archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344223: Remove calls to SecurityManager and doPrivileged in java.net.URLClassLoader after JEP 486 integration

Browse source 
Reviewed-by: alanb, yzheng
This commit is contained in:
Jaikiran Pai 2024-11-20 12:41:39 +00:00
parent 6f4dfa6626
commit db7ee3dad1
3 changed files with 112 additions and 397 deletions
Download patch file Download diff file Expand all files Collapse all files

197
src/java.base/share/classes/java/net/URLClassLoader.java
View file

@ -30,14 +30,10 @@ import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.SecureClassLoader;
import java.util.Enumeration;
import java.util.List;
@ -76,10 +72,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
/* The search path for classes and resources */
private final URLClassPath ucp;
/* The context to be used when loading classes and resources */
@SuppressWarnings("removal")
private final AccessControlContext acc;
/**
* Constructs a new URLClassLoader for the given URLs. The URLs will be
* searched in the order specified for classes and resources after first
@ -94,18 +86,9 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls, ClassLoader parent) {
super(parent);
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
}
URLClassLoader(String name, URL[] urls, ClassLoader parent,
@SuppressWarnings("removal") AccessControlContext acc) {
super(name, parent);
this.acc = acc;
this.ucp = new URLClassPath(urls, acc);
this.ucp = new URLClassPath(urls);
}
/**
@ -122,17 +105,9 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls) {
super();
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
}
URLClassLoader(URL[] urls, @SuppressWarnings("removal") AccessControlContext acc) {
super();
this.acc = acc;
this.ucp = new URLClassPath(urls, acc);
this.ucp = new URLClassPath(urls);
}
/**
@ -149,12 +124,10 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls, ClassLoader parent,
URLStreamHandlerFactory factory) {
super(parent);
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, factory, acc);
this.ucp = new URLClassPath(urls, factory);
}
@ -176,13 +149,11 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
*
* @since 9
*/
@SuppressWarnings("removal")
public URLClassLoader(String name,
URL[] urls,
ClassLoader parent) {
super(name, parent);
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
this.ucp = new URLClassPath(urls);
}
/**
@ -203,12 +174,10 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
*
* @since 9
*/
@SuppressWarnings("removal")
public URLClassLoader(String name, URL[] urls, ClassLoader parent,
URLStreamHandlerFactory factory) {
super(name, parent);
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, factory, acc);
this.ucp = new URLClassPath(urls, factory);
}
/* A map (used as a set) to keep track of closeable local resources
@ -299,11 +268,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @since 1.7
*/
public void close() throws IOException {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkPermission(new RuntimePermission("closeClassLoader"));
}
List<IOException> errors = ucp.closeLoaders();
// now close any remaining streams.
@ -369,40 +333,24 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* or if the loader is closed.
* @throws NullPointerException if {@code name} is {@code null}.
*/
@SuppressWarnings("removal")
protected Class<?> findClass(final String name)
throws ClassNotFoundException
{
final Class<?> result;
try {
result = AccessController.doPrivileged(
new PrivilegedExceptionAction<>() {
public Class<?> run() throws ClassNotFoundException {
String path = name.replace('.', '/').concat(".class");
Resource res = ucp.getResource(path, false);
if (res != null) {
try {
return defineClass(name, res);
} catch (IOException e) {
throw new ClassNotFoundException(name, e);
} catch (ClassFormatError e2) {
if (res.getDataError() != null) {
e2.addSuppressed(res.getDataError());
}
throw e2;
}
} else {
return null;
}
}
}, acc);
} catch (java.security.PrivilegedActionException pae) {
throw (ClassNotFoundException) pae.getException();
String path = name.replace('.', '/').concat(".class");
Resource res = ucp.getResource(path);
if (res != null) {
try {
return defineClass(name, res);
} catch (IOException e) {
throw new ClassNotFoundException(name, e);
} catch (ClassFormatError e2) {
if (res.getDataError() != null) {
e2.addSuppressed(res.getDataError());
}
throw e2;
}
}
if (result == null) {
throw new ClassNotFoundException(name);
}
return result;
throw new ClassNotFoundException(name);
