archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8338411: Implement JEP 486: Permanently Disable the Security Manager

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Alan Bateman <alanb@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Co-authored-by: Aleksei Efimov <aefimov@openjdk.org>
Co-authored-by: Brian Burkhalter <bpb@openjdk.org>
Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org>
Co-authored-by: Harshitha Onkar <honkar@openjdk.org>
Co-authored-by: Joe Wang <joehw@openjdk.org>
Co-authored-by: Jorn Vernee <jvernee@openjdk.org>
Co-authored-by: Justin Lu <jlu@openjdk.org>
Co-authored-by: Kevin Walls <kevinw@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Naoto Sato <naoto@openjdk.org>
Co-authored-by: Roger Riggs <rriggs@openjdk.org>
Co-authored-by: Brent Christian <bchristi@openjdk.org>
Co-authored-by: Stuart Marks <smarks@openjdk.org>
Co-authored-by: Ian Graves <igraves@openjdk.org>
Co-authored-by: Phil Race <prr@openjdk.org>
Co-authored-by: Erik Gahlin <egahlin@openjdk.org>
Co-authored-by: Jaikiran Pai <jpai@openjdk.org>
Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila
This commit is contained in:
Sean Mullan 2024-11-12 17:16:15 +00:00
parent c12b386d19
commit db85090553
1885 changed files with 5528 additions and 65650 deletions
Download patch file Download diff file Expand all files Collapse all files

