stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344011: Remove usage of security manager from Class and reflective APIs

Browse Source 
Reviewed-by: liach, yzheng, rriggs
This commit is contained in:
Alan Bateman 2024-11-14 07:39:28 +00:00
parent c977ef7b45
commit abacece826
26 changed files with 163 additions and 1251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

404
src/java.base/share/classes/java/lang/Class.java
View File

@ -30,7 +30,6 @@ import java.lang.constant.ClassDesc;
import java.lang.constant.ConstantDescs;
import java.lang.invoke.TypeDescriptor;
import java.lang.invoke.MethodHandles;
import java.lang.module.ModuleReader;
import java.lang.ref.SoftReference;
import java.io.IOException;
import java.io.InputStream;
@ -54,9 +53,7 @@ import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.constant.Constable;
import java.net.URL;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
@ -73,10 +70,8 @@ import java.util.Set;
import java.util.stream.Collectors;
import jdk.internal.constant.ConstantUtils;
import jdk.internal.javac.PreviewFeature;
import jdk.internal.loader.BootLoader;
import jdk.internal.loader.BuiltinClassLoader;
import jdk.internal.misc.PreviewFeatures;
import jdk.internal.misc.Unsafe;
import jdk.internal.module.Resources;
import jdk.internal.reflect.CallerSensitive;
@ -84,7 +79,6 @@ import jdk.internal.reflect.CallerSensitiveAdapter;
import jdk.internal.reflect.ConstantPool;
import jdk.internal.reflect.Reflection;
import jdk.internal.reflect.ReflectionFactory;
import jdk.internal.vm.annotation.ForceInline;
import jdk.internal.vm.annotation.IntrinsicCandidate;
import jdk.internal.vm.annotation.Stable;
@ -540,41 +534,10 @@ public final class Class<T> implements java.io.Serializable,
* @jls 13.1 The Form of a Binary
* @since 1.2
*/
@CallerSensitive
public static Class<?> forName(String name, boolean initialize,
ClassLoader loader)
public static Class<?> forName(String name, boolean initialize, ClassLoader loader)
throws ClassNotFoundException
{
Class<?> caller = null;
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// Reflective call to get caller class is only needed if a security manager
// is present. Avoid the overhead of making this call otherwise.
caller = Reflection.getCallerClass();
}
return forName(name, initialize, loader, caller);
}
// Caller-sensitive adapter method for reflective invocation
@CallerSensitiveAdapter
private static Class<?> forName(String name, boolean initialize, ClassLoader loader, Class<?> caller)
throws ClassNotFoundException
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// Reflective call to get caller class is only needed if a security manager
// is present. Avoid the overhead of making this call otherwise.
if (loader == null) {
ClassLoader ccl = ClassLoader.getClassLoader(caller);
if (ccl != null) {
sm.checkPermission(
SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
}
}
return forName0(name, initialize, loader, caller);
return forName0(name, initialize, loader, null);
}
/** Called after security check for system loader access checks have been made. */
@ -620,38 +583,11 @@ public final class Class<T> implements java.io.Serializable,
* @jls 12.3 Linking of Classes and Interfaces
* @since 9
*/
@SuppressWarnings("removal")
@CallerSensitive
public static Class<?> forName(Module module, String name) {
Class<?> caller = null;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
caller = Reflection.getCallerClass();
}
return forName(module, name, caller);
}
// Caller-sensitive adapter method for reflective invocation
@SuppressWarnings("removal")
@CallerSensitiveAdapter
private static Class<?> forName(Module module, String name, Class<?> caller) {
Objects.requireNonNull(module);
Objects.requireNonNull(name);
ClassLoader cl;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (caller != null && caller.getModule() != module) {
// if caller is null, Class.forName is the last java frame on the stack.
// java.base has all permissions
sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
PrivilegedAction<ClassLoader> pa = module::getClassLoader;
cl = AccessController.doPrivileged(pa);
} else {
cl = module.getClassLoader();
}
ClassLoader cl = module.getClassLoader();
if (cl != null) {
return cl.loadClass(module, name);
} else {
@ -740,17 +676,11 @@ public final class Class<T> implements java.io.Serializable,
* @throws ExceptionInInitializerError if the initialization
* provoked by this method fails.
*/
@SuppressWarnings("removal")
@CallerSensitive
@Deprecated(since="9")
public T newInstance()
throws InstantiationException, IllegalAccessException
{
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), false);
}
// Constructor lookup
Constructor<T> tmpConstructor = cachedConstructor;
if (tmpConstructor == null) {
@ -765,13 +695,7 @@ public final class Class<T> implements java.io.Serializable,
getConstructor0(empty, Member.DECLARED));
// Disable accessibility checks on the constructor
// access check is done with the true caller
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Void run() {
c.setAccessible(true);
return null;
}
});
c.setAccessible(true);
cachedConstructor = tmpConstructor = c;
} catch (NoSuchMethodException e) {
throw (InstantiationException)
@ -1035,18 +959,8 @@ public final class Class<T> implements java.io.Serializable,
* represented by this {@code Class} object.
* @see java.lang.ClassLoader
*/
@CallerSensitive
@ForceInline // to ensure Reflection.getCallerClass optimization
public ClassLoader getClassLoader() {
ClassLoader cl = classLoader;
if (cl == null)
return null;
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
ClassLoader.checkClassLoaderPermission(cl, Reflection.getCallerClass());
}
return cl;
return classLoader;
}
// Package-private to allow ClassLoader access
@ -1511,7 +1425,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @since 1.5
*/
@CallerSensitive
public Method getEnclosingMethod() {
EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo();
@ -1533,14 +1446,7 @@ public final class Class<T> implements java.io.Serializable,
for(int i = 0; i < parameterClasses.length; i++)
parameterClasses[i] = toClass(parameterTypes[i]);
// Perform access check
final Class<?> enclosingCandidate = enclosingInfo.getEnclosingClass();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
enclosingCandidate.checkMemberAccess(sm, Member.DECLARED,
Reflection.getCallerClass(), true);
}
Method[] candidates = enclosingCandidate.privateGetDeclaredMethods(false);
/*
@ -1648,7 +1554,6 @@ public final class Class<T> implements java.io.Serializable,
*
* @since 1.5
*/
@CallerSensitive
public Constructor<?> getEnclosingConstructor() {
EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo();
@ -1666,18 +1571,11 @@ public final class Class<T> implements java.io.Serializable,
// Convert Types to Classes; returned types *should*
// be class objects since the methodDescriptor's used
// don't have generics information
for(int i = 0; i < parameterClasses.length; i++)
for (int i = 0; i < parameterClasses.length; i++)
parameterClasses[i] = toClass(parameterTypes[i]);
// Perform access check
final Class<?> enclosingCandidate = enclosingInfo.getEnclosingClass();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
enclosingCandidate.checkMemberAccess(sm, Member.DECLARED,
Reflection.getCallerClass(), true);
}
final Class<?> enclosingCandidate = enclosingInfo.getEnclosingClass();
Constructor<?>[] candidates = enclosingCandidate
.privateGetDeclaredConstructors(false);
/*
@ -1708,19 +1606,8 @@ public final class Class<T> implements java.io.Serializable,
* @return the declaring class for this class
* @since 1.1
*/
@CallerSensitive
public Class<?> getDeclaringClass() {
final Class<?> candidate = getDeclaringClass0();
if (candidate != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
candidate.checkPackageAccess(sm,
ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
}
}
return candidate;
return getDeclaringClass0();
}
private native Class<?> getDeclaringClass0();
@ -1733,7 +1620,6 @@ public final class Class<T> implements java.io.Serializable,
* @return the immediately enclosing class of the underlying class
* @since 1.5
*/
@CallerSensitive
public Class<?> getEnclosingClass() {
// There are five kinds of classes (or interfaces):
// a) Top level classes
@ -1760,15 +1646,6 @@ public final class Class<T> implements java.io.Serializable,
else
enclosingCandidate = enclosingClass;
}
if (enclosingCandidate != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
enclosingCandidate.checkPackageAccess(sm,
ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
}
}
return enclosingCandidate;
}
@ -1991,36 +1868,18 @@ public final class Class<T> implements java.io.Serializable,
* members of this class
* @since 1.1
*/
@SuppressWarnings("removal")
@CallerSensitive
public Class<?>[] getClasses() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), false);
}
// Privileged so this implementation can look at DECLARED classes,
// something the caller might not have privilege to do. The code here
// is allowed to look at DECLARED classes because (1) it does not hand
// out anything other than public members and (2) public member access
// has already been ok'd by the SecurityManager.
return java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Class<?>[] run() {
List<Class<?>> list = new ArrayList<>();
Class<?> currentClass = Class.this;
while (currentClass != null) {
for (Class<?> m : currentClass.getDeclaredClasses()) {
if (Modifier.isPublic(m.getModifiers())) {
list.add(m);
}
}
currentClass = currentClass.getSuperclass();
}
return list.toArray(new Class<?>[0]);
List<Class<?>> list = new ArrayList<>();
Class<?> currentClass = Class.this;
while (currentClass != null) {
for (Class<?> m : currentClass.getDeclaredClasses()) {
if (Modifier.isPublic(m.getModifiers())) {
list.add(m);
}
});
}
currentClass = currentClass.getSuperclass();
}
return list.toArray(new Class<?>[0]);
}
@ -2054,13 +1913,7 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field[] getFields() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
return copyFields(privateGetPublicFields());
}
@ -2138,13 +1991,7 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.4 Method Declarations
* @since 1.1
*/
@CallerSensitive
public Method[] getMethods() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
return copyMethods(privateGetPublicMethods());
}
@ -2173,13 +2020,7 @@ public final class Class<T> implements java.io.Serializable,
* @see #getDeclaredConstructors()
* @since 1.1
*/
@CallerSensitive
public Constructor<?>[] getConstructors() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
return copyConstructors(privateGetDeclaredConstructors(true));
}
@ -2219,14 +2060,8 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field getField(String name) throws NoSuchFieldException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
Field field = getField0(name);
if (field == null) {
throw new NoSuchFieldException(name);
@ -2322,15 +2157,9 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.4 Method Declarations
* @since 1.1
*/
@CallerSensitive
public Method getMethod(String name, Class<?>... parameterTypes)
throws NoSuchMethodException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
Method method = getMethod0(name, parameterTypes);
if (method == null) {
throw new NoSuchMethodException(methodToString(name, parameterTypes));
@ -2363,14 +2192,8 @@ public final class Class<T> implements java.io.Serializable,
* @see #getDeclaredConstructor(Class[])
* @since 1.1
*/
@CallerSensitive
public Constructor<T> getConstructor(Class<?>... parameterTypes)
throws NoSuchMethodException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true);
}
return getReflectionFactory().copyConstructor(
getConstructor0(parameterTypes, Member.PUBLIC));
}
@ -2392,13 +2215,7 @@ public final class Class<T> implements java.io.Serializable,
* @since 1.1
* @jls 8.5 Member Class and Interface Declarations
*/
@CallerSensitive
public Class<?>[] getDeclaredClasses() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), false);
}
return getDeclaredClasses0();
}
@ -2425,13 +2242,7 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field[] getDeclaredFields() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
return copyFields(privateGetDeclaredFields(false));
}
@ -2467,13 +2278,7 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.10 Record Classes
* @since 16
*/
@CallerSensitive
public RecordComponent[] getRecordComponents() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
if (!isRecord()) {
return null;
}
@ -2519,13 +2324,7 @@ public final class Class<T> implements java.io.Serializable,
* programming language and JVM modeling in core reflection</a>
* @since 1.1
*/
@CallerSensitive
public Method[] getDeclaredMethods() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
return copyMethods(privateGetDeclaredMethods(false));
}
@ -2550,13 +2349,7 @@ public final class Class<T> implements java.io.Serializable,
* @see #getConstructors()
* @jls 8.8 Constructor Declarations
*/
@CallerSensitive
public Constructor<?>[] getDeclaredConstructors() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
return copyConstructors(privateGetDeclaredConstructors(false));
}
@ -2581,14 +2374,8 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.2 Class Members
* @jls 8.3 Field Declarations
*/
@CallerSensitive
public Field getDeclaredField(String name) throws NoSuchFieldException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
Field field = searchFields(privateGetDeclaredFields(false), name);
if (field == null) {
throw new NoSuchFieldException(name);
@ -2626,15 +2413,9 @@ public final class Class<T> implements java.io.Serializable,
* @jls 8.4 Method Declarations
* @since 1.1
*/
@CallerSensitive
public Method getDeclaredMethod(String name, Class<?>... parameterTypes)
throws NoSuchMethodException {
Objects.requireNonNull(name);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
Method method = searchMethods(privateGetDeclaredMethods(false), name, parameterTypes);
if (method == null) {
throw new NoSuchMethodException(methodToString(name, parameterTypes));
@ -2703,15 +2484,8 @@ public final class Class<T> implements java.io.Serializable,
* @see #getConstructor(Class[])
* @since 1.1
*/
@CallerSensitive
public Constructor<T> getDeclaredConstructor(Class<?>... parameterTypes)
throws NoSuchMethodException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true);
}
return getReflectionFactory().copyConstructor(
getConstructor0(parameterTypes, Member.DECLARED));
}
@ -2933,11 +2707,6 @@ public final class Class<T> implements java.io.Serializable,
* @since 1.2
*/
public ProtectionDomain getProtectionDomain() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.GET_PD_PERMISSION);
}
return protectionDomain();
}
@ -2972,91 +2741,6 @@ public final class Class<T> implements java.io.Serializable,
*/
static native <T> Class<T> getPrimitiveClass(String name);
/*
* Check if client is allowed to access members. If access is denied,
* throw a SecurityException.
*
* This method also enforces package access.
*
* <p> Default policy: allow all clients access with normal Java access
* control.
*
* <p> NOTE: should only be called if a SecurityManager is installed
*/
private void checkMemberAccess(@SuppressWarnings("removal") SecurityManager sm, int which,
Class<?> caller, boolean checkProxyInterfaces) {
/* Default policy allows access to all {@link Member#PUBLIC} members,
* as well as access to classes that have the same class loader as the caller.
* In all other cases, it requires RuntimePermission("accessDeclaredMembers")
* permission.
*/
final ClassLoader ccl = ClassLoader.getClassLoader(caller);
if (which != Member.PUBLIC) {
final ClassLoader cl = classLoader;
if (ccl != cl) {
sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
}
this.checkPackageAccess(sm, ccl, checkProxyInterfaces);
}
/*
* Checks if a client loaded in ClassLoader ccl is allowed to access this
* class under the current package access policy. If access is denied,
* throw a SecurityException.
*
* NOTE: this method should only be called if a SecurityManager is active
*/
private void checkPackageAccess(@SuppressWarnings("removal") SecurityManager sm, final ClassLoader ccl,
boolean checkProxyInterfaces) {
final ClassLoader cl = classLoader;
if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) {
String pkg = this.getPackageName();
if (!pkg.isEmpty()) {
// skip the package access check on a proxy class in default proxy package
if (!Proxy.isProxyClass(this) || ReflectUtil.isNonPublicProxyClass(this)) {
sm.checkPackageAccess(pkg);
}
}
}
// check package access on the proxy interfaces
if (checkProxyInterfaces && Proxy.isProxyClass(this)) {
ReflectUtil.checkProxyPackageAccess(ccl, this.getInterfaces(/* cloneArray */ false));
}
}
/*
* Checks if a client loaded in ClassLoader ccl is allowed to access the provided
* classes under the current package access policy. If access is denied,
* throw a SecurityException.
*
* NOTE: this method should only be called if a SecurityManager is active
* classes must be non-empty
* all classes provided must be loaded by the same ClassLoader
* NOTE: this method does not support Proxy classes
*/
private static void checkPackageAccessForPermittedSubclasses(@SuppressWarnings("removal") SecurityManager sm,
final ClassLoader ccl, Class<?>[] subClasses) {
final ClassLoader cl = subClasses[0].classLoader;
if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) {
Set<String> packages = new HashSet<>();
for (Class<?> c : subClasses) {
if (Proxy.isProxyClass(c))
throw new InternalError("a permitted subclass should not be a proxy class: " + c);
String pkg = c.getPackageName();
if (!pkg.isEmpty()) {
packages.add(pkg);
}
}
for (String pkg : packages) {
sm.checkPackageAccess(pkg);
}
}
}
/**
* Add a package name prefix if the name is not absolute. Remove leading "/"
* if name is absolute
@ -3732,15 +3416,12 @@ public final class Class<T> implements java.io.Serializable,
}
// Fetches the factory for reflective objects
@SuppressWarnings("removal")
private static ReflectionFactory getReflectionFactory() {
var factory = reflectionFactory;
if (factory != null) {
return factory;
}
return reflectionFactory =
java.security.AccessController.doPrivileged
(new ReflectionFactory.GetReflectionFactoryAction());
return reflectionFactory = ReflectionFactory.getReflectionFactory();
}
private static ReflectionFactory reflectionFactory;
@ -3766,20 +3447,13 @@ public final class Class<T> implements java.io.Serializable,
* identical to getEnumConstants except that the result is
* uncloned, cached, and shared by all callers.
*/
@SuppressWarnings("removal")
T[] getEnumConstantsShared() {
T[] constants = enumConstants;
if (constants == null) {
if (!isEnum()) return null;
try {
final Method values = getMethod("values");
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Void run() {
values.setAccessible(true);
return null;
}
});
values.setAccessible(true);
@SuppressWarnings("unchecked")
T[] temporaryConstants = (T[])values.invoke(null);
enumConstants = constants = temporaryConstants;
@ -4160,24 +3834,11 @@ public final class Class<T> implements java.io.Serializable,
* @jvms 4.7.29 The {@code NestMembers} Attribute
* @jvms 5.4.4 Access Control
*/
@CallerSensitive
public Class<?> getNestHost() {
if (isPrimitive() || isArray()) {
return this;
}
Class<?> host = getNestHost0();
if (host == this) {
return this;
}
// returning a different class requires a security check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkPackageAccess(sm,
ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
}
return host;
return getNestHost0();
}
/**
@ -4244,7 +3905,6 @@ public final class Class<T> implements java.io.Serializable,
* @jvms 4.7.28 The {@code NestHost} Attribute
* @jvms 4.7.29 The {@code NestMembers} Attribute
*/
@CallerSensitive
public Class<?>[] getNestMembers() {
if (isPrimitive() || isArray()) {
return new Class<?>[] { this };
@ -4252,17 +3912,6 @@ public final class Class<T> implements java.io.Serializable,
Class<?>[] members = getNestMembers0();
// Can't actually enable this due to bootstrapping issues
// assert(members.length != 1 || members[0] == this); // expected invariant from VM
if (members.length > 1) {
// If we return anything other than the current class we need
// a security check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkPackageAccess(sm,
ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
}
}
return members;
}
@ -4432,7 +4081,6 @@ public final class Class<T> implements java.io.Serializable,
* @jls 9.1 Interface Declarations
* @since 17
*/
@CallerSensitive
public Class<?>[] getPermittedSubclasses() {
Class<?>[] subClasses;
if (isArray() || isPrimitive() || (subClasses = getPermittedSubclasses0()) == null) {
@ -4445,16 +4093,6 @@ public final class Class<T> implements java.io.Serializable,
.toArray(s -> new Class<?>[s]);
}
}
if (subClasses.length > 0) {
// If we return some classes we need a security check:
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkPackageAccessForPermittedSubclasses(sm,
ClassLoader.getClassLoader(Reflection.getCallerClass()),
subClasses);
}
}
return subClasses;
}

