From 0ae5748f74fda79cff8c62eafbef144cde7abf14 Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Fri, 15 Nov 2024 07:16:34 +0000 Subject: [PATCH] 8343982: Remove usage of security manager from ClassLoader and related classes Reviewed-by: jpai, yzheng, lancea --- .../share/classes/java/lang/ClassLoader.java | 82 +------- .../jdk/internal/loader/BootLoader.java | 54 ++--- .../internal/loader/BuiltinClassLoader.java | 187 ++++-------------- .../jdk/internal/loader/ClassLoaders.java | 30 +-- .../classes/jdk/internal/loader/Loader.java | 117 +---------- .../jdk/internal/loader/NativeLibraries.java | 22 +-- .../internal/loader/RawNativeLibraries.java | 19 +- 7 files changed, 78 insertions(+), 433 deletions(-) diff --git a/src/java.base/share/classes/java/lang/ClassLoader.java b/src/java.base/share/classes/java/lang/ClassLoader.java index 85fc315c767..55341635d8a 100644 --- a/src/java.base/share/classes/java/lang/ClassLoader.java +++ b/src/java.base/share/classes/java/lang/ClassLoader.java @@ -64,7 +64,6 @@ import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.CallerSensitiveAdapter; import jdk.internal.reflect.Reflection; import jdk.internal.util.StaticProperty; -import sun.security.util.SecurityConstants; /** * A class loader is an object that is responsible for loading classes. The @@ -357,12 +356,6 @@ public abstract class ClassLoader { if (name != null && name.isEmpty()) { throw new IllegalArgumentException("name must be non-empty or null"); } - - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkCreateClassLoader(); - } return null; } @@ -1735,18 +1728,7 @@ public abstract class ClassLoader { * * @since 1.2 */ - @CallerSensitive public final ClassLoader getParent() { - if (parent == null) - return null; - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - // Check access to the parent class loader - // If the caller's class loader is same as this class loader, - // permission check is performed. - checkClassLoaderPermission(parent, Reflection.getCallerClass()); - } return parent; } @@ -1774,15 +1756,8 @@ public abstract class ClassLoader { * * @since 9 */ - @CallerSensitive public static ClassLoader getPlatformClassLoader() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - ClassLoader loader = getBuiltinPlatformClassLoader(); - if (sm != null) { - checkClassLoaderPermission(loader, Reflection.getCallerClass()); - } - return loader; + return getBuiltinPlatformClassLoader(); } /** @@ -1853,7 +1828,6 @@ public abstract class ClassLoader { * underlying cause of the error can be retrieved via the * {@link Throwable#getCause()} method. */ - @CallerSensitive public static ClassLoader getSystemClassLoader() { switch (VM.initLevel()) { case 0: @@ -1867,11 +1841,6 @@ public abstract class ClassLoader { default: // system fully initialized assert VM.isBooted() && scl != null; - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkClassLoaderPermission(scl, Reflection.getCallerClass()); - } return scl; } } @@ -1902,8 +1871,6 @@ public abstract class ClassLoader { } ClassLoader builtinLoader = getBuiltinAppClassLoader(); - - // All are privileged frames. No need to call doPrivileged. String cn = System.getProperty("java.system.class.loader"); if (cn != null) { try { @@ -1930,36 +1897,6 @@ public abstract class ClassLoader { return scl; } - // Returns true if the specified class loader can be found in this class - // loader's delegation chain. - boolean isAncestor(ClassLoader cl) { - ClassLoader acl = this; - do { - acl = acl.parent; - if (cl == acl) { - return true; - } - } while (acl != null); - return false; - } - - // Tests if class loader access requires "getClassLoader" permission - // check. A class loader 'from' can access class loader 'to' if - // class loader 'from' is same as class loader 'to' or an ancestor - // of 'to'. The class loader in a system domain can access - // any class loader. - private static boolean needsClassLoaderPermissionCheck(ClassLoader from, - ClassLoader to) - { - if (from == to) - return false; - - if (from == null) - return false; - - return !to.isAncestor(from); - } - // Returns the class's class loader, or null if none. static ClassLoader getClassLoader(Class caller) { // This can be null if the VM is requesting it @@ -1970,23 +1907,6 @@ public abstract class ClassLoader { return caller.getClassLoader0(); } - /* - * Checks RuntimePermission("getClassLoader") permission - * if caller's class loader is