204
src/java.base/share/classes/java/io/File.java
View file

@ -556,9 +556,6 @@ public class File
* @return The absolute pathname string denoting the same file or
* directory as this abstract pathname
*
* @throws SecurityException
* If a required system property value cannot be accessed.
*
* @see java.io.File#isAbsolute()
*/
public String getAbsolutePath() {
@ -572,9 +569,6 @@ public class File
* @return The absolute abstract pathname denoting the same file or
* directory as this abstract pathname
*
* @throws SecurityException
* If a required system property value cannot be accessed.
*
* @since 1.2
*/
public File getAbsoluteFile() {
@ -614,12 +608,6 @@ public class File
* construction of the canonical pathname may require
* filesystem queries
*
* @throws SecurityException
* If a required system property value cannot be accessed, or
* if a security manager exists and its {@link
* java.lang.SecurityManager#checkRead} method denies
* read access to the file
*
* @since 1.1
* @see Path#toRealPath
*/
@ -642,12 +630,6 @@ public class File
* construction of the canonical pathname may require
* filesystem queries
*
* @throws SecurityException
* If a required system property value cannot be accessed, or
* if a security manager exists and its {@link
* java.lang.SecurityManager#checkRead} method denies
* read access to the file
*
* @since 1.2
* @see Path#toRealPath
*/
@ -736,8 +718,6 @@ public class File
* @return An absolute, hierarchical URI with a scheme equal to
* {@code "file"}, a path representing this abstract pathname,
* and undefined authority, query, and fragment components
* @throws SecurityException If a required system property value cannot
* be accessed.
*
* @see #File(java.net.URI)
* @see java.net.URI
@ -769,11 +749,6 @@ public class File
* @return {@code true} if and only if the file specified by this
* abstract pathname exists <em>and</em> can be read by the
* application; {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*/
public boolean canRead() {
@SuppressWarnings("removal")
@ -798,11 +773,6 @@ public class File
* contains a file denoted by this abstract pathname <em>and</em>
* the application is allowed to write to the file;
* {@code false} otherwise.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*/
public boolean canWrite() {
@SuppressWarnings("removal")
@ -822,11 +792,6 @@ public class File
*
* @return {@code true} if and only if the file or directory denoted
* by this abstract pathname exists; {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file or directory
*/
public boolean exists() {
@SuppressWarnings("removal")
@ -853,11 +818,6 @@ public class File
* @return {@code true} if and only if the file denoted by this
* abstract pathname exists <em>and</em> is a directory;
* {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*/
public boolean isDirectory() {
@SuppressWarnings("removal")
@ -886,11 +846,6 @@ public class File
* @return {@code true} if and only if the file denoted by this
* abstract pathname exists <em>and</em> is a normal file;
* {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*/
public boolean isFile() {
@SuppressWarnings("removal")
@ -923,11 +878,6 @@ public class File
* abstract pathname is hidden according to the conventions of the
* underlying platform
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*
* @since 1.2
*/
public boolean isHidden() {
@ -968,11 +918,6 @@ public class File
* file does not exist or if an I/O error occurs. The value may
* be negative indicating the number of milliseconds before the
* epoch
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*/
public long lastModified() {
@SuppressWarnings("removal")
@ -1000,11 +945,6 @@ public class File
* pathname, or {@code 0L} if the file does not exist. Some
* operating systems may return {@code 0L} for pathnames
* denoting system-dependent entities such as devices or pipes.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method denies read access to the file
*/
public long length() {
@SuppressWarnings("removal")
@ -1040,11 +980,6 @@ public class File
* @throws IOException
* If an I/O error occurred
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.2
*/
public boolean createNewFile() throws IOException {
@ -1070,11 +1005,6 @@ public class File
*
* @return {@code true} if and only if the file or directory is
* successfully deleted; {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkDelete} method denies
* delete access to the file
*/
public boolean delete() {
@SuppressWarnings("removal")
@ -1108,11 +1038,6 @@ public class File
* {@link java.nio.channels.FileLock FileLock}
* facility should be used instead.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkDelete} method denies
* delete access to the file
*
* @see #delete
*
* @since 1.2
@ -1155,11 +1080,6 @@ public class File
* empty if the directory is empty. Returns {@code null} if
* this abstract pathname does not denote a directory, or if an
* I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*/
public String[] list() {
return normalizedList();
@ -1175,11 +1095,6 @@ public class File
* empty if the directory is empty. Returns {@code null} if
* this abstract pathname does not denote a directory, or if an
* I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*/
private final String[] normalizedList() {
@SuppressWarnings("removal")
@ -1223,11 +1138,6 @@ public class File
* Returns {@code null} if this abstract pathname does not denote
* a directory, or if an I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*
* @see java.nio.file.Files#newDirectoryStream(Path,String)
*/
public String[] list(FilenameFilter filter) {
@ -1275,11 +1185,6 @@ public class File
* {@code null} if this abstract pathname does not denote a
* directory, or if an I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*
* @since 1.2
*/
public File[] listFiles() {
@ -1315,11 +1220,6 @@ public class File
* {@code null} if this abstract pathname does not denote a
* directory, or if an I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*
* @since 1.2
* @see java.nio.file.Files#newDirectoryStream(Path,String)
*/
@ -1353,11 +1253,6 @@ public class File
* {@code null} if this abstract pathname does not denote a
* directory, or if an I/O error occurs.
*
* @throws SecurityException