13
src/java.base/share/classes/java/lang/Module.java
View File

@ -39,8 +39,6 @@ import java.lang.reflect.AccessFlag;
import java.lang.reflect.AnnotatedElement;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -64,14 +62,12 @@ import jdk.internal.misc.CDS;
import jdk.internal.misc.Unsafe;
import jdk.internal.misc.VM;
import jdk.internal.module.ModuleBootstrap;
import jdk.internal.module.ModuleBootstrap.IllegalNativeAccess;
import jdk.internal.module.ModuleLoaderMap;
import jdk.internal.module.ServicesCatalog;
import jdk.internal.module.Resources;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import jdk.internal.vm.annotation.Stable;
import sun.security.util.SecurityConstants;
/**
* Represents a run-time module, either {@link #isNamed() named} or unnamed.
@ -198,11 +194,6 @@ public final class Module implements AnnotatedElement {
* @return The class loader for this module
*/
public ClassLoader getClassLoader() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
return loader;
}
@ -1556,7 +1547,6 @@ public final class Module implements AnnotatedElement {
// cached class file with annotations
private volatile Class<?> moduleInfoClass;
@SuppressWarnings("removal")
private Class<?> moduleInfoClass() {
Class<?> clazz = this.moduleInfoClass;
if (clazz != null)
@ -1566,8 +1556,7 @@ public final class Module implements AnnotatedElement {
clazz = this.moduleInfoClass;
if (clazz == null) {
if (isNamed()) {
PrivilegedAction<Class<?>> pa = this::loadModuleInfoClass;
clazz = AccessController.doPrivileged(pa);
clazz = loadModuleInfoClass();
}
if (clazz == null) {
class DummyModuleInfo { }

