From 00ff6a38ce28f94f866f4c120a04e9b0ffb7bda5 Mon Sep 17 00:00:00 2001 From: Kevin Walls Date: Mon, 18 Nov 2024 09:24:11 +0000 Subject: [PATCH] 8344105: Remove SecurityManager and related calls from jdk.attach and jdk.hotspot.agent Reviewed-by: amenkov, cjplummer --- .../sun/tools/attach/AttachProviderImpl.java | 5 +---- .../sun/tools/attach/AttachProviderImpl.java | 5 +---- .../sun/tools/attach/AttachProviderImpl.java | 5 +---- .../sun/tools/attach/spi/AttachProvider.java | 5 ----- .../tools/attach/HotSpotAttachProvider.java | 13 +------------ .../tools/attach/HotSpotVirtualMachine.java | 12 ++---------- .../sun/tools/attach/AttachProviderImpl.java | 4 +--- .../sun/jvm/hotspot/SALauncherLoader.java | 19 +------------------ .../hotspot/tools/jcore/ByteCodeRewriter.java | 19 ++----------------- 9 files changed, 10 insertions(+), 77 deletions(-) diff --git a/src/jdk.attach/aix/classes/sun/tools/attach/AttachProviderImpl.java b/src/jdk.attach/aix/classes/sun/tools/attach/AttachProviderImpl.java index 2f6fc4d4df2..a7912e3234d 100644 --- a/src/jdk.attach/aix/classes/sun/tools/attach/AttachProviderImpl.java +++ b/src/jdk.attach/aix/classes/sun/tools/attach/AttachProviderImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013 SAP SE. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -52,8 +52,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { public VirtualMachine attachVirtualMachine(String vmid) throws AttachNotSupportedException, IOException { - checkAttachPermission(); - // AttachNotSupportedException will be thrown if the target VM can be determined // to be not attachable. testAttachable(vmid); @@ -72,7 +70,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { // implementation which only returns a list of attachable VMs. if (vmd instanceof HotSpotVirtualMachineDescriptor) { assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); - checkAttachPermission(); return new VirtualMachineImpl(this, vmd.id()); } else { return attachVirtualMachine(vmd.id()); diff --git a/src/jdk.attach/linux/classes/sun/tools/attach/AttachProviderImpl.java b/src/jdk.attach/linux/classes/sun/tools/attach/AttachProviderImpl.java index fd89af02511..156590885bf 100644 --- a/src/jdk.attach/linux/classes/sun/tools/attach/AttachProviderImpl.java +++ b/src/jdk.attach/linux/classes/sun/tools/attach/AttachProviderImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,8 +49,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { public VirtualMachine attachVirtualMachine(String vmid) throws AttachNotSupportedException, IOException { - checkAttachPermission(); - // AttachNotSupportedException will be thrown if the target VM can be determined // to be not attachable. testAttachable(vmid); @@ -69,7 +67,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { // implementation which only returns a list of attachable VMs. if (vmd instanceof HotSpotVirtualMachineDescriptor) { assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); - checkAttachPermission(); return new VirtualMachineImpl(this, vmd.id()); } else { return attachVirtualMachine(vmd.id()); diff --git a/src/jdk.attach/macosx/classes/sun/tools/attach/AttachProviderImpl.java b/src/jdk.attach/macosx/classes/sun/tools/attach/AttachProviderImpl.java index d44684f81af..d57fd7961ab 100644 --- a/src/jdk.attach/macosx/classes/sun/tools/attach/AttachProviderImpl.java +++ b/src/jdk.attach/macosx/classes/sun/tools/attach/AttachProviderImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,8 +49,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { public VirtualMachine attachVirtualMachine(String vmid) throws AttachNotSupportedException, IOException { - checkAttachPermission(); - // AttachNotSupportedException will be thrown if the target VM can be determined // to be not attachable. testAttachable(vmid); @@ -69,7 +67,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { // implementation which only returns a list of attachable VMs. if (vmd instanceof HotSpotVirtualMachineDescriptor) { assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); - checkAttachPermission(); return new VirtualMachineImpl(this, vmd.id()); } else { return attachVirtualMachine(vmd.id()); diff --git a/src/jdk.attach/share/classes/com/sun/tools/attach/spi/AttachProvider.java b/src/jdk.attach/share/classes/com/sun/tools/attach/spi/AttachProvider.java index da3f61e49ce..6446473d9d6 100644 --- a/src/jdk.attach/share/classes/com/sun/tools/attach/spi/AttachProvider.java +++ b/src/jdk.attach/share/classes/com/sun/tools/attach/spi/AttachProvider.java @@ -32,7 +32,6 @@ import java.util.ArrayList; import java.util.List; import com.sun.tools.attach.VirtualMachine; import com.sun.tools.attach.VirtualMachineDescriptor; -import com.sun.tools.attach.AttachPermission; import com.sun.tools.attach.AttachNotSupportedException; import java.util.ServiceLoader; @@ -84,10 +83,6 @@ public abstract class AttachProvider { * Initializes a new instance of this class. */ protected AttachProvider() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(new AttachPermission("createAttachProvider")); } /** diff --git a/src/jdk.attach/share/classes/sun/tools/attach/HotSpotAttachProvider.java b/src/jdk.attach/share/classes/sun/tools/attach/HotSpotAttachProvider.java index c73a15db921..f833ee1afb3 100644 --- a/src/jdk.attach/share/classes/sun/tools/attach/HotSpotAttachProvider.java +++ b/src/jdk.attach/share/classes/sun/tools/attach/HotSpotAttachProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.tools.attach; import