* If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to
* the directory
*
* @since 1.2
* @see java.nio.file.Files#newDirectoryStream(Path,java.nio.file.DirectoryStream.Filter)
*/
@ -1378,11 +1273,6 @@ public class File
*
* @return {@code true} if and only if the directory was
* created; {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method does not permit the named directory to be created
*/
public boolean mkdir() {
@SuppressWarnings("removal")
@ -1405,16 +1295,6 @@ public class File
* @return {@code true} if and only if the directory was created,
* along with all necessary parent directories; {@code false}
* otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkRead(java.lang.String)}
* method does not permit verification of the existence of the
* named directory and all necessary parent directories; or if
* the {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method does not permit the named directory and all necessary
* parent directories to be created
*/
public boolean mkdirs() {
if (exists()) {
@ -1458,11 +1338,6 @@ public class File
* @return {@code true} if and only if the renaming succeeded;
* {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to either the old or new pathnames
*
* @throws NullPointerException
* If parameter {@code dest} is {@code null}
*/
@ -1501,11 +1376,6 @@ public class File
*
* @throws IllegalArgumentException If the argument is negative
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the named file
*
* @since 1.2
*/
public boolean setLastModified(long time) {
@ -1533,11 +1403,6 @@ public class File
* @return {@code true} if and only if the operation succeeded;
* {@code false} otherwise
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the named file
*
* @since 1.2
*/
public boolean setReadOnly() {
@ -1577,11 +1442,6 @@ public class File
* operation will fail if the user does not have permission to change
* the access permissions of this abstract pathname.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the named file
*
* @since 1.6
*/
public boolean setWritable(boolean writable, boolean ownerOnly) {
@ -1617,11 +1477,6 @@ public class File
* operation will fail if the user does not have permission to
* change the access permissions of this abstract pathname.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.6
*/
public boolean setWritable(boolean writable) {
@ -1659,11 +1514,6 @@ public class File
* fails, or the value of the {@code readable} parameter if
* setting the read permission is not supported.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.6
*/
public boolean setReadable(boolean readable, boolean ownerOnly) {
@ -1705,11 +1555,6 @@ public class File
* fails, or the value of the {@code readable} parameter if
* setting the read permission is not supported.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.6
*/
public boolean setReadable(boolean readable) {
@ -1747,11 +1592,6 @@ public class File
* fails, or the value of the {@code executable} parameter if
* setting the execute permission is not supported.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.6
*/
public boolean setExecutable(boolean executable, boolean ownerOnly) {
@ -1793,11 +1633,6 @@ public class File
* fails, or the value of the {@code executable} parameter if
* setting the execute permission is not supported.
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method denies write access to the file
*
* @since 1.6
*/
public boolean setExecutable(boolean executable) {
@ -1814,11 +1649,6 @@ public class File
* @return {@code true} if and only if the abstract pathname exists
* <em>and</em> the application is allowed to execute the file
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkExec(java.lang.String)}
* method denies execute access to the file
*
* @since 1.6
*/
public boolean canExecute() {
@ -1850,12 +1680,6 @@ public class File
* machine will begin with one of the roots returned by this method.
* There is no guarantee that a root directory can be accessed.
*
* <p> Unlike most methods in this class, this method does not throw
* security exceptions. If a security manager exists and its {@link
* SecurityManager#checkRead(String)} method denies read access to a
* particular root directory, then that directory will not appear in the
* result.
*
* @implNote
* Windows platforms, for example, have a root directory
* for each active drive; UNIX platforms have a single root directory,
@ -1898,12 +1722,6 @@ public class File
* abstract pathname does not name a partition or if the size
* cannot be obtained
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link RuntimePermission}{@code ("getFileSystemAttributes")}
* or its {@link SecurityManager#checkRead(String)} method denies
* read access to the file named by this abstract pathname
*
* @since 1.6
* @see FileStore#getTotalSpace
*/
@ -1942,12 +1760,6 @@ public class File
* equal to the total file system size returned by
* {@link #getTotalSpace}.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link RuntimePermission}{@code ("getFileSystemAttributes")}
* or its {@link SecurityManager#checkRead(String)} method denies
* read access to the file named by this abstract pathname
*
* @since 1.6
* @see FileStore#getUnallocatedSpace
*/
@ -1989,12 +1801,6 @@ public class File
* is not available, this method will be equivalent to a call to
* {@link #getFreeSpace}.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link RuntimePermission}{@code ("getFileSystemAttributes")}
* or its {@link SecurityManager#checkRead(String)} method denies
* read access to the file named by this abstract pathname
*
* @since 1.6
* @see FileStore#getUsableSpace
*/
@ -2176,11 +1982,6 @@ public class File
* @throws IOException
* If a file could not be created
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method does not allow a file to be created
*
* @since 1.2
*/
public static File createTempFile(String prefix, String suffix,
@ -2250,11 +2051,6 @@ public class File
*
* @throws IOException If a file could not be created
*
* @throws SecurityException
* If a security manager exists and its {@link
* java.lang.SecurityManager#checkWrite(java.lang.String)}
* method does not allow a file to be created
*
* @since 1.2
* @see java.nio.file.Files#createTempDirectory(String,FileAttribute[])
*/

