.core.DefaultClassLoader (Application)
DoPrivileged location: Line# 214 org.eclipse.osgi.framework.adaptor.core.BundleFile createBundleFile( java.io.File, org.eclipse.osgi.framework.adaptor.core.AbstractBundleData )
Permission: java.io.FilePermission "???file???", "read"
Primordial/boolean java.io.File.exists( )
CODE
/**
* Creates a BundleFile object for a classpath entry
* @param file the file object used to create a BundleFile
* @param bundledata the bundle data
* @return a BundleFile object for a classpath entry
*/
protected BundleFile createBundleFile(File file, AbstractBundleData bundledata) {
if (file == null || !file.exists())
return null;
try {
return hostdata.getAdaptor().createBundleFile(file, bundledata);
} catch (IOException e) {
bundledata.getAdaptor().getEventPublisher().publishFrameworkEvent(FrameworkEvent.ERROR, bundledata.getBundle(), e);
}
return null;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "read";
Conclusion:
DoPrivileged location: Line# 370 java.lang.Class defineClass( java.lang.String, byte[], int, int, org.eclipse.osgi.framework.adaptor.core.DefaultClassLoader$ClasspathEntry )
Permission: java.io.SerializablePermission "enableSubclassImplementation"
Primordial/java.lang.Class java.lang.ClassLoader.defineClass( java.lang.String, byte[], int, int, java.security.ProtectionDomain )
CODE
/**
* Defines a class for this classloader
* @param name the name of the class
* @param classbytes the class bytes
* @param off the offset in the class bytes array
* @param len the legth of the class bytes
* @param classpathEntry the classpath entry used for the class
* @return a loaded Class object
* @throws ClassFormatError if the class has a format error
*/
protected Class defineClass(String name, byte[] classbytes, int off, int len, ClasspathEntry classpathEntry) throws ClassFormatError {
if (name != null && name.startsWith("java.")) { //$NON-NLS-1$
// To work around the security issue that prevents any
// other classloader except for the bootstrap classloader
// from loading packages that start with java.
name = null;
}
return defineClass(name, classbytes, off, len, classpathEntry.getProtectionDomain());
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.SerializablePermission "enableSubclassImplementation";
Conclusion: