archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8338411: Implement JEP 486: Permanently Disable the Security Manager

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Alan Bateman <alanb@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Co-authored-by: Aleksei Efimov <aefimov@openjdk.org>
Co-authored-by: Brian Burkhalter <bpb@openjdk.org>
Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org>
Co-authored-by: Harshitha Onkar <honkar@openjdk.org>
Co-authored-by: Joe Wang <joehw@openjdk.org>
Co-authored-by: Jorn Vernee <jvernee@openjdk.org>
Co-authored-by: Justin Lu <jlu@openjdk.org>
Co-authored-by: Kevin Walls <kevinw@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Naoto Sato <naoto@openjdk.org>
Co-authored-by: Roger Riggs <rriggs@openjdk.org>
Co-authored-by: Brent Christian <bchristi@openjdk.org>
Co-authored-by: Stuart Marks <smarks@openjdk.org>
Co-authored-by: Ian Graves <igraves@openjdk.org>
Co-authored-by: Phil Race <prr@openjdk.org>
Co-authored-by: Erik Gahlin <egahlin@openjdk.org>
Co-authored-by: Jaikiran Pai <jpai@openjdk.org>
Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila
This commit is contained in:
Sean Mullan 2024-11-12 17:16:15 +00:00
parent c12b386d19
commit db85090553
1885 changed files with 5528 additions and 65650 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/java/lang/Boolean.java
View file

@ -271,8 +271,6 @@ public final class Boolean implements java.io.Serializable,
*
* @param name the system property name.
* @return the {@code boolean} value of the system property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
*/

385
src/java.base/share/classes/java/lang/Class.java
View file

@ -530,11 +530,6 @@ public final class Class<T> implements java.io.Serializable,
* by this method fails
* @throws ClassNotFoundException if the class cannot be located by
* the specified class loader
* @throws SecurityException
* if a security manager is present, and the {@code loader} is
* {@code null}, and the caller's class loader is not
* {@code null}, and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
*
* @see java.lang.Class#forName(String)
* @see java.lang.ClassLoader
@ -610,8 +605,6 @@ public final class Class<T> implements java.io.Serializable,
* a binary name. This method returns {@code null} on failure rather than
* throwing a {@link ClassNotFoundException}, as is done by
* the {@link #forName(String, boolean, ClassLoader)} method.
* The security check is a stack-based permission check if the caller
* loads a class in another module.
*
* @param module A module
* @param name The {@linkplain ClassLoader##binary-name binary name}
@ -623,16 +616,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @throws LinkageError if the linkage fails
*
* @throws SecurityException
* <ul>
* <li> if the caller is not the specified module and
* {@code RuntimePermission("getClassLoader")} permission is denied; or</li>
* <li> access to the module content is denied. For example,
* permission check will be performed when a class loader calls
* {@link ModuleReader#open(String)} to read the bytes of a class file
* in a module.</li>
* </ul>
*
* @jls 12.2 Loading of Classes and Interfaces
* @jls 12.3 Linking of Classes and Interfaces
* @since 9
@ -756,13 +739,6 @@ public final class Class<T> implements java.io.Serializable,
* or if the instantiation fails for some other reason.
* @throws ExceptionInInitializerError if the initialization
* provoked by this method fails.
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*/
@SuppressWarnings("removal")
@CallerSensitive
@ -1057,15 +1033,7 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the class loader that loaded the class or interface
* represented by this {@code Class} object.
* @throws SecurityException
* if a security manager is present, and the caller's class loader
* is not {@code null} and is not the same as or an ancestor of the
* class loader for the class whose class loader is requested,
* and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
* @see java.lang.ClassLoader
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*/
@CallerSensitive
@ForceInline // to ensure Reflection.getCallerClass optimization
@ -1541,30 +1509,10 @@ public final class Class<T> implements java.io.Serializable,
* @return the immediately enclosing method of the underlying class, if
* that class is a local or anonymous class; otherwise {@code null}.
*
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of the enclosing class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the methods within the enclosing class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the enclosing class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of the enclosing class
*
* </ul>
* @since 1.5
*/
@CallerSensitive
public Method getEnclosingMethod() throws SecurityException {
public Method getEnclosingMethod() {
EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo();
if (enclosingInfo == null)
@ -1697,30 +1645,11 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the immediately enclosing constructor of the underlying class, if
* that class is a local or anonymous class; otherwise {@code null}.
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of the enclosing class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the constructors within the enclosing class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the enclosing class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of the enclosing class
*
* </ul>
* @since 1.5
*/
@CallerSensitive
public Constructor<?> getEnclosingConstructor() throws SecurityException {
public Constructor<?> getEnclosingConstructor() {
EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo();
if (enclosingInfo == null)
@ -1777,16 +1706,10 @@ public final class Class<T> implements java.io.Serializable,
* type, or void, then this method returns null.
*
* @return the declaring class for this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and the caller's
* class loader is not the same as or an ancestor of the class
* loader for the declaring class and invocation of {@link
* SecurityManager#checkPackageAccess s.checkPackageAccess()}
* denies access to the package of the declaring class
* @since 1.1
*/
@CallerSensitive
public Class<?> getDeclaringClass() throws SecurityException {
public Class<?> getDeclaringClass() {
final Class<?> candidate = getDeclaringClass0();
if (candidate != null) {
@ -1808,16 +1731,10 @@ public final class Class<T> implements java.io.Serializable,
* class. If the underlying class is a top level class this
* method returns {@code null}.
* @return the immediately enclosing class of the underlying class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and the caller's
* class loader is not the same as or an ancestor of the class
* loader for the enclosing class and invocation of {@link
* SecurityManager#checkPackageAccess s.checkPackageAccess()}
* denies access to the package of the enclosing class
* @since 1.5
*/
@CallerSensitive
public Class<?> getEnclosingClass() throws SecurityException {
public Class<?> getEnclosingClass() {
// There are five kinds of classes (or interfaces):
// a) Top level classes
// b) Nested classes (static member classes)
@ -2072,14 +1989,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Class} objects representing the public
* members of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @since 1.1
*/
@SuppressWarnings("removal")
@ -2140,20 +2049,13 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Field} objects representing the
* public fields
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @since 1.1
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field[] getFields() throws SecurityException {
public Field[] getFields() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2231,20 +2133,13 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Method} objects representing the
* public methods of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @jls 8.2 Class Members
* @jls 8.4 Method Declarations
* @since 1.1
*/
@CallerSensitive
public Method[] getMethods() throws SecurityException {
public Method[] getMethods() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2274,19 +2169,12 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Constructor} objects representing the
* public constructors of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @see #getDeclaredConstructors()
* @since 1.1
*/
@CallerSensitive
public Constructor<?>[] getConstructors() throws SecurityException {
public Constructor<?>[] getConstructors() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2326,21 +2214,13 @@ public final class Class<T> implements java.io.Serializable,
* @throws NoSuchFieldException if a field with the specified name is
* not found.
* @throws NullPointerException if {@code name} is {@code null}
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @since 1.1
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field getField(String name)
throws NoSuchFieldException, SecurityException {
public Field getField(String name) throws NoSuchFieldException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
@ -2437,13 +2317,6 @@ public final class Class<T> implements java.io.Serializable,
* or if the name is {@value ConstantDescs#INIT_NAME} or
* {@value ConstantDescs#CLASS_INIT_NAME}.
* @throws NullPointerException if {@code name} is {@code null}
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @jls 8.2 Class Members
* @jls 8.4 Method Declarations
@ -2451,7 +2324,7 @@ public final class Class<T> implements java.io.Serializable,
*/
@CallerSensitive
public Method getMethod(String name, Class<?>... parameterTypes)
throws NoSuchMethodException, SecurityException {
throws NoSuchMethodException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
@ -2486,21 +2359,13 @@ public final class Class<T> implements java.io.Serializable,
* @throws NoSuchMethodException if a matching constructor is not found,
* including when this {@code Class} object represents
* an interface, a primitive type, an array class, or void.
* @throws SecurityException
* If a security manager, <i>s</i>, is present and
* the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class.
*
* @see #getDeclaredConstructor(Class<?>[])
* @see #getDeclaredConstructor(Class[])
* @since 1.1
*/
@CallerSensitive
public Constructor<T> getConstructor(Class<?>... parameterTypes)
throws NoSuchMethodException, SecurityException
{
throws NoSuchMethodException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2523,32 +2388,12 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Class} objects representing all the
* declared members of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared classes within this class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @since 1.1
* @jls 8.5 Member Class and Interface Declarations
*/
@CallerSensitive
public Class<?>[] getDeclaredClasses() throws SecurityException {
public Class<?>[] getDeclaredClasses() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2575,33 +2420,13 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Field} objects representing all the
* declared fields of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared fields within this class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @since 1.1
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field[] getDeclaredFields() throws SecurityException {
public Field[] getDeclaredFields() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2638,26 +2463,6 @@ public final class Class<T> implements java.io.Serializable,
* @return An array of {@code RecordComponent} objects representing all the
* record components of this record class, or {@code null} if this
* class is not a record class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared methods within this class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @jls 8.10 Record Classes
* @since 16
@ -2706,26 +2511,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Method} objects representing all the
* declared methods of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared methods within this class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @jls 8.2 Class Members
* @jls 8.4 Method Declarations
@ -2735,7 +2520,7 @@ public final class Class<T> implements java.io.Serializable,
* @since 1.1
*/
@CallerSensitive
public Method[] getDeclaredMethods() throws SecurityException {
public Method[] getDeclaredMethods() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2760,33 +2545,13 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the array of {@code Constructor} objects representing all the
* declared constructors of this class
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared constructors within this class
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @since 1.1
* @see #getConstructors()
* @jls 8.8 Constructor Declarations
*/
@CallerSensitive
public Constructor<?>[] getDeclaredConstructors() throws SecurityException {
public Constructor<?>[] getDeclaredConstructors() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -2811,34 +2576,13 @@ public final class Class<T> implements java.io.Serializable,
* @throws NoSuchFieldException if a field with the specified name is
* not found.
* @throws NullPointerException if {@code name} is {@code null}
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared field
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @since 1.1
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field getDeclaredField(String name)
throws NoSuchFieldException, SecurityException {
public Field getDeclaredField(String name) throws NoSuchFieldException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
@ -2877,26 +2621,6 @@ public final class Class<T> implements java.io.Serializable,
* matching the specified name and parameters
* @throws NoSuchMethodException if a matching method is not found.
* @throws NullPointerException if {@code name} is {@code null}
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared method
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @jls 8.2 Class Members
* @jls 8.4 Method Declarations
@ -2904,7 +2628,7 @@ public final class Class<T> implements java.io.Serializable,
*/
@CallerSensitive
public Method getDeclaredMethod(String name, Class<?>... parameterTypes)
throws NoSuchMethodException, SecurityException {
throws NoSuchMethodException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
@ -2975,34 +2699,13 @@ public final class Class<T> implements java.io.Serializable,
* @throws NoSuchMethodException if a matching constructor is not found,
* including when this {@code Class} object represents
* an interface, a primitive type, an array class, or void.
* @throws SecurityException
* If a security manager, <i>s</i>, is present and any of the
* following conditions is met:
*
* <ul>
*
* <li> the caller's class loader is not the same as the
* class loader of this class and invocation of
* {@link SecurityManager#checkPermission
* s.checkPermission} method with
* {@code RuntimePermission("accessDeclaredMembers")}
* denies access to the declared constructor
*
* <li> the caller's class loader is not the same as or an
* ancestor of the class loader for the current class and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of this class
*
* </ul>
*
* @see #getConstructor(Class<?>[])
* @see #getConstructor(Class[])
* @since 1.1
*/
@CallerSensitive
public Constructor<T> getDeclaredConstructor(Class<?>... parameterTypes)
throws NoSuchMethodException, SecurityException
{
throws NoSuchMethodException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
@ -3058,10 +2761,9 @@ public final class Class<T> implements java.io.Serializable,
*
* @param name name of the desired resource
* @return A {@link java.io.InputStream} object; {@code null} if no
* resource with this name is found, the resource is in a package
* resource with this name is found, or the resource is in a package
* that is not {@linkplain Module#isOpen(String, Module) open} to at
* least the caller module, or access to the resource is denied
* by the security manager.
* least the caller module.
* @throws NullPointerException If {@code name} is {@code null}
*
* @see Module#getResourceAsStream(String)
@ -3154,11 +2856,10 @@ public final class Class<T> implements java.io.Serializable,
*
* @param name name of the desired resource
* @return A {@link java.net.URL} object; {@code null} if no resource with
* this name is found, the resource cannot be located by a URL, the
* this name is found, the resource cannot be located by a URL, or the
* resource is in a package that is not
* {@linkplain Module#isOpen(String, Module) open} to at least the caller
* module, or access to the resource is denied by the security
* manager.
* module.
* @throws NullPointerException If {@code name} is {@code null}
* @since 1.1
*/
@ -3224,23 +2925,11 @@ public final class Class<T> implements java.io.Serializable,
}
/**
* Returns the {@code ProtectionDomain} of this class. If there is a
* security manager installed, this method first calls the security
* manager's {@code checkPermission} method with a
* {@code RuntimePermission("getProtectionDomain")} permission to
* ensure it's ok to get the
* {@code ProtectionDomain}.
* Returns the {@code ProtectionDomain} of this class.
*
* @return the ProtectionDomain of this class
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* getting the ProtectionDomain.
*
* @see java.security.ProtectionDomain
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
* @since 1.2
*/
public ProtectionDomain getProtectionDomain() {
@ -4466,13 +4155,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @return the nest host of this class or interface
*
* @throws SecurityException
* If the returned class is not the current class, and
* if a security manager, <i>s</i>, is present and the caller's
* class loader is not the same as or an ancestor of the class
* loader for the returned class and invocation of {@link
* SecurityManager#checkPackageAccess s.checkPackageAccess()}
* denies access to the package of the returned class
* @since 11
* @jvms 4.7.28 The {@code NestHost} Attribute
* @jvms 4.7.29 The {@code NestMembers} Attribute
@ -4557,14 +4239,6 @@ public final class Class<T> implements java.io.Serializable,
* @return an array of all classes and interfaces in the same nest as
* this class or interface
*
* @throws SecurityException
* If any returned class is not the current class, and
* if a security manager, <i>s</i>, is present and the caller's
* class loader is not the same as or an ancestor of the class
* loader for that returned class and invocation of {@link
* SecurityManager#checkPackageAccess s.checkPackageAccess()}
* denies access to the package of that returned class
*
* @since 11
* @see #getNestHost()
* @jvms 4.7.28 The {@code NestHost} Attribute
@ -4751,15 +4425,8 @@ public final class Class<T> implements java.io.Serializable,
* cannot be obtained, it is silently ignored, and not included in the result
* array.
*
* @return an array of {@code Class} objects of the permitted subclasses of this class or interface,
* or {@code null} if this class or interface is not sealed.
*
* @throws SecurityException
* If a security manager, <i>s</i>, is present and the caller's
* class loader is not the same as or an ancestor of the class
* loader for that returned class and invocation of {@link
* SecurityManager#checkPackageAccess s.checkPackageAccess()}
* denies access to the package of any class in the returned array.
* @return an array of {@code Class} objects of the permitted subclasses of this class
* or interface, or {@code null} if this class or interface is not sealed.
*
* @jls 8.1 Class Declarations
* @jls 9.1 Interface Declarations