26
src/java.base/share/classes/java/io/FileInputStream.java
View file

@ -95,11 +95,6 @@ public class FileInputStream extends InputStream
* object is created to represent this file
* connection.
* <p>
* First, if there is a security
* manager, its {@code checkRead} method
* is called with the {@code name} argument
* as its argument.
* <p>
* If the named file does not exist, is a directory rather than a regular
* file, or for some other reason cannot be opened for reading then a
* {@code FileNotFoundException} is thrown.
@ -109,10 +104,6 @@ public class FileInputStream extends InputStream
* is a directory rather than a regular file,
* or for some other reason cannot be opened for
* reading.
* @throws SecurityException if a security manager exists and its
* {@code checkRead} method denies read access
* to the file.
* @see java.lang.SecurityManager#checkRead(java.lang.String)
*/
public FileInputStream(String name) throws FileNotFoundException {
this(name != null ? new File(name) : null);
@ -126,11 +117,6 @@ public class FileInputStream extends InputStream
* A new {@code FileDescriptor} object
* is created to represent this file connection.
* <p>
* First, if there is a security manager,
* its {@code checkRead} method is called
* with the path represented by the {@code file}
* argument as its argument.
* <p>
* If the named file does not exist, is a directory rather than a regular
* file, or for some other reason cannot be opened for reading then a
* {@code FileNotFoundException} is thrown.
@ -140,10 +126,7 @@ public class FileInputStream extends InputStream
* is a directory rather than a regular file,
* or for some other reason cannot be opened for
* reading.
* @throws SecurityException if a security manager exists and its
* {@code checkRead} method denies read access to the file.
* @see java.io.File#getPath()
* @see java.lang.SecurityManager#checkRead(java.lang.String)
*/
@SuppressWarnings("this-escape")
public FileInputStream(File file) throws FileNotFoundException {
@ -171,11 +154,6 @@ public class FileInputStream extends InputStream
* {@code fdObj}, which represents an existing connection to an
* actual file in the file system.
* <p>
* If there is a security manager, its {@code checkRead} method is
* called with the file descriptor {@code fdObj} as its argument to
* see if it's ok to read the file descriptor. If read access is denied
* to the file descriptor a {@code SecurityException} is thrown.
* <p>
* If {@code fdObj} is null then a {@code NullPointerException}
* is thrown.
* <p>
@ -185,10 +163,6 @@ public class FileInputStream extends InputStream
* I/O on the stream, an {@code IOException} is thrown.
*
* @param fdObj the file descriptor to be opened for reading.
* @throws SecurityException if a security manager exists and its
* {@code checkRead} method denies read access to the
* file descriptor.
* @see SecurityManager#checkRead(java.io.FileDescriptor)
*/
@SuppressWarnings("this-escape")
public FileInputStream(FileDescriptor fdObj) {

40
src/java.base/share/classes/java/io/FileOutputStream.java
View file

@ -103,9 +103,6 @@ public class FileOutputStream extends OutputStream
* A new {@code FileDescriptor} object is
* created to represent this file connection.
* <p>
* First, if there is a security manager, its {@code checkWrite}
* method is called with {@code name} as its argument.
* <p>
* If the file exists but is a directory rather than a regular file, does
* not exist but cannot be created, or cannot be opened for any other
* reason then a {@code FileNotFoundException} is thrown.
@ -118,10 +115,6 @@ public class FileOutputStream extends OutputStream
* @throws FileNotFoundException if the file exists but is a directory
* rather than a regular file, does not exist but cannot
* be created, or cannot be opened for any other reason
* @throws SecurityException if a security manager exists and its
* {@code checkWrite} method denies write access
* to the file.
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
*/
public FileOutputStream(String name) throws FileNotFoundException {
this(name != null ? new File(name) : null, false);
@ -137,9 +130,6 @@ public class FileOutputStream extends OutputStream
* A new {@code FileDescriptor} object is created to represent this
* file connection.
* <p>
* First, if there is a security manager, its {@code checkWrite}
* method is called with {@code name} as its argument.
* <p>
* If the file exists but is a directory rather than a regular file, does
* not exist but cannot be created, or cannot be opened for any other
* reason then a {@code FileNotFoundException} is thrown.
@ -150,10 +140,6 @@ public class FileOutputStream extends OutputStream
* @throws FileNotFoundException if the file exists but is a directory
* rather than a regular file, does not exist but cannot
* be created, or cannot be opened for any other reason.
* @throws SecurityException if a security manager exists and its
* {@code checkWrite} method denies write access
* to the file.
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
* @since 1.1
*/
public FileOutputStream(String name, boolean append)
@ -171,10 +157,6 @@ public class FileOutputStream extends OutputStream
* A new {@code FileDescriptor} object is
* created to represent this file connection.
* <p>
* First, if there is a security manager, its {@code checkWrite}
* method is called with the path represented by the {@code file}
* argument as its argument.
* <p>
* If the file exists but is a directory rather than a regular file, does
* not exist but cannot be created, or cannot be opened for any other
* reason then a {@code FileNotFoundException} is thrown.
@ -183,12 +165,7 @@ public class FileOutputStream extends OutputStream
* @throws FileNotFoundException if the file exists but is a directory
* rather than a regular file, does not exist but cannot
* be created, or cannot be opened for any other reason
* @throws SecurityException if a security manager exists and its
* {@code checkWrite} method denies write access
* to the file.
* @see java.io.File#getPath()
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
*/
public FileOutputStream(File file) throws FileNotFoundException {
this(file, false);
@ -205,10 +182,6 @@ public class FileOutputStream extends OutputStream
* A new {@code FileDescriptor} object is created to represent this
* file connection.
* <p>
* First, if there is a security manager, its {@code checkWrite}
* method is called with the path represented by the {@code file}
* argument as its argument.
* <p>
* If the file exists but is a directory rather than a regular file, does
* not exist but cannot be created, or cannot be opened for any other
* reason then a {@code FileNotFoundException} is thrown.
@ -219,12 +192,7 @@ public class FileOutputStream extends OutputStream
* @throws FileNotFoundException if the file exists but is a directory
* rather than a regular file, does not exist but cannot
* be created, or cannot be opened for any other reason
* @throws SecurityException if a security manager exists and its
* {@code checkWrite} method denies write access
* to the file.
* @see java.io.File#getPath()
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
* @since 1.4
*/
@SuppressWarnings("this-escape")
@ -256,10 +224,6 @@ public class FileOutputStream extends OutputStream
* descriptor, which represents an existing connection to an actual
* file in the file system.
* <p>
* First, if there is a security manager, its {@code checkWrite}
* method is called with the file descriptor {@code fdObj}
* argument as its argument.
* <p>
* If {@code fdObj} is null then a {@code NullPointerException}
* is thrown.
* <p>
@ -269,10 +233,6 @@ public class FileOutputStream extends OutputStream
* I/O on the stream, an {@code IOException} is thrown.
*
* @param fdObj the file descriptor to be opened for writing
* @throws SecurityException if a security manager exists and its
* {@code checkWrite} method denies
* write access to the file descriptor
* @see java.lang.SecurityManager#checkWrite(java.io.FileDescriptor)
*/
@SuppressWarnings("this-escape")
public FileOutputStream(FileDescriptor fdObj) {

