Ensure boot class loader classes have a null CodeSource

gilles-duboscq · gilles-duboscq · commit ba1a090fdf4e · 2025-10-09T14:25:16.000+02:00
diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/hub/DynamicHub.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/hub/DynamicHub.java
@@ -1976,7 +1976,11 @@ public Object[] getSigners() {
     @Substitute
     public ProtectionDomain getProtectionDomain() {
         if (companion.protectionDomain == null) {
-            companion.protectionDomain = ProtectionDomainSupport.allPermDomain();
+            if (getClassLoader() == null) {
+                companion.protectionDomain = ProtectionDomainSupport.bootAllPermDomain();
+            } else {
+                companion.protectionDomain = ProtectionDomainSupport.allPermDomain();
+            }
         }
         return companion.protectionDomain;
     }
diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ProtectionDomainSupport.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ProtectionDomainSupport.java
@@ -32,8 +32,6 @@
 import java.security.cert.Certificate;
 import java.util.function.Supplier;
 
-import jdk.graal.compiler.options.Option;
-import jdk.graal.compiler.options.OptionType;
 import org.graalvm.nativeimage.ImageSingletons;
 import org.graalvm.nativeimage.Platform;
 import org.graalvm.nativeimage.Platforms;
@@ -42,6 +40,8 @@
 import com.oracle.svm.core.option.HostedOptionKey;
 import com.oracle.svm.core.util.LazyFinalReference;
 
+import jdk.graal.compiler.options.Option;
+import jdk.graal.compiler.options.OptionType;
 import sun.security.util.SecurityConstants;
 
 /**
@@ -69,10 +69,21 @@ public static class Options {
     }
 
     private final LazyFinalReference<ProtectionDomain> allPermDomain = new LazyFinalReference<>(this::createAllPermDomain);
+    private final LazyFinalReference<ProtectionDomain> bootAllPermDomain = new LazyFinalReference<>(ProtectionDomainSupport::createBootAllPermDomain);
 
     /** Remains null as long as the reachability handler has not triggered. */
     Supplier<URL> executableURLSupplier;
 
+    public static ProtectionDomain bootAllPermDomain() {
+        return ImageSingletons.lookup(ProtectionDomainSupport.class).bootAllPermDomain.get();
+    }
+
+    private static ProtectionDomain createBootAllPermDomain() {
+        java.security.Permissions perms = new java.security.Permissions();
+        perms.add(SecurityConstants.ALL_PERMISSION);
+        return new java.security.ProtectionDomain(null, perms);
+    }
+
     public static ProtectionDomain allPermDomain() {
         return ImageSingletons.lookup(ProtectionDomainSupport.class).allPermDomain.get();
     }

Original file line number	Diff line number	Diff line change
`@@ -1976,7 +1976,11 @@ public Object[] getSigners() {`
`1976`	`1976`	`@Substitute`
`1977`	`1977`	`public ProtectionDomain getProtectionDomain() {`
`1978`	`1978`	`if (companion.protectionDomain == null) {`
`1979`		`- companion.protectionDomain = ProtectionDomainSupport.allPermDomain();`
	`1979`	`+ if (getClassLoader() == null) {`
	`1980`	`+ companion.protectionDomain = ProtectionDomainSupport.bootAllPermDomain();`
	`1981`	`+ } else {`
	`1982`	`+ companion.protectionDomain = ProtectionDomainSupport.allPermDomain();`
	`1983`	`+ }`
`1980`	`1984`	`}`
`1981`	`1985`	`return companion.protectionDomain;`
`1982`	`1986`	`}`