8343958: Remove security manager impl in java.lang.Process and java.lang.Runtime.exec
Reviewed-by: jpai, mullan, alanb
This commit is contained in:
parent
5ac330b1ac
commit
168b18ec68
src/java.base
share/classes/java/lang
unix/classes/java/lang
windows/classes/java/lang
@ -339,11 +339,6 @@ public final class ProcessBuilder
|
||||
* @see System#getenv()
|
||||
*/
|
||||
public Map<String,String> environment() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager security = System.getSecurityManager();
|
||||
if (security != null)
|
||||
security.checkPermission(new RuntimePermission("getenv.*"));
|
||||
|
||||
if (environment == null)
|
||||
environment = ProcessEnvironment.environment();
|
||||
|
||||
@ -1069,11 +1064,6 @@ public final class ProcessBuilder
|
||||
// Throws IndexOutOfBoundsException if command is empty
|
||||
String prog = cmdarray[0];
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager security = System.getSecurityManager();
|
||||
if (security != null)
|
||||
security.checkExec(prog);
|
||||
|
||||
String dir = directory == null ? null : directory.toString();
|
||||
|
||||
for (String s : cmdarray) {
|
||||
@ -1112,24 +1102,13 @@ public final class ProcessBuilder
|
||||
}
|
||||
return process;
|
||||
} catch (IOException | IllegalArgumentException e) {
|
||||
String exceptionInfo = ": " + e.getMessage();
|
||||
Throwable cause = e;
|
||||
if ((e instanceof IOException) && security != null) {
|
||||
// Can not disclose the fail reason for read-protected files.
|
||||
try {
|
||||
security.checkRead(prog);
|
||||
} catch (SecurityException se) {
|
||||
exceptionInfo = "";
|
||||
cause = se;
|
||||
}
|
||||
}
|
||||
// It's much easier for us to create a high-quality error
|
||||
// message than the low-level C code which found the problem.
|
||||
throw new IOException(
|
||||
"Cannot run program \"" + prog + "\""
|
||||
+ (dir == null ? "" : " (in directory \"" + dir + "\")")
|
||||
+ exceptionInfo,
|
||||
cause);
|
||||
+ ": " + e.getMessage(),
|
||||
e);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -84,28 +84,28 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
/**
|
||||
* The thread pool of "process reaper" daemon threads.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
private static final Executor processReaperExecutor =
|
||||
AccessController.doPrivileged((PrivilegedAction<Executor>) () -> {
|
||||
// Initialize ThreadLocalRandom now to avoid using the smaller stack
|
||||
// of the processReaper threads.
|
||||
ThreadLocalRandom.current();
|
||||
private static final Executor processReaperExecutor = initReaper();
|
||||
|
||||
// For a debug build, the stack shadow zone is larger;
|
||||
// Increase the total stack size to avoid potential stack overflow.
|
||||
int debugDelta = "release".equals(System.getProperty("jdk.debug")) ? 0 : (4*4096);
|
||||
final long stackSize = Boolean.getBoolean("jdk.lang.processReaperUseDefaultStackSize")
|
||||
? 0 : REAPER_DEFAULT_STACKSIZE + debugDelta;
|
||||
private static Executor initReaper() {
|
||||
// Initialize ThreadLocalRandom now to avoid using the smaller stack
|
||||
// of the processReaper threads.
|
||||
ThreadLocalRandom.current();
|
||||
|
||||
ThreadFactory threadFactory = grimReaper -> {
|
||||
Thread t = InnocuousThread.newSystemThread("process reaper", grimReaper,
|
||||
stackSize, Thread.MAX_PRIORITY);
|
||||
privilegedThreadSetDaemon(t, true);
|
||||
return t;
|
||||
};
|
||||
// For a debug build, the stack shadow zone is larger;
|
||||
// Increase the total stack size to avoid potential stack overflow.
