archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
This commit is contained in:
Weijun Wang 2021-06-02 11:57:31 +00:00
parent 19450b9951
commit 6765f90250
826 changed files with 2734 additions and 757 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/java.base/unix/classes/java/io/UnixFileSystem.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -144,6 +144,7 @@ class UnixFileSystem extends FileSystem {
@Override
public String resolve(File f) {
if (isAbsolute(f)) return f.getPath();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPropertyAccess("user.dir");
@ -345,6 +346,7 @@ class UnixFileSystem extends FileSystem {
@Override
public File[] listRoots() {
try {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkRead("/");

8
src/java.base/unix/classes/java/lang/ProcessImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,7 +42,6 @@ import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.security.AccessController;
import static java.security.AccessController.doPrivileged;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@ -101,6 +100,7 @@ final class ProcessImpl extends Process {
EnumSet.copyOf(Arrays.asList(launchMechanisms));
}
@SuppressWarnings("removal")
LaunchMechanism launchMechanism() {
return AccessController.doPrivileged(
(PrivilegedAction<LaunchMechanism>) () -> {
@ -301,6 +301,7 @@ final class ProcessImpl extends Process {
boolean redirectErrorStream)
throws IOException;
@SuppressWarnings("removal")
private ProcessImpl(final byte[] prog,
final byte[] argBlock, final int argc,
final byte[] envBlock, final int envc,
@ -321,7 +322,7 @@ final class ProcessImpl extends Process {
processHandle = ProcessHandleImpl.getInternal(pid);
try {
doPrivileged((PrivilegedExceptionAction<Void>) () -> {
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
initStreams(fds, forceNullOutputStream);
return null;
});
@ -508,6 +509,7 @@ final class ProcessImpl extends Process {
@Override
public ProcessHandle toHandle() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("manageProcess"));

4
src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -117,6 +117,7 @@ public class ResolverConfigurationImpl
// Load DNS configuration from OS
@SuppressWarnings("removal")
private void loadConfig() {
assert Thread.holdsLock(lock);
@ -149,6 +150,7 @@ public class ResolverConfigurationImpl
// obtain search list or local domain
@SuppressWarnings("removal")
private LinkedList<String> getSearchList() {
LinkedList<String> sl;

3
src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -102,6 +102,7 @@ public class NTLMAuthentication extends AuthenticationInfo {
return false;
}
@SuppressWarnings("removal")
private void init0() {
hostname = java.security.AccessController.doPrivileged(

1
src/java.base/unix/classes/sun/net/www/protocol/jar/JarFileFactory.java
View file

@ -192,6 +192,7 @@ class JarFileFactory implements URLJarFile.URLJarFileCloseController {
/* if the JAR file is cached, the permission will always be there */
if (result != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permission perm = getPermission(result);

3
src/java.base/unix/classes/sun/nio/ch/InheritedChannel.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -154,6 +154,7 @@ class InheritedChannel {
* RuntimePermission.
*/
private static void checkAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("inheritedChannel"));

5
src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -65,6 +65,7 @@ class UnixAsynchronousServerSocketChannelImpl
private PendingFuture<AsynchronousSocketChannel,Object> acceptFuture;
// context for permission check when security manager set
@SuppressWarnings("removal")
private AccessControlContext acceptAcc;
@ -200,6 +201,7 @@ class UnixAsynchronousServerSocketChannelImpl
* with an IOException or SecurityException then the channel/file descriptor
* will be closed.
*/
@SuppressWarnings("removal")
private AsynchronousSocketChannel finishAccept(FileDescriptor newfd,
final InetSocketAddress remote,
AccessControlContext acc)
@ -244,6 +246,7 @@ class UnixAsynchronousServerSocketChannelImpl
return ch;
}
@SuppressWarnings("removal")
@Override
Future<AsynchronousSocketChannel> implAccept(Object att,
CompletionHandler<AsynchronousSocketChannel,Object> handler)

1
src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java
View file

@ -310,6 +310,7 @@ class UnixAsynchronousSocketChannelImpl
InetSocketAddress isa = Net.checkAddress(remote);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkConnect(isa.getAddress().getHostAddress(), isa.getPort());

3
src/java.base/unix/classes/sun/nio/ch/UnixDomainSocketsUtil.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,7 @@ class UnixDomainSocketsUtil {
* 2. ${jdk.net.unixdomain.tmpdir} if set as net property
* 3. ${java.io.tmpdir} system property
*/
@SuppressWarnings("removal")
static String getTempDir() {
PrivilegedAction<String> action = () -> {
String s = NetProperties.get("jdk.net.unixdomain.tmpdir");

3
src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -93,6 +93,7 @@ class MimeTypesFileTypeDetector extends AbstractFileTypeDetector {
if (!loaded) {
synchronized (this) {
if (!loaded) {
@SuppressWarnings("removal")
List<String> lines = AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override

3
src/java.base/unix/classes/sun/nio/fs/UnixChannelFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -237,6 +237,7 @@ class UnixChannelFactory {
oflags |= O_DIRECT;
// permission check before we open the file
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (pathForPermissionCheck == null)

4
src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -392,6 +392,7 @@ class UnixCopyFile {
throws IOException
{
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
source.checkWrite();
@ -527,6 +528,7 @@ class UnixCopyFile {
CopyOption... options) throws IOException
{
// permission checks
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
source.checkRead();