128
src/java.base/share/classes/java/lang/ClassLoader.java
View file

@ -33,10 +33,7 @@ import java.io.File;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.URL;
import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.ArrayList;
@ -67,7 +64,6 @@ import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.CallerSensitiveAdapter;
import jdk.internal.reflect.Reflection;
import jdk.internal.util.StaticProperty;
import sun.reflect.misc.ReflectUtil;
import sun.security.util.SecurityConstants;
/**
@ -93,9 +89,6 @@ import sun.security.util.SecurityConstants;
* extend the manner in which the Java virtual machine dynamically loads
* classes.
*
* <p> Class loaders may typically be used by security managers to indicate
* security domains.
*
* <p> In addition to loading classes, a class loader is also responsible for
* locating resources. A resource is some data (a "{@code .class}" file,
* configuration data, or an image for example) that is identified with an
@ -424,11 +417,6 @@ public abstract class ClassLoader {
*
* @throws IllegalArgumentException if the given name is empty.
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkCreateClassLoader()}
* method doesn't allow creation of a new class loader.
*
* @since 9
*/
@SuppressWarnings("this-escape")
@ -440,10 +428,6 @@ public abstract class ClassLoader {
* Creates a new class loader using the specified parent class loader for
* delegation.
*
* <p> If there is a security manager, its {@link
* SecurityManager#checkCreateClassLoader() checkCreateClassLoader} method
* is invoked. This may result in a security exception. </p>
*
* @apiNote If the parent is specified as {@code null} (for the
* bootstrap class loader) then there is no guarantee that all platform
* classes are visible.
@ -451,11 +435,6 @@ public abstract class ClassLoader {
* @param parent
* The parent class loader
*
* @throws SecurityException
* If a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow creation
* of a new class loader.
*
* @since 1.2
*/
@SuppressWarnings("this-escape")
@ -467,16 +446,6 @@ public abstract class ClassLoader {
* Creates a new class loader using the {@code ClassLoader} returned by
* the method {@link #getSystemClassLoader()
* getSystemClassLoader()} as the parent class loader.
*
* <p> If there is a security manager, its {@link
* SecurityManager#checkCreateClassLoader()
* checkCreateClassLoader} method is invoked. This may result in
* a security exception. </p>
*
* @throws SecurityException
* If a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow creation
* of a new class loader.
*/
@SuppressWarnings("this-escape")
protected ClassLoader() {
@ -688,30 +657,6 @@ public abstract class ClassLoader {
return lock;
}
// Invoked by the VM after loading class with this loader.
@SuppressWarnings("removal")
private void checkPackageAccess(Class<?> cls, ProtectionDomain pd) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf, pd);
}
return;
}
final String packageName = cls.getPackageName();
if (!packageName.isEmpty()) {
AccessController.doPrivileged(new PrivilegedAction<>() {
public Void run() {
sm.checkPackageAccess(packageName);
return null;
}
}, new AccessControlContext(new ProtectionDomain[] {pd}));
}
}
}
/**
* Finds the class with the specified <a href="#binary-name">binary name</a>.
* This method should be overridden by class loader implementations that
@ -823,12 +768,10 @@ public abstract class ClassLoader {
* Before the {@code Class} can be used it must be resolved.
*
* <p> This method assigns a default {@link java.security.ProtectionDomain
* ProtectionDomain} to the newly defined class. The
* {@code ProtectionDomain} is effectively granted the same set of
* permissions returned when {@link
* java.security.Policy#getPermissions(java.security.CodeSource)
* Policy.getPolicy().getPermissions(new CodeSource(null, null))}
* is invoked. The default protection domain is created on the first invocation
* ProtectionDomain} to the newly defined class. The
* {@code getPermissions} method of the {@code ProtectionDomain} always
* returns {@code null}.
* The default protection domain is created on the first invocation
* of {@link #defineClass(String, byte[], int, int) defineClass},
* and re-used on subsequent invocations.
*
@ -1342,8 +1285,7 @@ public abstract class ClassLoader {
* The resource name
*
* @return A URL to the resource; {@code null} if the resource could not be
* found, a URL could not be constructed to locate the resource,
* access to the resource is denied by the security manager, or
* found, a URL could not be constructed to locate the resource, or
* there isn't a module of the given name defined to the class
* loader.
*
@ -1395,9 +1337,8 @@ public abstract class ClassLoader {
*
* @return {@code URL} object for reading the resource; {@code null} if
* the resource could not be found, a {@code URL} could not be
* constructed to locate the resource, the resource is in a package
* that is not opened unconditionally, or access to the resource is
* denied by the security manager.
* constructed to locate the resource, or the resource is in a package
* that is not opened unconditionally.
*
* @throws NullPointerException If {@code name} is {@code null}
*
@ -1457,9 +1398,8 @@ public abstract class ClassLoader {
* @return An enumeration of {@link java.net.URL URL} objects for the
* resource. If no resources could be found, the enumeration will
* be empty. Resources for which a {@code URL} cannot be
* constructed, are in a package that is not opened
* unconditionally, or access to the resource is denied by the
* security manager, are not returned in the enumeration.
* constructed, or are in a package that is not opened
* unconditionally, are not returned in the enumeration.
*
* @throws IOException
* If I/O errors occur
@ -1518,9 +1458,8 @@ public abstract class ClassLoader {
*
* @return A stream of resource {@link java.net.URL URL} objects. If no
* resources could be found, the stream will be empty. Resources
* for which a {@code URL} cannot be constructed, are in a package
* that is not opened unconditionally, or access to the resource
* is denied by the security manager, will not be in the stream.
* for which a {@code URL} cannot be constructed, or are in a package
* that is not opened unconditionally, will not be in the stream.
*
* @throws NullPointerException If {@code name} is {@code null}
*
@ -1558,9 +1497,8 @@ public abstract class ClassLoader {
*
* @return {@code URL} object for reading the resource; {@code null} if
* the resource could not be found, a {@code URL} could not be
* constructed to locate the resource, the resource is in a package
* that is not opened unconditionally, or access to the resource is
* denied by the security manager.
* constructed to locate the resource, or the resource is in a package
* that is not opened unconditionally.
*
* @since 1.2
*/
@ -1589,8 +1527,7 @@ public abstract class ClassLoader {
* @return An enumeration of {@link java.net.URL URL} objects for
* the resource. If no resources could be found, the enumeration
* will be empty. Resources for which a {@code URL} cannot be
* constructed, are in a package that is not opened unconditionally,
* or access to the resource is denied by the security manager,
* constructed, or are in a package that is not opened unconditionally,
* are not returned in the enumeration.
*
* @throws IOException
@ -1676,9 +1613,8 @@ public abstract class ClassLoader {
*
* @return A {@link java.net.URL URL} to the resource; {@code
* null} if the resource could not be found, a URL could not be
* constructed to locate the resource, the resource is in a package
* that is not opened unconditionally or access to the resource is
* denied by the security manager.
* constructed to locate the resource, or the resource is in a package
* that is not opened unconditionally.
*
* @since 1.1
*/
@ -1708,8 +1644,7 @@ public abstract class ClassLoader {
* @return An enumeration of {@link java.net.URL URL} objects for
* the resource. If no resources could be found, the enumeration
* will be empty. Resources for which a {@code URL} cannot be
* constructed, are in a package that is not opened unconditionally,
* or access to the resource is denied by the security manager,
* constructed, or are in a package that is not opened unconditionally,
* are not returned in the enumeration.
*
* @throws IOException
@ -1740,9 +1675,8 @@ public abstract class ClassLoader {
* The resource name
*
* @return An input stream for reading the resource; {@code null} if the
* resource could not be found, the resource is in a package that
* is not opened unconditionally, or access to the resource is
* denied by the security manager.
* resource could not be found, or the resource is in a package that
* is not opened unconditionally.
*
* @throws NullPointerException If {@code name} is {@code null}
*
@ -1774,9 +1708,8 @@ public abstract class ClassLoader {
* The resource name
*
* @return An input stream for reading the resource; {@code null} if the
* resource could not be found, the resource is in a package that
* is not opened unconditionally, or access to the resource is
* denied by the security manager.
* resource could not be found, or the resource is in a package that
* is not opened unconditionally.
*
* @since 1.1
*/
@ -1800,12 +1733,6 @@ public abstract class ClassLoader {
*
* @return The parent {@code ClassLoader}
*
* @throws SecurityException
* If a security manager is present, and the caller's class loader
* is not {@code null} and is not an ancestor of this class loader,
* and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
*
* @since 1.2
*/
@CallerSensitive
@ -1845,13 +1772,6 @@ public abstract class ClassLoader {
*
* @return The platform {@code ClassLoader}.
*
* @throws SecurityException
* If a security manager is present, and the caller's class loader is
* not {@code null}, and the caller's class loader is not the same
* as or an ancestor of the platform class loader,
* and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
*
* @since 9
*/
@CallerSensitive
@ -1920,12 +1840,6 @@ public abstract class ClassLoader {
*
* @return The system {@code ClassLoader}
*
* @throws SecurityException
* If a security manager is present, and the caller's class loader
* is not {@code null} and is not the same as or an ancestor of the
* system class loader, and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
*
* @throws IllegalStateException
* If invoked recursively during the construction of the class
* loader specified by the "{@code java.system.class.loader}"

6
src/java.base/share/classes/java/lang/Integer.java
View file

@ -1187,8 +1187,6 @@ public final class Integer extends Number
*
* @param nm property name.
* @return the {@code Integer} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
*/
@ -1233,8 +1231,6 @@ public final class Integer extends Number
* @param nm property name.
* @param val default value.
* @return the {@code Integer} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
*/
@ -1275,8 +1271,6 @@ public final class Integer extends Number
* @param nm property name.
* @param val default value.
* @return the {@code Integer} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see System#getProperty(java.lang.String)
* @see System#getProperty(java.lang.String, java.lang.String)
*/

6
src/java.base/share/classes/java/lang/Long.java
View file

@ -1276,8 +1276,6 @@ public final class Long extends Number
*
* @param nm property name.
* @return the {@code Long} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
*/
@ -1321,8 +1319,6 @@ public final class Long extends Number
* @param nm property name.
* @param val default value.
* @return the {@code Long} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
*/
@ -1370,8 +1366,6 @@ public final class Long extends Number
* @param nm property name.
* @param val default value.
* @return the {@code Long} value of the property.
* @throws SecurityException for the same reasons as
* {@link System#getProperty(String) System.getProperty}
* @see System#getProperty(java.lang.String)
* @see System#getProperty(java.lang.String, java.lang.String)
*/

13
src/java.base/share/classes/java/lang/Module.java
View file

@ -195,15 +195,7 @@ public final class Module implements AnnotatedElement {
/**
* Returns the {@code ClassLoader} for this module.
*
* <p> If there is a security manager then its {@code checkPermission}
* method if first called with a {@code RuntimePermission("getClassLoader")}
* permission to check that the caller is allowed to get access to the
* class loader. </p>
*
* @return The class loader for this module
*
* @throws SecurityException
* If denied by the security manager
*/
public ClassLoader getClassLoader() {
@SuppressWarnings("removal")
@ -1689,9 +1681,8 @@ public final class Module implements AnnotatedElement {
* with the name "{@code META-INF/MANIFEST.MF}" is never encapsulated
* because "{@code META-INF}" is not a legal package name. </p>
*
* <p> This method returns {@code null} if the resource is not in this
* module, the resource is encapsulated and cannot be located by the caller,
* or access to the resource is denied by the security manager. </p>
* <p> This method returns {@code null} if the resource is not in this module
* or the resource is encapsulated and cannot be located by the caller. </p>
*
* @param name
* The resource name

38
src/java.base/share/classes/java/lang/ModuleLayer.java
View file

@ -359,10 +359,6 @@ public final class ModuleLayer {
* @throws LayerInstantiationException
* If the layer cannot be created for any of the reasons specified
* by the static {@code defineModulesWithOneLoader} method
* @throws SecurityException
* If {@code RuntimePermission("createClassLoader")} or
* {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*
* @see #findLoader
*/
@ -401,10 +397,6 @@ public final class ModuleLayer {
* @throws LayerInstantiationException
* If the layer cannot be created for any of the reasons specified
* by the static {@code defineModulesWithManyLoaders} method
* @throws SecurityException
* If {@code RuntimePermission("createClassLoader")} or
* {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*
* @see #findLoader
*/
@ -440,9 +432,6 @@ public final class ModuleLayer {
* @throws LayerInstantiationException
* If the layer cannot be created for any of the reasons specified
* by the static {@code defineModules} method
* @throws SecurityException
* If {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*/
public ModuleLayer defineModules(Configuration cf,
Function<String, ClassLoader> clf) {
@ -490,10 +479,6 @@ public final class ModuleLayer {
* a module named "{@code java.base}", or a module contains a package named
* "{@code java}" or a package with a name starting with "{@code java.}". </p>
*
* <p> If there is a security manager then the class loader created by
* this method will load classes and resources with privileges that are
* restricted by the calling context of this method. </p>
*
* @param cf
* The configuration for the layer
* @param parentLayers
@ -510,10 +495,6 @@ public final class ModuleLayer {
* @throws LayerInstantiationException
* If all modules cannot be defined to the same class loader for any
* of the reasons listed above
* @throws SecurityException
* If {@code RuntimePermission("createClassLoader")} or
* {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*
* @see #findLoader
*/
@ -563,10 +544,6 @@ public final class ModuleLayer {
* methods) in the module defined to the class loader before searching
* the parent class loader. </p>
*
* <p> If there is a security manager then the class loaders created by
* this method will load classes and resources with privileges that are
* restricted by the calling context of this method. </p>
*
* @param cf
* The configuration for the layer
* @param parentLayers
@ -586,11 +563,6 @@ public final class ModuleLayer {
* named "{@code java}" or a package with a name starting with
* "{@code java.}"
*
* @throws SecurityException
* If {@code RuntimePermission("createClassLoader")} or
* {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*
* @see #findLoader
*/
public static Controller defineModulesWithManyLoaders(Configuration cf,
@ -673,9 +645,6 @@ public final class ModuleLayer {
* configuration of the parent layers, including order
* @throws LayerInstantiationException
* If creating the layer fails for any of the reasons listed above
* @throws SecurityException
* If {@code RuntimePermission("getClassLoader")} is denied by
* the security manager
*/
public static Controller defineModules(Configuration cf,
List<ModuleLayer> parentLayers,
@ -906,11 +875,6 @@ public final class ModuleLayer {
* parent} layers are searched in the manner specified by {@link
* #findModule(String) findModule}.
*
* <p> If there is a security manager then its {@code checkPermission}
* method is called with a {@code RuntimePermission("getClassLoader")}
* permission to check that the caller is allowed to get access to the
* class loader. </p>
*
* @apiNote This method does not return an {@code Optional<ClassLoader>}
* because `null` must be used to represent the bootstrap class loader.
*
@ -921,8 +885,6 @@ public final class ModuleLayer {
*
* @throws IllegalArgumentException if a module of the given name is not
* defined in this layer or any parent of this layer
*
* @throws SecurityException if denied by the security manager
*/
public ClassLoader findLoader(String name) {
Optional<Module> om = findModule(name);

9
src/java.base/share/classes/java/lang/Process.java
View file

@ -753,8 +753,7 @@ public abstract class Process {
*
* {@code Process} objects returned by {@link ProcessBuilder#start()} and
* {@link Runtime#exec} implement {@code toHandle} as the equivalent of
* {@link ProcessHandle#of(long) ProcessHandle.of(pid)} including the
* check for a SecurityManager and {@code RuntimePermission("manageProcess")}.
* {@link ProcessHandle#of(long) ProcessHandle.of(pid)}.
*
* @implSpec
* This implementation throws an instance of
@ -766,8 +765,6 @@ public abstract class Process {
* @return Returns a ProcessHandle for the Process
* @throws UnsupportedOperationException if the Process implementation
* does not support this operation
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @since 9
*/
public ProcessHandle toHandle() {
@ -811,8 +808,6 @@ public abstract class Process {
* direct children of the process
* @throws UnsupportedOperationException if the Process implementation
* does not support this operation
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @since 9
*/
public Stream<ProcessHandle> children() {
@ -837,8 +832,6 @@ public abstract class Process {
* are descendants of the process
* @throws UnsupportedOperationException if the Process implementation
* does not support this operation
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @since 9
*/
public Stream<ProcessHandle> descendants() {

66
src/java.base/share/classes/java/lang/ProcessBuilder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -329,23 +329,12 @@ public final class ProcessBuilder
*
* <p>The returned map is typically case-sensitive on all platforms.
*
* <p>If a security manager exists, its
* {@link SecurityManager#checkPermission checkPermission} method
* is called with a
* {@link RuntimePermission}{@code ("getenv.*")} permission.
* This may result in a {@link SecurityException} being thrown.
*
* <p>When passing information to a Java subprocess,
* <a href=System.html#EnvironmentVSSystemProperties>system properties</a>
* are generally preferred over environment variables.
*
* @return this process builder's environment
*
* @throws SecurityException
* if a security manager exists and its
* {@link SecurityManager#checkPermission checkPermission}
* method doesn't allow access to the process environment
*
* @see Runtime#exec(String[],String[],java.io.File)
* @see System#getenv()
*/
@ -1009,12 +998,6 @@ public final class ProcessBuilder
* The minimal set of system dependent environment variables
* may override the values provided in the environment.
*
* <p>If there is a security manager, its
* {@link SecurityManager#checkExec checkExec}
* method is called with the first component of this object's
* {@code command} array as its argument. This may result in
* a {@link SecurityException} being thrown.
*
* <p>Starting an operating system process is highly system-dependent.
* Among the many things that can go wrong are:
* <ul>
@ -1042,29 +1025,6 @@ public final class ProcessBuilder
* @throws IndexOutOfBoundsException
* if the command is an empty list (has size {@code 0})
*
* @throws SecurityException
* if a security manager exists and
* <ul>
*
* <li>its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess, or
*
* <li>the standard input to the subprocess was
* {@linkplain #redirectInput redirected from a file}
* and the security manager's
* {@link SecurityManager#checkRead(String) checkRead} method
* denies read access to the file, or
*
* <li>the standard output or standard error of the
* subprocess was
* {@linkplain #redirectOutput redirected to a file}
* and the security manager's
* {@link SecurityManager#checkWrite(String) checkWrite} method
* denies write access to the file
*
* </ul>
*
* @throws UnsupportedOperationException
* If the operating system does not support the creation of processes.
*
@ -1216,12 +1176,6 @@ public final class ProcessBuilder
* The minimal set of system dependent environment variables
* may override the values provided in the environment.
* <p>
* If there is a security manager, its
* {@link SecurityManager#checkExec checkExec}
* method is called with the first component of each process builder's
* {@code command} array as its argument. This may result in
* a {@link SecurityException} being thrown.
* <p>
* Starting an operating system process is highly system-dependent.
* Among the many things that can go wrong are:
* <ul>
@ -1272,24 +1226,6 @@ public final class ProcessBuilder
* the builders argument is null
* @throws IndexOutOfBoundsException
* if the command is an empty list (has size {@code 0})
* @throws SecurityException
* if a security manager exists and
* <ul>
* <li>its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess, or
* <li>the standard input to the subprocess was
* {@linkplain #redirectInput redirected from a file}
* and the security manager's
* {@link SecurityManager#checkRead(String) checkRead} method
* denies read access to the file, or
* <li>the standard output or standard error of the
* subprocess was
* {@linkplain #redirectOutput redirected to a file}
* and the security manager's
* {@link SecurityManager#checkWrite(String) checkWrite} method
* denies write access to the file
* </ul>
*
* @throws UnsupportedOperationException
* If the operating system does not support the creation of processes