24
src/java.base/share/classes/java/lang/ModuleLayer.java
View File

@ -44,7 +44,6 @@ import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jdk.internal.javac.PreviewFeature;
import jdk.internal.javac.Restricted;
import jdk.internal.loader.ClassLoaderValue;
import jdk.internal.loader.Loader;
@ -54,7 +53,6 @@ import jdk.internal.misc.CDS;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import jdk.internal.vm.annotation.Stable;
import sun.security.util.SecurityConstants;
/**
* A layer of modules in the Java virtual machine.
@ -505,9 +503,6 @@ public final class ModuleLayer {
List<ModuleLayer> parents = List.copyOf(parentLayers);
checkConfiguration(cf, parents);
checkCreateClassLoaderPermission();
checkGetClassLoaderPermission();
try {
Loader loader = new Loader(cf.modules(), parentLoader);
loader.initRemotePackageMap(cf, parents);
@ -572,9 +567,6 @@ public final class ModuleLayer {
List<ModuleLayer> parents = List.copyOf(parentLayers);
checkConfiguration(cf, parents);
checkCreateClassLoaderPermission();
checkGetClassLoaderPermission();
LoaderPool pool = new LoaderPool(cf, parents, parentLoader);
try {
ModuleLayer layer = new ModuleLayer(cf, parents, pool::loaderFor);
@ -654,8 +646,6 @@ public final class ModuleLayer {
checkConfiguration(cf, parents);
Objects.requireNonNull(clf);
checkGetClassLoaderPermission();
// The boot layer is checked during module system initialization
if (boot() != null) {
checkForDuplicatePkgs(cf, clf);
@ -693,20 +683,6 @@ public final class ModuleLayer {
}
}
private static void checkCreateClassLoaderPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
}
private static void checkGetClassLoaderPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
/**
* Checks a configuration and the module-to-loader mapping to ensure that
* no two modules mapped to the same class loader have the same package.

8
src/java.base/share/classes/java/lang/Package.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,8 +30,6 @@ import java.lang.reflect.AnnotatedElement;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Objects;
import jdk.internal.loader.BootLoader;
@ -417,9 +415,7 @@ public class Package extends NamedPackage implements java.lang.reflect.Annotated
// find package-info.class defined by loader
String cn = packageName() + ".package-info";
Module module = module();
PrivilegedAction<ClassLoader> pa = module::getClassLoader;
@SuppressWarnings("removal")
ClassLoader loader = AccessController.doPrivileged(pa);
ClassLoader loader = module.getClassLoader();
Class<?> c;
if (loader != null) {
c = loader.loadClass(module, cn);

8
src/java.base/share/classes/java/lang/PublicMethods.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,6 @@ import jdk.internal.reflect.ReflectionFactory;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.Map;
@ -88,10 +87,7 @@ final class PublicMethods {
* Method (name, parameter types) tuple.
*/
private static final class Key {
@SuppressWarnings("removal")
private static final ReflectionFactory reflectionFactory =
AccessController.doPrivileged(
new ReflectionFactory.GetReflectionFactoryAction());
private static final ReflectionFactory reflectionFactory = ReflectionFactory.getReflectionFactory();
private final String name; // must be interned (as from Method.getName())
private final Class<?>[] ptypes;

5
src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java
View File

@ -107,9 +107,6 @@ import static sun.invoke.util.Wrapper.isWrapperType;
* implemented by invoking the implementation method
* @throws LambdaConversionException If any of the meta-factory protocol
* invariants are violated
* @throws SecurityException If a security manager is present, and it
* <a href="MethodHandles.Lookup.html#secmgr">denies access</a>
* from {@code caller} to the package of {@code implementation}.
*/
AbstractValidatingLambdaMetafactory(MethodHandles.Lookup caller,
MethodType factoryType,
@ -138,7 +135,7 @@ import static sun.invoke.util.Wrapper.isWrapperType;
this.implementation = implementation;
this.implMethodType = implementation.type();
try {
this.implInfo = caller.revealDirect(implementation); // may throw SecurityException
this.implInfo = caller.revealDirect(implementation);
} catch (IllegalArgumentException e) {
throw new LambdaConversionException(implementation + " is not direct or cannot be cracked");
}

20
src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,6 @@
package java.lang.invoke;
import java.security.*;
import java.lang.reflect.*;
import java.lang.invoke.MethodHandles.Lookup;
@ -85,16 +84,13 @@ final class InfoFromMemberName implements MethodHandleInfo {
// For more information see comments on {@link MethodHandleNatives#linkMethod}.
throw new IllegalArgumentException("cannot reflect signature polymorphic method");
}
@SuppressWarnings("removal")
Member mem = AccessController.doPrivileged(new PrivilegedAction<>() {
public Member run() {
try {
return reflectUnchecked();
} catch (ReflectiveOperationException ex) {
throw new IllegalArgumentException(ex);
}
}
});
Member mem;
try {
mem = reflectUnchecked();
} catch (ReflectiveOperationException ex) {
throw new IllegalArgumentException(ex);
}
try {
Class<?> defc = getDeclaringClass();
byte refKind = (byte) getReferenceKind();

6
src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java
View File

@ -29,7 +29,6 @@ import jdk.internal.constant.ClassOrInterfaceDescImpl;
import jdk.internal.misc.CDS;
import jdk.internal.util.ClassFileDumper;
import sun.invoke.util.VerifyAccess;
import sun.security.action.GetBooleanAction;
import java.io.Serializable;
import java.lang.classfile.ClassBuilder;
@ -83,7 +82,7 @@ import sun.invoke.util.Wrapper;
lambdaProxyClassFileDumper = ClassFileDumper.getInstance(dumpProxyClassesKey, "DUMP_LAMBDA_PROXY_CLASS_FILES");
final String disableEagerInitializationKey = "jdk.internal.lambda.disableEagerInitialization";
disableEagerInitialization = GetBooleanAction.privilegedGetProperty(disableEagerInitializationKey);
disableEagerInitialization = Boolean.getBoolean(disableEagerInitializationKey);
}
// See context values in AbstractValidatingLambdaMetafactory
@ -134,9 +133,6 @@ import sun.invoke.util.Wrapper;
* implemented by invoking the implementation method
* @throws LambdaConversionException If any of the meta-factory protocol
* invariants are violated
* @throws SecurityException If a security manager is present, and it
* <a href="MethodHandles.Lookup.html#secmgr">denies access</a>
* from {@code caller} to the package of {@code implementation}.
*/
public InnerClassLambdaMetafactory(MethodHandles.Lookup caller,
MethodType factoryType,

6
src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java
View File

@ -1208,11 +1208,7 @@ abstract class MethodHandleImpl {
private static boolean checkInjectedInvoker(Class<?> hostClass, Class<?> invokerClass) {
assert (hostClass.getClassLoader() == invokerClass.getClassLoader()) : hostClass.getName()+" (CL)";
try {
assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)";
} catch (SecurityException ex) {
// Self-check was blocked by security manager. This is OK.
}
assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)";
try {
// Test the invoker to ensure that it really injects into the right place.
MethodHandle invoker = IMPL_LOOKUP.findStatic(invokerClass, "invoke_V", INVOKER_MT);

30
src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java
View File

@ -33,8 +33,6 @@ import java.lang.ref.WeakReference;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@ -56,10 +54,7 @@ import java.lang.classfile.TypeKind;
import jdk.internal.constant.ConstantUtils;
import jdk.internal.loader.ClassLoaders;
import jdk.internal.module.Modules;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import jdk.internal.util.ClassFileDumper;
import sun.reflect.misc.ReflectUtil;
import static java.lang.constant.ConstantDescs.*;
import static java.lang.invoke.MethodHandleStatics.*;
@ -159,7 +154,6 @@ public class MethodHandleProxies {
* be converted to the type required by the requested interface
*/
@SuppressWarnings("doclint:reference") // cross-module links
@CallerSensitive
public static <T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle target) {
if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers()))
throw newIllegalArgumentException("not a public interface", intfc.getName());
@ -168,17 +162,7 @@ public class MethodHandleProxies {
if (intfc.isHidden())
throw newIllegalArgumentException("a hidden interface", intfc.getName());
Objects.requireNonNull(target);
final MethodHandle mh;
@SuppressWarnings("removal")
var sm = System.getSecurityManager();
if (sm != null) {
final Class<?> caller = Reflection.getCallerClass();
final ClassLoader ccl = caller != null ? caller.getClassLoader() : null;
ReflectUtil.checkProxyPackageAccess(ccl, intfc);
mh = ccl != null ? bindCaller(target, caller) : target;
} else {
mh = target;
}
final MethodHandle mh = target;
// Define one hidden class for each interface. Create an instance of
// the hidden class for a given target method handle which will be
@ -283,17 +267,7 @@ public class MethodHandleProxies {
// define the dynamic module to the class loader of the interface
var definer = new Lookup(intfc).makeHiddenClassDefiner(className, template, DUMPER);
@SuppressWarnings("removal")
var sm = System.getSecurityManager();
Lookup lookup;
if (sm != null) {
@SuppressWarnings("removal")
var l = AccessController.doPrivileged((PrivilegedAction<Lookup>) () ->
definer.defineClassAsLookup(true));
lookup = l;
} else {
lookup = definer.defineClassAsLookup(true);
}
Lookup lookup = definer.defineClassAsLookup(true);
// cache the wrapper type
var ret = lookup.lookupClass();
WRAPPER_TYPES.add(ret);

3
src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java
View File

@ -28,7 +28,6 @@ package java.lang.invoke;
import jdk.internal.misc.CDS;
import jdk.internal.misc.Unsafe;
import jdk.internal.util.ClassFileDumper;
import sun.security.action.GetPropertyAction;
import java.lang.reflect.ClassFileFormatVersion;
import java.util.Properties;
@ -66,7 +65,7 @@ class MethodHandleStatics {
static final ClassFileDumper DUMP_CLASS_FILES;
static {
Properties props = GetPropertyAction.privilegedGetProperties();
Properties props = System.getProperties();
DEBUG_METHOD_HANDLE_NAMES = Boolean.parseBoolean(
props.getProperty("java.lang.invoke.MethodHandle.DEBUG_NAMES"));