not null and caller's class loader - * is not the same as or an ancestor of the given cl argument. - */ - static void checkClassLoaderPermission(ClassLoader cl, Class caller) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - // caller can be null if the VM is requesting it - ClassLoader ccl = getClassLoader(caller); - if (needsClassLoaderPermissionCheck(ccl, cl)) { - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - } - } - // The system class loader // @GuardedBy("ClassLoader.class") private static volatile ClassLoader scl; diff --git a/src/java.base/share/classes/jdk/internal/loader/BootLoader.java b/src/java.base/share/classes/jdk/internal/loader/BootLoader.java index 98ff60a7309..c845146a838 100644 --- a/src/java.base/share/classes/jdk/internal/loader/BootLoader.java +++ b/src/java.base/share/classes/jdk/internal/loader/BootLoader.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,8 +32,6 @@ import java.net.URI; import java.net.URL; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Enumeration; import java.util.concurrent.ConcurrentHashMap; @@ -143,18 +141,8 @@ public class BootLoader { /** * Loads a native library from the system library path. */ - @SuppressWarnings("removal") public static void loadLibrary(String name) { - if (System.getSecurityManager() == null) { - BootLoader.getNativeLibraries().loadLibrary(name); - } else { - AccessController.doPrivileged(new java.security.PrivilegedAction<>() { - public Void run() { - BootLoader.getNativeLibraries().loadLibrary(name); - return null; - } - }); - } + getNativeLibraries().loadLibrary(name); } /** @@ -294,38 +282,28 @@ public class BootLoader { /** * Returns URL if the given location is a regular file path. */ - @SuppressWarnings("removal") private static URL toFileURL(String location) { - return AccessController.doPrivileged(new PrivilegedAction<>() { - public URL run() { - Path path = Path.of(location); - if (Files.isRegularFile(path)) { - try { - return path.toUri().toURL(); - } catch (MalformedURLException e) {} - } - return null; - } - }); + Path path = Path.of(location); + if (Files.isRegularFile(path)) { + try { + return path.toUri().toURL(); + } catch (MalformedURLException e) {} + } + return null; } /** * Returns the Manifest if the given location is a JAR file * containing a manifest. */ - @SuppressWarnings("removal") private static Manifest getManifest(String location) { - return AccessController.doPrivileged(new PrivilegedAction<>() { - public Manifest run() { - Path jar = Path.of(location); - try (InputStream in = Files.newInputStream(jar); - JarInputStream jis = new JarInputStream(in, false)) { - return jis.getManifest(); - } catch (IOException e) { - return null; - } - } - }); + Path jar = Path.of(location); + try (InputStream in = Files.newInputStream(jar); + JarInputStream jis = new JarInputStream(in, false)) { + return jis.getManifest(); + } catch (IOException e) { + return null; + } } } diff --git a/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java b/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java index 84e5c50672d..ddf35a88d0a 100644 --- a/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java +++ b/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,13 +35,8 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.nio.ByteBuffer; -import java.security.AccessController; import java.security.CodeSigner; import java.security.CodeSource; -import java.security.PermissionCollection; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.security.SecureClassLoader; import java.util.ArrayList; import java.util.Collections; @@ -62,7 +57,6 @@ import jdk.internal.misc.VM; import jdk.internal.module.ModulePatcher.PatchedModuleReader; import jdk.internal.module.Resources; import jdk.internal.vm.annotation.Stable; -import sun.security.util.LazyCodeSourcePermissionCollection; /** @@ -281,31 +275,30 @@ public class BuiltinClassLoader url = findResourceOnClassPath(name); } - return checkURL(url); // check access before returning + return url; } /** * Returns an input stream to a resource of the given name in a module * defined to this class loader. */ - @SuppressWarnings("removal") public InputStream findResourceAsStream(String mn, String name) throws IOException { - // Need URL to resource when running with a security manager so that - // the right permission check is done. - if (System.getSecurityManager() != null || mn == null) { - URL url = findResource(mn, name); - return (url != null) ? url.openStream() : null; - } - - // find in module defined to this loader, no security manager - ModuleReference mref = nameToModule.get(mn); - if (mref != null) { - return moduleReaderFor(mref).open(name).orElse(null); + InputStream in = null; + if (mn != null) { + // find in module defined to this loader + ModuleReference mref = nameToModule.get(mn); + if (mref != null) { + in = moduleReaderFor(mref).open(name).orElse(null); + } } else { - return null; + URL url = findResourceOnClassPath(name); + if (url != null) { + in = url.openStream(); + } } + return in; } /** @@ -342,7 +335,7 @@ public class BuiltinClassLoader if (!urls.isEmpty()) { URL url = urls.get(0); if (url != null) { - return checkURL(url); // check access before returning + return url; } } } catch (IOException ioe) { @@ -352,8 +345,7 @@ public class BuiltinClassLoader } // search class path - URL url = findResourceOnClassPath(name); - return checkURL(url); + return findResourceOnClassPath(name); } /** @@ -383,7 +375,6 @@ public class BuiltinClassLoader } else { // not in a package of a module defined to this loader for (URL url : findMiscResource(name)) { - url = checkURL(url); if (url != null) { checked.add(url); } @@ -406,7 +397,7 @@ public class BuiltinClassLoader } else { // need to check each URL while (e.hasMoreElements() && next == null) { - next = checkURL(e.nextElement()); + next = e.nextElement(); } return next != null; } @@ -436,7 +427,6 @@ public class BuiltinClassLoader * * The cache used by this method avoids repeated searching of all modules. */ - @SuppressWarnings("removal") private List findMiscResource(String name) throws IOException { SoftReference>> ref = this.resourceCache; Map> map = (ref != null) ? ref.get() : null; @@ -453,30 +443,20 @@ public class BuiltinClassLoader } // search all modules for the resource - List urls; - try { - urls = AccessController.doPrivileged( - new PrivilegedExceptionAction<>() { - @Override - public List run() throws IOException { - List result = null; - for (ModuleReference mref : nameToModule.values()) { - URI u = moduleReaderFor(mref).find(name).orElse(null); - if (u != null) { - try { - if (result == null) - result = new ArrayList<>(); - result.add(u.toURL()); - } catch (MalformedURLException | - IllegalArgumentException e) { - } - } - } - return (result != null) ? result : Collections.emptyList(); - } - }); - } catch (PrivilegedActionException pae) { - throw (IOException) pae.getCause(); + List urls = null; + for (ModuleReference mref : nameToModule.values()) { + URI u = moduleReaderFor(mref).find(name).orElse(null); + if (u != null) { + try { + if (urls == null) + urls = new ArrayList<>(); + urls.add(u.toURL()); + } catch (MalformedURLException | IllegalArgumentException e) { + } + } + } + if (urls == null) { + urls = List.of(); } // only cache resources after VM is fully initialized @@ -490,23 +470,8 @@ public class BuiltinClassLoader /** * Returns the URL to a resource in a module or {@code null} if not found. */ - @SuppressWarnings("removal") private URL findResource(ModuleReference mref, String name) throws IOException { - URI u; - if (System.getSecurityManager() == null) { - u = moduleReaderFor(mref).find(name).orElse(null); - } else { - try { - u = AccessController.doPrivileged(new PrivilegedExceptionAction<> () { - @Override - public URI run() throws IOException { - return moduleReaderFor(mref).find(name).orElse(null); - } - }); - } catch (PrivilegedActionException pae) { - throw (IOException) pae.getCause(); - } - } + URI u = moduleReaderFor(mref).find(name).orElse(null); if (u != null) { try { return u.toURL(); @@ -515,30 +480,12 @@ public class BuiltinClassLoader return null; } - /** - * Returns the URL to a resource in a module. Returns {@code null} if not found - * or an I/O error occurs. - */ - private URL findResourceOrNull(ModuleReference mref, String name) { - try { - return findResource(mref, name); - } catch (IOException ignore) { - return null; - } - } - /** * Returns a URL to a resource on the class path. */ - @SuppressWarnings("removal") private URL findResourceOnClassPath(String name) { if (hasClassPath()) { - if (System.getSecurityManager() == null) { - return ucp.findResource(name, false); - } else { - PrivilegedAction pa = () -> ucp.findResource(name, false); - return AccessController.doPrivileged(pa); - } + return ucp.findResource(name, false); } else { // no class path return null; @@ -548,16 +495,9 @@ public class BuiltinClassLoader /** * Returns the URLs of all resources of the given name on the class path. */ - @SuppressWarnings("removal") private Enumeration findResourcesOnClassPath(String name) { if (hasClassPath()) { - if (System.getSecurityManager() == null) { - return ucp.findResources(name, false); - } else { - PrivilegedAction> pa; - pa = () -> ucp.findResources(name, false); - return AccessController.doPrivileged(pa); - } + return ucp.findResources(name, false); } else { // no class path return Collections.emptyEnumeration(); @@ -735,14 +675,8 @@ public class BuiltinClassLoader * * @return the resulting Class or {@code null} if not found */ - @SuppressWarnings("removal") private Class findClassInModuleOrNull(LoadedModule loadedModule, String cn) { - if (System.getSecurityManager() == null) { - return defineClass(cn, loadedModule); - } else { - PrivilegedAction> pa = () -> defineClass(cn, loadedModule); - return AccessController.doPrivileged(pa); - } + return defineClass(cn, loadedModule); } /** @@ -750,36 +684,17 @@ public class BuiltinClassLoader * * @return the resulting Class or {@code null} if not found */ - @SuppressWarnings("removal") private Class findClassOnClassPathOrNull(String cn) { String path = cn.replace('.', '/').concat(".class"); - if (System.getSecurityManager() == null) { - Resource res = ucp.getResource(path, false); - if (res != null) { - try { - return defineClass(cn, res); - } catch (IOException ioe) { - // TBD on how I/O errors should be propagated - } + Resource res = ucp.getResource(path, false); + if (res != null) { + try { + return defineClass(cn, res); + } catch (IOException ioe) { + // TBD on how I/O errors should be propagated } - return null; - } else { - // avoid use of lambda here - PrivilegedAction> pa = new PrivilegedAction<>() { - public Class run() { - Resource res = ucp.getResource(path, false); - if (res != null) { - try { - return defineClass(cn, res); - } catch (IOException ioe) { - // TBD on how I/O errors should be propagated - } - } - return null; - } - }; - return AccessController.doPrivileged(pa); } + return null; } /** @@ -998,16 +913,6 @@ public class BuiltinClassLoader return "true".equalsIgnoreCase(sealed); } - // -- permissions - - /** - * Returns the permissions for the given CodeSource. - */ - @Override - protected PermissionCollection getPermissions(CodeSource cs) { - return new LazyCodeSourcePermissionCollection(super.getPermissions(cs), cs); - } - // -- miscellaneous supporting methods /** @@ -1072,14 +977,6 @@ public class BuiltinClassLoader return false; } - /** - * Checks access to the given URL. We use URLClassPath for consistent - * checking with java.net.URLClassLoader. - */ - private static URL checkURL(URL url) { - return URLClassPath.checkURL(url); - } - // Called from VM only, during -Xshare:dump private void resetArchivedStates() { ucp = null; diff --git a/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java b/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java index ab4aa3fb907..1a61d4b1522 100644 --- a/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java +++ b/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import java.io.IOException; import java.net.URL; import java.nio.file.InvalidPathException; import java.nio.file.Path; -import java.security.CodeSource; -import java.security.PermissionCollection; import java.util.jar.Manifest; import jdk.internal.access.JavaLangAccess; @@ -170,31 +168,6 @@ public class ClassLoaders { super("app", parent, ucp); } - @Override - protected Class loadClass(String cn, boolean resolve) - throws ClassNotFoundException - { - // for compatibility reasons, say where restricted package list has - // been updated to list API packages in the unnamed module. - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - int i = cn.lastIndexOf('.'); - if (i != -1) { - sm.checkPackageAccess(cn.substring(0, i)); - } - } - - return super.loadClass(cn, resolve); - } - - @Override - protected PermissionCollection getPermissions(CodeSource cs) { - PermissionCollection perms = super.getPermissions(cs); - perms.add(new RuntimePermission("exitVM")); - return perms; - } - /** * Called by the VM to support dynamic additions to the class path * @@ -207,6 +180,7 @@ public class ClassLoaders { /** * Called by the VM to support define package for AppCDS */ + @Override protected Package defineOrCheckPackage(String pn, Manifest man, URL url) { return super.defineOrCheckPackage(pn, man, url); } diff --git a/src/java.base/share/classes/jdk/internal/loader/Loader.java b/src/java.base/share/classes/jdk/internal/loader/Loader.java index fbd16467da7..c4f9023482d 100644 --- a/src/java.base/share/classes/jdk/internal/loader/Loader.java +++ b/src/java.base/share/classes/jdk/internal/loader/Loader.