38
src/java.base/share/classes/java/io/FilePermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -61,39 +61,15 @@ import sun.security.util.SecurityConstants;
* (recursively) all files and subdirectories contained in the current
* directory.
* <P>
* The actions to be granted are passed to the constructor in a string containing
* The actions are passed to the constructor in a string containing
* a list of one or more comma-separated keywords. The possible keywords are
* "read", "write", "execute", "delete", and "readlink". Their meaning is
* defined as follows:
*
* <DL>
* <DT> read <DD> read permission
* <DT> write <DD> write permission
* <DT> execute
* <DD> execute permission. Allows {@code Runtime.exec} to
* be called. Corresponds to {@code SecurityManager.checkExec}.
* <DT> delete
* <DD> delete permission. Allows {@code File.delete} to
* be called. Corresponds to {@code SecurityManager.checkDelete}.
* <DT> readlink
* <DD> read link permission. Allows the target of a
* <a href="../nio/file/package-summary.html#links">symbolic link</a>
* to be read by invoking the {@link java.nio.file.Files#readSymbolicLink
* readSymbolicLink } method.
* </DL>
* "read", "write", "execute", "delete", and "readlink".
* <P>
* The actions string is converted to lowercase before processing.
* <P>
* Be careful when granting FilePermissions. Think about the implications
* of granting read and especially write access to various files and
* directories. The {@literal "<<ALL FILES>>"} permission with write action is
* especially dangerous. This grants permission to write to the entire
* file system. One thing this effectively allows is replacement of the
* system binary, including the JVM runtime environment.
* <P>
* Please note: Code can always read a file from the same
* directory it's in (or a subdirectory of that directory); it does not
* need explicit permission to do so.
*
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @see java.security.Permission
* @see java.security.Permissions

4
src/java.base/share/classes/java/io/ObjectInputFilter.java
View file

@ -728,8 +728,6 @@ public interface ObjectInputFilter {
* Set the static JVM-wide filter if it has not already been configured or set.
*
* @param filter the deserialization filter to set as the JVM-wide filter; not null
* @throws SecurityException if there is security manager and the
* {@code SerializablePermission("serialFilter")} is not granted
* @throws IllegalStateException if the filter has already been set or the initialization
* of the filter from the system property {@code jdk.serialFilter} or
* the security property {@code jdk.serialFilter} fails.
@ -829,8 +827,6 @@ public interface ObjectInputFilter {
* @throws IllegalStateException if the builtin deserialization filter factory
* has already been replaced or any instance of {@link ObjectInputStream}
* has been created.
* @throws SecurityException if there is security manager and the
* {@code SerializablePermission("serialFilter")} is not granted
* @since 17
*/
public static void setSerialFilterFactory(BinaryOperator<ObjectInputFilter> filterFactory) {

