stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344220: Remove calls to SecurityManager and doPrivileged in java.net.InetAddress and sun.net.util.IPAddressUtil after JEP 486 integration

Browse Source 
Reviewed-by: jpai, dfuchs, alanb
This commit is contained in:
Aleksei Efimov 2024-11-27 19:25:50 +00:00
parent 9527586923
commit 880f9a7b16
6 changed files with 87 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
src/java.base/share/classes/java/net/InetAddress.java
View File

@ -28,8 +28,6 @@ package java.net;
import java.net.spi.InetAddressResolver;
import java.net.spi.InetAddressResolverProvider;
import java.net.spi.InetAddressResolver.LookupPolicy;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.List;
import java.util.NavigableSet;
import java.util.ArrayList;
@ -62,7 +60,6 @@ import jdk.internal.misc.Blocker;
import jdk.internal.misc.VM;
import jdk.internal.vm.annotation.Stable;
import sun.net.ResolverProviderConfiguration;
import sun.security.action.*;
import sun.net.InetAddressCachePolicy;
import sun.net.util.IPAddressUtil;
import sun.nio.cs.UTF_8;
@ -364,11 +361,11 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
*/
static {
PREFER_IPV4_STACK_VALUE =
GetPropertyAction.privilegedGetProperty("java.net.preferIPv4Stack");
System.getProperty("java.net.preferIPv4Stack");
PREFER_IPV6_ADDRESSES_VALUE =
GetPropertyAction.privilegedGetProperty("java.net.preferIPv6Addresses");
System.getProperty("java.net.preferIPv6Addresses");
HOSTS_FILE_NAME =
GetPropertyAction.privilegedGetProperty("jdk.net.hosts.file");
System.getProperty("jdk.net.hosts.file");
jdk.internal.loader.BootLoader.loadLibrary("net");
SharedSecrets.setJavaNetInetAddressAccess(
new JavaNetInetAddressAccess() {
@ -440,19 +437,9 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
// Native method to check if IPv6 is available
private static native boolean isIPv6Supported();
/**
* The {@code RuntimePermission("inetAddressResolverProvider")} is
* necessary to subclass and instantiate the {@code InetAddressResolverProvider}
* class, as well as to obtain resolver from an instance of that class,
* and it is also required to obtain the operating system name resolution configurations.
*/
private static final RuntimePermission INET_ADDRESS_RESOLVER_PERMISSION =
new RuntimePermission("inetAddressResolverProvider");
private static final ReentrantLock RESOLVER_LOCK = new ReentrantLock();
private static volatile InetAddressResolver bootstrapResolver;
@SuppressWarnings("removal")
private static InetAddressResolver resolver() {
InetAddressResolver cns = resolver;
if (cns != null) {
@ -476,10 +463,6 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
if (HOSTS_FILE_NAME != null) {
// The default resolver service is already host file resolver
cns = BUILTIN_RESOLVER;
} else if (System.getSecurityManager() != null) {
PrivilegedAction<InetAddressResolver> pa = InetAddress::loadResolver;
cns = AccessController.doPrivileged(
pa, null, INET_ADDRESS_RESOLVER_PERMISSION);
} else {
cns = loadResolver();
}
@ -737,25 +720,8 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* @see InetAddress#getCanonicalHostName
*/
public String getHostName() {
return getHostName(true);
}
/**
* Returns the hostname for this address.
* If the host is equal to null, then this address refers to any
* of the local machine's available network addresses.
* this is package private so SocketPermission can make calls into
* here without a security check.
*
* @return the host name for this IP address, or if the operation
* is not allowed by the security check, the textual
* representation of the IP address.
*
* @param check make security check if true
*/
String getHostName(boolean check) {
if (holder().getHostName() == null) {
holder().hostName = InetAddress.getHostFromNameService(this, check);
holder().hostName = InetAddress.getHostFromNameService(this);
}
return holder().getHostName();
}
@ -782,45 +748,31 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
String value = canonicalHostName;
if (value == null)
canonicalHostName = value =
InetAddress.getHostFromNameService(this, true);
InetAddress.getHostFromNameService(this);
return value;
}
/**
