8176815: Remove StackFramePermission and use RuntimePermission for stack walking

Reviewed-by: alanb, bchristi

jdk/src/java.base/share/classes/java/lang/LiveStackFrame.java

@@ -169,7 +169,7 @@ interface LiveStackFrame extends StackFrame {
      * it denies access to {@code RuntimePermission("liveStackFrames")}; or
      * or if the given {@code options} contains
      * {@link StackWalker.Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE}
-     * and it denies access to {@code StackFramePermission("retainClassReference")}.
+     * and it denies access to {@code RuntimePermission("getStackWalkerWithClassReference")}.
      */
     public static StackWalker getStackWalker(Set<StackWalker.Option> options) {
         SecurityManager sm = System.getSecurityManager();

jdk/src/java.base/share/classes/java/lang/RuntimePermission.java

@@ -298,6 +298,14 @@ import java.util.StringTokenizer;
  * </tr>
  *
  * <tr>
+ *   <td>getStackWalkerWithClassReference</td>
+ *   <td>Get a stack walker that can retrieve stack frames with class reference.</td>
+ *   <td>This allows retrieval of Class objects from stack walking.
+ *   This might allow malicious code to access Class objects on the stack
+ *   outside its own context.</td>
+ * </tr>
+ *
+ * <tr>
  *   <td>setDefaultUncaughtExceptionHandler</td>
  *   <td>Setting the default handler to be used when a thread
  *   terminates abruptly due to an uncaught exception</td>

jdk/src/java.base/share/classes/java/lang/StackFramePermission.java

@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package java.lang;
-
-/**
- * Permission to access {@link StackWalker.StackFrame}.
- *
- * @see java.lang.StackWalker.Option#RETAIN_CLASS_REFERENCE
- * @see StackWalker.StackFrame#getDeclaringClass()
- */
-public class StackFramePermission extends java.security.BasicPermission {
-    private static final long serialVersionUID = 2841894854386706014L;
-
-    /**
-     * Creates a new {@code StackFramePermission} object.
-     *
-     * @param name Permission name.  Must be "retainClassReference".
-     *
-     * @throws IllegalArgumentException if {@code name} is invalid.
-     * @throws NullPointerException if {@code name} is {@code null}.
-     */
-    public StackFramePermission(String name) {
-        super(name);
-        if (!name.equals("retainClassReference")) {
-            throw new IllegalArgumentException("name: " + name);
-        }
-    }
-}

jdk/src/java.base/share/classes/java/lang/StackWalker.java

@@ -279,7 +279,7 @@ public final class StackWalker {
      * If a security manager is present and the given {@code option} is
      * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
      * it calls its {@link SecurityManager#checkPermission checkPermission}
-     * method for {@code StackFramePermission("retainClassReference")}.
+     * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
      *
      * @param option {@link Option stack walking option}
      *
@@ -303,7 +303,7 @@ public final class StackWalker {
      * If a security manager is present and the given {@code options} contains
      * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
      * it calls its {@link SecurityManager#checkPermission checkPermission}
-     * method for {@code StackFramePermission("retainClassReference")}.
+     * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
      *
      * @param options {@link Option stack walking option}
      *
@@ -333,7 +333,7 @@ public final class StackWalker {
      * If a security manager is present and the given {@code options} contains
      * {@link Option#RETAIN_CLASS_REFERENCE Option.RETAIN_CLASS_REFERENCE},
      * it calls its {@link SecurityManager#checkPermission checkPermission}
-     * method for {@code StackFramePermission("retainClassReference")}.
+     * method for {@code RuntimePermission("getStackWalkerWithClassReference")}.
      *
      * <p>
      * The {@code estimateDepth} specifies the estimate number of stack frames
@@ -376,7 +376,7 @@ public final class StackWalker {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             if (options.contains(Option.RETAIN_CLASS_REFERENCE)) {
-                sm.checkPermission(new StackFramePermission("retainClassReference"));
+                sm.checkPermission(new RuntimePermission("getStackWalkerWithClassReference"));
             }
         }
     }

jdk/test/java/lang/StackWalker/CallerSensitiveMethod/csm/jdk/test/CallerSensitiveTest.java

@@ -50,7 +50,7 @@ public class CallerSensitiveTest {
         if (args.length > 0 && args[0].equals("sm")) {
             sm = true;
             PermissionCollection perms = new Permissions();
-            perms.add(new StackFramePermission("retainClassReference"));
+            perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
             Policy.setPolicy(new Policy() {
                 @Override
                 public boolean implies(ProtectionDomain domain, Permission p) {

jdk/test/java/lang/StackWalker/GetCallerClassTest.java

@@ -55,7 +55,7 @@ public class GetCallerClassTest {
     public static void main(String... args) throws Exception {
         if (args.length > 0 && args[0].equals("sm")) {
             PermissionCollection perms = new Permissions();
-            perms.add(new StackFramePermission("retainClassReference"));
+            perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
             Policy.setPolicy(new Policy() {
                 @Override
                 public boolean implies(ProtectionDomain domain, Permission p) {

jdk/test/java/lang/StackWalker/stackwalk.policy

@@ -1,4 +1,4 @@
 grant {
-  permission java.lang.StackFramePermission "retainClassReference";
+  permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
 };
 

jdk/test/java/lang/StackWalker/stackwalktest.policy

@@ -1,5 +1,5 @@
 grant {
-  permission java.lang.StackFramePermission "retainClassReference";
+  permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
   permission java.util.PropertyPermission "seed", "read";
 };