18
src/java.base/share/classes/java/lang/ProcessHandle.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -66,9 +66,7 @@ import java.util.stream.Stream;
* can be used to wait for process termination, and possibly trigger dependent
* actions.
* <p>
* The factory methods limit access to ProcessHandles using the
* SecurityManager checking the {@link RuntimePermission RuntimePermission("manageProcess")}.
* The ability to control processes is also restricted by the native system,
* The ability to control processes may be restricted by the native system,
* ProcessHandle provides no more access to, or control over, the native process
* than would be allowed by a native application.
*
@ -113,8 +111,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
* @param pid a native process ID
* @return an {@code Optional<ProcessHandle>} of the PID for the process;
* the {@code Optional} is empty if the process does not exist
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @throws UnsupportedOperationException if the implementation
* does not support this operation
*/
@ -127,8 +123,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
* used to destroy the current process, use {@link System#exit System.exit} instead.
*
* @return a ProcessHandle for the current process
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @throws UnsupportedOperationException if the implementation
* does not support this operation
*/
@ -143,8 +137,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
* @return an {@code Optional<ProcessHandle>} of the parent process;
* the {@code Optional} is empty if the child process does not have a parent
* or if the parent is not available, possibly due to operating system limitations
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
*/
Optional<ProcessHandle> parent();
@ -159,8 +151,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
*
* @return a sequential Stream of ProcessHandles for processes that are
* direct children of the process
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
*/
Stream<ProcessHandle> children();
@ -176,8 +166,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
*
* @return a sequential Stream of ProcessHandles for processes that
* are descendants of the process
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
*/
Stream<ProcessHandle> descendants();
@ -190,8 +178,6 @@ public interface ProcessHandle extends Comparable<ProcessHandle> {
* </em>
*
* @return a Stream of ProcessHandles for all processes
* @throws SecurityException if a security manager has been installed and
* it denies RuntimePermission("manageProcess")
* @throws UnsupportedOperationException if the implementation
* does not support this operation
*/

83
src/java.base/share/classes/java/lang/Runtime.java
View file

@ -142,9 +142,9 @@ public class Runtime {
/**
* Initiates the {@linkplain ##shutdown shutdown sequence} of the Java Virtual Machine.
* Unless the security manager denies exiting, this method initiates the shutdown sequence
* (if it is not already initiated) and then blocks indefinitely. This method neither returns
* nor throws an exception; that is, it does not complete either normally or abruptly.
* This method initiates the shutdown sequence (if it is not already initiated) and
* then blocks indefinitely. This method neither returns nor throws an exception; that
* is, it does not complete either normally or abruptly.
*
* <p> The argument serves as a status code. By convention, a nonzero status code
* indicates abnormal termination.
@ -169,13 +169,6 @@ public class Runtime {
* Termination status. By convention, a nonzero status code
* indicates abnormal termination.
*
* @throws SecurityException
* If a security manager is present and its
* {@link SecurityManager#checkExit checkExit} method does not permit
* exiting with the specified status
*
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkExit(int)
* @see #addShutdownHook
* @see #removeShutdownHook
* @see #halt(int)
@ -233,10 +226,6 @@ public class Runtime {
* @throws IllegalStateException
* If the shutdown sequence has already begun
*
* @throws SecurityException
* If a security manager is present and it denies
* {@link RuntimePermission}{@code ("shutdownHooks")}
*
* @see #removeShutdownHook
* @see #halt(int)
* @see #exit(int)
@ -265,10 +254,6 @@ public class Runtime {
* @throws IllegalStateException
* If the shutdown sequence has already begun
*
* @throws SecurityException
* If a security manager is present and it denies
* {@link RuntimePermission}{@code ("shutdownHooks")}
*
* @see #addShutdownHook
* @see #exit(int)
* @since 1.3
@ -284,8 +269,7 @@ public class Runtime {
/**
* Immediately {@linkplain ##termination terminates} the Java Virtual Machine.
* If the security manager denies exiting, throws {@link SecurityException}.
* Otherwise, termination of the Java Virtual Machine is unconditional and immediate.
* Termination of the Java Virtual Machine is unconditional and immediate.
* This method does not initiate the {@linkplain ##shutdown shutdown sequence}, nor does
* it wait for the shutdown sequence to finish if it is already in progress. An
* invocation of this method never returns normally.
@ -303,11 +287,6 @@ public class Runtime {
* has already been invoked then this status code
* will override the status code passed to that method.
*
* @throws SecurityException
* If a security manager is present and its
* {@link SecurityManager#checkExit checkExit} method
* does not permit an exit with the specified status
*
* @see #exit
* @see #addShutdownHook
* @see #removeShutdownHook
@ -341,11 +320,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws IOException
* If an I/O error occurs
*
@ -392,11 +366,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws IOException
* If an I/O error occurs
*
@ -457,11 +426,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws IOException
* If an I/O error occurs
*
@ -505,11 +469,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws IOException
* If an I/O error occurs
*
@ -551,11 +510,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws IOException
* If an I/O error occurs
*
@ -610,12 +564,6 @@ public class Runtime {
* If {@code dir} is {@code null}, the subprocess inherits the
* current working directory of the current process.
*
* <p>If a security manager exists, its
* {@link SecurityManager#checkExec checkExec}
* method is invoked with the first component of the array
* {@code cmdarray} as its argument. This may result in a
* {@link SecurityException} being thrown.
*
* <p>Starting an operating system process is highly system-dependent.
* Among the many things that can go wrong are:
* <ul>
@ -647,11 +595,6 @@ public class Runtime {
*
* @return A new {@link Process} object for managing the subprocess
*
* @throws SecurityException
* If a security manager exists and its
* {@link SecurityManager#checkExec checkExec}
* method doesn't allow creation of the subprocess
*
* @throws UnsupportedOperationException
* If the operating system does not support the creation of processes.
*
@ -808,10 +751,6 @@ public class Runtime {
* Otherwise, the filename argument is mapped to a native library image in
* an implementation-dependent manner.
* <p>
* First, if there is a security manager, its {@code checkLink}
* method is called with the {@code filename} as its argument.
* This may result in a security exception.
* <p>
* This is similar to the method {@link #loadLibrary(String)}, but it
* accepts a general file name as an argument rather than just a library
* name, allowing any file of native code to be loaded.
@ -820,9 +759,6 @@ public class Runtime {
* convenient means of invoking this method.
*
* @param filename the file to load.
* @throws SecurityException if a security manager exists and its
* {@code checkLink} method doesn't allow
* loading of the specified dynamic library
* @throws UnsatisfiedLinkError if either the filename is not an
* absolute path name, the native library is not statically
* linked with the VM, or the library cannot be mapped to
@ -833,8 +769,6 @@ public class Runtime {
* does not have native access enabled.
* @spec jni/index.html Java Native Interface Specification
* @see java.lang.Runtime#getRuntime()
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkLink(java.lang.String)
*/
@CallerSensitive
@Restricted
@ -871,10 +805,6 @@ public class Runtime {
* location and mapped to a native library image in an
* implementation-dependent manner.
* <p>
* First, if there is a security manager, its {@code checkLink}
* method is called with the {@code libname} as its argument.
* This may result in a security exception.
* <p>
* The method {@link System#loadLibrary(String)} is the conventional
* and convenient means of invoking this method. If native
* methods are to be used in the implementation of a class, a standard
@ -891,9 +821,6 @@ public class Runtime {
* name, the second and subsequent calls are ignored.
*
* @param libname the name of the library.
* @throws SecurityException if a security manager exists and its
* {@code checkLink} method doesn't allow
* loading of the specified dynamic library
* @throws UnsatisfiedLinkError if either the libname argument
* contains a file path, the native library is not statically
* linked with the VM, or the library cannot be mapped to a
@ -903,8 +830,6 @@ public class Runtime {
* @throws IllegalCallerException if the caller is in a module that
* does not have native access enabled.
* @spec jni/index.html Java Native Interface Specification
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkLink(java.lang.String)
*/
@CallerSensitive
@Restricted

357
src/java.base/share/classes/java/lang/RuntimePermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,361 +26,21 @@
package java.lang;
import java.security.*;
import java.lang.module.ModuleFinder;
/**
* This class is for runtime permissions. A {@code RuntimePermission}
* contains a name (also referred to as a "target name") but no actions
* list; you either have the named permission or you don't.
* <p>
* The target name is the name of the runtime permission (see below). The
* naming convention follows the hierarchical property naming convention.
* Also, an asterisk may appear at the end of the name, following a ".",
* The target name is the name of the runtime permission. The naming convention
* follows the hierarchical property naming convention, typically the reverse
* domain name notation, to avoid name clashes.
* An asterisk may appear at the end of the name, following a ".",
* or by itself, to signify a wildcard match. For example: "loadLibrary.*"
* and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
* <p>
* The following table lists the standard {@code RuntimePermission}
* target names, and for each provides a description of what the permission
* allows and a discussion of the risks of granting code the permission.
*
* <table class="striped">
* <caption style="display:none">permission target name,
* what the target allows, and associated risks</caption>
* <thead>
* <tr>
* <th scope="col">Permission Target Name</th>
* <th scope="col">What the Permission Allows</th>
* <th scope="col">Risks of Allowing this Permission</th>
* </tr>
* </thead>
* <tbody>
*
* <tr>
* <th scope="row">createClassLoader</th>
* <td>Creation of a class loader</td>
* <td>This is an extremely dangerous permission to grant.
* Malicious applications that can instantiate their own class
* loaders could then load their own rogue classes into the system.
* These newly loaded classes could be placed into any protection
* domain by the class loader, thereby automatically granting the
* classes the permissions for that domain.</td>
* </tr>
*
* <tr>
* <th scope="row">getClassLoader</th>
* <td>Retrieval of a class loader (e.g., the class loader for the calling
* class)</td>
* <td>This would grant an attacker permission to get the
* class loader for a particular class. This is dangerous because
* having access to a class's class loader allows the attacker to
* load other classes available to that class loader. The attacker
* would typically otherwise not have access to those classes.</td>
* </tr>
*
* <tr>
* <th scope="row">setContextClassLoader</th>
* <td>Setting of the context class loader used by a thread</td>
* <td>The context class loader is used by system code and extensions
* when they need to lookup resources that might not exist in the system
* class loader. Granting setContextClassLoader permission would allow
* code to change which context class loader is used
* for a particular thread, including system threads.</td>
* </tr>
*
* <tr>
* <th scope="row">enableContextClassLoaderOverride</th>
* <td>Subclass implementation of the thread context class loader methods</td>
* <td>The context class loader is used by system code and extensions
* when they need to lookup resources that might not exist in the system
* class loader. Granting enableContextClassLoaderOverride permission would allow
* a subclass of Thread to override the methods that are used
* to get or set the context class loader for a particular thread.</td>
* </tr>
*
* <tr>
* <th scope="row">closeClassLoader</th>
* <td>Closing of a ClassLoader</td>
* <td>Granting this permission allows code to close any URLClassLoader
* that it has a reference to.</td>
* </tr>
*
* <tr>
* <th scope="row">setSecurityManager</th>
* <td>Setting of the security manager (possibly replacing an existing one)
* </td>
* <td>The security manager is a class that allows
* applications to implement a security policy. Granting the setSecurityManager
* permission would allow code to change which security manager is used by
* installing a different, possibly less restrictive security manager,
* thereby bypassing checks that would have been enforced by the original
* security manager.</td>
* </tr>
*
* <tr>
* <th scope="row">createSecurityManager</th>
* <td>Creation of a new security manager</td>
* <td>This gives code access to protected, sensitive methods that may
* disclose information about other classes or the execution stack.</td>
* </tr>
*
* <tr>
* <th scope="row">getenv.{variable name}</th>
* <td>Reading of the value of the specified environment variable</td>
* <td>This would allow code to read the value, or determine the
* existence, of a particular environment variable. This is
* dangerous if the variable contains confidential data.</td>
* </tr>
*
* <tr>
* <th scope="row">exitVM.{exit status}</th>
* <td>Halting of the Java Virtual Machine with the specified exit status</td>
* <td>This allows an attacker to mount a denial-of-service attack
* by automatically forcing the virtual machine to halt.
* Note: The "exitVM.*" permission is automatically granted to all code
* loaded from the application class path, thus enabling applications
* to terminate themselves. Also, the "exitVM" permission is equivalent to
* "exitVM.*".</td>
* </tr>
*
* <tr>
* <th scope="row">shutdownHooks</th>
* <td>Registration and cancellation of virtual-machine shutdown hooks</td>
* <td>This allows an attacker to register a malicious shutdown
* hook that interferes with the clean shutdown of the virtual machine.</td>
* </tr>
*
* <tr>
* <th scope="row">setFactory</th>
* <td>Setting of the socket factory used by ServerSocket or Socket,
* or of the stream handler factory used by URL</td>
* <td>This allows code to set the actual implementation
* for the socket, server socket, stream handler, or RMI socket factory.
* An attacker may set a faulty implementation which mangles the data
* stream.</td>
* </tr>
*
* <tr>
* <th scope="row">setIO</th>
* <td>Setting of System.out, System.in, and System.err</td>
* <td>This allows changing the value of the standard system streams.
* An attacker may change System.in to monitor and
* steal user input, or may set System.err to a "null" OutputStream,
* which would hide any error messages sent to System.err. </td>
* </tr>
*
* <tr>
* <th scope="row">modifyThread</th>
* <td>Modification of threads, e.g., via calls to Thread
* {@code interrupt, setDaemon, setPriority, setName} and
* {@code setUncaughtExceptionHandler} methods</td>
* <td>This allows an attacker to modify the behaviour of
* any thread in the system.</td>
* </tr>
*
* <tr>
* <th scope="row">modifyThreadGroup</th>
* <td>modification of thread groups, e.g., via calls to ThreadGroup
* {@code getParent}, {@code setDaemon}, and {@code setMaxPriority} methods</td>
* <td>This allows an attacker to create thread groups and
* set their run priority.</td>
* </tr>
*
* <tr>
* <th scope="row">getProtectionDomain</th>
* <td>Retrieval of the ProtectionDomain for a class</td>
* <td>This allows code to obtain policy information
* for a particular code source. While obtaining policy information
* does not compromise the security of the system, it does give
* attackers additional information, such as local file names for
* example, to better aim an attack.</td>
* </tr>
*
* <tr>
* <th scope="row">getFileSystemAttributes</th>
* <td>Retrieval of file system attributes</td>
* <td>This allows code to obtain file system information such as disk usage
* or disk space available to the caller. This is potentially dangerous
* because it discloses information about the system hardware
* configuration and some information about the caller's privilege to
* write files.</td>
* </tr>
*
* <tr>
* <th scope="row">readFileDescriptor</th>
* <td>Reading of file descriptors</td>
* <td>This would allow code to read the particular file associated
* with the file descriptor read. This is dangerous if the file
* contains confidential data.</td>
* </tr>
*
* <tr>
* <th scope="row">writeFileDescriptor</th>
* <td>Writing to file descriptors</td>
* <td>This allows code to write to a particular file associated
* with the descriptor. This is dangerous because it may allow
* malicious code to plant viruses or at the very least, fill up
* your entire disk.</td>
* </tr>
*
* <tr>
* <th scope="row">loadLibrary.{library name}</th>
* <td>Dynamic linking of the specified library</td>
* <td>It is dangerous to allow an applet permission to load native code
* libraries, because the Java security architecture is not designed to and
* does not prevent malicious behavior at the level of native code.</td>
* </tr>
*
* <tr>
* <th scope="row">accessClassInPackage.{package name}</th>
* <td>Access to the specified package via a class loader's
* {@code loadClass} method when that class loader calls
* the SecurityManager {@code checkPackageAccess} method</td>
* <td>This gives code access to classes in packages
* to which it normally does not have access. Malicious code
* may use these classes to help in its attempt to compromise
* security in the system.</td>
* </tr>
*
* <tr>
* <th scope="row">defineClassInPackage.{package name}</th>
* <td>Definition of classes in the specified package, via a class
* loader's {@code defineClass} method when that class loader calls
* the SecurityManager {@code checkPackageDefinition} method.</td>
* <td>This grants code permission to define a class
* in a particular package. This is dangerous because malicious
* code with this permission may define rogue classes in
* trusted packages like {@code java.security} or {@code java.lang},
* for example.</td>
* </tr>
*
* <tr>
* <th scope="row">defineClass</th>
* <td>Define a class with
* {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
* Lookup.defineClass}.</td>
* <td>This grants code with a suitably privileged {@code Lookup} object
* permission to define classes in the same package as the {@code Lookup}'s
* lookup class. </td>
* </tr>
*
* <tr>
* <th scope="row">accessDeclaredMembers</th>
* <td>Access to the declared members of a class</td>
* <td>This grants code permission to query a class for its public,
* protected, default (package) access, and private fields and/or
* methods. Although the code would have
* access to the private and protected field and method names, it would not
* have access to the private/protected field data and would not be able
* to invoke any private methods. Nevertheless, malicious code
* may use this information to better aim an attack.
* Additionally, it may invoke any public methods and/or access public fields
* in the class. This could be dangerous if
* the code would normally not be able to invoke those methods and/or
* access the fields because
* it can't cast the object to the class/interface with those methods
* and fields.</td>
* </tr>
* <tr>
* <th scope="row">queuePrintJob</th>
* <td>Initiation of a print job request</td>
* <td>This could print sensitive information to a printer,
* or simply waste paper.</td>
* </tr>
*
* <tr>
* <th scope="row">getStackTrace</th>
* <td>Retrieval of the stack trace information of another thread.</td>
* <td>This allows retrieval of the stack trace information of
* another thread. This might allow malicious code to monitor the
* execution of threads and discover vulnerabilities in applications.</td>
* </tr>
*
* <tr>
* <th scope="row">getStackWalkerWithClassReference</th>
* <td>Get a stack walker that can retrieve stack frames with class reference.</td>
* <td>This allows retrieval of Class objects from stack walking.
* This might allow malicious code to access Class objects on the stack
* outside its own context.</td>
* </tr>
*
* <tr>
* <th scope="row">setDefaultUncaughtExceptionHandler</th>
* <td>Setting the default handler to be used when a thread
* terminates abruptly due to an uncaught exception</td>
* <td>This allows an attacker to register a malicious
* uncaught exception handler that could interfere with termination
* of a thread</td>
* </tr>
*
* <tr>
* <th scope="row">preferences</th>
* <td>Represents the permission required to get access to the
* java.util.prefs.Preferences implementations user or system root
* which in turn allows retrieval or update operations within the
* Preferences persistent backing store.) </td>
* <td>This permission allows the user to read from or write to the
* preferences backing store if the user running the code has
* sufficient OS privileges to read/write to that backing store.
* The actual backing store may reside within a traditional filesystem
* directory or within a registry depending on the platform OS</td>
* </tr>
*
* <tr>
* <th scope="row">manageProcess</th>
* <td>Native process termination and information about processes
* {@link ProcessHandle}.</td>
* <td>Allows code to identify and terminate processes that it did not create.</td>
* </tr>
*
* <tr>
* <th scope="row">localeServiceProvider</th>
* <td>This {@code RuntimePermission} is required to be granted to
* classes which subclass and implement
* {@code java.util.spi.LocaleServiceProvider}. The permission is
* checked during invocation of the abstract base class constructor.
* This permission ensures trust in classes which implement this
* security-sensitive provider mechanism. </td>
* <td>See <a href= "../util/spi/LocaleServiceProvider.html">
* {@code java.util.spi.LocaleServiceProvider}</a> for more
* information.</td>
* </tr>
*
* <tr>
* <th scope="row">loggerFinder</th>
* <td>This {@code RuntimePermission} is required to be granted to
* classes which subclass or call methods on
* {@code java.lang.System.LoggerFinder}. The permission is
* checked during invocation of the abstract base class constructor, as
* well as on the invocation of its public methods.
* This permission ensures trust in classes which provide loggers
* to system classes.</td>
* <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
* for more information.</td>
* </tr>
*
* <tr>
* <th scope="row">accessSystemModules</th>
* <td>Access system modules in the runtime image.</td>
* <td>This grants the permission to access resources in the
* {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
* </tr>
*
* <tr>
* <th scope="row">inetAddressResolverProvider</th>
* <td>This {@code RuntimePermission} is required to be granted to
* classes which subclass and implement {@code java.net.spi.InetAddressResolverProvider}.
* The permission is checked during invocation of the abstract base class constructor.
* This permission ensures trust in classes which provide resolvers used by
* {@link java.net.InetAddress} hostname and address resolution methods.</td>
* <td>See {@link java.net.spi.InetAddressResolverProvider} for more information.</td>
* </tr>
*
* </tbody>
* </table>
*
* @implNote
* Implementations may define additional target names, but should use naming
* conventions such as reverse domain name notation to avoid name clashes.
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @see java.security.BasicPermission
* @see java.security.Permission
@ -388,7 +48,6 @@ import java.lang.module.ModuleFinder;
* @see java.security.PermissionCollection
* @see java.lang.SecurityManager
*
*
* @author Marianne Mueller
* @author Roland Schemers
* @since 1.2