* Returns the fully qualified domain name for the given address.
*
* @param check make security check if true
*
* @return the fully qualified domain name for the given IP address.
* If either the operation is not allowed by the security check
* or the system-wide resolver wasn't able to determine the
* If the system-wide resolver wasn't able to determine the
* fully qualified domain name for the IP address, the textual
* representation of the IP address is returned instead.
*/
private static String getHostFromNameService(InetAddress addr, boolean check) {
private static String getHostFromNameService(InetAddress addr) {
String host;
var resolver = resolver();
try {
// first lookup the hostname
host = resolver.lookupByAddress(addr.getAddress());
/* check to see if calling code is allowed to know
* the hostname for this IP address, ie, connect to the host
*/
if (check) {
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkConnect(host, -1);
}
}
/* now get all the IP addresses for this hostname,
* and make sure one of them matches the original IP
* address. We do this to try and prevent spoofing.
*/
InetAddress[] arr = InetAddress.getAllByName0(host, check);
InetAddress[] arr = InetAddress.getAllByName0(host);
boolean ok = false;
if (arr != null) {
@ -1613,7 +1565,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
// and ends with square brackets, but we got something else.
throw invalidIPv6LiteralException(host, true);
}
return getAllByName0(host, true, true);
return getAllByName0(host, true);
}
private static UnknownHostException invalidIPv6LiteralException(String host, boolean wrapInBrackets) {
@ -1639,9 +1591,8 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
/**
* package private so SocketPermission can call it
*/
static InetAddress[] getAllByName0 (String host, boolean check)
throws UnknownHostException {
return getAllByName0(host, check, true);
static InetAddress[] getAllByName0(String host) throws UnknownHostException {
return getAllByName0(host, true);
}
/**
@ -1682,30 +1633,16 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* Designated lookup method.
*
* @param host host name to look up
* @param check perform security check
* @param useCache use cached value if not expired else always
* perform name service lookup (and cache the result)
* @return array of InetAddress(es)
* @throws UnknownHostException if host name is not found
*/
private static InetAddress[] getAllByName0(String host,
boolean check,
boolean useCache)
throws UnknownHostException {
/* If it gets here it is presumed to be a hostname */
/* make sure the connection to the host is allowed, before we
* give out a hostname
*/
if (check) {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkConnect(host, -1);
}
}
// remove expired addresses from cache - expirySet keeps them ordered
// by expiry time so we only need to iterate the prefix of the NavigableSet...
long now = System.nanoTime();
@ -1822,34 +1759,22 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* @see java.net.InetAddress#getByName(java.lang.String)
*/
public static InetAddress getLocalHost() throws UnknownHostException {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
try {
// is cached data still valid?
CachedLocalHost clh = cachedLocalHost;
if (clh != null && (clh.expiryTime - System.nanoTime()) >= 0L) {
if (security != null) {
security.checkConnect(clh.host, -1);
}
return clh.addr;
}
String local = impl.getLocalHostName();
if (security != null) {
security.checkConnect(local, -1);
}
InetAddress localAddr;
if (local.equals("localhost")) {
// shortcut for "localhost" host name
localAddr = impl.loopbackAddress();
} else {
// call getAllByName0 without security checks and
// without using cached data
// call getAllByName0 without using cached data
try {
localAddr = getAllByName0(local, false, false)[0];
localAddr = getAllByName0(local, false)[0];
} catch (UnknownHostException uhe) {
// Rethrow with a more informative error message.
UnknownHostException uhe2 =
@ -1861,9 +1786,6 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
}
cachedLocalHost = new CachedLocalHost(local, localAddr);
return localAddr;
} catch (java.lang.SecurityException e) {
return impl.loopbackAddress();
}
}
/**

