stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344105: Remove SecurityManager and related calls from jdk.attach and jdk.hotspot.agent

Browse Source 
Reviewed-by: amenkov, cjplummer
This commit is contained in:
Kevin Walls 2024-11-18 09:24:11 +00:00
parent 475feb064b
commit 00ff6a38ce
9 changed files with 10 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/jdk.attach/aix/classes/sun/tools/attach/AttachProviderImpl.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013 SAP SE. All rights reserved. * Copyright (c) 2013 SAP SE. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
@ -52,8 +52,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
public VirtualMachine attachVirtualMachine(String vmid) public VirtualMachine attachVirtualMachine(String vmid)
throws AttachNotSupportedException, IOException throws AttachNotSupportedException, IOException
{ {
checkAttachPermission();
// AttachNotSupportedException will be thrown if the target VM can be determined // AttachNotSupportedException will be thrown if the target VM can be determined
// to be not attachable. // to be not attachable.
testAttachable(vmid); testAttachable(vmid);
@ -72,7 +70,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
// implementation which only returns a list of attachable VMs. // implementation which only returns a list of attachable VMs.
if (vmd instanceof HotSpotVirtualMachineDescriptor) { if (vmd instanceof HotSpotVirtualMachineDescriptor) {
assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable();
checkAttachPermission();
return new VirtualMachineImpl(this, vmd.id()); return new VirtualMachineImpl(this, vmd.id());
} else { } else {
return attachVirtualMachine(vmd.id()); return attachVirtualMachine(vmd.id());

5
src/jdk.attach/linux/classes/sun/tools/attach/AttachProviderImpl.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -49,8 +49,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
public VirtualMachine attachVirtualMachine(String vmid) public VirtualMachine attachVirtualMachine(String vmid)
throws AttachNotSupportedException, IOException throws AttachNotSupportedException, IOException
{ {
checkAttachPermission();
// AttachNotSupportedException will be thrown if the target VM can be determined // AttachNotSupportedException will be thrown if the target VM can be determined
// to be not attachable. // to be not attachable.
testAttachable(vmid); testAttachable(vmid);
@ -69,7 +67,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
// implementation which only returns a list of attachable VMs. // implementation which only returns a list of attachable VMs.
if (vmd instanceof HotSpotVirtualMachineDescriptor) { if (vmd instanceof HotSpotVirtualMachineDescriptor) {
assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable();
checkAttachPermission();
return new VirtualMachineImpl(this, vmd.id()); return new VirtualMachineImpl(this, vmd.id());
} else { } else {
return attachVirtualMachine(vmd.id()); return attachVirtualMachine(vmd.id());

5
src/jdk.attach/macosx/classes/sun/tools/attach/AttachProviderImpl.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -49,8 +49,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
public VirtualMachine attachVirtualMachine(String vmid) public VirtualMachine attachVirtualMachine(String vmid)
throws AttachNotSupportedException, IOException throws AttachNotSupportedException, IOException
{ {
checkAttachPermission();
// AttachNotSupportedException will be thrown if the target VM can be determined // AttachNotSupportedException will be thrown if the target VM can be determined
// to be not attachable. // to be not attachable.
testAttachable(vmid); testAttachable(vmid);
@ -69,7 +67,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
// implementation which only returns a list of attachable VMs. // implementation which only returns a list of attachable VMs.
if (vmd instanceof HotSpotVirtualMachineDescriptor) { if (vmd instanceof HotSpotVirtualMachineDescriptor) {
assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable(); assert ((HotSpotVirtualMachineDescriptor)vmd).isAttachable();
checkAttachPermission();
return new VirtualMachineImpl(this, vmd.id()); return new VirtualMachineImpl(this, vmd.id());
} else { } else {
return attachVirtualMachine(vmd.id()); return attachVirtualMachine(vmd.id());

5
src/jdk.attach/share/classes/com/sun/tools/attach/spi/AttachProvider.java
View File

@ -32,7 +32,6 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import com.sun.tools.attach.VirtualMachine; import com.sun.tools.attach.VirtualMachine;
import com.sun.tools.attach.VirtualMachineDescriptor; import com.sun.tools.attach.VirtualMachineDescriptor;
import com.sun.tools.attach.AttachPermission;
import com.sun.tools.attach.AttachNotSupportedException; import com.sun.tools.attach.AttachNotSupportedException;
import java.util.ServiceLoader; import java.util.ServiceLoader;
@ -84,10 +83,6 @@ public abstract class AttachProvider {
* Initializes a new instance of this class. * Initializes a new instance of this class.
*/ */
protected AttachProvider() { protected AttachProvider() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AttachPermission("createAttachProvider"));
} }
/** /**

