8344112: Remove code to support security manager execution mode from DatagramChannel implementation
Reviewed-by: dfuchs
This commit is contained in:
parent
bd3fec3075
commit
7be77725ea
src/java.base/share/classes/sun/nio/ch
@ -60,8 +60,6 @@ import java.nio.channels.NotYetConnectedException;
|
||||
import java.nio.channels.SelectionKey;
|
||||
import java.nio.channels.spi.AbstractSelectableChannel;
|
||||
import java.nio.channels.spi.SelectorProvider;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
@ -293,8 +291,7 @@ class DatagramChannelImpl
|
||||
public SocketAddress getLocalAddress() throws IOException {
|
||||
synchronized (stateLock) {
|
||||
ensureOpen();
|
||||
// Perform security check before returning address
|
||||
return Net.getRevealedLocalAddress(localAddress);
|
||||
return localAddress;
|
||||
}
|
||||
}
|
||||
|
||||
@ -573,24 +570,16 @@ class DatagramChannelImpl
|
||||
SocketAddress remote = beginRead(blocking, false);
|
||||
configureSocketNonBlockingIfVirtualThread();
|
||||
boolean connected = (remote != null);
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (connected || (sm == null)) {
|
||||
// connected or no security manager
|
||||
int n = receive(dst, connected);
|
||||
if (blocking) {
|
||||
while (IOStatus.okayToRetry(n) && isOpen()) {
|
||||
park(Net.POLLIN);
|
||||
n = receive(dst, connected);
|
||||
}
|
||||
int n = receive(dst, connected);
|
||||
if (blocking) {
|
||||
while (IOStatus.okayToRetry(n) && isOpen()) {
|
||||
park(Net.POLLIN);
|
||||
n = receive(dst, connected);
|
||||
}
|
||||
if (n > 0 || (n == 0 && isOpen())) {
|
||||
// sender address is in socket address buffer
|
||||
sender = sourceSocketAddress();
|
||||
}
|
||||
} else {
|
||||
// security manager and unconnected
|
||||
sender = untrustedReceive(dst);
|
||||
}
|
||||
if (n > 0 || (n == 0 && isOpen())) {
|
||||
// sender address is in socket address buffer
|
||||
sender = sourceSocketAddress();
|
||||
}
|
||||
return sender;
|
||||
} finally {
|
||||
@ -601,49 +590,6 @@ class DatagramChannelImpl
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Receives a datagram into an untrusted buffer. When there is a security
|
||||
* manager set, and the socket is not connected, datagrams have to be received
|
||||
* into a buffer that is not accessible to the user. The datagram is copied
|
||||
* into the user's buffer when the sender address is accepted by the security
|
||||
* manager.
|
||||
*/
|
||||
private SocketAddress untrustedReceive(ByteBuffer dst) throws IOException {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
assert readLock.isHeldByCurrentThread()
|
||||
&& sm != null && remoteAddress == null;
|
||||
|
||||
boolean blocking = isBlocking();
|
||||
for (;;) {
|
||||
int n;
|
||||
ByteBuffer bb = Util.getTemporaryDirectBuffer(dst.remaining());
|
||||
try {
|
||||
n = receive(bb, false);
|
||||
if (n >= 0) {
|
||||
// sender address is in socket address buffer
|
||||
InetSocketAddress isa = sourceSocketAddress();
|
||||
try {
|
||||
sm.checkAccept(isa.getAddress().getHostAddress(), isa.getPort());
|
||||
bb.flip();
|
||||
dst.put(bb);
|
||||
return isa;
|
||||
} catch (SecurityException se) {
|
||||
// ignore datagram
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
Util.releaseTemporaryDirectBuffer(bb);
|
||||
}
|
||||
|
||||
if (blocking && IOStatus.okayToRetry(n) && isOpen()) {
|
||||
park(Net.POLLIN);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Receives a datagram.