23
src/java.base/share/classes/java/net/SocketPermission.java
View File

@ -30,10 +30,8 @@ import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamField;
import java.io.Serializable;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Locale;
@ -638,10 +636,10 @@ public final class SocketPermission extends Permission
// we have to do this check, otherwise we might not
// get the fully qualified domain name
if (init_with_ip) {
cname = addresses[0].getHostName(false).toLowerCase(Locale.ROOT);
cname = addresses[0].getHostName().toLowerCase(Locale.ROOT);
} else {
cname = InetAddress.getByName(addresses[0].getHostAddress()).
getHostName(false).toLowerCase(Locale.ROOT);
getHostName().toLowerCase(Locale.ROOT);
}
} catch (UnknownHostException uhe) {
invalid = true;
@ -705,7 +703,7 @@ public final class SocketPermission extends Permission
// Following check seems unnecessary
// auth = InetAddress.getAllByName0(authHost, false)[0];
authHost = hostname + '.' + authHost;
auth = InetAddress.getAllByName0(authHost, false)[0];
auth = InetAddress.getAllByName0(authHost)[0];
if (auth.equals(InetAddress.getByAddress(addr))) {
return true;
}
@ -736,9 +734,8 @@ public final class SocketPermission extends Permission
sb.append('.');
}
authHost = "auth." + sb.toString() + "IP6.ARPA";
//auth = InetAddress.getAllByName0(authHost, false)[0];
authHost = hostname + '.' + authHost;
auth = InetAddress.getAllByName0(authHost, false)[0];
auth = InetAddress.getAllByName0(authHost)[0];
if (auth.equals(InetAddress.getByAddress(addr)))
return true;
Debug debug = getDebug();
@ -780,7 +777,7 @@ public final class SocketPermission extends Permission
}
addresses =
new InetAddress[] {InetAddress.getAllByName0(host, false)[0]};
new InetAddress[] {InetAddress.getAllByName0(host)[0]};
} catch (UnknownHostException uhe) {
invalid = true;
@ -1191,14 +1188,9 @@ public final class SocketPermission extends Permission
* Check the system/security property for the ephemeral port range
* for this system. The suffix is either "high" or "low"
*/
@SuppressWarnings("removal")
private static int initEphemeralPorts(String suffix) {
return AccessController.doPrivileged(
new PrivilegedAction<>(){
public Integer run() {
int val = Integer.getInteger(
"jdk.net.ephemeralPortRange."+suffix, -1
);
"jdk.net.ephemeralPortRange." + suffix, -1);
if (val != -1) {
return val;
} else {
@ -1206,9 +1198,6 @@ public final class SocketPermission extends Permission
PortConfig.getLower() : PortConfig.getUpper();
}
}
}
);
}
/**
* Check if the target range is within the policy range

3
src/java.base/share/classes/java/net/doc-files/net-properties.html
View File

@ -279,8 +279,7 @@ tuning on how the cache is operating.</P>
name lookups will be kept in the cache. A value of -1, or any other
negative value for that matter, indicates a &ldquo;cache forever&rdquo;
policy, while a value of 0 (zero) means no caching. The default value
is -1 (forever) if a security manager is installed, and implementation-specific
when no security manager is installed.</P>
is implementation-specific.</P>
<LI><P><B>{@code networkaddress.cache.stale.ttl}</B> (default: see below)<BR>
Value is an integer corresponding to the number of seconds that stale names
will be kept in the cache. A name is considered stale if the TTL has expired

22
src/java.base/share/classes/java/net/spi/InetAddressResolverProvider.java
View File

@ -98,15 +98,6 @@ public abstract class InetAddressResolverProvider {
*/
public abstract String name();
/**
* The {@code RuntimePermission("inetAddressResolverProvider")} is
* necessary to subclass and instantiate the {@code InetAddressResolverProvider} class,
* as well as to obtain resolver from an instance of that class,
* and it is also required to obtain the operating system name resolution configurations.
*/
private static final RuntimePermission INET_ADDRESS_RESOLVER_PERMISSION =
new RuntimePermission("inetAddressResolverProvider");
/**
* Creates a new instance of {@code InetAddressResolverProvider}.
*
@ -116,19 +107,6 @@ public abstract class InetAddressResolverProvider {
* service provider.
*/
protected InetAddressResolverProvider() {
this(checkPermission());
}
private InetAddressResolverProvider(Void unused) {
}
@SuppressWarnings("removal")
private static Void checkPermission() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(INET_ADDRESS_RESOLVER_PERMISSION);
}
return null;
}
/**