45
src/java.base/share/classes/java/io/ObjectInputStream.java
View file

@ -374,17 +374,9 @@ public class ObjectInputStream
* When the filter factory {@code apply} method is invoked it may throw a runtime exception
* preventing the {@code ObjectInputStream} from being constructed.
*
* <p>If a security manager is installed, this constructor will check for
* the "enableSubclassImplementation" SerializablePermission when invoked
* directly or indirectly by the constructor of a subclass which overrides
* the ObjectInputStream.readFields or ObjectInputStream.readUnshared
* methods.
*
* @param in input stream to read from
* @throws StreamCorruptedException if the stream header is incorrect
* @throws IOException if an I/O error occurs while reading stream header
* @throws SecurityException if untrusted subclass illegally overrides
* security-sensitive methods
* @throws IllegalStateException if the initialization of {@link ObjectInputFilter.Config}
* fails due to invalid serial filter or serial filter factory properties.
* @throws NullPointerException if {@code in} is {@code null}
@ -419,21 +411,11 @@ public class ObjectInputStream
* When the filter factory {@code apply} method is invoked it may throw a runtime exception
* preventing the {@code ObjectInputStream} from being constructed.
*
* <p>If there is a security manager installed, this method first calls the
* security manager's {@code checkPermission} method with the
* {@code SerializablePermission("enableSubclassImplementation")}
* permission to ensure it's ok to enable subclassing.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies enabling
* subclassing.
* @throws IOException if an I/O error occurs while creating this stream
* @throws IllegalStateException if the initialization of {@link ObjectInputFilter.Config}
* fails due to invalid serial filter or serial filter factory properties.
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected ObjectInputStream() throws IOException, SecurityException {
protected ObjectInputStream() throws IOException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -599,12 +581,6 @@ public class ObjectInputStream
* each object (regular or class) read to reconstruct the root object.
* See {@link #setObjectInputFilter(ObjectInputFilter) setObjectInputFilter} for details.
*
* <p>ObjectInputStream subclasses which override this method can only be
* constructed in security contexts possessing the
* "enableSubclassImplementation" SerializablePermission; any attempt to
* instantiate such a subclass without this permission will cause a
* SecurityException to be thrown.
*
* @return reference to deserialized object
* @throws ClassNotFoundException if class of an object to deserialize
* cannot be found
@ -923,26 +899,11 @@ public class ObjectInputStream
* enabled, the {@link #resolveObject} method is called for every object being
* deserialized.
*
* <p>If object replacement is currently not enabled, and
* {@code enable} is true, and there is a security manager installed,
* this method first calls the security manager's
* {@code checkPermission} method with the
* {@code SerializablePermission("enableSubstitution")} permission to
* ensure that the caller is permitted to enable the stream to do replacement
* of objects read from the stream.
*
* @param enable true for enabling use of {@code resolveObject} for
* every object being deserialized
* @return the previous setting before this method was invoked
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies enabling the stream
* to do replacement of objects read from the stream.
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected boolean enableResolveObject(boolean enable)
throws SecurityException
{
protected boolean enableResolveObject(boolean enable) {
if (enable == enableResolve) {
return enable;
}
@ -1341,8 +1302,6 @@ public class ObjectInputStream
* is increased before reading an object.
*
* @param filter the filter, may be null
* @throws SecurityException if there is security manager and the
* {@code SerializablePermission("serialFilter")} is not granted
* @throws IllegalStateException if an object has been read,
* if the filter factory returns {@code null} when the
* {@linkplain #getObjectInputFilter() current filter} is non-null, or