9
src/java.base/share/classes/java/lang/SecurityException.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,9 +25,12 @@
package java.lang;
/**
* Thrown by the security manager to indicate a security violation.
* Thrown to indicate a security violation.
*
* <p> This exception was originally specified for use with a SecurityManager when
* an operation was denied. This feature no longer exists. This exception may be
* deprecated in a future release.
*
* @see java.lang.SecurityManager
* @since 1.0
*/
public class SecurityException extends RuntimeException {

1450
src/java.base/share/classes/java/lang/SecurityManager.java
View file

File diff suppressed because it is too large Load diff

28
src/java.base/share/classes/java/lang/StackWalker.java
View file

@ -61,9 +61,6 @@ import jdk.internal.vm.ContinuationScope;
*
* <p> {@code StackWalker} is thread-safe. Multiple threads can share
* a single {@code StackWalker} object to traverse its own stack.
* A permission check is performed when a {@code StackWalker} is created,
* according to the options it requests.
* No further permission check is done at stack walking time.
*
* @apiNote
* Examples
@ -354,18 +351,10 @@ public final class StackWalker {
/**
* Returns a {@code StackWalker} instance with the given option specifying
* the stack frame information it can access.
* <p>
* If a security manager is present and the given {@code option} is
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
* method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* @param option {@link Option stack walking option}
*
* @return a {@code StackWalker} configured with the given option
*
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies access.
*/
public static StackWalker getInstance(Option option) {
return getInstance(EnumSet.of(Objects.requireNonNull(option)));
@ -380,18 +369,9 @@ public final class StackWalker {
* configured to skip all {@linkplain Option#SHOW_HIDDEN_FRAMES hidden frames}
* and no {@linkplain Option#RETAIN_CLASS_REFERENCE class reference} is retained.
*
* <p>
* If a security manager is present and the given {@code options} contains
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
* method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* @param options {@link Option stack walking options}
*
* @return a {@code StackWalker} configured with the given options
*
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies access.
*/
public static StackWalker getInstance(Set<Option> options) {
if (options.isEmpty()) {
@ -413,12 +393,6 @@ public final class StackWalker {
* and no {@linkplain Option#RETAIN_CLASS_REFERENCE class reference} is retained.
*
* <p>
* If a security manager is present and the given {@code options} contains
* {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
* it calls its {@link SecurityManager#checkPermission checkPermission}
* method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
*
* <p>
* The {@code estimateDepth} specifies the estimate number of stack frames
* this {@code StackWalker} will traverse that the {@code StackWalker} could
* use as a hint for the buffer size.
@ -429,8 +403,6 @@ public final class StackWalker {
* @return a {@code StackWalker} configured with the given options
*
* @throws IllegalArgumentException if {@code estimateDepth <= 0}
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method denies access.
*/
public static StackWalker getInstance(Set<Option> options, int estimateDepth) {
if (estimateDepth <= 0) {

397
src/java.base/share/classes/java/lang/System.java
View file

@ -38,12 +38,9 @@ import java.lang.annotation.Annotation;
import java.lang.foreign.MemorySegment;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodType;
import java.lang.invoke.StringConcatFactory;
import java.lang.module.ModuleDescriptor;
import java.lang.reflect.Constructor;
import java.lang.reflect.Executable;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.URI;
import java.net.URL;
import java.nio.channels.Channel;
@ -75,7 +72,6 @@ import jdk.internal.loader.NativeLibraries;
import jdk.internal.logger.LoggerFinderLoader.TemporaryLoggerFinder;
import jdk.internal.misc.Blocker;
import jdk.internal.misc.CarrierThreadLocal;
import jdk.internal.misc.Unsafe;
import jdk.internal.util.StaticProperty;
import jdk.internal.module.ModuleBootstrap;
import jdk.internal.module.ServicesCatalog;
@ -94,7 +90,6 @@ import jdk.internal.vm.StackableScope;
import jdk.internal.vm.ThreadContainer;
import jdk.internal.vm.annotation.IntrinsicCandidate;
import jdk.internal.vm.annotation.Stable;
import sun.nio.fs.DefaultFileSystemProvider;
import sun.reflect.annotation.AnnotationType;
import sun.nio.ch.Interruptible;
import sun.nio.cs.UTF_8;
@ -193,42 +188,16 @@ public final class System {
private static @Stable InputStream initialIn;
private static @Stable PrintStream initialErr;
// indicates if a security manager is possible
private static final int NEVER = 1;
private static final int MAYBE = 2;
private static @Stable int allowSecurityManager;
// current security manager
@SuppressWarnings("removal")
private static volatile SecurityManager security; // read by VM
// `sun.jnu.encoding` if it is not supported. Otherwise null.
// It is initialized in `initPhase1()` before any charset providers
// are initialized.
private static String notSupportedJnuEncoding;
// return true if a security manager is allowed
private static boolean allowSecurityManager() {
return (allowSecurityManager != NEVER);
}
/**
* Reassigns the "standard" input stream.
*
* First, if there is a security manager, its {@code checkPermission}
* method is called with a {@code RuntimePermission("setIO")} permission
* to see if it's ok to reassign the "standard" input stream.
*
* @param in the new standard input stream.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* reassigning of the standard input stream.
*
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*
* @since 1.1
*/
public static void setIn(InputStream in) {
@ -239,20 +208,8 @@ public final class System {
/**
* Reassigns the "standard" output stream.
*
* First, if there is a security manager, its {@code checkPermission}
* method is called with a {@code RuntimePermission("setIO")} permission
* to see if it's ok to reassign the "standard" output stream.
*
* @param out the new standard output stream
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* reassigning of the standard output stream.
*
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*
* @since 1.1
*/
public static void setOut(PrintStream out) {
@ -263,20 +220,8 @@ public final class System {
/**
* Reassigns the "standard" error output stream.
*
* First, if there is a security manager, its {@code checkPermission}
* method is called with a {@code RuntimePermission("setIO")} permission
* to see if it's ok to reassign the "standard" error output stream.
*
* @param err the new standard error output stream.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* reassigning of the standard error output stream.
*
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*
* @since 1.1
*/
public static void setErr(PrintStream err) {
@ -325,10 +270,6 @@ public final class System {
* @throws IOException
* If an I/O error occurs
*
* @throws SecurityException
* If a security manager is present and it does not
* permit access to the channel.
*
* @since 1.5
*/
public static Channel inheritedChannel() throws IOException {
@ -362,147 +303,37 @@ public final class System {
}
/**
* Sets the system-wide security manager.
* Throws {@code UnsupportedOperationException}. Setting a security manager
* is not supported.
*
* If there is a security manager already installed, this method first
* calls the security manager's {@code checkPermission} method
* with a {@code RuntimePermission("setSecurityManager")}
* permission to ensure it's ok to replace the existing
* security manager.
* This may result in throwing a {@code SecurityException}.
*
* <p> Otherwise, the argument is established as the current
* security manager. If the argument is {@code null} and no
* security manager has been established, then no action is taken and
* the method simply returns.
*
* @implNote In the JDK implementation, if the Java virtual machine is
* started with the system property {@code java.security.manager} not set or set to
* the special token "{@code disallow}" then the {@code setSecurityManager}
* method cannot be used to set a security manager. See the following
* <a href="SecurityManager.html#set-security-manager">section of the
* {@code SecurityManager} class specification</a> for more details.
*
* @param sm the security manager or {@code null}
* @throws SecurityException
* if the security manager has already been set and its {@code
* checkPermission} method doesn't allow it to be replaced
* @throws UnsupportedOperationException
* if {@code sm} is non-null and a security manager is not allowed
* to be set dynamically
* @param sm ignored
* @throws UnsupportedOperationException always
* @see #getSecurityManager
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
* @deprecated This method originally set
* {@linkplain SecurityManager the system-wide Security Manager}.
* Setting a Security Manager is no longer supported. There is no
* replacement for the Security Manager or this method.
*/
@Deprecated(since="17", forRemoval=true)
@CallerSensitive
public static void setSecurityManager(@SuppressWarnings("removal") SecurityManager sm) {
if (allowSecurityManager()) {
var callerClass = Reflection.getCallerClass();
if (CallersHolder.callers.putIfAbsent(callerClass, true) == null) {
URL url = codeSource(callerClass);
final String source;
if (url == null) {
source = callerClass.getName();
} else {
source = callerClass.getName() + " (" + url + ")";
}
initialErr.printf("""
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by %s
WARNING: Please consider reporting this to the maintainers of %s
WARNING: System::setSecurityManager will be removed in a future release
""", source, callerClass.getName());
}
implSetSecurityManager(sm);
} else {
// security manager not allowed
if (sm != null) {
throw new UnsupportedOperationException(
"The Security Manager is deprecated and will be removed in a future release");
}
}
}
private static void implSetSecurityManager(@SuppressWarnings("removal") SecurityManager sm) {
if (security == null) {
// ensure image reader is initialized
Object.class.getResource("java/lang/ANY");
// ensure the default file system is initialized
DefaultFileSystemProvider.theFileSystem();
}
if (sm != null) {
try {
// pre-populates the SecurityManager.packageAccess cache
// to avoid recursive permission checking issues with custom
// SecurityManager implementations
sm.checkPackageAccess("java.lang");
} catch (Exception e) {
// no-op
}
}
setSecurityManager0(sm);
}
@SuppressWarnings("removal")
private static synchronized
void setSecurityManager0(final SecurityManager s) {
SecurityManager sm = getSecurityManager();
if (sm != null) {
// ask the currently installed security manager if we
// can replace it.
sm.checkPermission(new RuntimePermission("setSecurityManager"));
}
if ((s != null) && (s.getClass().getClassLoader() != null)) {
// New security manager class is not on bootstrap classpath.
// Force policy to get initialized before we install the new
// security manager, in order to prevent infinite loops when
// trying to initialize the policy (which usually involves
// accessing some security and/or system properties, which in turn
// calls the installed security manager's checkPermission method
// which will loop infinitely if there is a non-system class
// (in this case: the new security manager class) on the stack).
AccessController.doPrivileged(new PrivilegedAction<>() {
public Object run() {
s.getClass().getProtectionDomain().implies
(SecurityConstants.ALL_PERMISSION);
return null;
}
});
}
security = s;
throw new UnsupportedOperationException(
"Setting a Security Manager is not supported");
}
/**
* Gets the system-wide security manager.
* Returns {@code null}. Setting a security manager is not supported.
*
* @return if a security manager has already been established for the
* current application, then that security manager is returned;
* otherwise, {@code null} is returned.
* @return {@code null}
* @see #setSecurityManager
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
* @deprecated This method originally returned
* {@linkplain SecurityManager the system-wide Security Manager}.
* Setting a Security Manager is no longer supported. There is no
* replacement for the Security Manager or this method.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public static SecurityManager getSecurityManager() {
if (allowSecurityManager()) {
return security;
} else {
return null;
}
return null;
}
/**
@ -690,10 +521,6 @@ public final class System {
/**
* Determines the current system properties.
*
* First, if there is a security manager, its
* {@code checkPropertiesAccess} method is called with no
* arguments. This may result in a security exception.
* <p>
* The current set of system properties for use by the
* {@link #getProperty(String)} method is returned as a
@ -808,10 +635,6 @@ public final class System {
* Multiple paths in a system property value are separated by the path
* separator character of the platform.
* <p>
* Note that even if the security manager does not permit the
* {@code getProperties} operation, it may choose to permit the
* {@link #getProperty(String)} operation.
* <p>
* Additional locale-related system properties defined by the
* {@link Locale##default_locale Default Locale} section in the {@code Locale}
* class description may also be obtained with this method.
@ -855,12 +678,7 @@ public final class System {
* </table>
*
* @return the system properties
* @throws SecurityException if a security manager exists and its
* {@code checkPropertiesAccess} method doesn't allow access
* to the system properties.
* @see #setProperties
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkPropertiesAccess()
* @see java.util.Properties
*/
public static Properties getProperties() {
@ -892,10 +710,6 @@ public final class System {
/**
* Sets the system properties to the {@code Properties} argument.
*
* First, if there is a security manager, its
* {@code checkPropertiesAccess} method is called with no
* arguments. This may result in a security exception.
* <p>
* The argument becomes the current set of system properties for use
* by the {@link #getProperty(String)} method. If the argument is
@ -908,13 +722,8 @@ public final class System {
* See {@linkplain #getProperties getProperties} for details.
*
* @param props the new system properties.
* @throws SecurityException if a security manager exists and its
* {@code checkPropertiesAccess} method doesn't allow access
* to the system properties.
* @see #getProperties
* @see java.util.Properties
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkPropertiesAccess()
*/
public static void setProperties(Properties props) {
@SuppressWarnings("removal")
@ -933,10 +742,6 @@ public final class System {
/**
* Gets the system property indicated by the specified key.
*
* First, if there is a security manager, its
* {@code checkPropertyAccess} method is called with the key as
* its argument. This may result in a SecurityException.
* <p>
* If there is no current set of system properties, a set of system
* properties is first created and initialized in the same manner as
@ -951,14 +756,9 @@ public final class System {
* @return the string value of the system property,
* or {@code null} if there is no property with that key.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPropertyAccess} method doesn't allow
* access to the specified system property.
* @throws NullPointerException if {@code key} is {@code null}.
* @throws IllegalArgumentException if {@code key} is empty.
* @see #setProperty
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkPropertyAccess(java.lang.String)
* @see java.lang.System#getProperties()
*/
public static String getProperty(String key) {
@ -974,10 +774,6 @@ public final class System {
/**
* Gets the system property indicated by the specified key.
*
* First, if there is a security manager, its
* {@code checkPropertyAccess} method is called with the
* {@code key} as its argument.
* <p>
* If there is no current set of system properties, a set of system
* properties is first created and initialized in the same manner as
@ -988,13 +784,9 @@ public final class System {
* @return the string value of the system property,
* or the default value if there is no property with that key.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPropertyAccess} method doesn't allow
* access to the specified system property.
* @throws NullPointerException if {@code key} is {@code null}.
* @throws IllegalArgumentException if {@code key} is empty.
* @see #setProperty
* @see java.lang.SecurityManager#checkPropertyAccess(java.lang.String)
* @see java.lang.System#getProperties()
*/
public static String getProperty(String key, String def) {
@ -1011,13 +803,6 @@ public final class System {
/**
* Sets the system property indicated by the specified key.
*
* First, if a security manager exists, its
* {@code SecurityManager.checkPermission} method
* is called with a {@code PropertyPermission(key, "write")}
* permission. This may result in a SecurityException being thrown.
* If no exception is thrown, the specified property is set to the given
* value.
*
* @apiNote
* <strong>Changing a standard system property may have unpredictable results
* unless otherwise specified</strong>.
@ -1028,17 +813,12 @@ public final class System {
* @return the previous value of the system property,
* or {@code null} if it did not have one.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPermission} method doesn't allow
* setting of the specified property.
* @throws NullPointerException if {@code key} or
* {@code value} is {@code null}.
* @throws IllegalArgumentException if {@code key} is empty.
* @see #getProperty
* @see java.lang.System#getProperty(java.lang.String)
* @see java.lang.System#getProperty(java.lang.String, java.lang.String)
* @see java.util.PropertyPermission
* @see SecurityManager#checkPermission
* @since 1.2
*/
public static String setProperty(String key, String value) {
@ -1056,12 +836,6 @@ public final class System {
/**
* Removes the system property indicated by the specified key.
*
* First, if a security manager exists, its
* {@code SecurityManager.checkPermission} method
* is called with a {@code PropertyPermission(key, "write")}
* permission. This may result in a SecurityException being thrown.
* If no exception is thrown, the specified property is removed.
*
* @apiNote
* <strong>Changing a standard system property may have unpredictable results
* unless otherwise specified</strong>.
@ -1071,16 +845,11 @@ public final class System {
* @return the previous string value of the system property,
* or {@code null} if there was no property with that key.
*
* @throws SecurityException if a security manager exists and its
* {@code checkPropertyAccess} method doesn't allow
* access to the specified system property.
* @throws NullPointerException if {@code key} is {@code null}.
* @throws IllegalArgumentException if {@code key} is empty.
* @see #getProperty
* @see #setProperty
* @see java.util.Properties
* @see java.lang.SecurityException
* @see java.lang.SecurityManager#checkPropertiesAccess()
* @since 1.5
*/
public static String clearProperty(String key) {
@ -1108,14 +877,6 @@ public final class System {
* environment variable is a system-dependent external named
* value.
*
* <p>If a security manager exists, its
* {@link SecurityManager#checkPermission checkPermission}
* method is called with a
* {@link RuntimePermission RuntimePermission("getenv."+name)}
* permission. This may result in a {@link SecurityException}
* being thrown. If no exception is thrown the value of the
* variable {@code name} is returned.
*
* <p><a id="EnvironmentVSSystemProperties"><i>System
* properties</i> and <i>environment variables</i></a> are both
* conceptually mappings between names and values. Both
@ -1141,11 +902,6 @@ public final class System {
* @return the string value of the variable, or {@code null}
* if the variable is not defined in the system environment
* @throws NullPointerException if {@code name} is {@code null}
* @throws SecurityException
* if a security manager exists and its
* {@link SecurityManager#checkPermission checkPermission}
* method doesn't allow access to the environment variable
* {@code name}
* @see #getenv()
* @see ProcessBuilder#environment()
*/
@ -1180,21 +936,11 @@ public final class System {
*
* <p>The returned map is typically case-sensitive on all platforms.
*
* <p>If a security manager exists, its
* {@link SecurityManager#checkPermission checkPermission}
* method is called with a
* {@link RuntimePermission RuntimePermission("getenv.*")} permission.
* This may result in a {@link SecurityException} being thrown.
*
* <p>When passing information to a Java subprocess,
* <a href=#EnvironmentVSSystemProperties>system properties</a>
* are generally preferred over environment variables.
*
* @return the environment as a map of variable names to values
* @throws SecurityException
* if a security manager exists and its
* {@link SecurityManager#checkPermission checkPermission}
* method doesn't allow access to the process environment
* @see #getenv(String)
* @see ProcessBuilder#environment()
* @since 1.5
@ -1614,16 +1360,6 @@ public final class System {
* would make them dependent from a specific implementation of the
* {@code LoggerFinder} service.
* <p>
* In addition, when a security manager is present, loggers provided to
* system classes should not be directly configurable through the logging
* backend without requiring permissions.
* <br>
* It is the responsibility of the provider of
* the concrete {@code LoggerFinder} implementation to ensure that
* these loggers are not configured by untrusted code without proper
* permission checks, as configuration performed on such loggers usually
* affects all applications in the same Java Runtime.
* <p>
* <b>Message Levels and Mapping to backend levels</b>
* <p>
* A logger finder is responsible for mapping from a {@code
@ -1656,10 +1392,6 @@ public final class System {
* implementation does not perform any heavy initialization in its
* constructor, in order to avoid possible risks of deadlock or class
* loading cycles during the instantiation of the service provider.
*
* @throws SecurityException if a security manager is present and its
* {@code checkPermission} method doesn't allow the
* {@code RuntimePermission("loggerFinder")}.
*/
protected LoggerFinder() {
this(checkPermission());
@ -1689,9 +1421,6 @@ public final class System {
* module.
* @throws NullPointerException if {@code name} is {@code null} or
* {@code module} is {@code null}.
* @throws SecurityException if a security manager is present and its
* {@code checkPermission} method doesn't allow the
* {@code RuntimePermission("loggerFinder")}.
*/
public abstract Logger getLogger(String name, Module module);
@ -1732,9 +1461,6 @@ public final class System {
*
* @throws NullPointerException if {@code name} is {@code null} or
* {@code module} is {@code null}.
* @throws SecurityException if a security manager is present and its
* {@code checkPermission} method doesn't allow the
* {@code RuntimePermission("loggerFinder")}.
*/
public Logger getLocalizedLogger(String name, ResourceBundle bundle,
Module module) {
@ -1749,9 +1475,6 @@ public final class System {
* loaded.
*
* @return the {@link LoggerFinder LoggerFinder} instance.
* @throws SecurityException if a security manager is present and its
* {@code checkPermission} method doesn't allow the
* {@code RuntimePermission("loggerFinder")}.
*/
public static LoggerFinder getLoggerFinder() {
@SuppressWarnings("removal")
@ -1896,10 +1619,10 @@ public final class System {
}
/**
* Initiates the {@linkplain Runtime##shutdown shutdown sequence} of the Java Virtual Machine.
* Unless the security manager denies exiting, this method initiates the shutdown sequence
* (if it is not already initiated) and then blocks indefinitely. This method neither returns
* nor throws an exception; that is, it does not complete either normally or abruptly.
* Initiates the {@linkplain Runtime##shutdown shutdown sequence} of the Java Virtual
* Machine. This method initiates the shutdown sequence (if it is not already initiated)
* and then blocks indefinitely. This method neither returns nor throws an exception;
* that is, it does not complete either normally or abruptly.
* <p>
* The argument serves as a status code. By convention, a nonzero status code
* indicates abnormal termination.
@ -1913,9 +1636,6 @@ public final class System {
* The initiation of the shutdown sequence is logged by {@link Runtime#exit(int)}.
*
* @param status exit status.
* @throws SecurityException
* if a security manager exists and its {@code checkExit} method
* doesn't allow exit with the specified status.
* @see java.lang.Runtime#exit(int)
*/
public static void exit(int status) {
@ -2009,9 +1729,6 @@ public final class System {
* </pre></blockquote>
*
* @param filename the file to load.
* @throws SecurityException if a security manager exists and its
* {@code checkLink} method doesn't allow
* loading of the specified dynamic library
* @throws UnsatisfiedLinkError if either the filename is not an
* absolute path name, the native library is not statically
* linked with the VM, or the library cannot be mapped to
@ -2022,7 +1739,6 @@ public final class System {
*
* @spec jni/index.html Java Native Interface Specification
* @see java.lang.Runtime#load(java.lang.String)
* @see java.lang.SecurityManager#checkLink(java.lang.String)
*/
@CallerSensitive
@Restricted
@ -2052,9 +1768,6 @@ public final class System {
* </pre></blockquote>
*
* @param libname the name of the library.
* @throws SecurityException if a security manager exists and its
* {@code checkLink} method doesn't allow
* loading of the specified dynamic library
* @throws UnsatisfiedLinkError if either the libname argument
* contains a file path, the native library is not statically
* linked with the VM, or the library cannot be mapped to a
@ -2065,7 +1778,6 @@ public final class System {
*
* @spec jni/index.html Java Native Interface Specification
* @see java.lang.Runtime#loadLibrary(java.lang.String)
* @see java.lang.SecurityManager#checkLink(java.lang.String)
*/
@CallerSensitive
@Restricted
@ -2334,24 +2046,13 @@ public final class System {
/*
* Invoked by VM. Phase 3 is the final system initialization:
* 1. eagerly initialize bootstrap method factories that might interact
* negatively with custom security managers and custom class loaders
* 2. set security manager
* 3. set system class loader
* 4. set TCCL
* 1. set system class loader
* 2. set TCCL
*
* This method must be called after the module system initialization.
* The security manager and system class loader may be a custom class from
* the application classpath or modulepath.
*/
@SuppressWarnings("removal")
private static void initPhase3() {
// Initialize the StringConcatFactory eagerly to avoid potential
// bootstrap circularity issues that could be caused by a custom
// SecurityManager
Unsafe.getUnsafe().ensureClassInitialized(StringConcatFactory.class);
// Emit a warning if java.io.tmpdir is set via the command line
// to a directory that doesn't exist
if (SystemProps.isBadIoTmpdir()) {
@ -2359,52 +2060,17 @@ public final class System {
}
String smProp = System.getProperty("java.security.manager");
boolean needWarning = false;
if (smProp != null) {
switch (smProp) {
case "disallow":
allowSecurityManager = NEVER;
break;
case "allow":
allowSecurityManager = MAYBE;
break;
case "":
case "default":
implSetSecurityManager(new SecurityManager());
allowSecurityManager = MAYBE;
needWarning = true;
break;
default:
try {
ClassLoader cl = ClassLoader.getBuiltinAppClassLoader();
Class<?> c = Class.forName(smProp, false, cl);
Constructor<?> ctor = c.getConstructor();
// Must be a public subclass of SecurityManager with
// a public no-arg constructor
if (!SecurityManager.class.isAssignableFrom(c) ||
!Modifier.isPublic(c.getModifiers()) ||
!Modifier.isPublic(ctor.getModifiers())) {
throw new Error("Could not create SecurityManager: "
+ ctor.toString());
}
// custom security manager may be in non-exported package
ctor.setAccessible(true);
SecurityManager sm = (SecurityManager) ctor.newInstance();
implSetSecurityManager(sm);
needWarning = true;
} catch (Exception e) {
throw new InternalError("Could not create SecurityManager", e);
}
allowSecurityManager = MAYBE;
throw new Error("A command line option has attempted to allow or enable the Security Manager."
+ " Enabling a Security Manager is not supported.");
}
} else {
allowSecurityManager = NEVER;
}
if (needWarning) {
System.err.println("""
WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a future release""");
}
// Emit a warning if `sun.jnu.encoding` is not supported.
@ -2491,14 +2157,6 @@ public final class System {
public Package definePackage(ClassLoader cl, String name, Module module) {
return cl.definePackage(name, module);
}
@SuppressWarnings("removal")
public void addNonExportedPackages(ModuleLayer layer) {
SecurityManager.addNonExportedPackages(layer);
}
@SuppressWarnings("removal")
public void invalidatePackageAccessCache() {
SecurityManager.invalidatePackageAccessCache();
}
public Module defineModule(ClassLoader loader,
ModuleDescriptor descriptor,
URI uri) {
@ -2791,11 +2449,6 @@ public final class System {
public boolean bytesCompatible(String string, Charset charset) {
return string.bytesCompatible(charset);
}
@Override
public boolean allowSecurityManager() {
return System.allowSecurityManager();
}
});
}
}