182
src/java.base/share/classes/java/lang/invoke/MethodHandles.java
View File

@ -36,8 +36,6 @@ import jdk.internal.vm.annotation.ForceInline;
import sun.invoke.util.ValueConversions;
import sun.invoke.util.VerifyAccess;
import sun.invoke.util.Wrapper;
import sun.reflect.misc.ReflectUtil;
import sun.security.util.SecurityConstants;
import java.lang.classfile.ClassFile;
import java.lang.classfile.ClassModel;
@ -243,9 +241,6 @@ public class MethodHandles {
return new Lookup(targetClass);
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
if (targetClass.isPrimitive())
throw new IllegalArgumentException(targetClass + " is a primitive class");
if (targetClass.isArray())
@ -463,9 +458,6 @@ public class MethodHandles {
* @since 1.8
*/
public static <T extends Member> T reflectAs(Class<T> expected, MethodHandle target) {
@SuppressWarnings("removal")
SecurityManager smgr = System.getSecurityManager();
if (smgr != null) smgr.checkPermission(SecurityConstants.ACCESS_PERMISSION);
Lookup lookup = Lookup.IMPL_LOOKUP; // use maximally privileged lookup
return lookup.revealDirect(target).reflectAs(expected, lookup);
}
@ -741,8 +733,6 @@ public class MethodHandles {
* <ul style="font-size:smaller;">
* <li>access private fields, methods, and constructors of the lookup class and its nestmates
* <li>create method handles which {@link Lookup#findSpecial emulate invokespecial} instructions
* <li>avoid <a href="MethodHandles.Lookup.html#secmgr">package access checks</a>
* for classes accessible to the lookup class
* <li>create {@link Lookup#in delegated lookup objects} which have private access to other classes
* within the same package member
* </ul>
@ -1759,23 +1749,11 @@ public class MethodHandles {
* @see ClassLoader#defineClass(String,byte[],int,int,ProtectionDomain)
*/
public Class<?> defineClass(byte[] bytes) throws IllegalAccessException {
ensureDefineClassPermission();
if ((lookupModes() & PACKAGE) == 0)
throw new IllegalAccessException("Lookup does not have PACKAGE access");
return makeClassDefiner(bytes.clone()).defineClass(false);
}
private void ensureDefineClassPermission() {
if (allowedModes == TRUSTED) return;
if (!hasFullPrivilegeAccess()) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new RuntimePermission("defineClass"));
}
}
/**
* The set of class options that specify whether a hidden class created by
* {@link Lookup#defineHiddenClass(byte[], boolean, ClassOption...)
@ -2042,7 +2020,6 @@ public class MethodHandles {
{
Objects.requireNonNull(bytes);
int flags = ClassOption.optionsToFlag(options);
ensureDefineClassPermission();
if (!hasFullPrivilegeAccess()) {
throw new IllegalAccessException(this + " does not have full privilege access");
}
@ -2128,7 +2105,6 @@ public class MethodHandles {
int flags = ClassOption.optionsToFlag(options);
ensureDefineClassPermission();
if (!hasFullPrivilegeAccess()) {
throw new IllegalAccessException(this + " does not have full privilege access");
}
@ -2768,7 +2744,6 @@ assertEquals("[x, y, z]", pb.command().toString());
if (!VerifyAccess.isClassAccessible(targetClass, lookupClass, prevLookupClass, allowedModes)) {
throw makeAccessException(targetClass);
}
checkSecurityManager(targetClass);
// ensure class initialization
Unsafe.getUnsafe().ensureClassInitialized(targetClass);
@ -2872,7 +2847,6 @@ assertEquals("[x, y, z]", pb.command().toString());
if (!isClassAccessible(targetClass)) {
throw makeAccessException(targetClass);
}
checkSecurityManager(targetClass);
return targetClass;
}
@ -3292,7 +3266,7 @@ return mh1;
assert(method.isMethod());
@SuppressWarnings("deprecation")
Lookup lookup = m.isAccessible() ? IMPL_LOOKUP : this;
return lookup.getDirectMethodNoSecurityManager(refKind, method.getDeclaringClass(), method, findBoundCallerLookup(method));
return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method, findBoundCallerLookup(method));
}
private MethodHandle unreflectForMH(Method m) {
// these names require special lookups because they throw UnsupportedOperationException
@ -3343,7 +3317,7 @@ return mh1;
MemberName method = new MemberName(m, true);
assert(method.isMethod());
// ignore m.isAccessible: this is a new kind of access
return specialLookup.getDirectMethodNoSecurityManager(REF_invokeSpecial, method.getDeclaringClass(), method, findBoundCallerLookup(method));
return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method, findBoundCallerLookup(method));
}
/**
@ -3375,12 +3349,12 @@ return mh1;
assert(ctor.isConstructor());
@SuppressWarnings("deprecation")
Lookup lookup = c.isAccessible() ? IMPL_LOOKUP : this;
return lookup.getDirectConstructorNoSecurityManager(ctor.getDeclaringClass(), ctor);
return lookup.getDirectConstructor(ctor.getDeclaringClass(), ctor);
}
/*
* Produces a method handle that is capable of creating instances of the given class
* and instantiated by the given constructor. No security manager check.
* and instantiated by the given constructor.
*
* This method should only be used by ReflectionFactory::newConstructorForSerialization.
*/
@ -3473,7 +3447,7 @@ return mh1;
: MethodHandleNatives.refKindIsGetter(field.getReferenceKind()));
@SuppressWarnings("deprecation")
Lookup lookup = f.isAccessible() ? IMPL_LOOKUP : this;
return lookup.getDirectFieldNoSecurityManager(field.getReferenceKind(), f.getDeclaringClass(), field);
return lookup.getDirectField(field.getReferenceKind(), f.getDeclaringClass(), field);
}
/**
@ -3550,8 +3524,8 @@ return mh1;
public VarHandle unreflectVarHandle(Field f) throws IllegalAccessException {
MemberName getField = new MemberName(f, false);
MemberName putField = new MemberName(f, true);
return getFieldVarHandleNoSecurityManager(getField.getReferenceKind(), putField.getReferenceKind(),
f.getDeclaringClass(), getField, putField);
return getFieldVarHandle(getField.getReferenceKind(), putField.getReferenceKind(),
f.getDeclaringClass(), getField, putField);
}
/**
@ -3586,10 +3560,9 @@ return mh1;
if (refKind == REF_invokeVirtual && defc.isInterface())
// Symbolic reference is through interface but resolves to Object method (toString, etc.)
refKind = REF_invokeInterface;
// Check SM permissions and member access before cracking.
// Check member access before cracking.
try {
checkAccess(refKind, defc, member);
checkSecurityManager(defc, member);
} catch (IllegalAccessException ex) {
throw new IllegalArgumentException(ex);
}
@ -3716,69 +3689,6 @@ return mh1;
return (allowedModes & (PRIVATE|MODULE)) == (PRIVATE|MODULE);
}
/**
* Perform steps 1 and 2b <a href="MethodHandles.Lookup.html#secmgr">access checks</a>
* for ensureInitialized, findClass or accessClass.
*/
void checkSecurityManager(Class<?> refc) {
if (allowedModes == TRUSTED) return;
@SuppressWarnings("removal")
SecurityManager smgr = System.getSecurityManager();
if (smgr == null) return;
// Step 1:
boolean fullPrivilegeLookup = hasFullPrivilegeAccess();
if (!fullPrivilegeLookup ||
!VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
ReflectUtil.checkPackageAccess(refc);
}
// Step 2b:
if (!fullPrivilegeLookup) {
smgr.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
}
/**
* Perform steps 1, 2a and 3 <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
* Determines a trustable caller class to compare with refc, the symbolic reference class.
* If this lookup object has full privilege access except original access,
* then the caller class is the lookupClass.
*
* Lookup object created by {@link MethodHandles#privateLookupIn(Class, Lookup)}
* from the same module skips the security permission check.
*/
void checkSecurityManager(Class<?> refc, MemberName m) {
Objects.requireNonNull(refc);
Objects.requireNonNull(m);
if (allowedModes == TRUSTED) return;
@SuppressWarnings("removal")
SecurityManager smgr = System.getSecurityManager();
if (smgr == null) return;
// Step 1:
boolean fullPrivilegeLookup = hasFullPrivilegeAccess();
if (!fullPrivilegeLookup ||
!VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
ReflectUtil.checkPackageAccess(refc);
}
// Step 2a:
if (m.isPublic()) return;
if (!fullPrivilegeLookup) {
smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
// Step 3:
Class<?> defc = m.getDeclaringClass();
if (!fullPrivilegeLookup && defc != refc) {
ReflectUtil.checkPackageAccess(defc);
}
}
void checkMethod(byte refKind, Class<?> refc, MemberName m) throws IllegalAccessException {
boolean wantStatic = (refKind == REF_invokeStatic);
String message;
@ -3918,30 +3828,18 @@ return mh1;
/** Check access and get the requested method. */
private MethodHandle getDirectMethod(byte refKind, Class<?> refc, MemberName method, Lookup callerLookup) throws IllegalAccessException {
final boolean doRestrict = true;
final boolean checkSecurity = true;
return getDirectMethodCommon(refKind, refc, method, checkSecurity, doRestrict, callerLookup);
return getDirectMethodCommon(refKind, refc, method, doRestrict, callerLookup);
}
/** Check access and get the requested method, for invokespecial with no restriction on the application of narrowing rules. */
private MethodHandle getDirectMethodNoRestrictInvokeSpecial(Class<?> refc, MemberName method, Lookup callerLookup) throws IllegalAccessException {
final boolean doRestrict = false;
final boolean checkSecurity = true;
return getDirectMethodCommon(REF_invokeSpecial, refc, method, checkSecurity, doRestrict, callerLookup);
}
/** Check access and get the requested method, eliding security manager checks. */
private MethodHandle getDirectMethodNoSecurityManager(byte refKind, Class<?> refc, MemberName method, Lookup callerLookup) throws IllegalAccessException {
final boolean doRestrict = true;
final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants
return getDirectMethodCommon(refKind, refc, method, checkSecurity, doRestrict, callerLookup);
return getDirectMethodCommon(REF_invokeSpecial, refc, method, doRestrict, callerLookup);
}
/** Common code for all methods; do not call directly except from immediately above. */
private MethodHandle getDirectMethodCommon(byte refKind, Class<?> refc, MemberName method,
boolean checkSecurity,
boolean doRestrict,
Lookup boundCaller) throws IllegalAccessException {
checkMethod(refKind, refc, method);
// Optionally check with the security manager; this isn't needed for unreflect* calls.
if (checkSecurity)
checkSecurityManager(refc, method);
assert(!method.isMethodHandleInvoke());
if (refKind == REF_invokeSpecial &&
@ -4010,21 +3908,11 @@ return mh1;
/** Check access and get the requested field. */
private MethodHandle getDirectField(byte refKind, Class<?> refc, MemberName field) throws IllegalAccessException {
final boolean checkSecurity = true;
return getDirectFieldCommon(refKind, refc, field, checkSecurity);
}
/** Check access and get the requested field, eliding security manager checks. */
private MethodHandle getDirectFieldNoSecurityManager(byte refKind, Class<?> refc, MemberName field) throws IllegalAccessException {
final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants
return getDirectFieldCommon(refKind, refc, field, checkSecurity);
return getDirectFieldCommon(refKind, refc, field);
}
/** Common code for all fields; do not call directly except from immediately above. */
private MethodHandle getDirectFieldCommon(byte refKind, Class<?> refc, MemberName field,
boolean checkSecurity) throws IllegalAccessException {
private MethodHandle getDirectFieldCommon(byte refKind, Class<?> refc, MemberName field) throws IllegalAccessException {
checkField(refKind, refc, field);
// Optionally check with the security manager; this isn't needed for unreflect* calls.
if (checkSecurity)
checkSecurityManager(refc, field);
DirectMethodHandle dmh = DirectMethodHandle.make(refc, field);
boolean doRestrict = (MethodHandleNatives.refKindHasReceiver(refKind) &&
restrictProtectedReceiver(field));
@ -4035,26 +3923,17 @@ return mh1;
private VarHandle getFieldVarHandle(byte getRefKind, byte putRefKind,
Class<?> refc, MemberName getField, MemberName putField)
throws IllegalAccessException {
final boolean checkSecurity = true;
return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField, checkSecurity);
}
private VarHandle getFieldVarHandleNoSecurityManager(byte getRefKind, byte putRefKind,
Class<?> refc, MemberName getField, MemberName putField)
throws IllegalAccessException {
final boolean checkSecurity = false;
return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField, checkSecurity);
return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField);
}
private VarHandle getFieldVarHandleCommon(byte getRefKind, byte putRefKind,
Class<?> refc, MemberName getField, MemberName putField,
boolean checkSecurity) throws IllegalAccessException {
Class<?> refc, MemberName getField,
MemberName putField) throws IllegalAccessException {
assert getField.isStatic() == putField.isStatic();
assert getField.isGetter() && putField.isSetter();
assert MethodHandleNatives.refKindIsStatic(getRefKind) == MethodHandleNatives.refKindIsStatic(putRefKind);
assert MethodHandleNatives.refKindIsGetter(getRefKind) && MethodHandleNatives.refKindIsSetter(putRefKind);
checkField(getRefKind, refc, getField);
if (checkSecurity)
checkSecurityManager(refc, getField);
if (!putField.isFinal()) {
// A VarHandle does not support updates to final fields, any
@ -4062,8 +3941,6 @@ return mh1;
// therefore the following write-based accessibility checks are
// only required for non-final fields
checkField(putRefKind, refc, putField);
if (checkSecurity)
checkSecurityManager(refc, putField);
}
boolean doRestrict = (MethodHandleNatives.refKindHasReceiver(getRefKind) &&
@ -4081,22 +3958,12 @@ return mh1;
}
/** Check access and get the requested constructor. */
private MethodHandle getDirectConstructor(Class<?> refc, MemberName ctor) throws IllegalAccessException {
final boolean checkSecurity = true;
return getDirectConstructorCommon(refc, ctor, checkSecurity);
}
/** Check access and get the requested constructor, eliding security manager checks. */
private MethodHandle getDirectConstructorNoSecurityManager(Class<?> refc, MemberName ctor) throws IllegalAccessException {
final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants
return getDirectConstructorCommon(refc, ctor, checkSecurity);
return getDirectConstructorCommon(refc, ctor);
}
/** Common code for all constructors; do not call directly except from immediately above. */
private MethodHandle getDirectConstructorCommon(Class<?> refc, MemberName ctor,
boolean checkSecurity) throws IllegalAccessException {
private MethodHandle getDirectConstructorCommon(Class<?> refc, MemberName ctor) throws IllegalAccessException {
assert(ctor.isConstructor());
checkAccess(REF_newInvokeSpecial, refc, ctor);
// Optionally check with the security manager; this isn't needed for unreflect* calls.
if (checkSecurity)
checkSecurityManager(refc, ctor);
assert(!MethodHandleNatives.isCallerSensitive(ctor)); // maybeBindCaller not relevant here
return DirectMethodHandle.make(ctor).setVarargs(ctor);
}
@ -4163,14 +4030,9 @@ return mh1;
return false;
}
}
try {
MemberName resolved2 = publicLookup().resolveOrNull(refKind,
MemberName resolved2 = publicLookup().resolveOrNull(refKind,
new MemberName(refKind, defc, member.getName(), member.getType()));
if (resolved2 == null) {
return false;
}
checkSecurityManager(defc, resolved2);
} catch (SecurityException ex) {
if (resolved2 == null) {
return false;
}
return true;
@ -4178,11 +4040,11 @@ return mh1;
private MethodHandle getDirectMethodForConstant(byte refKind, Class<?> defc, MemberName member)
throws ReflectiveOperationException {
if (MethodHandleNatives.refKindIsField(refKind)) {
return getDirectFieldNoSecurityManager(refKind, defc, member);
return getDirectField(refKind, defc, member);
} else if (MethodHandleNatives.refKindIsMethod(refKind)) {
return getDirectMethodNoSecurityManager(refKind, defc, member, findBoundCallerLookup(member));
return getDirectMethod(refKind, defc, member, findBoundCallerLookup(member));
} else if (refKind == REF_newInvokeSpecial) {
return getDirectConstructorNoSecurityManager(defc, member);
return getDirectConstructor(defc, member);
}
// oops
throw newIllegalArgumentException("bad MethodHandle constant #"+member);

