archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344397: Remove Security Manager dependencies from java.security and sun.security packages

Browse source 
Reviewed-by: rriggs, hchao, weijun, alanb
This commit is contained in:
Sean Mullan 2024-12-02 21:30:53 +00:00
parent 3d0d0e6290
commit 940aa7c4cf
45 changed files with 406 additions and 1436 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/java.base/share/classes/java/lang/Class.java
View file

@ -53,6 +53,7 @@ import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.constant.Constable;
import java.net.URL;
import java.security.AllPermission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.ArrayList;
@ -89,7 +90,6 @@ import sun.reflect.generics.repository.ClassRepository;
import sun.reflect.generics.repository.MethodRepository;
import sun.reflect.generics.repository.ConstructorRepository;
import sun.reflect.generics.scope.ClassScope;
import sun.security.util.SecurityConstants;
import sun.reflect.annotation.*;
import sun.reflect.misc.ReflectUtil;
@ -2720,7 +2720,7 @@ public final class Class<T> implements java.io.Serializable,
private static final ProtectionDomain allPermDomain;
static {
Permissions perms = new Permissions();
perms.add(SecurityConstants.ALL_PERMISSION);
perms.add(new AllPermission());
allPermDomain = new ProtectionDomain(null, perms);
}
}

8
src/java.base/share/classes/java/security/AccessControlContext.java
View file

@ -44,14 +44,6 @@ import java.util.List;
public final class AccessControlContext {
private ProtectionDomain[] context;
// isPrivileged and isAuthorized are referenced by the VM - do not remove
// or change their names
private boolean isPrivileged;
private boolean isAuthorized = false;
// Note: This field is directly used by the virtual machine
// native codes. Don't touch it.
private AccessControlContext privilegedContext;
@SuppressWarnings("removal")
private DomainCombiner combiner = null;

57
src/java.base/share/classes/java/security/Provider.java
View file

@ -345,12 +345,6 @@ public abstract class Provider extends Properties {
return name + " version " + versionStr;
}
/*
* override the following methods to ensure that provider
* information can only be changed if the caller has the appropriate
* permissions.
*/
/**
* Clears this {@code Provider} so that it no longer contains the properties
* used to look up facilities implemented by the {@code Provider}.
@ -359,7 +353,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized void clear() {
check("clearProviderProperties."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider properties");
}
@ -376,7 +370,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized void load(InputStream inStream) throws IOException {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Load " + name + " provider properties");
}
@ -394,7 +388,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized void putAll(Map<?,?> t) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Put all " + name + " provider properties");
}
@ -461,7 +455,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized Object put(Object key, Object value) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Set " + name + " provider property [" +
key + "/" + value +"]");
@ -478,7 +472,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized Object putIfAbsent(Object key, Object value) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Set " + name + " provider property [" +
key + "/" + value +"]");
@ -494,7 +488,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized Object remove(Object key) {
check("removeProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider property " + key);
}
@ -509,7 +503,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized boolean remove(Object key, Object value) {
check("removeProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider property " + key);
}
@ -525,7 +519,7 @@ public abstract class Provider extends Properties {
@Override
public synchronized boolean replace(Object key, Object oldValue,
Object newValue) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Replace " + name + " provider property " + key);
}
@ -540,7 +534,7 @@ public abstract class Provider extends Properties {
*/
@Override
public synchronized Object replace(Object key, Object value) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Replace " + name + " provider property " + key);
}
@ -558,7 +552,7 @@ public abstract class Provider extends Properties {
@Override
public synchronized void replaceAll(BiFunction<? super Object,
? super Object, ? extends Object> function) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ReplaceAll " + name + " provider property ");
}
@ -575,8 +569,7 @@ public abstract class Provider extends Properties {
@Override
public synchronized Object compute(Object key, BiFunction<? super Object,
? super Object, ? extends Object> remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Compute " + name + " provider property " + key);
}
@ -594,8 +587,7 @@ public abstract class Provider extends Properties {
@Override
public synchronized Object computeIfAbsent(Object key,
Function<? super Object, ? extends Object> mappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ComputeIfAbsent " + name + " provider property " +
key);
@ -613,8 +605,7 @@ public abstract class Provider extends Properties {
public synchronized Object computeIfPresent(Object key,
BiFunction<? super Object, ? super Object, ? extends Object>
remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ComputeIfPresent " + name + " provider property " +
key);
@ -635,8 +626,7 @@ public abstract class Provider extends Properties {
public synchronized Object merge(Object key, Object value,
BiFunction<? super Object, ? super Object, ? extends Object>
remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Merge " + name + " provider property " + key);
}
@ -694,15 +684,6 @@ public abstract class Provider extends Properties {
}
}
private void check(String directive) {
checkInitialized();
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}
// legacyMap changed since last call to getServices()
private transient volatile boolean legacyChanged;
// serviceMap changed since last call to getServices()
@ -789,8 +770,6 @@ public abstract class Provider extends Properties {
/**
* Copies all the mappings from the specified Map to this provider.
* Internal method to be called AFTER the security check has been
* performed.
*/
private void implPutAll(Map<?,?> t) {
for (Map.Entry<?,?> e : t.entrySet()) {
@ -1239,7 +1218,7 @@ public abstract class Provider extends Properties {
* @since 1.5
*/
protected void putService(Service s) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println(name + ".putService(): " + s);
}
@ -1303,7 +1282,7 @@ public abstract class Provider extends Properties {
private void putPropertyStrings(Service s) {
String type = s.getType();
String algorithm = s.getAlgorithm();
// use super() to avoid permission check and other processing
// use super() to avoid other processing
super.put(type + "." + algorithm, s.getClassName());
for (String alias : s.getAliases()) {
super.put(ALIAS_PREFIX + type + "." + alias, algorithm);
@ -1321,7 +1300,7 @@ public abstract class Provider extends Properties {
private void removePropertyStrings(Service s) {
String type = s.getType();
String algorithm = s.getAlgorithm();
// use super() to avoid permission check and other processing
// use super() to avoid other processing
super.remove(type + "." + algorithm);
for (String alias : s.getAliases()) {
super.remove(ALIAS_PREFIX + type + "." + alias);
@ -1346,7 +1325,7 @@ public abstract class Provider extends Properties {
* @since 1.5
*/
protected void removeService(Service s) {
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println(name + ".removeService(): " + s);
}