242
src/java.base/share/classes/java/lang/Thread.java
View file

@ -29,9 +29,7 @@ import java.lang.ref.Reference;
import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.time.Duration;
import java.util.Map;
import java.util.HashMap;
@ -162,7 +160,15 @@ import static java.util.concurrent.TimeUnit.NANOSECONDS;
* }
*
* <h2><a id="inheritance">Inheritance when creating threads</a></h2>
* A {@code Thread} inherits its initial values of {@linkplain InheritableThreadLocal
* A {@code Thread} created with one of the public constructors inherits the daemon
* status and thread priority from the parent thread at the time that the child {@code
* Thread} is created. The {@linkplain ThreadGroup thread group} is also inherited when
* not provided to the constructor. When using a {@code Thread.Builder} to create a
* platform thread, the daemon status, thread priority, and thread group are inherited
* when not set on the builder. As with the constructors, inheriting from the parent
* thread is done when the child {@code Thread} is created.
*
* <p> A {@code Thread} inherits its initial values of {@linkplain InheritableThreadLocal
* inheritable-thread-local} variables (including the context class loader) from
* the parent thread values at the time that the child {@code Thread} is created.
* The 5-param {@linkplain Thread#Thread(ThreadGroup, Runnable, String, long, boolean)
@ -171,17 +177,6 @@ import static java.util.concurrent.TimeUnit.NANOSECONDS;
* {@link Builder#inheritInheritableThreadLocals(boolean) inheritInheritableThreadLocals}
* method can be used to select if the initial values are inherited.
*
* <p> Platform threads inherit the daemon status, thread priority, and when not
* provided (or not selected by a security manager), the thread group.
*
* <p> Creating a platform thread {@linkplain AccessController#getContext() captures} the
* {@linkplain AccessControlContext caller context} to limit the {@linkplain Permission
* permissions} of the new thread when it executes code that performs a {@linkplain
* AccessController#doPrivileged(PrivilegedAction) privileged action}. The captured
* caller context is the new thread's "Inherited {@link AccessControlContext}". Creating
* a virtual thread does not capture the caller context; virtual threads have no
* permissions when executing code that performs a privileged action.
*
* <p> Unless otherwise specified, passing a {@code null} argument to a constructor
* or method in this class will cause a {@link NullPointerException} to be thrown.
*
@ -245,10 +240,6 @@ public class Thread implements Runnable {
// context ClassLoader
private volatile ClassLoader contextClassLoader;
// inherited AccessControlContext, this could be moved to FieldHolder
@SuppressWarnings("removal")
private AccessControlContext inheritedAccessControlContext;
// Additional fields for platform threads.
// All fields, except task, are accessed directly by the VM.
private static class FieldHolder {
@ -685,8 +676,7 @@ public class Thread implements Runnable {
* @param task the object whose run() method gets called
* @param stackSize the desired stack size for the new thread, or
* zero to indicate that this parameter is to be ignored.
* @param acc the AccessControlContext to inherit, or
* AccessController.getContext() if null
* @param acc ignored
*/
@SuppressWarnings("removal")
Thread(ThreadGroup g, String name, int characteristics, Runnable task,
@ -734,12 +724,6 @@ public class Thread implements Runnable {
this.name = (name != null) ? name : genThreadName();
if (acc != null) {
this.inheritedAccessControlContext = acc;
} else {
this.inheritedAccessControlContext = AccessController.getContext();
}
// thread locals
if (!attached) {
if ((characteristics & NO_INHERIT_THREAD_LOCALS) == 0) {
@ -771,7 +755,6 @@ public class Thread implements Runnable {
Thread(String name, int characteristics, boolean bound) {
this.tid = ThreadIdentifiers.next();
this.name = (name != null) ? name : "";
this.inheritedAccessControlContext = Constants.NO_PERMISSIONS_ACC;
// thread locals
if ((characteristics & NO_INHERIT_THREAD_LOCALS) == 0) {
@ -803,18 +786,6 @@ public class Thread implements Runnable {
* Returns a builder for creating a platform {@code Thread} or {@code ThreadFactory}
* that creates platform threads.
*
* <p> <a id="ofplatform-security"><b>Interaction with security manager when
* creating platform threads</b></a>
* <p> Creating a platform thread when there is a security manager set will
* invoke the security manager's {@link SecurityManager#checkAccess(ThreadGroup)
* checkAccess(ThreadGroup)} method with the thread's thread group.
* If the thread group has not been set with the {@link
* Builder.OfPlatform#group(ThreadGroup) OfPlatform.group} method then the
* security manager's {@link SecurityManager#getThreadGroup() getThreadGroup}
* method will be invoked first to select the thread group. If the security
* manager {@code getThreadGroup} method returns {@code null} then the thread
* group of the constructing thread is used.
*
* @apiNote The following are examples using the builder:
* {@snippet :
* // Start a daemon thread to run a task
@ -944,9 +915,6 @@ public class Thread implements Runnable {
*
* @param task the object to run when the thread executes
* @return a new unstarted Thread
* @throws SecurityException if denied by the security manager
* (See <a href="Thread.html#ofplatform-security">Interaction with
* security manager when creating platform threads</a>)
*
* @see <a href="Thread.html#inheritance">Inheritance when creating threads</a>
*/
@ -958,9 +926,6 @@ public class Thread implements Runnable {
*
* @param task the object to run when the thread executes
* @return a new started Thread
* @throws SecurityException if denied by the security manager
* (See <a href="Thread.html#ofplatform-security">Interaction with
* security manager when creating platform threads</a>)
*
* @see <a href="Thread.html#inheritance">Inheritance when creating threads</a>
*/
@ -1185,21 +1150,13 @@ public class Thread implements Runnable {
* <pre>{@code Thread.ofPlatform().group(group).unstarted(task); }</pre>
*
* @param group
* the thread group. If {@code null} and there is a security
* manager, the group is determined by {@linkplain
* SecurityManager#getThreadGroup SecurityManager.getThreadGroup()}.
* If there is not a security manager or {@code
* SecurityManager.getThreadGroup()} returns {@code null}, the group
* the thread group. If {@code null} the group
* is set to the current thread's thread group.
*
* @param task
* the object whose {@code run} method is invoked when this thread
* is started. If {@code null}, this thread's run method is invoked.
*
* @throws SecurityException
* if the current thread cannot create a thread in the specified
* thread group
*
* @see <a href="#inheritance">Inheritance when creating threads</a>
*/
public Thread(ThreadGroup group, Runnable task) {
@ -1232,20 +1189,12 @@ public class Thread implements Runnable {
* override the {@link #run()} method.
*
* @param group
* the thread group. If {@code null} and there is a security
* manager, the group is determined by {@linkplain
* SecurityManager#getThreadGroup SecurityManager.getThreadGroup()}.
* If there is not a security manager or {@code
* SecurityManager.getThreadGroup()} returns {@code null}, the group
* the thread group. If {@code null}, the group
* is set to the current thread's thread group.
*
* @param name
* the name of the new thread
*
* @throws SecurityException
* if the current thread cannot create a thread in the specified
* thread group
*
* @see <a href="#inheritance">Inheritance when creating threads</a>
*/
public Thread(ThreadGroup group, String name) {
@ -1279,16 +1228,6 @@ public class Thread implements Runnable {
* as its run object, has the specified {@code name} as its name,
* and belongs to the thread group referred to by {@code group}.
*
* <p>If there is a security manager, its
* {@link SecurityManager#checkAccess(ThreadGroup) checkAccess}
* method is invoked with the ThreadGroup as its argument.
*
* <p>In addition, its {@code checkPermission} method is invoked with
* the {@code RuntimePermission("enableContextClassLoaderOverride")}
* permission when invoked directly or indirectly by the constructor
* of a subclass which overrides the {@code getContextClassLoader}
* or {@code setContextClassLoader} methods.
*
* <p>The priority of the newly created thread is the smaller of
* priority of the thread creating it and the maximum permitted
* priority of the thread group. The method {@linkplain #setPriority
@ -1304,11 +1243,7 @@ public class Thread implements Runnable {
* <pre>{@code Thread.ofPlatform().group(group).name(name).unstarted(task); }</pre>
*
* @param group
* the thread group. If {@code null} and there is a security
* manager, the group is determined by {@linkplain
* SecurityManager#getThreadGroup SecurityManager.getThreadGroup()}.
* If there is not a security manager or {@code
* SecurityManager.getThreadGroup()} returns {@code null}, the group
* the thread group. If {@code null}, the group
* is set to the current thread's thread group.
*
* @param task
@ -1318,10 +1253,6 @@ public class Thread implements Runnable {
* @param name
* the name of the new thread
*
* @throws SecurityException
* if the current thread cannot create a thread in the specified
* thread group or cannot override the context class loader methods.
*
* @see <a href="#inheritance">Inheritance when creating threads</a>
*/
public Thread(ThreadGroup group, Runnable task, String name) {
@ -1381,11 +1312,7 @@ public class Thread implements Runnable {
* <pre>{@code Thread.ofPlatform().group(group).name(name).stackSize(stackSize).unstarted(task); }</pre>
*
* @param group
* the thread group. If {@code null} and there is a security
* manager, the group is determined by {@linkplain
* SecurityManager#getThreadGroup SecurityManager.getThreadGroup()}.
* If there is not a security manager or {@code
* SecurityManager.getThreadGroup()} returns {@code null}, the group
* the thread group. If {@code null}, the group
* is set to the current thread's thread group.
*
* @param task
@ -1399,10 +1326,6 @@ public class Thread implements Runnable {
* the desired stack size for the new thread, or zero to indicate
* that this parameter is to be ignored.
*
* @throws SecurityException
* if the current thread cannot create a thread in the specified
* thread group
*
* @since 1.4
* @see <a href="#inheritance">Inheritance when creating threads</a>
*/
@ -1441,11 +1364,7 @@ public class Thread implements Runnable {
* .unstarted(task); }</pre>
*
* @param group
* the thread group. If {@code null} and there is a security
* manager, the group is determined by {@linkplain
* SecurityManager#getThreadGroup SecurityManager.getThreadGroup()}.
* If there is not a security manager or {@code
* SecurityManager.getThreadGroup()} returns {@code null}, the group
* the thread group. If {@code null}, the group
* is set to the current thread's thread group.
*
* @param task
@ -1464,10 +1383,6 @@ public class Thread implements Runnable {
* thread-locals from the constructing thread, otherwise no initial
* values are inherited
*
* @throws SecurityException
* if the current thread cannot create a thread in the specified
* thread group
*
* @since 9
* @see <a href="#inheritance">Inheritance when creating threads</a>
*/
@ -1602,7 +1517,6 @@ public class Thread implements Runnable {
void clearReferences() {
threadLocals = null;
inheritableThreadLocals = null;
inheritedAccessControlContext = null;
if (uncaughtExceptionHandler != null)
uncaughtExceptionHandler = null;
if (nioBlocker != null)
@ -1669,11 +1583,6 @@ public class Thread implements Runnable {
/**
* Interrupts this thread.
*
* <p> Unless the current thread is interrupting itself, which is
* always permitted, the {@link #checkAccess() checkAccess} method
* of this thread is invoked, which may cause a {@link
* SecurityException} to be thrown.
*
* <p> If this thread is blocked in an invocation of the {@link
* Object#wait() wait()}, {@link Object#wait(long) wait(long)}, or {@link
* Object#wait(long, int) wait(long, int)} methods of the {@link Object}
@ -1702,15 +1611,8 @@ public class Thread implements Runnable {
* @implNote In the JDK Reference Implementation, interruption of a thread
* that is not alive still records that the interrupt request was made and
* will report it via {@link #interrupted()} and {@link #isInterrupted()}.
*
* @throws SecurityException
* if the current thread cannot modify this thread
*/
public void interrupt() {
if (this != Thread.currentThread()) {
checkAccess();
}
// Setting the interrupt status must be done before reading nioBlocker.
interrupted = true;
interrupt0(); // inform VM of interrupt
@ -1818,14 +1720,10 @@ public class Thread implements Runnable {
* @param newPriority the new thread priority
* @throws IllegalArgumentException if the priority is not in the
* range {@code MIN_PRIORITY} to {@code MAX_PRIORITY}.
* @throws SecurityException
* if {@link #checkAccess} determines that the current
* thread cannot modify this thread
* @see #setPriority(int)
* @see ThreadGroup#getMaxPriority()
*/
public final void setPriority(int newPriority) {
checkAccess();
if (newPriority > MAX_PRIORITY || newPriority < MIN_PRIORITY) {
throw new IllegalArgumentException();
}
@ -1863,10 +1761,6 @@ public class Thread implements Runnable {
/**
* Changes the name of this thread to be equal to the argument {@code name}.
* <p>
* First the {@code checkAccess} method of this thread is called
* with no arguments. This may result in throwing a
* {@code SecurityException}.
*
* @implNote In the JDK Reference Implementation, if this thread is the
* current thread, and it's a platform thread that was not attached to the
@ -1877,15 +1771,11 @@ public class Thread implements Runnable {
* purposes.
*
* @param name the new name for this thread.
* @throws SecurityException if the current thread cannot modify this
* thread.
*
* @spec jni/index.html Java Native Interface Specification
* @see #getName
* @see #checkAccess()
*/
public final synchronized void setName(String name) {
checkAccess();
if (name == null) {
throw new NullPointerException("name cannot be null");
}
@ -1964,10 +1854,6 @@ public class Thread implements Runnable {
* an array into which to put the list of threads
*
* @return the number of threads put into the array
*
* @throws SecurityException
* if {@link java.lang.ThreadGroup#checkAccess} determines that
* the current thread cannot access its thread group
*/
public static int enumerate(Thread[] tarray) {
return currentThread().getThreadGroup().enumerate(tarray);
@ -2173,12 +2059,8 @@ public class Thread implements Runnable {