14
src/java.base/share/classes/java/lang/invoke/MethodType.java
View File

@ -28,21 +28,15 @@ package java.lang.invoke;
import java.lang.constant.ClassDesc;
import java.lang.constant.Constable;
import java.lang.constant.MethodTypeDesc;
import java.lang.ref.Reference;
import java.lang.ref.ReferenceQueue;
import java.lang.ref.WeakReference;
import java.util.Arrays;
import java.util.Collections;
import java.util.function.Supplier;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Optional;
import java.util.StringJoiner;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Stream;
import jdk.internal.util.ReferencedKeySet;
import jdk.internal.util.ReferenceKey;
@ -50,7 +44,6 @@ import jdk.internal.vm.annotation.Stable;
import sun.invoke.util.BytecodeDescriptor;
import sun.invoke.util.VerifyType;
import sun.invoke.util.Wrapper;
import sun.security.util.SecurityConstants;
import static java.lang.invoke.MethodHandleStatics.UNSAFE;
import static java.lang.invoke.MethodHandleStatics.newIllegalArgumentException;
@ -1183,13 +1176,6 @@ class MethodType
public static MethodType fromMethodDescriptorString(String descriptor, ClassLoader loader)
throws IllegalArgumentException, TypeNotPresentException
{
if (loader == null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
}
return fromDescriptor(descriptor,
(loader == null) ? ClassLoader.getSystemClassLoader() : loader);
}

23
src/java.base/share/classes/java/lang/invoke/SerializedLambda.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,9 +28,6 @@ import java.io.Serializable;
import java.io.InvalidObjectException;
import java.io.ObjectStreamException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
/**
@ -265,25 +262,11 @@ public final class SerializedLambda implements Serializable {
@java.io.Serial
private Object readResolve() throws ObjectStreamException {
try {
@SuppressWarnings("removal")
Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
@Override
public Method run() throws Exception {
Method m = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class);
m.setAccessible(true);
return m;
}
});
Method deserialize = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class);
deserialize.setAccessible(true);
return deserialize.invoke(null, this);
} catch (ReflectiveOperationException roe) {
throw new InvalidObjectException("ReflectiveOperationException during deserialization", roe);
} catch (PrivilegedActionException e) {
Exception cause = e.getException();
if (cause instanceof RuntimeException re)
throw re;
else
throw new RuntimeException("Exception in SerializedLambda.readResolve", e);
}
}

29
src/java.base/share/classes/java/lang/reflect/AccessibleObject.java
View File

@ -28,15 +28,12 @@ package java.lang.reflect;
import java.lang.annotation.Annotation;
import java.lang.invoke.MethodHandle;
import java.lang.ref.WeakReference;
import java.security.AccessController;
import jdk.internal.access.SharedSecrets;
import jdk.internal.misc.VM;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import jdk.internal.reflect.ReflectionFactory;
import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityConstants;
/**
* The {@code AccessibleObject} class is the base class for {@code Field},
@ -81,17 +78,6 @@ public class AccessibleObject implements AnnotatedElement {
SharedSecrets.setJavaLangReflectAccess(new ReflectAccess());
}
static void checkPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// SecurityConstants.ACCESS_PERMISSION is used to check
// whether a client has sufficient privilege to defeat Java
// language access control checks.
sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
}
}
/**
* Convenience method to set the {@code accessible} flag for an
* array of reflected objects.
@ -114,7 +100,6 @@ public class AccessibleObject implements AnnotatedElement {
*/
@CallerSensitive
public static void setAccessible(AccessibleObject[] array, boolean flag) {
checkPermission();
if (flag) {
Class<?> caller = Reflection.getCallerClass();
array = array.clone();
@ -196,7 +181,6 @@ public class AccessibleObject implements AnnotatedElement {
*/
@CallerSensitive // overrides in Method/Field/Constructor are @CS
public void setAccessible(boolean flag) {
AccessibleObject.checkPermission();
setAccessible0(flag);
}
@ -257,8 +241,6 @@ public class AccessibleObject implements AnnotatedElement {
*/
@CallerSensitive
public final boolean trySetAccessible() {
AccessibleObject.checkPermission();
if (override == true) return true;
// if it's not a Constructor, Method, Field then no access check
@ -502,10 +484,7 @@ public class AccessibleObject implements AnnotatedElement {
// Reflection factory used by subclasses for creating field,
// method, and constructor accessors. Note that this is called
// very early in the bootstrapping process.
@SuppressWarnings("removal")
static final ReflectionFactory reflectionFactory =
AccessController.doPrivileged(
new ReflectionFactory.GetReflectionFactoryAction());
static final ReflectionFactory reflectionFactory = ReflectionFactory.getReflectionFactory();
/**
* {@inheritDoc}
@ -623,8 +602,7 @@ public class AccessibleObject implements AnnotatedElement {
// For non-public members or members in package-private classes,
// it is necessary to perform somewhat expensive access checks.
// If the access check succeeds for a given class, it will
// always succeed (it is not affected by the granting or revoking
// of permissions); we speed up the check in the common case by
// always succeed; we speed up the check in the common case by
// remembering the last Class for which the check succeeded.
//
// The simple access check for Constructor is to see if
@ -756,8 +734,7 @@ public class AccessibleObject implements AnnotatedElement {
*/
private static boolean printStackTraceWhenAccessFails() {
if (!printStackPropertiesSet && VM.initLevel() >= 1) {
String s = GetPropertyAction.privilegedGetProperty(
"sun.reflect.debugModuleAccessChecks");
String s = System.getProperty("sun.reflect.debugModuleAccessChecks");
if (s != null) {
printStackWhenAccessFails = !s.equalsIgnoreCase("false");
}