108
src/java.base/share/classes/sun/net/InetAddressCachePolicy.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,11 +25,8 @@
package sun.net;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.concurrent.TimeUnit;
@SuppressWarnings("removal")
public final class InetAddressCachePolicy {
// Controls the cache policy for successful lookups only
@ -60,11 +57,9 @@ public final class InetAddressCachePolicy {
* -1: caching forever
* any positive value: the number of seconds to cache an address for
*
* default value is forever (FOREVER), as we let the platform do the
* caching. For security reasons, this caching is made forever when
* a security manager is set.
* default value is 30 seconds
*/
private static volatile int cachePolicy = FOREVER;
private static volatile int cachePolicy = DEFAULT_POSITIVE;
/* The Java-level namelookup cache stale policy:
*
@ -85,40 +80,22 @@ public final class InetAddressCachePolicy {
*/
private static volatile int negativeCachePolicy = NEVER;
/*
* Whether or not the cache policy for successful lookups was set
* using a property (cmd line).
*/
private static boolean propertySet;
/*
* Whether or not the cache policy for negative lookups was set
* using a property (cmd line).
*/
private static boolean propertyNegativeSet;
/*
* Initialize
*/
static {
/* If the cache policy property is not specified
* then the default positive cache value is used.
*/
Integer tmp = getProperty(cachePolicyProp, cachePolicyPropFallback);
if (tmp != null) {
cachePolicy = tmp < 0 ? FOREVER : tmp;
propertySet = true;
} else {
/* No properties defined for positive caching. If there is no
* security manager then use the default positive cache value.
*/
if (System.getSecurityManager() == null) {
cachePolicy = DEFAULT_POSITIVE;
}
}
tmp = getProperty(negativeCachePolicyProp,
negativeCachePolicyPropFallback);
if (tmp != null) {
negativeCachePolicy = tmp < 0 ? FOREVER : tmp;
propertyNegativeSet = true;
}
if (cachePolicy > 0) {
tmp = getProperty(cacheStalePolicyProp,
@ -130,14 +107,9 @@ public final class InetAddressCachePolicy {
}
private static Integer getProperty(String cachePolicyProp,
String cachePolicyPropFallback)
{
return java.security.AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
public Integer run() {
String cachePolicyPropFallback) {
try {
String tmpString = Security.getProperty(
cachePolicyProp);
String tmpString = Security.getProperty(cachePolicyProp);
if (tmpString != null) {
return Integer.valueOf(tmpString);
}
@ -146,8 +118,7 @@ public final class InetAddressCachePolicy {
}
try {
String tmpString = System.getProperty(
cachePolicyPropFallback);
String tmpString = System.getProperty(cachePolicyPropFallback);
if (tmpString != null) {
return Integer.decode(tmpString);
}
@ -156,8 +127,6 @@ public final class InetAddressCachePolicy {
}
return null;
}
});
}
public static int get() {
return cachePolicy;
@ -170,63 +139,4 @@ public final class InetAddressCachePolicy {
public static int getNegative() {
return negativeCachePolicy;
}
/**
* Sets the cache policy for successful lookups if the user has not
* already specified a cache policy for it using a
* command-property.
* @param newPolicy the value in seconds for how long the lookup
* should be cached
*/
public static synchronized void setIfNotSet(int newPolicy) {
/*
* When setting the new value we may want to signal that the
* cache should be flushed, though this doesn't seem strictly
* necessary.
*/
if (!propertySet) {
checkValue(newPolicy, cachePolicy);
cachePolicy = newPolicy;
}
}
/**
* Sets the cache policy for negative lookups if the user has not
* already specified a cache policy for it using a
* command-property.
* @param newPolicy the value in seconds for how long the lookup
* should be cached
*/
public static void setNegativeIfNotSet(int newPolicy) {
/*
* When setting the new value we may want to signal that the
* cache should be flushed, though this doesn't seem strictly
* necessary.
*/
if (!propertyNegativeSet) {
// Negative caching does not seem to have any security
// implications.
// checkValue(newPolicy, negativeCachePolicy);
// but we should normalize negative policy
negativeCachePolicy = newPolicy < 0 ? FOREVER : newPolicy;
}
}
private static void checkValue(int newPolicy, int oldPolicy) {
/*
* If malicious code gets a hold of this method, prevent
* setting the cache policy to something laxer or some
* invalid negative value.
*/
if (newPolicy == FOREVER)
return;
if ((oldPolicy == FOREVER) ||
(newPolicy < oldPolicy) ||
(newPolicy < FOREVER)) {
throw new
SecurityException("can't make InetAddress cache more lax");
}
}
}