43
src/java.base/share/classes/java/io/ObjectOutputStream.java
View file

@ -237,16 +237,8 @@ public class ObjectOutputStream
* ensure that constructors for receiving ObjectInputStreams will not block
* when reading the header.
*
* <p>If a security manager is installed, this constructor will check for
* the "enableSubclassImplementation" SerializablePermission when invoked
* directly or indirectly by the constructor of a subclass which overrides
* the ObjectOutputStream.putFields or ObjectOutputStream.writeUnshared
* methods.
*
* @param out output stream to write to
* @throws IOException if an I/O error occurs while writing stream header
* @throws SecurityException if untrusted subclass illegally overrides
* security-sensitive methods
* @throws NullPointerException if {@code out} is {@code null}
* @since 1.4
* @see ObjectOutputStream#ObjectOutputStream()
@ -274,19 +266,9 @@ public class ObjectOutputStream
* ObjectOutputStream to not have to allocate private data just used by
* this implementation of ObjectOutputStream.
*
* <p>If there is a security manager installed, this method first calls the
* security manager's {@code checkPermission} method with a
* {@code SerializablePermission("enableSubclassImplementation")}
* permission to ensure it's ok to enable subclassing.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies enabling
* subclassing.
* @throws IOException if an I/O error occurs while creating this stream
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected ObjectOutputStream() throws IOException, SecurityException {
protected ObjectOutputStream() throws IOException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -414,12 +396,6 @@ public class ObjectOutputStream
* writeUnshared, and not to any transitively referenced sub-objects in the
* object graph to be serialized.
*
* <p>ObjectOutputStream subclasses which override this method can only be
* constructed in security contexts possessing the
* "enableSubclassImplementation" SerializablePermission; any attempt to
* instantiate such a subclass without this permission will cause a
* SecurityException to be thrown.
*
* @param obj object to write to stream
* @throws NotSerializableException if an object in the graph to be
* serialized does not implement the Serializable interface
@ -611,26 +587,11 @@ public class ObjectOutputStream
* enabled, the {@link #replaceObject} method is called for every object being
* serialized.
*
* <p>If object replacement is currently not enabled, and
* {@code enable} is true, and there is a security manager installed,
* this method first calls the security manager's
* {@code checkPermission} method with the
* {@code SerializablePermission("enableSubstitution")} permission to
* ensure that the caller is permitted to enable the stream to do replacement
* of objects written to the stream.
*
* @param enable true for enabling use of {@code replaceObject} for
* every object being serialized
* @return the previous setting before this method was invoked
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies enabling the stream
* to do replacement of objects written to the stream.
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected boolean enableReplaceObject(boolean enable)
throws SecurityException
{
protected boolean enableReplaceObject(boolean enable) {
if (enable == enableReplace) {
return enable;
}

28
src/java.base/share/classes/java/io/PrintStream.java
View file

@ -249,10 +249,6 @@ public class PrintStream extends FilterOutputStream
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
* @see Charset#defaultCharset()
*
* @since 1.5
@ -284,11 +280,6 @@ public class PrintStream extends FilterOutputStream
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
*
* @throws UnsupportedEncodingException
* If the named charset is not supported
*
@ -320,11 +311,6 @@ public class PrintStream extends FilterOutputStream
* @throws IOException
* if an I/O error occurs while opening or creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
*
* @since 10
*/
public PrintStream(String fileName, Charset charset) throws IOException {
@ -351,10 +337,6 @@ public class PrintStream extends FilterOutputStream
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
* @see Charset#defaultCharset()
*
* @since 1.5
@ -386,11 +368,6 @@ public class PrintStream extends FilterOutputStream
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
*
* @throws UnsupportedEncodingException
* If the named charset is not supported
*
@ -423,11 +400,6 @@ public class PrintStream extends FilterOutputStream
* @throws IOException
* if an I/O error occurs while opening or creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
*
* @since 10
*/
public PrintStream(File file, Charset charset) throws IOException {

28
src/java.base/share/classes/java/io/PrintWriter.java
View file

@ -195,10 +195,6 @@ public class PrintWriter extends Writer {
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
* @see Charset#defaultCharset()
*
* @since 1.5
@ -247,11 +243,6 @@ public class PrintWriter extends Writer {
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
*
* @throws UnsupportedEncodingException
* If the named charset is not supported
*
@ -282,11 +273,6 @@ public class PrintWriter extends Writer {
* @throws IOException
* if an I/O error occurs while opening or creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(fileName)} denies write
* access to the file
*
* @since 10
*/
public PrintWriter(String fileName, Charset charset) throws IOException {
@ -313,10 +299,6 @@ public class PrintWriter extends Writer {
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
* @see Charset#defaultCharset()
*
* @since 1.5
@ -348,11 +330,6 @@ public class PrintWriter extends Writer {
* created, or if some other error occurs while opening or
* creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
*
* @throws UnsupportedEncodingException
* If the named charset is not supported
*
@ -383,11 +360,6 @@ public class PrintWriter extends Writer {
* @throws IOException
* if an I/O error occurs while opening or creating the file
*
* @throws SecurityException
* If a security manager is present and {@link
* SecurityManager#checkWrite checkWrite(file.getPath())}
* denies write access to the file
*
* @since 10
*/
public PrintWriter(File file, Charset charset) throws IOException {