|
||||
*
|
||||
@ -675,58 +621,30 @@ class DatagramChannelImpl
|
||||
bufLength = DatagramPackets.getBufLength(p);
|
||||
}
|
||||
|
||||
long startNanos = System.nanoTime();
|
||||
long remainingNanos = nanos;
|
||||
SocketAddress sender = null;
|
||||
boolean completed = false;
|
||||
try {
|
||||
SocketAddress remote = beginRead(true, false);
|
||||
boolean connected = (remote != null);
|
||||
do {
|
||||
ByteBuffer dst = tryBlockingReceive(connected, bufLength, remainingNanos);
|
||||
|
||||
ByteBuffer dst = tryBlockingReceive(connected, bufLength, nanos);
|
||||
if (dst != null) {
|
||||
// if datagram received then get sender and copy to DatagramPacket
|
||||
if (dst != null) {
|
||||
try {
|
||||
// sender address is in socket address buffer
|
||||
sender = sourceSocketAddress();
|
||||
|
||||
// check sender when security manager set and not connected
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null && !connected) {
|
||||
InetSocketAddress isa = (InetSocketAddress) sender;
|
||||
try {
|
||||
sm.checkAccept(isa.getAddress().getHostAddress(), isa.getPort());
|
||||
} catch (SecurityException e) {
|
||||
sender = null;
|
||||
}
|
||||
}
|
||||
|
||||
if (sender != null) {
|
||||
// copy bytes to the DatagramPacket, and set length and sender
|
||||
synchronized (p) {
|
||||
// re-read p.bufLength in case DatagramPacket changed
|
||||
int len = Math.min(dst.limit(), DatagramPackets.getBufLength(p));
|
||||
dst.get(p.getData(), p.getOffset(), len);
|
||||
DatagramPackets.setLength(p, len);
|
||||
p.setSocketAddress(sender);
|
||||
}
|
||||
} else {
|
||||
// need to retry, adjusting timeout if needed
|
||||
if (nanos > 0) {
|
||||
remainingNanos = nanos - (System.nanoTime() - startNanos);
|
||||
if (remainingNanos <= 0) {
|
||||
throw new SocketTimeoutException("Receive timed out");
|
||||
}
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
Util.offerFirstTemporaryDirectBuffer(dst);
|
||||
try {
|
||||
SocketAddress sender = sourceSocketAddress();
|
||||
synchronized (p) {
|
||||
// copy bytes to the DatagramPacket, and set length and sender.
|
||||
// Need to re-read p.bufLength in case DatagramPacket changed
|
||||
int len = Math.min(dst.limit(), DatagramPackets.getBufLength(p));
|
||||
dst.get(p.getData(), p.getOffset(), len);
|
||||
DatagramPackets.setLength(p, len);
|
||||
p.setSocketAddress(sender);
|
||||
}
|
||||
} finally {
|
||||
Util.offerFirstTemporaryDirectBuffer(dst);
|
||||
}
|
||||
} while (sender == null && isOpen());
|
||||
completed = true;
|
||||
}
|
||||
} finally {
|
||||
endRead(true, (sender != null));
|
||||
endRead(true, completed);
|
||||
}
|
||||
} finally {
|
||||
readLock.unlock();
|
||||
@ -884,16 +802,7 @@ class DatagramChannelImpl
|
||||
completed = (n > 0);
|
||||
} else {
|
||||
// not connected
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
InetAddress ia = isa.getAddress();
|
||||
if (sm != null) {
|
||||
if (ia.isMulticastAddress()) {
|
||||
sm.checkMulticast(ia);
|
||||
} else {
|
||||
sm.checkConnect(ia.getHostAddress(), isa.getPort());
|
||||
}
|
||||
}
|
||||
if (ia.isLinkLocalAddress())
|
||||
isa = IPAddressUtil.toScopedAddress(isa);
|
||||
if (isa.getPort() == 0)
|
||||
@ -1344,10 +1253,6 @@ class DatagramChannelImpl
|
||||
} else {
|
||||
isa = Net.checkAddress(local, family);
|
||||
}
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkListen(isa.getPort());
|
||||
|
||||
Net.bind(family, fd, isa.getAddress(), isa.getPort());