* if this is a virtual thread and {@code on} is false
* @throws IllegalThreadStateException
* if this thread is {@linkplain #isAlive alive}
* @throws SecurityException
* if {@link #checkAccess} determines that the current
* thread cannot modify this thread
*/
public final void setDaemon(boolean on) {
checkAccess();
if (isVirtual() && !on)
throw new IllegalArgumentException("'false' not legal for virtual threads");
if (isAlive())
@ -2208,31 +2090,16 @@ public class Thread implements Runnable {
}
/**
* Determines if the currently running thread has permission to
* modify this thread.
* <p>
* If there is a security manager, its {@code checkAccess} method
* is called with this thread as its argument. This may result in
* throwing a {@code SecurityException}.
* Does nothing.
*
* @throws SecurityException if the current thread is not allowed to
* access this thread.
* @see SecurityManager#checkAccess(Thread)
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
* @deprecated This method originally determined if the currently running
* thread had permission to modify this thread. This method was only useful
* in conjunction with {@linkplain SecurityManager the Security Manager},
* which is no longer supported. There is no replacement for the Security
* Manager or this method.
*/
@Deprecated(since="17", forRemoval=true)
public final void checkAccess() {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkAccess(this);
}
}
public final void checkAccess() { }
/**
* Returns a string representation of this thread. The string representation
@ -2271,12 +2138,6 @@ public class Thread implements Runnable {
* indicating the system class loader (or, failing that, the
* bootstrap class loader)
*
* @throws SecurityException
* if a security manager is present, and the caller's class loader
* is not {@code null} and is not the same as or an ancestor of the
* context class loader, and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
*
* @since 1.2
*/
@CallerSensitive
@ -2299,19 +2160,10 @@ public class Thread implements Runnable {
* <p> The context {@code ClassLoader} may be set by the creator of the thread
* for use by code running in this thread when loading classes and resources.
*
* <p> If a security manager is present, its {@link
* SecurityManager#checkPermission(java.security.Permission) checkPermission}
* method is invoked with a {@link RuntimePermission RuntimePermission}{@code
* ("setContextClassLoader")} permission to see if setting the context
* ClassLoader is permitted.
*
* @param cl
* the context ClassLoader for this Thread, or null indicating the
* system class loader (or, failing that, the bootstrap class loader)
*
* @throws SecurityException
* if the current thread cannot set the context ClassLoader
*
* @since 1.2
*/
public void setContextClassLoader(ClassLoader cl) {
@ -2354,12 +2206,6 @@ public class Thread implements Runnable {
* represents the bottom of the stack, which is the least recent method
* invocation in the sequence.
*
* <p>If there is a security manager, and this thread is not
* the current thread, then the security manager's
* {@code checkPermission} method is called with a
* {@code RuntimePermission("getStackTrace")} permission
* to see if it's ok to get the stack trace.
*
* <p>Some virtual machines may, under some circumstances, omit one
* or more stack frames from the stack trace. In the extreme case,
* a virtual machine that has no stack trace information concerning
@ -2369,12 +2215,7 @@ public class Thread implements Runnable {
* @return an array of {@code StackTraceElement},
* each represents one stack frame.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* getting the stack trace of thread.
* @see Throwable#getStackTrace
*
* @since 1.5
*/
public StackTraceElement[] getStackTrace() {
@ -2434,20 +2275,10 @@ public class Thread implements Runnable {
* array will be returned in the map value if the virtual machine has
* no stack trace information about a thread.
*
* <p>If there is a security manager, then the security manager's
* {@code checkPermission} method is called with a
* {@code RuntimePermission("getStackTrace")} permission as well as
* {@code RuntimePermission("modifyThreadGroup")} permission
* to see if it is ok to get the stack trace of all threads.
*
* @return a {@code Map} from {@code Thread} to an array of
* {@code StackTraceElement} that represents the stack trace of
* the corresponding thread.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* getting the stack trace of thread.
* @see #getStackTrace
* @see Throwable#getStackTrace
*
@ -2766,9 +2597,6 @@ public class Thread implements Runnable {
* @param ueh the object to use as the default uncaught exception handler.
* If {@code null} then there is no default handler.
*
* @throws SecurityException if a security manager is present and it denies
* {@link RuntimePermission}{@code ("setDefaultUncaughtExceptionHandler")}
*
* @see #setUncaughtExceptionHandler
* @see #getUncaughtExceptionHandler
* @see ThreadGroup#uncaughtException
@ -2824,14 +2652,11 @@ public class Thread implements Runnable {
* object acts as its handler.
* @param ueh the object to use as this thread's uncaught exception
* handler. If {@code null} then this thread has no explicit handler.
* @throws SecurityException if the current thread is not allowed to
* modify this thread.
* @see #setDefaultUncaughtExceptionHandler
* @see ThreadGroup#uncaughtException
* @since 1.5
*/
public void setUncaughtExceptionHandler(UncaughtExceptionHandler ueh) {
checkAccess();
uncaughtExceptionHandler(ueh);
}
@ -2855,27 +2680,12 @@ public class Thread implements Runnable {
// Thread group for virtual threads.
static final ThreadGroup VTHREAD_GROUP;
// AccessControlContext that doesn't support any permissions.
@SuppressWarnings("removal")
static final AccessControlContext NO_PERMISSIONS_ACC;
static {
var getThreadGroup = new PrivilegedAction<ThreadGroup>() {
@Override
public ThreadGroup run() {
ThreadGroup parent = Thread.currentCarrierThread().getThreadGroup();
for (ThreadGroup p; (p = parent.getParent()) != null; )
parent = p;
return parent;
}
};
@SuppressWarnings("removal")
ThreadGroup root = AccessController.doPrivileged(getThreadGroup);
ThreadGroup root = Thread.currentCarrierThread().getThreadGroup();
for (ThreadGroup p; (p = root.getParent()) != null; ) {
root = p;
}
VTHREAD_GROUP = new ThreadGroup(root, "VirtualThreads", MAX_PRIORITY, false);
NO_PERMISSIONS_ACC = new AccessControlContext(new ProtectionDomain[] {
new ProtectionDomain(null, null)
});
}
}

107
src/java.base/share/classes/java/lang/ThreadGroup.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -106,7 +106,7 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
}
/**
* Creates a ThreadGroup without any permission or other checks.
* Creates a ThreadGroup.
*/
ThreadGroup(ThreadGroup parent, String name, int maxPriority, boolean daemon) {
this.parent = parent;
@ -124,26 +124,11 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
}
}
private ThreadGroup(Void unused, ThreadGroup parent, String name) {
this(parent, name, parent.maxPriority, parent.daemon);
}
private static Void checkParentAccess(ThreadGroup parent) {
parent.checkAccess();
return null;
}
/**
* Constructs a new thread group. The parent of this new group is
* the thread group of the currently running thread.
* <p>
* The {@code checkAccess} method of the parent thread group is
* called with no arguments; this may result in a security exception.
*
* @param name the name of the new thread group, can be {@code null}
* @throws SecurityException if the current thread cannot create a
* thread in the specified thread group.
* @see java.lang.ThreadGroup#checkAccess()
*/
public ThreadGroup(String name) {
this(Thread.currentThread().getThreadGroup(), name);
@ -152,19 +137,13 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
/**
* Creates a new thread group. The parent of this new group is the
* specified thread group.
* <p>
* The {@code checkAccess} method of the parent thread group is
* called with no arguments; this may result in a security exception.
*
* @param parent the parent thread group.
* @param name the name of the new thread group, can be {@code null}
* @throws SecurityException if the current thread cannot create a
* thread in the specified thread group.
* @see java.lang.ThreadGroup#checkAccess()
*/
@SuppressWarnings("this-escape")
public ThreadGroup(ThreadGroup parent, String name) {
this(checkParentAccess(parent), parent, name);
this(parent, name, parent.maxPriority, parent.daemon);
}
/**
@ -178,22 +157,11 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
/**
* Returns the parent of this thread group.
* <p>
* First, if the parent is not {@code null}, the
* {@code checkAccess} method of the parent thread group is
* called with no arguments; this may result in a security exception.
*
* @return the parent of this thread group. The top-level thread group
* is the only thread group whose parent is {@code null}.
* @throws SecurityException if the current thread cannot modify
* this thread group.
* @see java.lang.ThreadGroup#checkAccess()
* @see java.lang.SecurityException
* @see java.lang.RuntimePermission
*/
public final ThreadGroup getParent() {
if (parent != null)
parent.checkAccess();
return parent;
}
@ -245,15 +213,8 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
/**
* Sets the daemon status of this thread group.
* The daemon status is not used for anything.
* <p>
* First, the {@code checkAccess} method of this thread group is
* called with no arguments; this may result in a security exception.
*
* @param daemon the daemon status
* @throws SecurityException if the current thread cannot modify
* this thread group.
* @see java.lang.SecurityException
* @see java.lang.ThreadGroup#checkAccess()
*
* @deprecated This method originally configured whether the thread group is
* a <i>daemon thread group</i> that is automatically destroyed
@ -264,7 +225,6 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
*/
@Deprecated(since="16", forRemoval=true)
public final void setDaemon(boolean daemon) {
checkAccess();
this.daemon = daemon;
}
@ -275,9 +235,6 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* Threads in the thread group (or subgroups) that already have a higher
* priority are not affected by this method.
* <p>
* First, the {@code checkAccess} method of this thread group is
* called with no arguments; this may result in a security exception.
* <p>
* If the {@code pri} argument is less than
* {@link Thread#MIN_PRIORITY} or greater than
* {@link Thread#MAX_PRIORITY}, the maximum priority of the group
@ -292,14 +249,9 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* every thread group that belongs to this thread group.
*
* @param pri the new priority of the thread group.
* @throws SecurityException if the current thread cannot modify
* this thread group.
* @see #getMaxPriority
* @see java.lang.SecurityException
* @see java.lang.ThreadGroup#checkAccess()
*/
public final void setMaxPriority(int pri) {
checkAccess();
if (pri >= Thread.MIN_PRIORITY && pri <= Thread.MAX_PRIORITY) {
synchronized (this) {
if (parent == null) {
@ -331,31 +283,16 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
}
/**
* Determines if the currently running thread has permission to
* modify this thread group.
* <p>
* If there is a security manager, its {@code checkAccess} method
* is called with this thread group as its argument. This may result
* in throwing a {@code SecurityException}.
* Does nothing.
*
* @throws SecurityException if the current thread is not allowed to
* access this thread group.
* @see java.lang.SecurityManager#checkAccess(java.lang.ThreadGroup)
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
* @deprecated This method originally determined if the currently running
* thread had permission to modify this thread group. This method was only
* useful in conjunction with {@linkplain SecurityManager the Security Manager},
* which is no longer supported. There is no replacement for the Security
* Manager or this method.
*/
@Deprecated(since="17", forRemoval=true)
public final void checkAccess() {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkAccess(this);
}
}
public final void checkAccess() { }
/**
* Returns an estimate of the number of {@linkplain Thread#isAlive() live}
@ -400,10 +337,6 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* an array into which to put the list of threads
*
* @return the number of threads put into the array
*
* @throws SecurityException
* if {@linkplain #checkAccess checkAccess} determines that
* the current thread cannot access this thread group
*/
public int enumerate(Thread[] list) {
return enumerate(list, true);
@ -435,14 +368,9 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* thread group
*
* @return the number of threads put into the array
*
* @throws SecurityException
* if {@linkplain #checkAccess checkAccess} determines that
* the current thread cannot access this thread group
*/
public int enumerate(Thread[] list, boolean recurse) {
Objects.requireNonNull(list);
checkAccess();
int n = 0;
if (list.length > 0) {
for (Thread thread : Thread.getAllThreads()) {
@ -494,10 +422,6 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* an array into which to put the list of thread groups
*
* @return the number of thread groups put into the array
*
* @throws SecurityException
* if {@linkplain #checkAccess checkAccess} determines that
* the current thread cannot access this thread group
*/
public int enumerate(ThreadGroup[] list) {
return enumerate(list, true);
@ -528,14 +452,9 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* if {@code true}, recursively enumerate all subgroups
*
* @return the number of thread groups put into the array
*
* @throws SecurityException
* if {@linkplain #checkAccess checkAccess} determines that
* the current thread cannot access this thread group
*/
public int enumerate(ThreadGroup[] list, boolean recurse) {
Objects.requireNonNull(list);
checkAccess();
return enumerate(list, 0, recurse);
}
@ -559,16 +478,10 @@ public class ThreadGroup implements Thread.UncaughtExceptionHandler {
* Interrupts all {@linkplain Thread#isAlive() live} platform threads in
* this thread group and its subgroups.
*
* @throws SecurityException if the current thread is not allowed
* to access this thread group or any of the threads in
* the thread group.
* @see java.lang.Thread#interrupt()
* @see java.lang.SecurityException
* @see java.lang.ThreadGroup#checkAccess()
* @since 1.2
*/
public final void interrupt() {
checkAccess();
for (Thread thread : Thread.getAllThreads()) {
ThreadGroup g = thread.getThreadGroup();
if (parentOf(g)) {