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,6 @@ package jdk.internal.loader; -import java.io.File; -import java.io.FilePermission; import java.io.IOException; import java.lang.module.Configuration; import java.lang.module.ModuleDescriptor; @@ -37,15 +35,8 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.nio.ByteBuffer; -import java.security.AccessControlContext; -import java.security.AccessController; import java.security.CodeSigner; import java.security.CodeSource; -import java.security.Permission; -import java.security.PermissionCollection; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.security.SecureClassLoader; import java.util.ArrayList; import java.util.Collection; @@ -110,16 +101,11 @@ public final class Loader extends SecureClassLoader { private final Map moduleToReader = new ConcurrentHashMap<>(); - // ACC used when loading classes and resources - @SuppressWarnings("removal") - private final AccessControlContext acc; - /** * A module defined/loaded to a {@code Loader}. */ private static class LoadedModule { private final ModuleReference mref; - private final URL url; // may be null private final CodeSource cs; LoadedModule(ModuleReference mref) { @@ -130,13 +116,11 @@ public final class Loader extends SecureClassLoader { } catch (MalformedURLException | IllegalArgumentException e) { } } this.mref = mref; - this.url = url; this.cs = new CodeSource(url, (CodeSigner[]) null); } ModuleReference mref() { return mref; } String name() { return mref.descriptor().name(); } - URL location() { return url; } CodeSource codeSource() { return cs; } } @@ -145,7 +129,6 @@ public final class Loader extends SecureClassLoader { * Creates a {@code Loader} in a loader pool that loads classes/resources * from one module. */ - @SuppressWarnings("removal") public Loader(ResolvedModule resolvedModule, LoaderPool pool, ClassLoader parent) @@ -164,8 +147,6 @@ public final class Loader extends SecureClassLoader { LoadedModule lm = new LoadedModule(mref); descriptor.packages().forEach(pn -> localPackageToModule.put(pn, lm)); this.localPackageToModule = localPackageToModule; - - this.acc = AccessController.getContext(); } /** @@ -175,7 +156,6 @@ public final class Loader extends SecureClassLoader { * @throws IllegalArgumentException * If two or more modules have the same package */ - @SuppressWarnings("removal") public Loader(Collection modules, ClassLoader parent) { super(parent); @@ -197,8 +177,6 @@ public final class Loader extends SecureClassLoader { } this.nameToModule = nameToModule; this.localPackageToModule = localPackageToModule; - - this.acc = AccessController.getContext(); } /** @@ -326,7 +304,6 @@ public final class Loader extends SecureClassLoader { * Returns a URL to a resource of the given name in a module defined to * this class loader. */ - @SuppressWarnings("removal") @Override protected URL findResource(String mn, String name) throws IOException { ModuleReference mref = (mn != null) ? nameToModule.get(mn) : null; @@ -335,41 +312,12 @@ public final class Loader extends SecureClassLoader { // locate resource URL url = null; - try { - url = AccessController.doPrivileged( - new PrivilegedExceptionAction() { - @Override - public URL run() throws IOException { - Optional ouri = moduleReaderFor(mref).find(name); - if (ouri.isPresent()) { - try { - return ouri.get().toURL(); - } catch (MalformedURLException | - IllegalArgumentException e) { } - } - return null; - } - }); - } catch (PrivilegedActionException pae) { - throw (IOException) pae.getCause(); - } - - // check access with permissions restricted by ACC - if (url != null && System.getSecurityManager() != null) { + Optional ouri = moduleReaderFor(mref).find(name); + if (ouri.isPresent()) { try { - URL urlToCheck = url; - url = AccessController.doPrivileged( - new PrivilegedExceptionAction() { - @Override - public URL run() throws IOException { - return URLClassPath.checkURL(urlToCheck); - } - }, acc); - } catch (PrivilegedActionException pae) { - url = null; - } + url = ouri.get().toURL(); + } catch (MalformedURLException | IllegalArgumentException e) { } } - return url; } @@ -525,15 +473,6 @@ public final class Loader extends SecureClassLoader { protected Class loadClass(String cn, boolean resolve) throws ClassNotFoundException { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - String pn = packageName(cn); - if (!pn.isEmpty()) { - sm.checkPackageAccess(pn); - } - } - synchronized (getClassLoadingLock(cn)) { // check if already loaded Class c = findLoadedClass(cn); @@ -584,19 +523,7 @@ public final class Loader extends SecureClassLoader { * * @return the resulting Class or {@code null} if not found */ - @SuppressWarnings("removal") private Class findClassInModuleOrNull(LoadedModule loadedModule, String cn) { - PrivilegedAction> pa = () -> defineClass(cn, loadedModule); - return AccessController.doPrivileged(pa, acc); - } - - /** - * Defines the given binary class name to the VM, loading the class - * bytes from the given module. - * - * @return the resulting Class or {@code null} if an I/O error occurs - */ - private Class defineClass(String cn, LoadedModule loadedModule) { ModuleReader reader = moduleReaderFor(loadedModule.mref()); try { @@ -620,40 +547,6 @@ public final class Loader extends SecureClassLoader { } } - - // -- permissions - - /** - * Returns the permissions for the given CodeSource. - */ - @Override - protected PermissionCollection getPermissions(CodeSource cs) { - PermissionCollection perms = super.getPermissions(cs); - - URL url = cs.getLocation(); - if (url == null) - return perms; - - // add the permission to access the resource - try { - Permission p = url.openConnection().getPermission(); - if (p != null) { - // for directories then need recursive access - if (p instanceof FilePermission) { - String path = p.getName(); - if (path.endsWith(File.separator)) { - path += "-"; - p = new FilePermission(path, "read"); - } - } - perms.add(p); - } - } catch (IOException ioe) { } - - return perms; - } - - // -- miscellaneous supporting methods /** diff --git a/src/java.base/share/classes/jdk/internal/loader/NativeLibraries.java b/src/java.base/share/classes/jdk/internal/loader/NativeLibraries.java index 64a3813a914..02dc79f0288 100644 --- a/src/java.base/share/classes/jdk/internal/loader/NativeLibraries.java +++ b/src/java.base/share/classes/jdk/internal/loader/NativeLibraries.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -114,25 +114,17 @@ public final class NativeLibraries { * @param file the path of the native library * @throws UnsatisfiedLinkError if any error in loading the native library */ - @SuppressWarnings("removal") public NativeLibrary loadLibrary(Class fromClass, File file) { // Check to see if we're attempting to access a static library String name = findBuiltinLib(file.getName()); boolean isBuiltin = (name != null); if (!isBuiltin) { - name = AccessController.doPrivileged(new PrivilegedAction<>() { - public String run() { - try { - if (loadLibraryOnlyIfPresent && !file.exists()) { - return null; - } - return file.getCanonicalPath(); - } catch (IOException e) { - return null; - } - } - }); - if (name == null) { + try { + if (loadLibraryOnlyIfPresent && !file.exists()) { + return null; + } + name = file.getCanonicalPath(); + } catch (IOException e) { return null; } } diff --git a/src/java.base/share/classes/jdk/internal/loader/RawNativeLibraries.java b/src/java.base/share/classes/jdk/internal/loader/RawNativeLibraries.java index 35ed4701c99..fa4c1390c1a 100644 --- a/src/java.base/share/classes/jdk/internal/loader/RawNativeLibraries.java +++ b/src/java.base/share/classes/jdk/internal/loader/RawNativeLibraries.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import jdk.internal.misc.VM; import java.io.IOException; import java.lang.invoke.MethodHandles; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Objects; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -78,18 +76,11 @@ public final class RawNativeLibraries { * * @param path the path of the native library */ - @SuppressWarnings("removal") public NativeLibrary load(Path path) { - String name = AccessController.doPrivileged(new PrivilegedAction<>() { - public String run() { - try { - return path.toRealPath().toString(); - } catch (IOException e) { - return null; - } - } - }); - if (name == null) { + String name; + try { + name = path.toRealPath().toString(); + } catch (IOException e) { return null; } return load(name);