13
src/jdk.attach/share/classes/sun/tools/attach/HotSpotAttachProvider.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,6 @@
package sun.tools.attach; package sun.tools.attach;
import com.sun.tools.attach.VirtualMachineDescriptor; import com.sun.tools.attach.VirtualMachineDescriptor;
import com.sun.tools.attach.AttachPermission;
import com.sun.tools.attach.AttachNotSupportedException; import com.sun.tools.attach.AttachNotSupportedException;
import com.sun.tools.attach.spi.AttachProvider; import com.sun.tools.attach.spi.AttachProvider;
@ -47,16 +46,6 @@ public abstract class HotSpotAttachProvider extends AttachProvider {
public HotSpotAttachProvider() { public HotSpotAttachProvider() {
} }
public void checkAttachPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(
new AttachPermission("attachVirtualMachine")
);
}
}
/* /*
* This listVirtualMachines implementation is based on jvmstat. Can override * This listVirtualMachines implementation is based on jvmstat. Can override
* this in platform implementations when there is a more efficient mechanism * this in platform implementations when there is a more efficient mechanism

12
src/jdk.attach/share/classes/sun/tools/attach/HotSpotVirtualMachine.java
View File

@ -37,7 +37,6 @@ import java.io.BufferedReader;
import java.io.InputStream; import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.Properties; import java.util.Properties;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -54,8 +53,7 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine {
@SuppressWarnings("removal") @SuppressWarnings("removal")
private static long pid() { private static long pid() {
PrivilegedAction<ProcessHandle> pa = () -> ProcessHandle.current(); return ProcessHandle.current().pid();
return AccessController.doPrivileged(pa).pid();
} }
private static final boolean ALLOW_ATTACH_SELF; private static final boolean ALLOW_ATTACH_SELF;
@ -361,12 +359,7 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine {
*/ */
protected boolean isAPIv2Enabled() { protected boolean isAPIv2Enabled() {
// if "jdk.attach.compat" property is set, only v1 is enabled. // if "jdk.attach.compat" property is set, only v1 is enabled.
try { return !Boolean.getBoolean("jdk.attach.compat");
String value = System.getProperty("jdk.attach.compat");
return !("true".equalsIgnoreCase(value));
} catch (SecurityException se) {
}
return true;
} }
/* /*
@ -563,7 +556,6 @@ public abstract class HotSpotVirtualMachine extends VirtualMachine {
String s = String s =
System.getProperty("sun.tools.attach.attachTimeout"); System.getProperty("sun.tools.attach.attachTimeout");
attachTimeout = Long.parseLong(s); attachTimeout = Long.parseLong(s);
} catch (SecurityException se) {
} catch (NumberFormatException ne) { } catch (NumberFormatException ne) {
} }
if (attachTimeout <= 0) { if (attachTimeout <= 0) {

4
src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -51,8 +51,6 @@ public class AttachProviderImpl extends HotSpotAttachProvider {
public VirtualMachine attachVirtualMachine(String vmid) public VirtualMachine attachVirtualMachine(String vmid)
throws AttachNotSupportedException, IOException throws AttachNotSupportedException, IOException
{ {
checkAttachPermission();
// AttachNotSupportedException will be thrown if the target VM can be determined // AttachNotSupportedException will be thrown if the target VM can be determined
// to be not attachable. // to be not attachable.
testAttachable(vmid); testAttachable(vmid);

19
src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/SALauncherLoader.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -76,14 +76,6 @@ public class SALauncherLoader extends URLClassLoader {
*/ */
public synchronized Class loadClass(String name, boolean resolve) public synchronized Class loadClass(String name, boolean resolve)
throws ClassNotFoundException { throws ClassNotFoundException {
int i = name.lastIndexOf('.');
if (i != -1) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPackageAccess(name.substring(0, i));
}
}
Class clazz = findLoadedClass(name); Class clazz = findLoadedClass(name);
if (clazz != null) return clazz; if (clazz != null) return clazz;
@ -104,15 +96,6 @@ public class SALauncherLoader extends URLClassLoader {
} }
} }
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
//-- Internals only below this point //-- Internals only below this point
private String[] libpaths; private String[] libpaths;

19
src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/jcore/ByteCodeRewriter.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -24,9 +24,6 @@
package sun.jvm.hotspot.tools.jcore; package sun.jvm.hotspot.tools.jcore;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.jvm.hotspot.interpreter.Bytecodes; import sun.jvm.hotspot.interpreter.Bytecodes;
import sun.jvm.hotspot.oops.ConstantPool; import sun.jvm.hotspot.oops.ConstantPool;
import sun.jvm.hotspot.oops.ConstantPoolCache; import sun.jvm.hotspot.oops.ConstantPoolCache;
@ -44,19 +41,7 @@ public class ByteCodeRewriter
private Bytes bytes; private Bytes bytes;
private static final int jintSize = 4; private static final int jintSize = 4;
public static final boolean DEBUG; public static final boolean DEBUG = Boolean.getBoolean("sun.jvm.hotspot.tools.jcore.ByteCodeRewriter.DEBUG");
static {
@SuppressWarnings("removal")
String debug = AccessController.doPrivileged(
new PrivilegedAction<>() {
public String run() {
return System.getProperty("sun.jvm.hotspot.tools.jcore.ByteCodeRewriter.DEBUG");
}
}
);
DEBUG = (debug != null ? debug.equalsIgnoreCase("true") : false);
}
protected void debugMessage(String message) { protected void debugMessage(String message) {