HV-1280 Use privileged actions to manipulate the class loader

engine/src/main/java/org/hibernate/validator/internal/xml/ValidationXmlParser.java

@@ -9,6 +9,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.EnumSet;
 import java.util.HashMap;
@@ -27,7 +28,9 @@
 
 import org.hibernate.validator.internal.util.logging.Log;
 import org.hibernate.validator.internal.util.logging.LoggerFactory;
+import org.hibernate.validator.internal.util.privilegedactions.GetClassLoader;
 import org.hibernate.validator.internal.util.privilegedactions.NewJaxbContext;
+import org.hibernate.validator.internal.util.privilegedactions.SetContextClassLoader;
 import org.hibernate.validator.internal.util.privilegedactions.Unmarshal;
 
 /**
@@ -69,10 +72,10 @@ public final BootstrapConfiguration parseValidationXml() {
 			return BootstrapConfigurationImpl.getDefaultBootstrapConfiguration();
 		}
 
-		ClassLoader previousTccl = Thread.currentThread().getContextClassLoader();
+		ClassLoader previousTccl = run( GetClassLoader.fromContext() );
 
 		try {
-			Thread.currentThread().setContextClassLoader( ValidationXmlParser.class.getClassLoader() );
+			run( SetContextClassLoader.action( ValidationXmlParser.class.getClassLoader() ) );
 
 			// HV-970 The parser helper is only loaded if there actually is a validation.xml file;
 			// this avoids accessing javax.xml.stream.* (which does not exist on Android) when not actually
@@ -87,7 +90,7 @@ public final BootstrapConfiguration parseValidationXml() {
 			return createBootstrapConfiguration( validationConfig );
 		}
 		finally {
-			Thread.currentThread().setContextClassLoader( previousTccl );
+			run( SetContextClassLoader.action( previousTccl ) );
 			closeStream( inputStream );
 		}
 	}
@@ -196,6 +199,16 @@ private EnumSet<ExecutableType> getValidatedExecutableTypes(DefaultValidatedExec
 		return executableTypes;
 	}
 
+	/**
+	 * Runs the given privileged action, using a privileged block if required.
+	 * <p>
+	 * <b>NOTE:</b> This must never be changed into a publicly available method to avoid execution of arbitrary
+	 * privileged actions within HV's protection domain.
+	 */
+	private static <T> T run(PrivilegedAction<T> action) {
+		return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+	}
+
 	/**
 	 * Runs the given privileged action, using a privileged block if required.
 	 * <p>

engine/src/main/java/org/hibernate/validator/internal/xml/XmlMappingParser.java

@@ -11,6 +11,7 @@
 import java.io.InputStream;
 import java.lang.annotation.Annotation;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
 import java.util.List;
@@ -37,7 +38,9 @@
 import org.hibernate.validator.internal.metadata.raw.ConstrainedType;
 import org.hibernate.validator.internal.util.logging.Log;
 import org.hibernate.validator.internal.util.logging.LoggerFactory;
+import org.hibernate.validator.internal.util.privilegedactions.GetClassLoader;
 import org.hibernate.validator.internal.util.privilegedactions.NewJaxbContext;
+import org.hibernate.validator.internal.util.privilegedactions.SetContextClassLoader;
 import org.hibernate.validator.internal.util.privilegedactions.Unmarshal;
 
 import static org.hibernate.validator.internal.util.CollectionHelper.newArrayList;
@@ -173,10 +176,10 @@ public final void parse(Set<InputStream> mappingStreams) {
 	}
 
 	private ConstraintMappingsType unmarshal(JAXBContext jc, InputStream in) throws JAXBException {
-		ClassLoader previousTccl = Thread.currentThread().getContextClassLoader();
+		ClassLoader previousTccl = run( GetClassLoader.fromContext() );
 
 		try {
-			Thread.currentThread().setContextClassLoader( ValidationXmlParser.class.getClassLoader() );
+			run( SetContextClassLoader.action( XmlMappingParser.class.getClassLoader() ) );
 
 			XMLEventReader xmlEventReader = xmlParserHelper.createXmlEventReader( "constraint mapping file", new CloseIgnoringInputStream( in ) );
 			String schemaVersion = xmlParserHelper.getSchemaVersion( "constraint mapping file", xmlEventReader );
@@ -189,7 +192,7 @@ private ConstraintMappingsType unmarshal(JAXBContext jc, InputStream in) throws
 			return getValidationConfig( xmlEventReader, unmarshaller );
 		}
 		finally {
-			Thread.currentThread().setContextClassLoader( previousTccl );
+			run( SetContextClassLoader.action( previousTccl ) );
 		}
 	}
 
@@ -382,6 +385,16 @@ private String getSchemaResourceName(String schemaVersion) {
 		return schemaResource;
 	}
 
+	/**
+	 * Runs the given privileged action, using a privileged block if required.
+	 * <p>
+	 * <b>NOTE:</b> This must never be changed into a publicly available method to avoid execution of arbitrary
+	 * privileged actions within HV's protection domain.
+	 */
+	private static <T> T run(PrivilegedAction<T> action) {
+		return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+	}
+
 	/**
 	 * Runs the given privileged action, using a privileged block if required.
 	 * <p>