8174823: Module system implementation refresh (3/2017)

Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Co-authored-by: Peter Levart <peter.levart@gmail.com> Reviewed-by: chegar, mchung, alanb
2025-08-28 15:24:43 +02:00 · 2017-03-22 16:26:27 +00:00 · 2017-03-22 16:26:27 +00:00 · b19eb2766f
commit b19eb2766f
parent 10a42feace
101 changed files with 3708 additions and 1541 deletions
--- a/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java
+++ b/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java
@ -25,8 +25,6 @@

 package java.lang.module;

-import java.io.File;
-import java.io.FilePermission;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@ -43,9 +41,9 @@ import java.util.Optional;
 import java.util.Set;

 import jdk.internal.module.ModuleBootstrap;
+import jdk.internal.module.ModulePatcher;
 import jdk.internal.module.ModulePath;
 import jdk.internal.module.SystemModuleFinder;
-import sun.security.action.GetPropertyAction;

 /**
 * A finder of modules. A {@code ModuleFinder} is used to find modules during
@ -146,9 +144,9 @@ public interface ModuleFinder {
     *
     * <p> If there is a security manager set then its {@link
     * SecurityManager#checkPermission(Permission) checkPermission} method is
-     * invoked to check that the caller has been granted {@link FilePermission}
-     * to recursively read the directory that is the value of the system
-     * property {@code java.home}. </p>
+     * invoked to check that the caller has been granted
+     * {@link RuntimePermission RuntimePermission("accessSystemModules")}
+     * to access the system modules. </p>
     *
     * @return A {@code ModuleFinder} that locates the system modules
     *
@ -156,32 +154,55 @@ public interface ModuleFinder {
     *         If denied by the security manager
     */
    static ModuleFinder ofSystem() {
-        String home;
-
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
-            PrivilegedAction<String> pa = new GetPropertyAction("java.home");
-            home = AccessController.doPrivileged(pa);
-            Permission p = new FilePermission(home + File.separator + "-", "read");
-            sm.checkPermission(p);
+            sm.checkPermission(new RuntimePermission("accessSystemModules"));
+            PrivilegedAction<ModuleFinder> pa = ModuleFinder::privilegedOfSystem;
+            return AccessController.doPrivileged(pa);
        } else {
-            home = System.getProperty("java.home");
+            return privilegedOfSystem();
        }
+    }

+    /**
+     * Returns a module finder that locates the system modules. This method
+     * assumes it has permissions to access the runtime image.
+     */
+    private static ModuleFinder privilegedOfSystem() {
+        String home = System.getProperty("java.home");
        Path modules = Paths.get(home, "lib", "modules");
        if (Files.isRegularFile(modules)) {
            return SystemModuleFinder.getInstance();
        } else {
-            Path mlib = Paths.get(home, "modules");
-            if (Files.isDirectory(mlib)) {
-                // exploded build may be patched
-                return ModulePath.of(ModuleBootstrap.patcher(), mlib);
+            Path dir = Paths.get(home, "modules");
+            if (Files.isDirectory(dir)) {
+                return privilegedOf(ModuleBootstrap.patcher(), dir);
            } else {
                throw new InternalError("Unable to detect the run-time image");
            }
        }
    }

+    /**
+     * Returns a module finder that locates the system modules in an exploded
+     * image. The image may be patched.
+     */
+    private static ModuleFinder privilegedOf(ModulePatcher patcher, Path dir) {
+        ModuleFinder finder = ModulePath.of(patcher, dir);
+        return new ModuleFinder() {
+            @Override
+            public Optional<ModuleReference> find(String name) {
+                PrivilegedAction<Optional<ModuleReference>> pa = () -> finder.find(name);
+                return AccessController.doPrivileged(pa);
+            }
+            @Override
+            public Set<ModuleReference> findAll() {
+                PrivilegedAction<Set<ModuleReference>> pa = finder::findAll;
+                return AccessController.doPrivileged(pa);
+            }
+        };
+    }
+
    /**
     * Returns a module finder that locates modules on the file system by
     * searching a sequence of directories and/or packaged modules.
@ -201,7 +222,7 @@ public interface ModuleFinder {
     *
     * <p> If an element is a path to a directory of modules then each entry in
     * the directory is a packaged module or the top-level directory of an
-     * exploded module. It it an error if a directory contains more than one
+     * exploded module. It is an error if a directory contains more than one
     * module with the same name. If an element is a path to a directory, and
     * that directory contains a file named {@code module-info.class}, then the
     * directory is treated as an exploded module rather than a directory of