4
src/java.base/unix/classes/sun/nio/fs/UnixFileAttributeViews.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -179,6 +179,7 @@ class UnixFileAttributeViews {
}
final void checkReadExtended() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
file.checkRead();
@ -187,6 +188,7 @@ class UnixFileAttributeViews {
}
final void checkWriteExtended() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
file.checkWrite();

3
src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -270,6 +270,7 @@ abstract class UnixFileStore
/**
* Returns status to indicate if file system supports a given feature
*/
@SuppressWarnings("removal")
FeatureStatus checkIfFeaturePresent(String feature) {
if (props == null) {
synchronized (loadLock) {

3
src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java
View file

@ -149,6 +149,7 @@ abstract class UnixFileSystem
return new Iterable<>() {
public Iterator<Path> iterator() {
try {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkRead(rootDirectory.toString());
@ -195,6 +196,7 @@ abstract class UnixFileSystem
continue;
// check permission to read mount point
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
@ -240,6 +242,7 @@ abstract class UnixFileSystem
@Override
public final Iterable<FileStore> getFileStores() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {

7
src/java.base/unix/classes/sun/nio/fs/UnixFileSystemProvider.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -300,6 +300,7 @@ public abstract class UnixFileSystemProvider
mode |= W_OK;
}
if (x) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// not cached
@ -372,6 +373,7 @@ public abstract class UnixFileSystemProvider
@Override
public FileStore getFileStore(Path obj) throws IOException {
UnixPath file = UnixPath.toUnixPath(obj);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getFileStoreAttributes"));
@ -456,6 +458,7 @@ public abstract class UnixFileSystemProvider
}
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new LinkPermission("symbolic"));
@ -476,6 +479,7 @@ public abstract class UnixFileSystemProvider
UnixPath existing = UnixPath.toUnixPath(obj2);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new LinkPermission("hard"));
@ -493,6 +497,7 @@ public abstract class UnixFileSystemProvider
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),

4
src/java.base/unix/classes/sun/nio/fs/UnixPath.java
View file

@ -774,18 +774,21 @@ class UnixPath implements Path {
}
void checkRead() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkRead(getPathForPermissionCheck());
}
void checkWrite() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkWrite(getPathForPermissionCheck());
}
void checkDelete() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkDelete(getPathForPermissionCheck());
@ -798,6 +801,7 @@ class UnixPath implements Path {
}
// The path is relative so need to resolve against default directory,
// taking care not to reveal the user.dir
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPropertyAccess("user.dir");

9
src/java.base/unix/classes/sun/nio/fs/UnixSecureDirectoryStream.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -94,6 +94,7 @@ class UnixSecureDirectoryStream
boolean followLinks = Util.followLinks(options);
// permission check using name resolved against original path of directory
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
child.checkRead();
@ -172,6 +173,7 @@ class UnixSecureDirectoryStream
UnixPath file = getName(obj);
// permission check using name resolved against original path of directory
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
ds.directory().resolve(file).checkDelete();
@ -237,6 +239,7 @@ class UnixSecureDirectoryStream
UnixSecureDirectoryStream that = (UnixSecureDirectoryStream)dir;
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
this.ds.directory().resolve(from).checkWrite();
@ -334,6 +337,7 @@ class UnixSecureDirectoryStream
}
private void checkWriteAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null) {
@ -356,6 +360,7 @@ class UnixSecureDirectoryStream
if (!ds.isOpen())
throw new ClosedDirectoryStreamException();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null) {
@ -436,6 +441,7 @@ class UnixSecureDirectoryStream
}
private void checkWriteAndUserAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
super.checkWriteAccess();
@ -450,6 +456,7 @@ class UnixSecureDirectoryStream
@Override
public PosixFileAttributes readAttributes() throws IOException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null)

7
src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -110,6 +110,7 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public List<String> list() throws IOException {
if (System.getSecurityManager() != null)
@ -136,6 +137,7 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int size(String name) throws IOException {
if (System.getSecurityManager() != null)
@ -159,6 +161,7 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int read(String name, ByteBuffer dst) throws IOException {
if (System.getSecurityManager() != null)
@ -222,6 +225,7 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int write(String name, ByteBuffer src) throws IOException {
if (System.getSecurityManager() != null)
@ -283,6 +287,7 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public void delete(String name) throws IOException {
if (System.getSecurityManager() != null)

3
src/java.base/unix/classes/sun/nio/fs/UnixUserPrincipals.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -133,6 +133,7 @@ public class UnixUserPrincipals {
private static int lookupName(String name, boolean isGroup)
throws IOException
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("lookupUserInformation"));

4
src/java.base/unix/classes/sun/security/provider/NativePRNG.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -125,6 +125,7 @@ public final class NativePRNG extends SecureRandomSpi {
/**
* Create a RandomIO object for all I/O of this Variant type.
*/
@SuppressWarnings("removal")
private static RandomIO initIO(final Variant v) {
return AccessController.doPrivileged(
new PrivilegedAction<>() {
@ -449,6 +450,7 @@ public final class NativePRNG extends SecureRandomSpi {
// supply random bytes to the OS
// write to "seed" if possible
// always add the seed to our mixing random
@SuppressWarnings("removal")
private void implSetSeed(byte[] seed) {
synchronized (LOCK_SET_SEED) {
if (seedOutInitialized == false) {