2
src/java.base/share/classes/java/lang/VirtualThread.java
View file

@ -1016,8 +1016,6 @@ final class VirtualThread extends BaseVirtualThread {
@SuppressWarnings("removal")
public void interrupt() {
if (Thread.currentThread() != this) {
checkAccess();
// if current thread is a virtual thread then prevent it from being
// suspended or unmounted when entering or holding interruptLock
Interruptible blocker;

8
src/java.base/share/classes/java/lang/invoke/LambdaMetafactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -316,9 +316,6 @@ public final class LambdaMetafactory {
* handle referencing a method or constructor, or if the linkage
* invariants are violated, as defined {@link LambdaMetafactory above}.
* @throws NullPointerException If any argument is {@code null}.
* @throws SecurityException If a security manager is present, and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* from {@code caller} to the package of {@code implementation}.
*/
public static CallSite metafactory(MethodHandles.Lookup caller,
String interfaceMethodName,
@ -467,9 +464,6 @@ public final class LambdaMetafactory {
* of {@code args} do not follow the above rules, or if
* {@code altInterfaceCount} or {@code altMethodCount} are negative
* integers.
* @throws SecurityException If a security manager is present, and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* from {@code caller} to the package of {@code implementation}.
*/
public static CallSite altMetafactory(MethodHandles.Lookup caller,
String interfaceMethodName,

5
src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java
View file

@ -147,11 +147,6 @@ public class MethodHandleProxies {
* such as abstract classes with single abstract methods.
* Future versions of this API may also equip wrapper instances
* with one or more additional public "marker" interfaces.
* <p>
* If a security manager is installed, this method is caller sensitive.
* During any invocation of the target method handle via the returned wrapper,
* the original creator of the wrapper (the caller) will be visible
* to context checks requested by the security manager.
*
* @param <T> the desired type of the wrapper, a single-method interface
* @param intfc a class object representing {@code T}

128
src/java.base/share/classes/java/lang/invoke/MethodHandles.java
View file

@ -165,8 +165,6 @@ public class MethodHandles {
* <em>Discussion:</em>
* The lookup class can be changed to any other class {@code C} using an expression of the form
* {@link Lookup#in publicLookup().in(C.class)}.
* A public lookup object is always subject to
* <a href="MethodHandles.Lookup.html#secmgr">security manager checks</a>.
* Also, it cannot access
* <a href="MethodHandles.Lookup.html#callsens">caller sensitive methods</a>.
* @return a lookup object which is trusted minimally
@ -186,9 +184,6 @@ public class MethodHandles {
* allowed to do deep reflection on module {@code M2} and package of the target class
* if and only if all of the following conditions are {@code true}:
* <ul>
* <li>If there is a security manager, its {@code checkPermission} method is
* called to check {@code ReflectPermission("suppressAccessChecks")} and
* that must return normally.
* <li>The caller lookup object must have {@linkplain Lookup#hasFullPrivilegeAccess()
* full privilege access}. Specifically:
* <ul>
@ -238,7 +233,6 @@ public class MethodHandles {
* @return a lookup object for the target class, with private access
* @throws IllegalArgumentException if {@code targetClass} is a primitive type or void or array class
* @throws NullPointerException if {@code targetClass} or {@code caller} is {@code null}
* @throws SecurityException if denied by the security manager
* @throws IllegalAccessException if any of the other access checks specified above fails
* @since 9
* @see Lookup#dropLookupMode
@ -459,14 +453,10 @@ public class MethodHandles {
* on the target to obtain its symbolic reference, and then called
* {@link java.lang.invoke.MethodHandleInfo#reflectAs MethodHandleInfo.reflectAs}
* to resolve the symbolic reference to a member.
* <p>
* If there is a security manager, its {@code checkPermission} method
* is called with a {@code ReflectPermission("suppressAccessChecks")} permission.
* @param <T> the desired type of the result, either {@link Member} or a subtype
* @param expected a class object representing the desired result type {@code T}
* @param target a direct method handle to crack into symbolic reference components
* @return a reference to the method, constructor, or field object
* @throws SecurityException if the caller is not privileged to call {@code setAccessible}
* @throws NullPointerException if either argument is {@code null}
* @throws IllegalArgumentException if the target is not a direct method handle
* @throws ClassCastException if the member is not of the expected type
@ -616,10 +606,6 @@ public class MethodHandles {
* the lookup can still succeed.
* For example, lookups for {@code MethodHandle.invokeExact} and
* {@code MethodHandle.invoke} will always succeed, regardless of requested type.
* <li>If there is a security manager installed, it can forbid the lookup
* on various grounds (<a href="MethodHandles.Lookup.html#secmgr">see below</a>).
* By contrast, the {@code ldc} instruction on a {@code CONSTANT_MethodHandle}
* constant is not subject to security manager checks.
* <li>If the looked-up method has a
* <a href="MethodHandle.html#maxarity">very large arity</a>,
* the method handle creation may fail with an
@ -1317,74 +1303,6 @@ public class MethodHandles {
* all access modes are dropped.</li>
* </ul>
*
* <h2><a id="secmgr"></a>Security manager interactions</h2>
* Although bytecode instructions can only refer to classes in
* a related class loader, this API can search for methods in any
* class, as long as a reference to its {@code Class} object is
* available. Such cross-loader references are also possible with the
* Core Reflection API, and are impossible to bytecode instructions
* such as {@code invokestatic} or {@code getfield}.
* There is a {@linkplain java.lang.SecurityManager security manager API}
* to allow applications to check such cross-loader references.
* These checks apply to both the {@code MethodHandles.Lookup} API
* and the Core Reflection API
* (as found on {@link java.lang.Class Class}).
* <p>
* If a security manager is present, member and class lookups are subject to
* additional checks.
* From one to three calls are made to the security manager.
* Any of these calls can refuse access by throwing a
* {@link java.lang.SecurityException SecurityException}.
* Define {@code smgr} as the security manager,
* {@code lookc} as the lookup class of the current lookup object,
* {@code refc} as the containing class in which the member
* is being sought, and {@code defc} as the class in which the
* member is actually defined.
* (If a class or other type is being accessed,
* the {@code refc} and {@code defc} values are the class itself.)
* The value {@code lookc} is defined as <em>not present</em>
* if the current lookup object does not have
* {@linkplain #hasFullPrivilegeAccess() full privilege access}.
* The calls are made according to the following rules:
* <ul>
* <li><b>Step 1:</b>
* If {@code lookc} is not present, or if its class loader is not
* the same as or an ancestor of the class loader of {@code refc},
* then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(refcPkg)} is called,
* where {@code refcPkg} is the package of {@code refc}.
* <li><b>Step 2a:</b>
* If the retrieved member is not public and
* {@code lookc} is not present, then
* {@link SecurityManager#checkPermission smgr.checkPermission}
* with {@code RuntimePermission("accessDeclaredMembers")} is called.
* <li><b>Step 2b:</b>
* If the retrieved class has a {@code null} class loader,
* and {@code lookc} is not present, then
* {@link SecurityManager#checkPermission smgr.checkPermission}
* with {@code RuntimePermission("getClassLoader")} is called.
* <li><b>Step 3:</b>
* If the retrieved member is not public,
* and if {@code lookc} is not present,
* and if {@code defc} and {@code refc} are different,
* then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(defcPkg)} is called,
* where {@code defcPkg} is the package of {@code defc}.
* </ul>
* Security checks are performed after other access checks have passed.
* Therefore, the above rules presuppose a member or class that is public,
* or else that is being accessed from a lookup class that has
* rights to access the member or class.
* <p>
* If a security manager is present and the current lookup object does not have
* {@linkplain #hasFullPrivilegeAccess() full privilege access}, then
* {@link #defineClass(byte[]) defineClass},
* {@link #defineHiddenClass(byte[], boolean, ClassOption...) defineHiddenClass},
* {@link #defineHiddenClassWithClassData(byte[], Object, boolean, ClassOption...)
* defineHiddenClassWithClassData}
* calls {@link SecurityManager#checkPermission smgr.checkPermission}
* with {@code RuntimePermission("defineClass")}.
*
* <h2><a id="callsens"></a>Caller sensitive methods</h2>
* A small number of Java methods have a special property called caller sensitivity.
* A <em>caller-sensitive</em> method can behave differently depending on the
@ -1825,10 +1743,6 @@ public class MethodHandles {
* run at a later time, as detailed in section 12.4 of the <em>The Java Language
* Specification</em>. </p>
*
* <p> If there is a security manager and this lookup does not have {@linkplain
* #hasFullPrivilegeAccess() full privilege access}, its {@code checkPermission} method
* is first called to check {@code RuntimePermission("defineClass")}. </p>
*
* @param bytes the class bytes
* @return the {@code Class} object for the class
* @throws IllegalAccessException if this lookup does not have {@code PACKAGE} access
@ -1838,8 +1752,6 @@ public class MethodHandles {
* ({@code ACC_MODULE} flag is set in the value of the {@code access_flags} item)
* @throws VerifyError if the newly created class cannot be verified
* @throws LinkageError if the newly created class cannot be linked for any other reason
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if {@code bytes} is {@code null}
* @since 9
* @see MethodHandles#privateLookupIn
@ -2097,8 +2009,6 @@ public class MethodHandles {
*
* @throws IllegalAccessException if this {@code Lookup} does not have
* {@linkplain #hasFullPrivilegeAccess() full privilege} access
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws ClassFormatError if {@code bytes} is not a {@code ClassFile} structure
* @throws UnsupportedClassVersionError if {@code bytes} is not of a supported major or minor version
* @throws IllegalArgumentException if {@code bytes} denotes a class in a different package
@ -2180,8 +2090,6 @@ public class MethodHandles {
*
* @throws IllegalAccessException if this {@code Lookup} does not have
* {@linkplain #hasFullPrivilegeAccess() full privilege} access
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws ClassFormatError if {@code bytes} is not a {@code ClassFile} structure
* @throws UnsupportedClassVersionError if {@code bytes} is not of a supported major or minor version
* @throws IllegalArgumentException if {@code bytes} denotes a class in a different package
@ -2631,8 +2539,6 @@ assertEquals("[x, y]", MH_asList.invoke("x", "y").toString());
* or if the method is not {@code static},
* or if the method's variable arity modifier bit
* is set and {@code asVarargsCollector} fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findStatic(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@ -2715,8 +2621,6 @@ assertEquals("", (String) MH_newString.invokeExact());
* or if the method is {@code static},
* or if the method's variable arity modifier bit
* is set and {@code asVarargsCollector} fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findVirtual(Class<?> refc, String name, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@ -2789,8 +2693,6 @@ assertEquals("[x, y, z]", pb.command().toString());
* @throws IllegalAccessException if access checking fails
* or if the method's variable arity modifier bit
* is set and {@code asVarargsCollector} fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findConstructor(Class<?> refc, MethodType type) throws NoSuchMethodException, IllegalAccessException {
@ -2819,8 +2721,6 @@ assertEquals("[x, y, z]", pb.command().toString());
* @param targetName the {@linkplain ClassLoader##binary-name binary name} of the class
* or the string representing an array class
* @return the requested class.
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws LinkageError if the linkage fails
* @throws ClassNotFoundException if the class cannot be loaded by the lookup class' loader.
* @throws IllegalAccessException if the class is not accessible, using the allowed access
@ -2856,8 +2756,6 @@ assertEquals("[x, y, z]", pb.command().toString());
* {@linkplain #accessClass accessible} to this lookup
* @throws ExceptionInInitializerError if the class initialization provoked
* by this method fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @since 15
* @jvms 5.5 Initialization
*/
@ -2966,8 +2864,6 @@ assertEquals("[x, y, z]", pb.command().toString());
* @return {@code targetClass} that has been access-checked
* @throws IllegalAccessException if the class is not accessible from the lookup class
* and previous lookup class, if present, using the allowed access modes.
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if {@code targetClass} is {@code null}
* @since 9
* @see <a href="#cross-module-lookup">Cross-module lookups</a>
@ -3050,8 +2946,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* or if the method is {@code static},
* or if the method's variable arity modifier bit
* is set and {@code asVarargsCollector} fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findSpecial(Class<?> refc, String name, MethodType type,
@ -3075,8 +2969,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @return a method handle which can load values from the field
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is {@code static}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
* @see #findVarHandle(Class, String, Class)
*/
@ -3099,8 +2991,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is {@code static}
* or {@code final}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
* @see #findVarHandle(Class, String, Class)
*/
@ -3172,8 +3062,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @return a VarHandle giving access to non-static fields.
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is {@code static}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
* @since 9
*/
@ -3198,8 +3086,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @return a method handle which can load values from the field
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is not {@code static}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findStaticGetter(Class<?> refc, String name, Class<?> type) throws NoSuchFieldException, IllegalAccessException {
@ -3223,8 +3109,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is not {@code static}
* or is {@code final}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
*/
public MethodHandle findStaticSetter(Class<?> refc, String name, Class<?> type) throws NoSuchFieldException, IllegalAccessException {
@ -3297,8 +3181,6 @@ assertEquals(""+l, (String) MH_this.invokeExact(subl)); // Listie method
* @return a VarHandle giving access to a static field
* @throws NoSuchFieldException if the field does not exist
* @throws IllegalAccessException if access checking fails, or if the field is not {@code static}
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
* @since 9
*/
@ -3351,8 +3233,6 @@ return mh1;
* @throws IllegalAccessException if access checking fails
* or if the method's variable arity modifier bit
* is set and {@code asVarargsCollector} fails
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws NullPointerException if any argument is null
* @see MethodHandle#bindTo
* @see #findVirtual
@ -3685,8 +3565,6 @@ return mh1;
* and was created by a lookup object for a different class.
* @param target a direct method handle to crack into symbolic reference components
* @return a symbolic reference which can be used to reconstruct this method handle from this lookup object
* @throws SecurityException if a security manager is present and it
* <a href="MethodHandles.Lookup.html#secmgr">refuses access</a>
* @throws IllegalArgumentException if the target is not a direct method handle or if access checking fails
* @throws NullPointerException if the target is {@code null}
* @see MethodHandleInfo
@ -4656,7 +4534,7 @@ int spreadArgCount = type.parameterCount() - leadingArgCount;
invoker = invoker.asSpreader(Object[].class, spreadArgCount);
return invoker;
* }
* This method throws no reflective or security exceptions.
* This method throws no reflective exceptions.
* @param type the desired target type
* @param leadingArgCount number of fixed arguments, to be passed unchanged to the target
* @return a method handle suitable for invoking any method handle of the given type
@ -4702,7 +4580,7 @@ return invoker;
* on the declared {@code invokeExact} or {@code invoke} method will raise an
* {@link java.lang.UnsupportedOperationException UnsupportedOperationException}.)</em>
* <p>
* This method throws no reflective or security exceptions.
* This method throws no reflective exceptions.
* @param type the desired target type
* @return a method handle suitable for invoking any method handle of the given type
* @throws IllegalArgumentException if the resulting method handle's type would have
@ -4740,7 +4618,7 @@ return invoker;
* on the declared {@code invokeExact} or {@code invoke} method will raise an
* {@link java.lang.UnsupportedOperationException UnsupportedOperationException}.)</em>
* <p>
* This method throws no reflective or security exceptions.
* This method throws no reflective exceptions.
* @param type the desired target type
* @return a method handle suitable for invoking any method handle convertible to the given type
* @throws IllegalArgumentException if the resulting method handle's type would have