1
src/java.base/share/classes/java/lang/reflect/Constructor.java
View File

@ -181,7 +181,6 @@ public final class Constructor<T> extends Executable {
@Override
@CallerSensitive
public void setAccessible(boolean flag) {
AccessibleObject.checkPermission();
if (flag) {
checkCanSetAccessible(Reflection.getCallerClass());
}

2
src/java.base/share/classes/java/lang/reflect/Field.java
View File

@ -170,7 +170,6 @@ class Field extends AccessibleObject implements Member {
@Override
@CallerSensitive
public void setAccessible(boolean flag) {
AccessibleObject.checkPermission();
if (flag) checkCanSetAccessible(Reflection.getCallerClass());
setAccessible0(flag);
}
@ -1155,7 +1154,6 @@ class Field extends AccessibleObject implements Member {
modifiers);
}
// security check is done before calling this method
private FieldAccessor getFieldAccessor() {
FieldAccessor a = fieldAccessor;
return (a != null) ? a : acquireFieldAccessor();

1
src/java.base/share/classes/java/lang/reflect/Method.java
View File

@ -173,7 +173,6 @@ public final class Method extends Executable {
@Override
@CallerSensitive
public void setAccessible(boolean flag) {
AccessibleObject.checkPermission();
if (flag) checkCanSetAccessible(Reflection.getCallerClass());
setAccessible0(flag);
}

158
src/java.base/share/classes/java/lang/reflect/Proxy.java
View File

@ -30,8 +30,6 @@ import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.invoke.WrongMethodTypeException;
import java.lang.module.ModuleDescriptor;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayDeque;
import java.util.Arrays;
import java.util.Collections;
@ -52,13 +50,9 @@ import jdk.internal.access.JavaLangAccess;
import jdk.internal.access.SharedSecrets;
import jdk.internal.module.Modules;
import jdk.internal.misc.VM;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import jdk.internal.loader.ClassLoaderValue;
import jdk.internal.vm.annotation.Stable;
import sun.reflect.misc.ReflectUtil;
import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityConstants;
import static java.lang.invoke.MethodType.methodType;
import static java.lang.module.ModuleDescriptor.Modifier.SYNTHETIC;
@ -366,17 +360,11 @@ public class Proxy implements java.io.Serializable {
* @see <a href="#membership">Package and Module Membership of Proxy Class</a>
*/
@Deprecated
@CallerSensitive
public static Class<?> getProxyClass(ClassLoader loader,
Class<?>... interfaces)
throws IllegalArgumentException
{
@SuppressWarnings("removal")
Class<?> caller = System.getSecurityManager() == null
? null
: Reflection.getCallerClass();
return getProxyConstructor(caller, loader, interfaces)
return getProxyConstructor(loader, interfaces)
.getDeclaringClass();
}
@ -386,25 +374,18 @@ public class Proxy implements java.io.Serializable {
* and an array of interfaces. The returned constructor will have the
* {@link Constructor#setAccessible(boolean) accessible} flag already set.
*
* @param caller passed from a public-facing @CallerSensitive method if
* SecurityManager is set or {@code null} if there's no
* SecurityManager
* @param loader the class loader to define the proxy class
* @param interfaces the list of interfaces for the proxy class
* to implement
* @return a Constructor of the proxy class taking single
* {@code InvocationHandler} parameter
*/
private static Constructor<?> getProxyConstructor(Class<?> caller,
ClassLoader loader,
private static Constructor<?> getProxyConstructor(ClassLoader loader,
Class<?>... interfaces)
{
// optimization for single interface
if (interfaces.length == 1) {
Class<?> intf = interfaces[0];
if (caller != null) {
checkProxyAccess(caller, loader, intf);
}
return proxyCache.sub(intf).computeIfAbsent(
loader,
(ld, clv) -> new ProxyBuilder(ld, clv.key()).build()
@ -412,9 +393,6 @@ public class Proxy implements java.io.Serializable {
} else {
// interfaces cloned
final Class<?>[] intfsArray = interfaces.clone();
if (caller != null) {
checkProxyAccess(caller, loader, intfsArray);
}
final List<Class<?>> intfs = Arrays.asList(intfsArray);
return proxyCache.sub(intfs).computeIfAbsent(
loader,
@ -423,39 +401,6 @@ public class Proxy implements java.io.Serializable {
}
}
/*
* Check permissions required to create a Proxy class.
*
* To define a proxy class, it performs the access checks as in
* Class.forName (VM will invoke ClassLoader.checkPackageAccess):
* 1. "getClassLoader" permission check if loader == null
* 2. checkPackageAccess on the interfaces it implements
*
* To get a constructor and new instance of a proxy class, it performs
* the package access check on the interfaces it implements
* as in Class.getConstructor.
*
* If an interface is non-public, the proxy class must be defined by
* the defining loader of the interface. If the caller's class loader
* is not the same as the defining loader of the interface, the VM
* will throw IllegalAccessError when the generated proxy class is
* being defined.
*/
private static void checkProxyAccess(Class<?> caller,
ClassLoader loader,
Class<?> ... interfaces)
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
ClassLoader ccl = caller.getClassLoader();
if (loader == null && ccl != null) {
sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
ReflectUtil.checkProxyPackageAccess(ccl, interfaces);
}
}
/**
* Builder for a proxy class.
*
@ -516,7 +461,7 @@ public class Proxy implements java.io.Serializable {
? proxyClassNamePrefix + num
: context.packageName() + "." + proxyClassNamePrefix + num;
ClassLoader loader = getLoader(context.module());
ClassLoader loader = context.module().getClassLoader();
trace(proxyName, context.module(), loader, interfaces);
/*
@ -586,8 +531,7 @@ public class Proxy implements java.io.Serializable {
}
}
private static final String DEBUG =
GetPropertyAction.privilegedGetProperty("jdk.proxy.debug", "");
private static final String DEBUG = System.getProperty("jdk.proxy.debug", "");
private static boolean isDebug() {
return !DEBUG.isEmpty();
@ -618,7 +562,7 @@ public class Proxy implements java.io.Serializable {
this.interfaces = interfaces;
this.context = proxyClassContext(loader, interfaces, refTypes);
assert getLoader(context.module()) == loader;
assert context.module().getClassLoader() == loader;
}
ProxyBuilder(ClassLoader loader, Class<?> intf) {
@ -630,11 +574,7 @@ public class Proxy implements java.io.Serializable {
* accessible flag already set. If the target module does not have access
* to any interface types, IllegalAccessError will be thrown by the VM
* at defineClass time.
*
* Must call the checkProxyAccess method to perform permission checks
* before calling this.
*/
@SuppressWarnings("removal")
Constructor<?> build() {
Class<?> proxyClass = defineProxyClass(context, interfaces);
@ -644,12 +584,7 @@ public class Proxy implements java.io.Serializable {
} catch (NoSuchMethodException e) {
throw new InternalError(e.toString(), e);
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
cons.setAccessible(true);
return null;
}
});
cons.setAccessible(true);
return cons;
}
@ -788,7 +723,7 @@ public class Proxy implements java.io.Serializable {
throw new IllegalArgumentException(
"cannot have non-public interfaces in different packages");
}
if (getLoader(m) != loader) {
if (m.getClassLoader() != loader) {
// the specified loader is not the same class loader
// of the non-public interface
throw new IllegalArgumentException(
@ -979,36 +914,24 @@ public class Proxy implements java.io.Serializable {
*
* @see <a href="#membership">Package and Module Membership of Proxy Class</a>
*/
@CallerSensitive
public static Object newProxyInstance(ClassLoader loader,
Class<?>[] interfaces,
InvocationHandler h) {
Objects.requireNonNull(h);
@SuppressWarnings("removal")
final Class<?> caller = System.getSecurityManager() == null
? null
: Reflection.getCallerClass();
/*
* Look up or generate the designated proxy class and its constructor.
*/
Constructor<?> cons = getProxyConstructor(caller, loader, interfaces);
Constructor<?> cons = getProxyConstructor(loader, interfaces);
return newProxyInstance(caller, cons, h);
return newProxyInstance(cons, h);
}
private static Object newProxyInstance(Class<?> caller, // null if no SecurityManager
Constructor<?> cons,
InvocationHandler h) {
private static Object newProxyInstance(Constructor<?> cons, InvocationHandler h) {
/*
* Invoke its constructor with the designated invocation handler.
*/
try {
if (caller != null) {
checkNewProxyPermission(caller, cons.getDeclaringClass());
}
return cons.newInstance(new Object[]{h});
} catch (IllegalAccessException | InstantiationException e) {
throw new InternalError(e.toString(), e);
@ -1022,35 +945,6 @@ public class Proxy implements java.io.Serializable {
}
}
private static void checkNewProxyPermission(Class<?> caller, Class<?> proxyClass) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(proxyClass)) {
ClassLoader ccl = caller.getClassLoader();
ClassLoader pcl = proxyClass.getClassLoader();
// do permission check if the caller is in a different runtime package
// of the proxy class
String pkg = proxyClass.getPackageName();
String callerPkg = caller.getPackageName();
if (pcl != ccl || !pkg.equals(callerPkg)) {
sm.checkPermission(new ReflectPermission("newProxyInPackage." + pkg));
}
}
}
}
/**
* Returns the class loader for the given module.
*/
@SuppressWarnings("removal")
private static ClassLoader getLoader(Module m) {
PrivilegedAction<ClassLoader> pa = m::getClassLoader;
return AccessController.doPrivileged(pa);
}
/**
* Returns true if the given class is a proxy class.
*
@ -1075,8 +969,6 @@ public class Proxy implements java.io.Serializable {
* @throws IllegalArgumentException if the argument is not a
* proxy instance
*/
@SuppressWarnings("removal")
@CallerSensitive
public static InvocationHandler getInvocationHandler(Object proxy)
throws IllegalArgumentException
{
@ -1089,16 +981,6 @@ public class Proxy implements java.io.Serializable {
final Proxy p = (Proxy) proxy;
final InvocationHandler ih = p.h;
if (System.getSecurityManager() != null) {
Class<?> ihClass = ih.getClass();
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
ihClass.getClassLoader()))
{
ReflectUtil.checkPackageAccess(ihClass);
}
}
return ih;
}
@ -1249,20 +1131,14 @@ public class Proxy implements java.io.Serializable {
*
* @return a lookup for proxy class of this proxy instance
*/
@SuppressWarnings("removal")
private static MethodHandles.Lookup proxyClassLookup(MethodHandles.Lookup caller, Class<?> proxyClass) {
return AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public MethodHandles.Lookup run() {
try {
Method m = proxyClass.getDeclaredMethod("proxyClassLookup", MethodHandles.Lookup.class);
m.setAccessible(true);
return (MethodHandles.Lookup) m.invoke(null, caller);
} catch (ReflectiveOperationException e) {
throw new InternalError(e);
}
}
});
try {
Method m = proxyClass.getDeclaredMethod("proxyClassLookup", MethodHandles.Lookup.class);
m.setAccessible(true);
return (MethodHandles.Lookup) m.invoke(null, caller);
} catch (ReflectiveOperationException e) {
throw new InternalError(e);
}
}
/*