|
||||
localAddress = Net.localAddress(fd);
|
||||
@ -1373,17 +1278,6 @@ class DatagramChannelImpl
|
||||
*/
|
||||
DatagramChannel connect(SocketAddress sa, boolean check) throws IOException {
|
||||
InetSocketAddress isa = Net.checkAddress(sa, family);
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
InetAddress ia = isa.getAddress();
|
||||
if (ia.isMulticastAddress()) {
|
||||
sm.checkMulticast(ia);
|
||||
} else {
|
||||
sm.checkConnect(ia.getHostAddress(), isa.getPort());
|
||||
sm.checkAccept(ia.getHostAddress(), isa.getPort());
|
||||
}
|
||||
}
|
||||
|
||||
readLock.lock();
|
||||
try {
|
||||
@ -1589,17 +1483,13 @@ class DatagramChannelImpl
|
||||
/**
|
||||
* Defines static methods to access AbstractSelectableChannel non-public members.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
private static class AbstractSelectableChannels {
|
||||
private static final Method FOREACH;
|
||||
static {
|
||||
try {
|
||||
PrivilegedExceptionAction<Method> pae = () -> {
|
||||
Method m = AbstractSelectableChannel.class.getDeclaredMethod("forEach", Consumer.class);
|
||||
m.setAccessible(true);
|
||||
return m;
|
||||
};
|
||||
FOREACH = AccessController.doPrivileged(pae);
|
||||
Method m = AbstractSelectableChannel.class.getDeclaredMethod("forEach", Consumer.class);
|
||||
m.setAccessible(true);
|
||||
FOREACH = m;
|
||||
} catch (Exception e) {
|
||||
throw new InternalError(e);
|
||||
}
|
||||
@ -1646,11 +1536,6 @@ class DatagramChannelImpl
|
||||
throw new IllegalArgumentException("Source address is different type to group");
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkMulticast(group);
|
||||
|
||||
synchronized (stateLock) {
|
||||
ensureOpen();
|
||||
|
||||
@ -2051,10 +1936,7 @@ class DatagramChannelImpl
|
||||
private static final VarHandle BUF_LENGTH;
|
||||
static {
|
||||
try {
|
||||
PrivilegedExceptionAction<MethodHandles.Lookup> pa = () ->
|
||||
MethodHandles.privateLookupIn(DatagramPacket.class, MethodHandles.lookup());
|
||||
@SuppressWarnings("removal")
|
||||
MethodHandles.Lookup l = AccessController.doPrivileged(pa);
|
||||
MethodHandles.Lookup l = MethodHandles.privateLookupIn(DatagramPacket.class, MethodHandles.lookup());
|
||||
LENGTH = l.findVarHandle(DatagramPacket.class, "length", int.class);
|
||||
BUF_LENGTH = l.findVarHandle(DatagramPacket.class, "bufLength", int.class);
|
||||
} catch (Exception e) {
|
||||
|
@ -48,9 +48,6 @@ import java.nio.channels.ClosedChannelException;
|
||||
import java.nio.channels.ClosedByInterruptException;
|
||||
import java.nio.channels.DatagramChannel;
|
||||
import java.nio.channels.MembershipKey;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.locks.ReentrantLock;
|
||||
@ -167,24 +164,11 @@ public class DatagramSocketAdaptor
|
||||
|
||||
@Override
|
||||
public SocketAddress getLocalSocketAddress() {
|
||||
InetSocketAddress local = dc.localAddress();
|
||||
if (local == null || isClosed())
|
||||
if (isClosed()) {
|
||||
return null;
|
||||
|
||||
InetAddress addr = local.getAddress();
|
||||
if (addr.isAnyLocalAddress())
|
||||
return local;
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
try {
|
||||
sm.checkConnect(addr.getHostAddress(), -1);
|
||||
} catch (SecurityException x) {
|
||||
return new InetSocketAddress(local.getPort());
|
||||
}
|
||||
} else {
|
||||
return dc.localAddress();
|
||||
}
|
||||
return local;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -223,17 +207,7 @@ public class DatagramSocketAdaptor