3
src/java.base/share/classes/java/lang/invoke/MethodType.java
View file

@ -1178,9 +1178,6 @@ class MethodType
* @throws NullPointerException if the string is {@code null}
* @throws IllegalArgumentException if the string is not a method descriptor
* @throws TypeNotPresentException if a named type cannot be found
* @throws SecurityException if the security manager is present and
* {@code loader} is {@code null} and the caller does not have the
* {@link RuntimePermission}{@code ("getClassLoader")}
* @jvms 4.3.3 Method Descriptors
*/
public static MethodType fromMethodDescriptorString(String descriptor, ClassLoader loader)

11
src/java.base/share/classes/java/lang/module/Configuration.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -244,8 +244,6 @@ public final class Configuration {
* @throws ResolutionException
* If resolution fails any of the consistency checks specified by
* the static {@code resolve} method
* @throws SecurityException
* If locating a module is denied by the security manager
*/
public Configuration resolve(ModuleFinder before,
ModuleFinder after,
@ -287,8 +285,6 @@ public final class Configuration {
* @throws ResolutionException
* If resolution fails any of the consistency checks specified by
* the static {@code resolve} method
* @throws SecurityException
* If locating a module is denied by the security manager
*/
public Configuration resolveAndBind(ModuleFinder before,
ModuleFinder after,
@ -399,9 +395,6 @@ public final class Configuration {
* If the list of parents is empty, or the list has two or more
* parents with modules for different target operating systems,
* architectures, or versions
*
* @throws SecurityException
* If locating a module is denied by the security manager
*/
public static Configuration resolve(ModuleFinder before,
List<Configuration> parents,
@ -471,8 +464,6 @@ public final class Configuration {
* If the list of parents is empty, or the list has two or more
* parents with modules for different target operating systems,
* architectures, or versions
* @throws SecurityException
* If locating a module is denied by the security manager
*/
public static Configuration resolveAndBind(ModuleFinder before,
List<Configuration> parents,

17
src/java.base/share/classes/java/lang/module/ModuleFinder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -99,9 +99,6 @@ public interface ModuleFinder {
*
* @throws FindException
* If an error occurs finding the module
*
* @throws SecurityException
* If denied by the security manager
*/
Optional<ModuleReference> find(String name);
@ -123,9 +120,6 @@ public interface ModuleFinder {
*
* @throws FindException
* If an error occurs finding all modules
*
* @throws SecurityException
* If denied by the security manager
*/
Set<ModuleReference> findAll();
@ -134,16 +128,7 @@ public interface ModuleFinder {
* system modules are the modules in the Java run-time image.
* The module finder will always find {@code java.base}.
*
* <p> If there is a security manager set then its {@link
* SecurityManager#checkPermission(Permission) checkPermission} method is
* invoked to check that the caller has been granted
* {@link RuntimePermission RuntimePermission("accessSystemModules")}
* to access the system modules. </p>
*
* @return A {@code ModuleFinder} that locates the system modules
*
* @throws SecurityException
* If denied by the security manager
*/
@SuppressWarnings("removal")
static ModuleFinder ofSystem() {

19
src/java.base/share/classes/java/lang/module/ModuleReader.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -60,11 +60,6 @@ import java.util.stream.Stream;
* try-with-resources} statement provides a useful construct to ensure that
* module readers are closed. </p>
*
* <p> A {@code ModuleReader} implementation may require permissions to access
* resources in the module. Consequently the {@link #find find}, {@link #open
* open}, {@link #read read}, and {@link #list list} methods may throw {@code
* SecurityException} if access is denied by the security manager. </p>
*
* @implSpec Implementations of {@code ModuleReader} should take great care
* when translating an abstract resource name to the location of a resource in
* a packaged module or on the file system. Implementations are advised to
@ -95,8 +90,6 @@ public interface ModuleReader extends Closeable {
*
* @throws IOException
* If an I/O error occurs or the module reader is closed
* @throws SecurityException
* If denied by the security manager
*
* @see ClassLoader#getResource(String)
*/
@ -122,8 +115,6 @@ public interface ModuleReader extends Closeable {
*
* @throws IOException
* If an I/O error occurs or the module reader is closed
* @throws SecurityException
* If denied by the security manager
*/
default Optional<InputStream> open(String name) throws IOException {
Optional<URI> ouri = find(name);
@ -162,8 +153,6 @@ public interface ModuleReader extends Closeable {
*
* @throws IOException
* If an I/O error occurs or the module reader is closed
* @throws SecurityException
* If denied by the security manager
* @throws OutOfMemoryError
* If the resource is larger than {@code Integer.MAX_VALUE},
* the maximum capacity of a byte buffer
@ -209,9 +198,7 @@ public interface ModuleReader extends Closeable {
* when using the stream to list the module contents. If this occurs then
* the {@code IOException} will be wrapped in an {@link
* java.io.UncheckedIOException} and thrown from the method that caused the
* access to be attempted. {@code SecurityException} may also be thrown
* when using the stream to list the module contents and access is denied
* by the security manager. </p>
* access to be attempted.
*
* <p> The returned stream may contain references to one or more open directories
* in the module. The directories are closed by closing the stream. </p>
@ -229,8 +216,6 @@ public interface ModuleReader extends Closeable {
*
* @throws IOException
* If an I/O error occurs or the module reader is closed
* @throws SecurityException
* If denied by the security manager
*/
Stream<String> list() throws IOException;

10
src/java.base/share/classes/java/lang/module/ModuleReference.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -76,12 +76,6 @@ public abstract class ModuleReference {
/**
* Returns the location of this module's content, if known.
*
* <p> This URI, when present, can be used as the {@linkplain
* java.security.CodeSource#getLocation location} value of a {@link
* java.security.CodeSource CodeSource} so that a module's classes can be
* granted specific permissions when loaded by a {@link
* java.security.SecureClassLoader SecureClassLoader}.
*
* @return The location or an empty {@code Optional} if not known
*/
public final Optional<URI> location() {
@ -95,8 +89,6 @@ public abstract class ModuleReference {
*
* @throws IOException
* If an I/O error occurs
* @throws SecurityException
* If denied by the security manager
*/
public abstract ModuleReader open() throws IOException;
}

10
src/java.base/share/classes/java/lang/package-info.java
View file

@ -53,12 +53,10 @@
* StringBuilder} similarly provide commonly used operations on
* character strings.
*
* <p>Classes {@link ClassLoader}, {@link Process}, {@link
* ProcessBuilder}, {@link Runtime}, {@link SecurityManager}, and
* {@link System} provide "system operations" that manage the dynamic
* loading of classes, creation of external processes, host
* environment inquiries such as the time of day, and enforcement of
* security policies.
* <p>Classes {@link ClassLoader}, {@link Process}, {@link ProcessBuilder},
* {@link Runtime}, and {@link System} provide "system operations" that
* manage the dynamic loading of classes, creation of external processes,
* and host environment inquiries such as the time of day.
*
* <p>Class {@link Throwable} encompasses objects that may be thrown
* by the {@code throw} statement. Subclasses of {@code Throwable}

10
src/java.base/share/classes/java/lang/ref/Cleaner.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -163,17 +163,11 @@ public final class Cleaner {
* The {@linkplain java.lang.Thread#getContextClassLoader context class loader}
* of the thread is set to the
* {@linkplain ClassLoader#getSystemClassLoader() system class loader}.
* The thread has no permissions, enforced only if a
* {@linkplain java.lang.System#setSecurityManager(SecurityManager)
* {@code SecurityManager} is set}.
* <p>
* The cleaner terminates when it is phantom reachable and all of the
* registered cleaning actions are complete.
*
* @return a new {@code Cleaner}
*
* @throws SecurityException if the current thread is not allowed to
* create or start the thread.
*/
public static Cleaner create() {
Cleaner cleaner = new Cleaner();
@ -199,8 +193,6 @@ public final class Cleaner {
*
* @throws IllegalThreadStateException if the thread from the thread
* factory was {@linkplain Thread.State#NEW not a new thread}.
* @throws SecurityException if the current thread is not allowed to
* create or start the thread.
*/
public static Cleaner create(ThreadFactory threadFactory) {
Objects.requireNonNull(threadFactory, "threadFactory");

25
src/java.base/share/classes/java/lang/reflect/AccessibleObject.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -94,17 +94,13 @@ public class AccessibleObject implements AnnotatedElement {
/**
* Convenience method to set the {@code accessible} flag for an
* array of reflected objects with a single security check (for efficiency).
* array of reflected objects.
*
* <p> This method may be used to enable access to all reflected objects in
* the array when access to each reflected object can be enabled as
* specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
*
* <p>If there is a security manager, its
* {@code checkPermission} method is first called with a
* {@code ReflectPermission("suppressAccessChecks")} permission.
*
* <p>A {@code SecurityException} is also thrown if any of the elements of
* <p>A {@code SecurityException} is thrown if any of the elements of
* the input {@code array} is a {@link java.lang.reflect.Constructor}
* object for the class {@code java.lang.Class} and {@code flag} is true.
*
@ -113,11 +109,8 @@ public class AccessibleObject implements AnnotatedElement {
* in each object
* @throws InaccessibleObjectException if access cannot be enabled for all
* objects in the array
* @throws SecurityException if the request is denied by the security manager
* or an element in the array is a constructor for {@code
* @throws SecurityException if an element in the array is a constructor for {@code
* java.lang.Class}
* @see SecurityManager#checkPermission
* @see ReflectPermission
*/
@CallerSensitive
public static void setAccessible(AccessibleObject[] array, boolean flag) {
@ -194,13 +187,8 @@ public class AccessibleObject implements AnnotatedElement {
* control checks to only enable {@linkplain Field#get <em>read</em>} access to
* these non-modifiable final fields.
*
* <p> If there is a security manager, its
* {@code checkPermission} method is first called with a
* {@code ReflectPermission("suppressAccessChecks")} permission.
*
* @param flag the new value for the {@code accessible} flag
* @throws InaccessibleObjectException if access cannot be enabled
* @throws SecurityException if the request is denied by the security manager
*
* @spec jni/index.html Java Native Interface Specification
* @see #trySetAccessible
@ -260,13 +248,8 @@ public class AccessibleObject implements AnnotatedElement {
* only be set if the member and the declaring class are public, and
* the class is in a package that is exported unconditionally. </p>
*
* <p> If there is a security manager, its {@code checkPermission} method
* is first called with a {@code ReflectPermission("suppressAccessChecks")}
* permission. </p>
*
* @return {@code true} if the {@code accessible} flag is set to {@code true};
* {@code false} if access cannot be enabled.
* @throws SecurityException if the request is denied by the security manager
*
* @spec jni/index.html Java Native Interface Specification
* @since 9

6
src/java.base/share/classes/java/lang/reflect/Constructor.java
View file

@ -169,16 +169,14 @@ public final class Constructor<T> extends Executable {
/**
* {@inheritDoc}
*
* <p> A {@code SecurityException} is also thrown if this object is a
* <p> A {@code SecurityException} is thrown if this object is a
* {@code Constructor} object for the class {@code Class} and {@code flag}
* is true. </p>
*
* @param flag {@inheritDoc}
*
* @throws InaccessibleObjectException {@inheritDoc}
* @throws SecurityException if the request is denied by the security manager
* or this is a constructor for {@code java.lang.Class}
*
* @throws SecurityException if this is a constructor for {@code java.lang.Class}
*/
@Override
@CallerSensitive

1
src/java.base/share/classes/java/lang/reflect/Field.java
View file

@ -166,7 +166,6 @@ class Field extends AccessibleObject implements Member {
/**
* @throws InaccessibleObjectException {@inheritDoc}
* @throws SecurityException {@inheritDoc}
*/
@Override
@CallerSensitive

1
src/java.base/share/classes/java/lang/reflect/Method.java
View file

@ -169,7 +169,6 @@ public final class Method extends Executable {
/**
* @throws InaccessibleObjectException {@inheritDoc}
* @throws SecurityException {@inheritDoc}
*/
@Override
@CallerSensitive

48
src/java.base/share/classes/java/lang/reflect/Proxy.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -117,9 +117,7 @@ import static java.lang.module.ModuleDescriptor.Modifier.SYNTHETIC;
*
* <li>The {@link java.security.ProtectionDomain} of a proxy class
* is the same as that of system classes loaded by the bootstrap class
* loader, such as {@code java.lang.Object}, because the code for a
* proxy class is generated by trusted system code. This protection
* domain will typically be granted {@code java.security.AllPermission}.
* loader, such as {@code java.lang.Object}.
*
* <li>The {@link Proxy#isProxyClass Proxy.isProxyClass} method can be used
* to determine if a given class is a proxy class.
@ -354,21 +352,6 @@ public class Proxy implements java.io.Serializable {
* and that implements the specified interfaces
* @throws IllegalArgumentException if any of the <a href="#restrictions">
* restrictions</a> on the parameters are violated
* @throws SecurityException if a security manager, <em>s</em>, is present
* and any of the following conditions is met:
* <ul>
* <li> the given {@code loader} is {@code null} and
* the caller's class loader is not {@code null} and the
* invocation of {@link SecurityManager#checkPermission
* s.checkPermission} with
* {@code RuntimePermission("getClassLoader")} permission
* denies access.</li>
* <li> for each proxy interface, {@code intf},
* the caller's class loader is not the same as or an
* ancestor of the class loader for {@code intf} and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to {@code intf}.</li>
* </ul>
* @throws NullPointerException if the {@code interfaces} array
* argument or any of its elements are {@code null}
*
@ -989,27 +972,6 @@ public class Proxy implements java.io.Serializable {
* and that implements the specified interfaces
* @throws IllegalArgumentException if any of the <a href="#restrictions">
* restrictions</a> on the parameters are violated
* @throws SecurityException if a security manager, <em>s</em>, is present
* and any of the following conditions is met:
* <ul>
* <li> the given {@code loader} is {@code null} and
* the caller's class loader is not {@code null} and the
* invocation of {@link SecurityManager#checkPermission
* s.checkPermission} with
* {@code RuntimePermission("getClassLoader")} permission
* denies access;</li>
* <li> for each proxy interface, {@code intf},
* the caller's class loader is not the same as or an
* ancestor of the class loader for {@code intf} and
* invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to {@code intf};</li>
* <li> any of the given proxy interfaces is non-public and the
* caller class is not in the same {@linkplain Package runtime package}
* as the non-public interface and the invocation of
* {@link SecurityManager#checkPermission s.checkPermission} with
* {@code ReflectPermission("newProxyInPackage.{package name}")}
* permission denies access.</li>
* </ul>
* @throws NullPointerException if the {@code interfaces} array
* argument or any of its elements are {@code null}, or
* if the invocation handler, {@code h}, is
@ -1112,12 +1074,6 @@ public class Proxy implements java.io.Serializable {
* @return the invocation handler for the proxy instance
* @throws IllegalArgumentException if the argument is not a
* proxy instance
* @throws SecurityException if a security manager, <em>s</em>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the invocation handler
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the invocation
* handler's class.
*/
@SuppressWarnings("removal")
@CallerSensitive

46
src/java.base/share/classes/java/lang/reflect/ReflectPermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,52 +27,14 @@ package java.lang.reflect;
/**
* The Permission class for reflective operations.
* <P>
* The following table
* provides a summary description of what the permission allows,
* and discusses the risks of granting code the permission.
*
* <table class="striped">
* <caption style="display:none">Table shows permission target name, what the permission allows, and associated risks</caption>
* <thead>
* <tr>
* <th scope="col">Permission Target Name</th>
* <th scope="col">What the Permission Allows</th>
* <th scope="col">Risks of Allowing this Permission</th>
* </tr>
* </thead>
* <tbody>
*
* <tr>
* <th scope="row">suppressAccessChecks</th>
* <td>ability to suppress the standard Java language access checks
* on fields and methods in a class; allow access not only public members
* but also allow access to default (package) access, protected,
* and private members.</td>
* <td>This is dangerous in that information (possibly confidential) and
* methods normally unavailable would be accessible to malicious code.</td>
* </tr>
* <tr>
* <th scope="row">newProxyInPackage.{package name}</th>
* <td>ability to create a proxy instance in the specified package of which
* the non-public interface that the proxy class implements.</td>
* <td>This gives code access to classes in packages to which it normally
* does not have access and the dynamic proxy class is in the system
* protection domain. Malicious code may use these classes to
* help in its attempt to compromise security in the system.</td>
* </tr>
*
* </tbody>
* </table>
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @see java.security.Permission
* @see java.security.BasicPermission
* @see AccessibleObject
* @see Field#get
* @see Field#set
* @see Method#invoke
* @see Constructor#newInstance
* @see Proxy#newProxyInstance
*
* @since 1.2
*/

5
src/java.base/share/classes/java/lang/reflect/package-info.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,9 +37,6 @@
* members of a target object (based on its runtime class) or the
* members declared by a given class.
*
* <p>{@link AccessibleObject} allows suppression of access checks if
* the necessary {@link ReflectPermission} is available.
*
* <p>{@link Array} provides static methods to dynamically create and
* access arrays.
*