6
src/java.base/share/classes/java/security/SecureRandom.java
View file

@ -942,11 +942,7 @@ public class SecureRandom extends java.util.Random {
public static SecureRandom getInstanceStrong()
throws NoSuchAlgorithmException {
@SuppressWarnings("removal")
String property = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> Security.getProperty(
"securerandom.strongAlgorithms"));
String property = Security.getProperty("securerandom.strongAlgorithms");
if (property == null || property.isEmpty()) {
throw new NoSuchAlgorithmException(
"Null/empty securerandom.strongAlgorithms Security Property");

42
src/java.base/share/classes/java/security/Security.java
View file

@ -312,14 +312,7 @@ public final class Security {
}
static {
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call, etc)
@SuppressWarnings("removal")
var dummy = AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
initialize();
return null;
});
initialize();
// Set up JavaSecurityPropertiesAccess in SharedSecrets
SharedSecrets.setJavaSecurityPropertiesAccess(new JavaSecurityPropertiesAccess() {
@Override
@ -475,15 +468,13 @@ public final class Security {
*/
public static synchronized int insertProviderAt(Provider provider,
int position) {
String providerName = provider.getName();
checkInsertProvider(providerName);
ProviderList list = Providers.getFullProviderList();
ProviderList newList = ProviderList.insertAt(list, provider, position - 1);
if (list == newList) {
return -1;
}
Providers.setProviderList(newList);
return newList.getIndex(providerName) + 1;
return newList.getIndex(provider.getName()) + 1;
}
/**
@ -527,7 +518,6 @@ public final class Security {
* @see #addProvider
*/
public static synchronized void removeProvider(String name) {
check("removeProvider." + name);
ProviderList list = Providers.getFullProviderList();
ProviderList newList = ProviderList.remove(list, name);
Providers.setProviderList(newList);
@ -822,7 +812,6 @@ public final class Security {
*/
public static String getProperty(String key) {
SecPropLoader.checkReservedKey(key);
check("getProperty." + key);
String name = props.getProperty(key);
if (name != null)
name = name.trim(); // could be a class name with trailing ws
@ -845,7 +834,6 @@ public final class Security {
*/
public static void setProperty(String key, String datum) {
SecPropLoader.checkReservedKey(key);
check("setProperty." + key);
props.put(key, datum);
SecurityPropertyModificationEvent spe = new SecurityPropertyModificationEvent();
@ -859,32 +847,6 @@ public final class Security {
}
}
private static void check(String directive) {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}
private static void checkInsertProvider(String name) {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
try {
security.checkSecurityAccess("insertProvider");
} catch (SecurityException se1) {
try {
security.checkSecurityAccess("insertProvider." + name);
} catch (SecurityException se2) {
// throw first exception, but add second to suppressed
se1.addSuppressed(se2);
throw se1;
}
}
}
}
private static class Criteria {
private final String serviceName;
private final String algName;