|
||||
int debugDelta = "release".equals(System.getProperty("jdk.debug")) ? 0 : (4 * 4096);
|
||||
final long stackSize = Boolean.getBoolean("jdk.lang.processReaperUseDefaultStackSize")
|
||||
? 0 : REAPER_DEFAULT_STACKSIZE + debugDelta;
|
||||
|
||||
return Executors.newCachedThreadPool(threadFactory);
|
||||
});
|
||||
ThreadFactory threadFactory = grimReaper -> {
|
||||
Thread t = InnocuousThread.newSystemThread("process reaper", grimReaper,
|
||||
stackSize, Thread.MAX_PRIORITY);
|
||||
t.setDaemon(true);
|
||||
return t;
|
||||
};
|
||||
|
||||
return Executors.newCachedThreadPool(threadFactory);
|
||||
}
|
||||
|
||||
private static class ExitCompletion extends CompletableFuture<Integer> {
|
||||
final boolean isReaping;
|
||||
@ -115,22 +115,6 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private static void privilegedThreadSetName(Thread thread, String name) {
|
||||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
|
||||
thread.setName(name);
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private static void privilegedThreadSetDaemon(Thread thread, boolean on) {
|
||||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
|
||||
thread.setDaemon(on);
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a CompletableFuture that completes with process exit status when
|
||||
* the process completes.
|
||||
@ -158,7 +142,7 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
public void run() {
|
||||
Thread t = Thread.currentThread();
|
||||
String threadName = t.getName();
|
||||
privilegedThreadSetName(t, "process reaper (pid " + pid + ")");
|
||||
t.setName("process reaper (pid " + pid + ")");
|
||||
try {
|
||||
int exitValue = waitForProcessExit0(pid, shouldReap);
|
||||
if (exitValue == NOT_A_CHILD) {
|
||||
@ -189,7 +173,7 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
completions.remove(pid, newCompletion);
|
||||
} finally {
|
||||
// Restore thread name
|
||||
privilegedThreadSetName(t, threadName);
|
||||
t.setName(threadName);
|
||||
}
|
||||
}
|
||||
});
|
||||
@ -255,14 +239,8 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
* @param pid the native process identifier
|
||||
* @return The ProcessHandle for the pid if the process is alive;
|
||||
* or {@code null} if the process ID does not exist in the native system.
|
||||
* @throws SecurityException if RuntimePermission("manageProcess") is not granted
|
||||
*/
|
||||
static Optional<ProcessHandle> get(long pid) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
long start = isAlive0(pid);
|
||||
return (start >= 0)
|
||||
? Optional.of(new ProcessHandleImpl(pid, start))
|
||||
@ -296,14 +274,8 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
* Returns the ProcessHandle for the current native process.
|
||||
*
|
||||
* @return The ProcessHandle for the OS process.
|
||||
* @throws SecurityException if RuntimePermission("manageProcess") is not granted
|
||||
*/
|
||||
public static ProcessHandleImpl current() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
return current;
|
||||
}
|
||||
|
||||
@ -319,15 +291,8 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
*
|
||||
* @return a ProcessHandle of the parent process; {@code null} is returned
|
||||
* if the child process does not have a parent
|
||||
* @throws SecurityException if permission is not granted by the
|
||||
* security policy
|
||||
*/
|
||||
public Optional<ProcessHandle> parent() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
long ppid = parent0(pid, startTime);
|
||||
if (ppid <= 0) {
|
||||
return Optional.empty();
|
||||
@ -442,11 +407,6 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
* @return a stream of ProcessHandles
|
||||
*/
|
||||
static Stream<ProcessHandle> children(long pid) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
int size = 100;
|
||||
long[] childpids = null;
|
||||
long[] starttimes = null;
|
||||
@ -463,11 +423,6 @@ final class ProcessHandleImpl implements ProcessHandle {
|
||||
|
||||
@Override
|
||||
public Stream<ProcessHandle> descendants() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
int size = 100;
|
||||
long[] pids = null;
|
||||
long[] ppids = null;
|
||||
|
@ -42,14 +42,10 @@ import java.util.concurrent.CompletableFuture;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.concurrent.locks.Condition;
|
||||
import java.util.concurrent.locks.ReentrantLock;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import jdk.internal.access.JavaIOFileDescriptorAccess;
|
||||
import jdk.internal.access.SharedSecrets;
|
||||
import jdk.internal.util.OperatingSystem;
|
||||
import jdk.internal.util.StaticProperty;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
|
||||
/**
|
||||
* java.lang.Process subclass in the UNIX environment.