22
src/java.base/share/classes/sun/net/util/IPAddressUtil.java
View File

@ -25,8 +25,6 @@
package sun.net.util;
import sun.security.action.GetPropertyAction;
import java.io.UncheckedIOException;
import java.net.Inet6Address;
import java.net.InetAddress;
@ -35,9 +33,6 @@ import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.URL;
import java.nio.CharBuffer;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
@ -396,17 +391,15 @@ public class IPAddressUtil {
}
}
@SuppressWarnings("removal")
private static InetAddress findScopedAddress(InetAddress address) {
PrivilegedExceptionAction<List<InetAddress>> pa = () -> NetworkInterface.networkInterfaces()
try {
List<InetAddress> result = NetworkInterface.networkInterfaces()
.flatMap(NetworkInterface::inetAddresses)
.filter(a -> (a instanceof Inet6Address)
&& address.equals(a)
&& ((Inet6Address) a).getScopeId() != 0)
.toList();
List<InetAddress> result;
try {
result = AccessController.doPrivileged(pa);
var sz = result.size();
if (sz == 0)
return null;
@ -414,7 +407,7 @@ public class IPAddressUtil {
throw new UncheckedIOException(new SocketException(
"Duplicate link local addresses: must specify scope-id"));
return result.get(0);
} catch (PrivilegedActionException pae) {
} catch (SocketException socketException) {
return null;
}
}
@ -927,8 +920,8 @@ public class IPAddressUtil {
private static final long TERMINAL_PARSE_ERROR = -2L;
private static final String ALLOW_AMBIGUOUS_IPADDRESS_LITERALS_SP = "jdk.net.allowAmbiguousIPAddressLiterals";
private static final boolean ALLOW_AMBIGUOUS_IPADDRESS_LITERALS_SP_VALUE = Boolean.valueOf(
GetPropertyAction.privilegedGetProperty(ALLOW_AMBIGUOUS_IPADDRESS_LITERALS_SP, "false"));
private static final boolean ALLOW_AMBIGUOUS_IPADDRESS_LITERALS_SP_VALUE =
Boolean.getBoolean(ALLOW_AMBIGUOUS_IPADDRESS_LITERALS_SP);
private static class MASKS {
private static final String DELAY_URL_PARSING_SP = "jdk.net.url.delayParsing";
private static final boolean DELAY_URL_PARSING_SP_VALUE;
@ -939,8 +932,7 @@ public class IPAddressUtil {
static final long L_SCOPE_MASK;
static final long H_SCOPE_MASK;
static {
var value = GetPropertyAction.privilegedGetProperty(
DELAY_URL_PARSING_SP, "false");
var value = System.getProperty(DELAY_URL_PARSING_SP, "false");
DELAY_URL_PARSING_SP_VALUE = value.isEmpty()
|| Boolean.parseBoolean(value);
if (DELAY_URL_PARSING_SP_VALUE) {