29
src/java.base/share/classes/java/io/RandomAccessFile.java
View file

@ -114,15 +114,6 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* specified for the <a
* href="#mode">{@code RandomAccessFile(File,String)}</a> constructor.
*
* <p>
* If there is a security manager, its {@code checkRead} method
* is called with the {@code pathname} argument
* as its argument to see if read access to the file is allowed.
* If the mode allows writing, the security manager's
* {@code checkWrite} method
* is also called with the {@code pathname} argument
* as its argument to see if write access to the file is allowed.
*
* @param pathname the system-dependent pathname string
* @param mode the access <a href="#mode">mode</a>
* @throws IllegalArgumentException if the mode argument is not equal
@ -135,13 +126,6 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* existing, writable regular file and a new regular file of
* that pathname cannot be created, or if some other error
* occurs while opening or creating the file
* @throws SecurityException if a security manager exists and its
* {@code checkRead} method denies read access to the file
* or the mode is {@code "rw"} and the security manager's
* {@code checkWrite} method denies write access to the file
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkRead(java.lang.String)
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
*/
public RandomAccessFile(String pathname, String mode)
throws FileNotFoundException
@ -205,13 +189,6 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* updates to both the file's content and its metadata to be written, which
* generally requires at least one more low-level I/O operation.
*
* <p>If there is a security manager, its {@code checkRead} method is
* called with the pathname of the {@code file} argument as its
* argument to see if read access to the file is allowed. If the mode
* allows writing, the security manager's {@code checkWrite} method is
* also called with the pathname of the {@code file} argument to see if
* write access to the file is allowed.
*
* @param file the file object
* @param mode the access mode, as described
* <a href="#mode">above</a>
@ -225,12 +202,6 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* an existing, writable regular file and a new regular file of
* that pathname cannot be created, or if some other error
* occurs while opening or creating the file
* @throws SecurityException if a security manager exists and its
* {@code checkRead} method denies read access to the file
* or the mode is {@code "rw"} and the security manager's
* {@code checkWrite} method denies write access to the file
* @see java.lang.SecurityManager#checkRead(java.lang.String)
* @see java.lang.SecurityManager#checkWrite(java.lang.String)
* @see java.nio.channels.FileChannel#force(boolean)
*/
@SuppressWarnings("this-escape")

55
src/java.base/share/classes/java/io/SerializablePermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,55 +36,9 @@ import java.util.StringTokenizer;
* no actions list; you either have the named permission
* or you don't.
*
* <P>
* The target name is the name of the Serializable permission (see below).
*
* <P>
* The following table lists the standard {@code SerializablePermission} target names,
* and for each provides a description of what the permission allows
* and a discussion of the risks of granting code the permission.
*
* <table class="striped">
* <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
* <thead>
* <tr>
* <th scope="col">Permission Target Name</th>
* <th scope="col">What the Permission Allows</th>
* <th scope="col">Risks of Allowing this Permission</th>
* </tr>
* </thead>
* <tbody>
*
* <tr>
* <th scope="row">enableSubclassImplementation</th>
* <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
* to override the default serialization or deserialization, respectively,
* of objects</td>
* <td>Code can use this to serialize or
* deserialize classes in a purposefully malfeasant manner. For example,
* during serialization, malicious code can use this to
* purposefully store confidential private field data in a way easily accessible
* to attackers. Or, during deserialization it could, for example, deserialize
* a class with all its private fields zeroed out.</td>
* </tr>
*
* <tr>
* <th scope="row">enableSubstitution</th>
* <td>Substitution of one object for another during
* serialization or deserialization</td>
* <td>This is dangerous because malicious code
* can replace the actual object with one which has incorrect or
* malignant data.</td>
* </tr>
*
* <tr>
* <th scope="row">serialFilter</th>
* <td>Setting a filter for ObjectInputStreams.</td>
* <td>Code could remove a configured filter and remove protections
* already established.</td>
* </tr>
* </tbody>
* </table>
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @see java.security.BasicPermission
* @see java.security.Permission
@ -92,7 +46,6 @@ import java.util.StringTokenizer;
* @see java.security.PermissionCollection
* @see java.lang.SecurityManager
*
*
* @author Joe Fialli
* @since 1.2
*/