|
||||
@ -95,7 +91,7 @@ final class ProcessImpl extends Process {
|
||||
* @throws Error if the requested launch mechanism is not found or valid
|
||||
*/
|
||||
private static LaunchMechanism launchMechanism() {
|
||||
String s = GetPropertyAction.privilegedGetProperty("jdk.lang.Process.launchMechanism");
|
||||
String s = System.getProperty("jdk.lang.Process.launchMechanism");
|
||||
if (s == null) {
|
||||
return LaunchMechanism.POSIX_SPAWN;
|
||||
}
|
||||
@ -282,7 +278,6 @@ final class ProcessImpl extends Process {
|
||||
boolean redirectErrorStream)
|
||||
throws IOException;
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private ProcessImpl(final byte[] prog,
|
||||
final byte[] argBlock, final int argc,
|
||||
final byte[] envBlock, final int envc,
|
||||
@ -302,14 +297,7 @@ final class ProcessImpl extends Process {
|
||||
redirectErrorStream);
|
||||
processHandle = ProcessHandleImpl.getInternal(pid);
|
||||
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
initStreams(fds, forceNullOutputStream);
|
||||
return null;
|
||||
});
|
||||
} catch (PrivilegedActionException ex) {
|
||||
throw (IOException) ex.getCause();
|
||||
}
|
||||
initStreams(fds, forceNullOutputStream);
|
||||
}
|
||||
|
||||
static FileDescriptor newFileDescriptor(int fd) {
|
||||
@ -507,11 +495,6 @@ final class ProcessImpl extends Process {
|
||||
|
||||
@Override
|
||||
public ProcessHandle toHandle() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
return processHandle;
|
||||
}
|
||||
|
||||
|
@ -35,8 +35,6 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.lang.ProcessBuilder.Redirect;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Locale;
|
||||
import java.util.concurrent.CompletableFuture;
|
||||
@ -48,7 +46,6 @@ import jdk.internal.access.JavaIOFileDescriptorAccess;
|
||||
import jdk.internal.access.SharedSecrets;
|
||||
import jdk.internal.ref.CleanerFactory;
|
||||
import jdk.internal.misc.Blocker;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
|
||||
/* This class is for the exclusive use of ProcessBuilder.start() to
|
||||
* create new processes.
|
||||
@ -71,25 +68,15 @@ final class ProcessImpl extends Process {
|
||||
* to append to a file does not open the file in a manner that guarantees
|
||||
* that writes by the child process will be atomic.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
private static FileOutputStream newFileOutputStream(File f, boolean append)
|
||||
throws IOException
|
||||
{
|
||||
if (append) {
|
||||
String path = f.getPath();
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkWrite(path);
|
||||
long handle = openForAtomicAppend(path);
|
||||
final FileDescriptor fd = new FileDescriptor();
|
||||
fdAccess.setHandle(fd, handle);
|
||||
return AccessController.doPrivileged(
|
||||
new PrivilegedAction<FileOutputStream>() {
|
||||
public FileOutputStream run() {
|
||||
return new FileOutputStream(fd);
|
||||
}
|
||||
}
|
||||
);
|
||||
return new FileOutputStream(fd);
|
||||
} else {
|
||||
return new FileOutputStream(f);
|
||||
}
|
||||
@ -424,7 +411,6 @@ final class ProcessImpl extends Process {
|
||||
private InputStream stdout_stream;
|
||||
private InputStream stderr_stream;
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private ProcessImpl(String cmd[],
|
||||
final String envblock,
|
||||
final String path,
|
||||
@ -434,13 +420,10 @@ final class ProcessImpl extends Process {
|
||||
throws IOException
|
||||
{
|
||||
String cmdstr;
|
||||
final SecurityManager security = System.getSecurityManager();
|
||||
final String value = GetPropertyAction.