com.sun.tools.attach.VirtualMachineDescriptor; -import com.sun.tools.attach.AttachPermission; import com.sun.tools.attach.AttachNotSupportedException; import com.sun.tools.attach.spi.AttachProvider; @@ -47,16 +46,6 @@ public abstract class HotSpotAttachProvider extends AttachProvider { public HotSpotAttachProvider() { } - public void checkAttachPermission() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission( - new AttachPermission("attachVirtualMachine") - ); - } - } - /* * This listVirtualMachines implementation is based on jvmstat. Can override * this in platform implementations when there is a more efficient mechanism diff --git a/src/jdk.attach/share/classes/sun/tools/attach/HotSpotVirtualMachine.java b/src/jdk.attach/share/classes/sun/tools/attach/HotSpotVirtualMachine.java index 10d23f33535..ace00100aab 100644 --- a/src/jdk.attach/share/classes/sun/tools/attach/HotSpotVirtualMachine.java +++ b/src/jdk.attach/share/classes/sun/tools/attach/HotSpotVirtualMachine.java @@ -37,7 +37,6 @@ import java.io.BufferedReader; import java.io.InputStream; import java.io.IOException; import java.io.InputStreamReader; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Properties; import java.util.stream.Collectors; @@ -54,8 +53,7 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine { @SuppressWarnings("removal") private static long pid() { - PrivilegedAction pa = () -> ProcessHandle.current(); - return AccessController.doPrivileged(pa).pid(); + return ProcessHandle.current().pid(); } private static final boolean ALLOW_ATTACH_SELF; @@ -361,12 +359,7 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine { */ protected boolean isAPIv2Enabled() { // if "jdk.attach.compat" property is set, only v1 is enabled. - try { - String value = System.getProperty("jdk.attach.compat"); - return !("true".equalsIgnoreCase(value)); - } catch (SecurityException se) { - } - return true; + return !Boolean.getBoolean("jdk.attach.compat"); } /* @@ -563,7 +556,6 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine { String s = System.getProperty("sun.tools.attach.attachTimeout"); attachTimeout = Long.parseLong(s); - } catch (SecurityException se) { } catch (NumberFormatException ne) { } if (attachTimeout <= 0) { diff --git a/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java b/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java index 503d9592370..f4826a81366 100644 --- a/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java +++ b/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,8 +51,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider { public VirtualMachine attachVirtualMachine(String vmid) throws AttachNotSupportedException, IOException { - checkAttachPermission(); - // AttachNotSupportedException will be thrown if the target VM can be determined // to be not attachable. testAttachable(vmid); diff --git a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/SALauncherLoader.java b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/SALauncherLoader.java index 6579ac26cfc..a67f0b00077 100644 --- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/SALauncherLoader.java +++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/SALauncherLoader.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -76,14 +76,6 @@ public class SALauncherLoader extends URLClassLoader { */ public synchronized Class loadClass(String name, boolean resolve) throws ClassNotFoundException { - int i = name.lastIndexOf('.'); - if (i != -1) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPackageAccess(name.substring(0, i)); - } - } Class clazz = findLoadedClass(name); if (clazz != null) return clazz; @@ -104,15 +96,6 @@ public class SALauncherLoader extends URLClassLoader { } } - /** - * allow any classes loaded from classpath to exit the VM. - */ - protected PermissionCollection getPermissions(CodeSource codesource) { - PermissionCollection perms = super.getPermissions(codesource); - perms.add(new RuntimePermission("exitVM")); - return perms; - } - //-- Internals only below this point private String[] libpaths; diff --git a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/jcore/ByteCodeRewriter.java b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/jcore/ByteCodeRewriter.java index 2ed2106c02d..95fa363c324 100644 --- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/jcore/ByteCodeRewriter.java +++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/jcore/ByteCodeRewriter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,9 +24,6 @@ package sun.jvm.hotspot.tools.jcore; -import java.security.AccessController; -import java.security.PrivilegedAction; - import sun.jvm.hotspot.interpreter.Bytecodes; import sun.jvm.hotspot.oops.ConstantPool; import sun.jvm.hotspot.oops.ConstantPoolCache; @@ -44,19 +41,7 @@ public class ByteCodeRewriter private Bytes bytes; private static final int jintSize = 4; - public static final boolean DEBUG; - - static { - @SuppressWarnings("removal") - String debug = AccessController.doPrivileged( - new PrivilegedAction<>() { - public String run() { - return System.getProperty("sun.jvm.hotspot.tools.jcore.ByteCodeRewriter.DEBUG"); - } - } - ); - DEBUG = (debug != null ? debug.equalsIgnoreCase("true") : false); - } + public static final boolean DEBUG = Boolean.getBoolean("sun.jvm.hotspot.tools.jcore.ByteCodeRewriter.DEBUG"); protected void debugMessage(String message) {