50
src/java.base/share/classes/java/lang/reflect/ProxyGenerator.java
View File

@ -43,7 +43,6 @@ import java.util.Objects;
import jdk.internal.constant.ClassOrInterfaceDescImpl;
import jdk.internal.constant.ConstantUtils;
import jdk.internal.constant.MethodTypeDescImpl;
import sun.security.action.GetBooleanAction;
import static java.lang.classfile.ClassFile.*;
import java.lang.classfile.attribute.StackMapFrameInfo;
@ -106,9 +105,8 @@ final class ProxyGenerator {
*/
@SuppressWarnings("removal")
private static final boolean SAVE_GENERATED_FILES =
java.security.AccessController.doPrivileged(
new GetBooleanAction(
"jdk.proxy.ProxyGenerator.saveGeneratedFiles"));
Boolean.getBoolean("jdk.proxy.ProxyGenerator.saveGeneratedFiles");
/* Preloaded ProxyMethod objects for methods in java.lang.Object */
private static final Method OBJECT_HASH_CODE_METHOD;
@ -215,27 +213,21 @@ final class ProxyGenerator {
final byte[] classFile = gen.generateClassFile();
if (SAVE_GENERATED_FILES) {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
try {
int i = name.lastIndexOf('.');
Path path;
if (i > 0) {
Path dir = Path.of(name.substring(0, i).replace('.', '/'));
Files.createDirectories(dir);
path = dir.resolve(name.substring(i + 1) + ".class");
} else {
path = Path.of(name + ".class");
}
Files.write(path, classFile);
return null;
} catch (IOException e) {
throw new InternalError(
"I/O exception saving generated file: " + e);
}
}
});
try {
int i = name.lastIndexOf('.');
Path path;
if (i > 0) {
Path dir = Path.of(name.substring(0, i).replace('.', '/'));
Files.createDirectories(dir);
path = dir.resolve(name.substring(i + 1) + ".class");
} else {
path = Path.of(name + ".class");
}
Files.write(path, classFile);
return null;
} catch (IOException e) {
throw new InternalError("I/O exception saving generated file: " + e);
}
}
return classFile;
@ -565,11 +557,6 @@ final class ProxyGenerator {
/**
* Generate the class initializer.
* Discussion: Currently, for Proxy to work with SecurityManager,
* we rely on the parameter classes of the methods to be computed
* from Proxy instead of via user code paths like bootstrap method
* lazy evaluation. That might change if we can pass in the live
* Method objects directly..
*/
private void generateStaticInitializer(ClassBuilder clb) {
clb.withMethodBody(CLASS_INIT_NAME, MTD_void, ACC_STATIC, cob -> {
@ -786,9 +773,6 @@ final class ProxyGenerator {
* Generate code for initializing the static field that stores
* the Method object for this proxy method. A class loader is
* anticipated at local variable index 0.
* The generated code must be run in an AccessController.doPrivileged
* block if a SecurityManager is present, as otherwise the code
* cannot pass {@code null} ClassLoader to forName.
*/
private void codeFieldInitialization(CodeBuilder cob) {
var cp = cob.constantPool();

196
src/java.base/share/classes/java/util/ServiceLoader.java
View File

@ -35,11 +35,6 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Stream;
@ -396,10 +391,6 @@ public final class ServiceLoader<S>
// null when locating provider using a module layer
private final ClassLoader loader;
// The access control context taken when the ServiceLoader is created
@SuppressWarnings("removal")
private final AccessControlContext acc;
// The lazy-lookup iterator for iterator operations
private Iterator<Provider<S>> lookupIterator1;
private final List<S> instantiatedProviders = new ArrayList<>();
@ -462,7 +453,6 @@ public final class ServiceLoader<S>
* If {@code svc} is not accessible to {@code caller} or the caller
* module does not use the service type.
*/
@SuppressWarnings("removal")
private ServiceLoader(Class<?> caller, ModuleLayer layer, Class<S> svc) {
Objects.requireNonNull(caller);
Objects.requireNonNull(layer);
@ -473,9 +463,6 @@ public final class ServiceLoader<S>
this.serviceName = svc.getName();
this.layer = layer;
this.loader = null;
this.acc = (System.getSecurityManager() != null)
? AccessController.getContext()
: null;
}
/**
@ -486,7 +473,6 @@ public final class ServiceLoader<S>
* If {@code svc} is not accessible to {@code caller} or the caller
* module does not use the service type.
*/
@SuppressWarnings("removal")
private ServiceLoader(Class<?> caller, Class<S> svc, ClassLoader cl) {
Objects.requireNonNull(svc);
@ -515,9 +501,6 @@ public final class ServiceLoader<S>
this.serviceName = svc.getName();
this.layer = null;
this.loader = cl;
this.acc = (System.getSecurityManager() != null)
? AccessController.getContext()
: null;
}
/**
@ -529,7 +512,6 @@ public final class ServiceLoader<S>
* @throws ServiceConfigurationError
* If the caller module does not use the service type.
*/
@SuppressWarnings("removal")
private ServiceLoader(Module callerModule, Class<S> svc, ClassLoader cl) {
if (!callerModule.canUse(svc)) {
fail(svc, callerModule + " does not declare `uses`");
@ -539,9 +521,6 @@ public final class ServiceLoader<S>
this.serviceName = svc.getName();
this.layer = null;
this.loader = cl;
this.acc = (System.getSecurityManager() != null)
? AccessController.getContext()
: null;
}
/**
@ -601,7 +580,6 @@ public final class ServiceLoader<S>
* provider method or there is more than one public static
* provider method
*/
@SuppressWarnings("removal")
private Method findStaticProviderMethod(Class<?> clazz) {
List<Method> methods = null;
try {
@ -628,12 +606,7 @@ public final class ServiceLoader<S>
}
}
if (result != null) {
Method m = result;
PrivilegedAction<Void> pa = () -> {
m.setAccessible(true);
return null;
};
AccessController.doPrivileged(pa);
result.setAccessible(true);
}
return result;
}
@ -644,27 +617,16 @@ public final class ServiceLoader<S>
* @throws ServiceConfigurationError if the class does not have
* public no-arg constructor
*/
@SuppressWarnings("removal")
private Constructor<?> getConstructor(Class<?> clazz) {
PrivilegedExceptionAction<Constructor<?>> pa
= new PrivilegedExceptionAction<>() {
@Override
public Constructor<?> run() throws Exception {
Constructor<?> ctor = clazz.getConstructor();
if (inExplicitModule(clazz))
ctor.setAccessible(true);
return ctor;
}
};
Constructor<?> ctor = null;
try {
ctor = AccessController.doPrivileged(pa);
} catch (Throwable x) {
if (x instanceof PrivilegedActionException)
x = x.getCause();
ctor = clazz.getConstructor();
} catch (NoSuchMethodException ex) {
String cn = clazz.getName();
fail(service, cn + " Unable to get public no-arg constructor", x);
fail(service, cn + " Unable to get public no-arg constructor", ex);
}
if (inExplicitModule(clazz))
ctor.setAccessible(true);
return ctor;
}
@ -678,29 +640,23 @@ public final class ServiceLoader<S>
final Class<? extends S> type;
final Method factoryMethod; // factory method or null
final Constructor<? extends S> ctor; // public no-args constructor or null
@SuppressWarnings("removal")
final AccessControlContext acc;
ProviderImpl(Class<S> service,
Class<? extends S> type,
Method factoryMethod,
@SuppressWarnings("removal") AccessControlContext acc) {
Method factoryMethod) {
this.service = service;
this.type = type;
this.factoryMethod = factoryMethod;
this.ctor = null;
this.acc = acc;
}
ProviderImpl(Class<S> service,
Class<? extends S> type,
Constructor<? extends S> ctor,
@SuppressWarnings("removal") AccessControlContext acc) {
Constructor<? extends S> ctor) {
this.service = service;
this.type = type;
this.factoryMethod = null;
this.ctor = ctor;
this.acc = acc;
}
@Override
@ -723,36 +679,14 @@ public final class ServiceLoader<S>
* permissions that are restricted by the security context of whatever
* created this loader.
*/
@SuppressWarnings("removal")
private S invokeFactoryMethod() {
Object result = null;
Throwable exc = null;
if (acc == null) {
try {
result = factoryMethod.invoke(null);
} catch (Throwable x) {
exc = x;
}
} else {
PrivilegedExceptionAction<?> pa = new PrivilegedExceptionAction<>() {
@Override
public Object run() throws Exception {
return factoryMethod.invoke(null);
}
};
// invoke factory method with permissions restricted by acc
try {
result = AccessController.doPrivileged(pa, acc);
} catch (Throwable x) {
if (x instanceof PrivilegedActionException)
x = x.getCause();
exc = x;
}
}
if (exc != null) {
if (exc instanceof InvocationTargetException)
exc = exc.getCause();
fail(service, factoryMethod + " failed", exc);
try {
result = factoryMethod.invoke(null);
} catch (Throwable ex) {
if (ex instanceof InvocationTargetException)
ex = ex.getCause();
fail(service, factoryMethod + " failed", ex);
}
if (result == null) {
fail(service, factoryMethod + " returned null");
@ -767,38 +701,16 @@ public final class ServiceLoader<S>
* with a security manager then the constructor runs with permissions that
* are restricted by the security context of whatever created this loader.
*/
@SuppressWarnings("removal")
private S newInstance() {
S p = null;
Throwable exc = null;
if (acc == null) {
try {
p = ctor.newInstance();
} catch (Throwable x) {
exc = x;
}
} else {
PrivilegedExceptionAction<S> pa = new PrivilegedExceptionAction<>() {
@Override
public S run() throws Exception {
return ctor.newInstance();
}
};
// invoke constructor with permissions restricted by acc
try {
p = AccessController.doPrivileged(pa, acc);
} catch (Throwable x) {
if (x instanceof PrivilegedActionException)
x = x.getCause();
exc = x;
}
}
if (exc != null) {
if (exc instanceof InvocationTargetException)
exc = exc.getCause();
try {
p = ctor.newInstance();
} catch (Throwable ex) {
if (ex instanceof InvocationTargetException)
ex = ex.getCause();
String cn = ctor.getDeclaringClass().getName();
fail(service,
"Provider " + cn + " could not be instantiated", exc);
"Provider " + cn + " could not be instantiated", ex);
}
return p;
}
@ -809,15 +721,14 @@ public final class ServiceLoader<S>
@Override
public int hashCode() {
return Objects.hash(service, type, acc);
return Objects.hash(service, type);
}
@Override
public boolean equals(Object ob) {
return ob instanceof @SuppressWarnings("unchecked")ProviderImpl<?> that
&& this.service == that.service
&& this.type == that.type
&& Objects.equals(this.acc, that.acc);
&& this.type == that.type;
}
}
@ -831,7 +742,6 @@ public final class ServiceLoader<S>
* isn't the expected sub-type (or doesn't define a provider
* factory method that returns the expected type)
*/
@SuppressWarnings("removal")
private Provider<S> loadProvider(ServiceProvider provider) {
Module module = provider.module();
if (!module.canRead(service.getModule())) {
@ -841,22 +751,10 @@ public final class ServiceLoader<S>
String cn = provider.providerName();
Class<?> clazz = null;
if (acc == null) {
try {
clazz = Class.forName(module, cn);
} catch (LinkageError e) {
fail(service, "Unable to load " + cn, e);
}
} else {
PrivilegedExceptionAction<Class<?>> pa = () -> Class.forName(module, cn);
try {
clazz = AccessController.doPrivileged(pa);
} catch (Throwable x) {
if (x instanceof PrivilegedActionException)
x = x.getCause();
fail(service, "Unable to load " + cn, x);
return null;
}
try {
clazz = Class.forName(module, cn);
} catch (LinkageError e) {
fail(service, "Unable to load " + cn, e);
}
if (clazz == null) {
fail(service, "Provider " + cn + " not found");
@ -878,7 +776,7 @@ public final class ServiceLoader<S>
@SuppressWarnings("unchecked")
Class<? extends S> type = (Class<? extends S>) returnType;
return new ProviderImpl<S>(service, type, factoryMethod, acc);
return new ProviderImpl<S>(service, type, factoryMethod);
}
}
@ -891,7 +789,7 @@ public final class ServiceLoader<S>
Class<? extends S> type = (Class<? extends S>) clazz;
@SuppressWarnings("unchecked")
Constructor<? extends S> ctor = (Constructor<? extends S> ) getConstructor(clazz);
return new ProviderImpl<S>(service, type, ctor, acc);
return new ProviderImpl<S>(service, type, ctor);
}
/**
@ -997,20 +895,6 @@ public final class ServiceLoader<S>
return catalog.findServices(serviceName);
}
/**
* Returns the class loader that a module is defined to
*/
@SuppressWarnings("removal")
private ClassLoader loaderFor(Module module) {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return module.getClassLoader();
} else {
PrivilegedAction<ClassLoader> pa = module::getClassLoader;
return AccessController.doPrivileged(pa);
}
}
/**
* Returns an iterator to iterate over the implementations of {@code
* service} in modules defined to the given class loader or in custom
@ -1041,7 +925,7 @@ public final class ServiceLoader<S>
while (iterator.hasNext()) {
ModuleLayer layer = iterator.next();
for (ServiceProvider sp : providers(layer)) {
ClassLoader l = loaderFor(sp.module());
ClassLoader l = sp.module().getClassLoader();
if (l != null && l != platformClassLoader) {
allProviders.add(sp);
}
@ -1225,7 +1109,7 @@ public final class ServiceLoader<S>
Class<? extends S> type = (Class<? extends S>) clazz;
Constructor<? extends S> ctor
= (Constructor<? extends S>)getConstructor(clazz);
ProviderImpl<S> p = new ProviderImpl<S>(service, type, ctor, acc);
ProviderImpl<S> p = new ProviderImpl<S>(service, type, ctor);
nextProvider = (ProviderImpl<T>) p;
} else {
fail(service, clazz.getName() + " not a subtype");
@ -1253,30 +1137,14 @@ public final class ServiceLoader<S>
}
}
@SuppressWarnings("removal")
@Override
public boolean hasNext() {
if (acc == null) {
return hasNextService();
} else {
PrivilegedAction<Boolean> action = new PrivilegedAction<>() {
public Boolean run() { return hasNextService(); }
};
return AccessController.doPrivileged(action, acc);
}
return hasNextService();
}
@SuppressWarnings("removal")
@Override
public Provider<T> next() {
if (acc == null) {
return nextService();
} else {
PrivilegedAction<Provider<T>> action = new PrivilegedAction<>() {
public Provider<T> run() { return nextService(); }
};
return AccessController.doPrivileged(action, acc);
}
return nextService();
}
}