|
||||
InetSocketAddress local = dc.localAddress();
|
||||
if (local == null)
|
||||
local = new InetSocketAddress(0);
|
||||
InetAddress result = local.getAddress();
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
try {
|
||||
sm.checkConnect(result.getHostAddress(), -1);
|
||||
} catch (SecurityException x) {
|
||||
return new InetSocketAddress(0).getAddress();
|
||||
}
|
||||
}
|
||||
return result;
|
||||
return local.getAddress();
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -484,11 +458,6 @@ public class DatagramSocketAdaptor
|
||||
synchronized (this) {
|
||||
MembershipKey key = dc.findMembership(group, ni);
|
||||
if (key != null) {
|
||||
// already a member but need to check permission anyway
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkMulticast(group);
|
||||
throw new SocketException("Already a member of group");
|
||||
}
|
||||
dc.join(group, ni); // checks permission
|
||||
@ -501,10 +470,6 @@ public class DatagramSocketAdaptor
|
||||
NetworkInterface ni = (netIf != null) ? netIf : defaultNetworkInterface();
|
||||
if (isClosed())
|
||||
throw new SocketException("Socket is closed");
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null)
|
||||
sm.checkMulticast(group);
|
||||
synchronized (this) {
|
||||
MembershipKey key = dc.findMembership(group, ni);
|
||||
if (key == null)
|
||||
@ -541,12 +506,7 @@ public class DatagramSocketAdaptor
|
||||
return outgoingInetAddress;
|
||||
} else {
|
||||
// network interface has changed so update cached values
|
||||
PrivilegedAction<InetAddress> pa;
|
||||
pa = () -> ni.inetAddresses().findFirst().orElse(null);
|
||||
@SuppressWarnings("removal")
|
||||
InetAddress ia = AccessController.doPrivileged(pa);
|
||||
if (ia == null)
|
||||
throw new SocketException("Network interface has no IP address");
|
||||
InetAddress ia = ni.inetAddresses().findFirst().orElse(null);
|
||||
outgoingNetworkInterface = ni;
|
||||
outgoingInetAddress = ia;
|
||||
return ia;
|
||||
@ -660,10 +620,7 @@ public class DatagramSocketAdaptor
|
||||
static final MethodHandle CONSTRUCTOR;
|
||||
static {
|
||||
try {
|
||||
PrivilegedExceptionAction<Lookup> pa = () ->
|
||||
MethodHandles.privateLookupIn(NetworkInterface.class, MethodHandles.lookup());
|
||||
@SuppressWarnings("removal")
|
||||
MethodHandles.Lookup l = AccessController.doPrivileged(pa);
|
||||
Lookup l = MethodHandles.privateLookupIn(NetworkInterface.class, MethodHandles.lookup());
|
||||
MethodType methodType = MethodType.methodType(NetworkInterface.class);
|
||||
GET_DEFAULT = l.findStatic(NetworkInterface.class, "getDefault", methodType);
|
||||
methodType = MethodType.methodType(void.class, String.class, int.class, InetAddress[].class);
|
||||
@ -703,10 +660,7 @@ public class DatagramSocketAdaptor
|
||||
private static final SocketAddress NO_DELEGATE;
|
||||
static {
|
||||
try {
|
||||
PrivilegedExceptionAction<Lookup> pa = () ->
|
||||
MethodHandles.privateLookupIn(DatagramSocket.class, MethodHandles.lookup());
|
||||
@SuppressWarnings("removal")
|
||||
MethodHandles.Lookup l = AccessController.doPrivileged(pa);
|
||||
Lookup l = MethodHandles.privateLookupIn(DatagramSocket.class, MethodHandles.lookup());
|
||||
var handle = l.findStaticVarHandle(DatagramSocket.class, "NO_DELEGATE", SocketAddress.class);
|
||||
NO_DELEGATE = (SocketAddress) handle.get();
|
||||
} catch (Exception e) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user