}
/*
@ -575,18 +523,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* if the resource could not be found, or if the loader is closed.
*/
public URL findResource(final String name) {
/*
* The same restriction to finding classes applies to resources
*/
@SuppressWarnings("removal")
URL url = AccessController.doPrivileged(
new PrivilegedAction<>() {
public URL run() {
return ucp.findResource(name, true);
}
}, acc);
return url != null ? URLClassPath.checkURL(url) : null;
return ucp.findResource(name);
}
/**
@ -598,10 +535,11 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @return An {@code Enumeration} of {@code URL}s.
* If the loader is closed, the Enumeration contains no elements.
*/
@Override
public Enumeration<URL> findResources(final String name)
throws IOException
{
final Enumeration<URL> e = ucp.findResources(name, true);
final Enumeration<URL> e = ucp.findResources(name);
return new Enumeration<>() {
private URL url = null;
@ -610,23 +548,14 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
if (url != null) {
return true;
}
do {
@SuppressWarnings("removal")
URL u = AccessController.doPrivileged(
new PrivilegedAction<>() {
public URL run() {
if (!e.hasMoreElements())
return null;
return e.nextElement();
}
}, acc);
if (u == null)
break;
url = URLClassPath.checkURL(u);
} while (url == null);
if (!e.hasMoreElements()) {
return false;
}
url = e.nextElement();
return url != null;
}
@Override
public URL nextElement() {
if (!next()) {
throw new NoSuchElementException();
@ -636,6 +565,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
return u;
}
@Override
public boolean hasMoreElements() {
return next();
}
@ -666,7 +596,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code codesource} is {@code null}.
* @return the permissions for the codesource
*/
@SuppressWarnings("removal")
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
@ -712,23 +641,13 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
String host = locUrl.getHost();
if (host != null && !host.isEmpty())
p = new SocketPermission(host,
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
}
// make sure the person that created this class loader
// would have this permission
if (p != null) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
final Permission fp = p;
AccessController.doPrivileged(new PrivilegedAction<>() {
public Void run() throws SecurityException {
sm.checkPermission(fp);
return null;
}
}, acc);
}
perms.add(p);
}
return perms;
@ -746,18 +665,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
*/
public static URLClassLoader newInstance(final URL[] urls,
final ClassLoader parent) {
// Save the caller's context
@SuppressWarnings("removal")
final AccessControlContext acc = AccessController.getContext();
// Need a privileged block to create the class loader
@SuppressWarnings("removal")
URLClassLoader ucl = AccessController.doPrivileged(
new PrivilegedAction<>() {
public URLClassLoader run() {
return new FactoryURLClassLoader(null, urls, parent, acc);
}
});
return ucl;
return new URLClassLoader(null, urls, parent);
}
/**
@ -770,53 +678,10 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @return the resulting class loader
*/
public static URLClassLoader newInstance(final URL[] urls) {
// Save the caller's context
@SuppressWarnings("removal")
final AccessControlContext acc = AccessController.getContext();
// Need a privileged block to create the class loader
@SuppressWarnings("removal")
URLClassLoader ucl = AccessController.doPrivileged(
new PrivilegedAction<>() {
public URLClassLoader run() {
return new FactoryURLClassLoader(urls, acc);
}
});
return ucl;
return new URLClassLoader(urls);
}
static {
ClassLoader.registerAsParallelCapable();
}
}
final class FactoryURLClassLoader extends URLClassLoader {
static {
ClassLoader.registerAsParallelCapable();
}
FactoryURLClassLoader(String name, URL[] urls, ClassLoader parent,
@SuppressWarnings("removal") AccessControlContext acc) {
super(name, urls, parent, acc);
}
FactoryURLClassLoader(URL[] urls, @SuppressWarnings("removal") AccessControlContext acc) {
super(urls, acc);
}
public final Class<?> loadClass(String name, boolean resolve)
throws ClassNotFoundException
{
// First check if we have permission to access the package. This
// should go away once we've added support for exported packages.
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
int i = name.lastIndexOf('.');
if (i != -1) {
sm.checkPackageAccess(name.substring(0, i));
}
}
return super.loadClass(name, resolve);
}
}