|
||||
privilegedGetProperty("jdk.lang.Process.allowAmbiguousCommands",
|
||||
(security == null ? "true" : "false"));
|
||||
final String value = System.getProperty("jdk.lang.Process.allowAmbiguousCommands", "true");
|
||||
final boolean allowAmbiguousCommands = !"false".equalsIgnoreCase(value);
|
||||
|
||||
if (allowAmbiguousCommands && security == null) {
|
||||
if (allowAmbiguousCommands) {
|
||||
// Legacy mode.
|
||||
|
||||
// Normalize path if possible.
|
||||
@ -478,10 +461,6 @@ final class ProcessImpl extends Process {
|
||||
// Parse the command line again.
|
||||
cmd = getTokensFromCommand(join.toString());
|
||||
executablePath = getExecutablePath(cmd[0]);
|
||||
|
||||
// Check new executable name once more
|
||||
if (security != null)
|
||||
security.checkExec(executablePath);
|
||||
}
|
||||
|
||||
// Quotation protects from interpretation of the [path] argument as
|
||||
@ -505,39 +484,34 @@ final class ProcessImpl extends Process {
|
||||
|
||||
processHandle = ProcessHandleImpl.getInternal(getProcessId0(handle));
|
||||
|
||||
java.security.AccessController.doPrivileged(
|
||||
new java.security.PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
if (stdHandles[0] == -1L)
|
||||
stdin_stream = ProcessBuilder.NullOutputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stdin_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stdin_fd, stdHandles[0]);
|
||||
fdAccess.registerCleanup(stdin_fd);
|
||||
stdin_stream = new BufferedOutputStream(
|
||||
new PipeOutputStream(stdin_fd));
|
||||
}
|
||||
if (stdHandles[0] == -1L)
|
||||
stdin_stream = ProcessBuilder.NullOutputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stdin_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stdin_fd, stdHandles[0]);
|
||||
fdAccess.registerCleanup(stdin_fd);
|
||||
stdin_stream = new BufferedOutputStream(
|
||||
new PipeOutputStream(stdin_fd));
|
||||
}
|
||||
|
||||
if (stdHandles[1] == -1L || forceNullOutputStream)
|
||||
stdout_stream = ProcessBuilder.NullInputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stdout_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stdout_fd, stdHandles[1]);
|
||||
fdAccess.registerCleanup(stdout_fd);
|
||||
stdout_stream = new BufferedInputStream(
|
||||
new PipeInputStream(stdout_fd));
|
||||
}
|
||||
if (stdHandles[1] == -1L || forceNullOutputStream)
|
||||
stdout_stream = ProcessBuilder.NullInputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stdout_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stdout_fd, stdHandles[1]);
|
||||
fdAccess.registerCleanup(stdout_fd);
|
||||
stdout_stream = new BufferedInputStream(
|
||||
new PipeInputStream(stdout_fd));
|
||||
}
|
||||
|
||||
if (stdHandles[2] == -1L)
|
||||
stderr_stream = ProcessBuilder.NullInputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stderr_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stderr_fd, stdHandles[2]);
|
||||
fdAccess.registerCleanup(stderr_fd);
|
||||
stderr_stream = new PipeInputStream(stderr_fd);
|
||||
}
|
||||
|
||||
return null; }});
|
||||
if (stdHandles[2] == -1L)
|
||||
stderr_stream = ProcessBuilder.NullInputStream.INSTANCE;
|
||||
else {
|
||||
FileDescriptor stderr_fd = new FileDescriptor();
|
||||
fdAccess.setHandle(stderr_fd, stdHandles[2]);
|
||||
fdAccess.registerCleanup(stderr_fd);
|
||||
stderr_stream = new PipeInputStream(stderr_fd);
|
||||
}
|
||||
}
|
||||
|
||||
public OutputStream getOutputStream() {
|
||||
@ -632,11 +606,6 @@ final class ProcessImpl extends Process {
|
||||
|
||||
@Override
|
||||
public ProcessHandle toHandle() {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("manageProcess"));
|
||||
}
|
||||
return processHandle;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user