13
src/java.base/share/classes/jdk/internal/constant/MethodTypeDescImpl.java
View File

@ -32,8 +32,6 @@ import java.lang.constant.ConstantDescs;
import java.lang.constant.MethodTypeDesc;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@ -320,15 +318,8 @@ public final class MethodTypeDescImpl implements MethodTypeDesc {
public MethodType resolveConstantDesc(MethodHandles.Lookup lookup) throws ReflectiveOperationException {
MethodType mtype;
try {
@SuppressWarnings("removal")
MethodType mt = AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public MethodType run() {
return MethodType.fromMethodDescriptorString(descriptorString(),
lookup.lookupClass().getClassLoader());
}
});
mtype = mt;
mtype = MethodType.fromMethodDescriptorString(descriptorString(),
lookup.lookupClass().getClassLoader());
} catch (TypeNotPresentException ex) {
throw (ClassNotFoundException) ex.getCause();
}

25
src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
View File

@ -40,13 +40,10 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.PrivilegedAction;
import java.util.Properties;
import jdk.internal.access.JavaLangReflectAccess;
import jdk.internal.access.SharedSecrets;
import jdk.internal.misc.VM;
import jdk.internal.vm.annotation.Stable;
import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityConstants;
/** <P> The master factory for all reflective objects, both those in
java.lang.reflect (Fields, Methods, Constructors) as well as their
@ -93,27 +90,12 @@ public class ReflectionFactory {
* Provides the caller with the capability to instantiate reflective
* objects.
*
* <p> First, if there is a security manager, its
* <code>checkPermission</code> method is called with a {@link
* java.lang.RuntimePermission} with target
* <code>"reflectionFactoryAccess"</code>. This may result in a
* security exception.
*
* <p> The returned <code>ReflectionFactory</code> object should be
* carefully guarded by the caller, since it can be used to read and
* write private data and invoke private methods, as well as to load
* unverified bytecodes. It must never be passed to untrusted code.
*
* @exception SecurityException if a security manager exists and its
* <code>checkPermission</code> method doesn't allow
* access to the RuntimePermission "reflectionFactoryAccess". */
*/
public static ReflectionFactory getReflectionFactory() {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkPermission(
SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION);
}
return soleInstance;
}
@ -549,11 +531,10 @@ public class ReflectionFactory {
private static Config loadConfig() {
assert VM.isModuleSystemInited();
Properties props = GetPropertyAction.privilegedGetProperties();
boolean useNativeAccessorOnly =
"true".equals(props.getProperty("jdk.reflect.useNativeAccessorOnly"));
"true".equals(System.getProperty("jdk.reflect.useNativeAccessorOnly"));
boolean disableSerialConstructorChecks =
"true".equals(props.getProperty("jdk.disableSerialConstructorChecks"));
"true".equals(System.getProperty("jdk.disableSerialConstructorChecks"));
return new Config(useNativeAccessorOnly, disableSerialConstructorChecks);
}

19
src/java.base/share/classes/sun/invoke/util/VerifyAccess.java
View File

@ -311,8 +311,6 @@ public class VerifyAccess {
// will use the result cached in the JVM system dictionary. Note that the JVM system dictionary
// will record the first successful result. Unsuccessful results are not stored.
//
// We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary
// class loader about the binding of the proposed name (type.getName()).
// The looked up type ("res") is compared for equality against the proposed
// type ("type") and then is discarded. Thus, the worst that can happen to
// the "child" class loader is that it is bothered to load and report a class
@ -320,17 +318,12 @@ public class VerifyAccess {
// memoization. And the caller never gets to look at the alternate type binding
// ("res"), whether it exists or not.
final String name = type.getName();
@SuppressWarnings("removal")
Class<?> res = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Class<?> run() {
try {
return Class.forName(name, false, refcLoader);
} catch (ClassNotFoundException | LinkageError e) {
return null; // Assume the class is not found
}
}
});
Class<?> res = null;
try {
res = Class.forName(name, false, refcLoader);
} catch (ClassNotFoundException | LinkageError e) {
// Assume the class is not found
}
return (type == res);
}

170
src/java.base/share/classes/sun/reflect/misc/ReflectUtil.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,6 @@
* questions.
*/
package sun.reflect.misc;
import java.lang.reflect.Member;
@ -31,16 +30,13 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import jdk.internal.reflect.Reflection;
import sun.security.util.SecurityConstants;
public final class ReflectUtil {
private ReflectUtil() {
}
public static Class<?> forName(String name)
throws ClassNotFoundException {
checkPackageAccess(name);
public static Class<?> forName(String name) throws ClassNotFoundException {
return Class.forName(name);
}
@ -73,182 +69,48 @@ public final class ReflectUtil {
}
/**
* Does a conservative approximation of member access check. Use this if
* you don't have an actual 'userland' caller Class/ClassLoader available.
* This might be more restrictive than a precise member access check where
* you have a caller, but should never allow a member access that is
* forbidden.
*
* @param m the {@code Member} about to be accessed
* Does nothing.
*/
public static void conservativeCheckMemberAccess(Member m) throws SecurityException{
@SuppressWarnings("removal")
final SecurityManager sm = System.getSecurityManager();
if (sm == null)
return;
// Check for package access on the declaring class.
//
// In addition, unless the member and the declaring class are both
// public check for access declared member permissions.
//
// This is done regardless of ClassLoader relations between the {@code
// Member m} and any potential caller.
final Class<?> declaringClass = m.getDeclaringClass();
privateCheckPackageAccess(sm, declaringClass);
if (Modifier.isPublic(m.getModifiers()) &&
Modifier.isPublic(declaringClass.getModifiers()))
return;
// Check for declared member access.
sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
public static void conservativeCheckMemberAccess(Member m) {
}
/**
* Checks package access on the given class.
*
* If it is a {@link Proxy#isProxyClass(java.lang.Class)} that implements
* a non-public interface (i.e. may be in a non-restricted package),
* also check the package access on the proxy interfaces.
* Does nothing.
*/
public static void checkPackageAccess(Class<?> clazz) {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
privateCheckPackageAccess(s, clazz);
}
}
/**
* NOTE: should only be called if a SecurityManager is installed
*/
private static void privateCheckPackageAccess(@SuppressWarnings("removal") SecurityManager s, Class<?> clazz) {
String pkg = clazz.getPackageName();
if (!pkg.isEmpty()) {
s.checkPackageAccess(pkg);
}
if (isNonPublicProxyClass(clazz)) {
privateCheckProxyPackageAccess(s, clazz);
}
}
/**
* Checks package access on the given classname.
* This method is typically called when the Class instance is not
* available and the caller attempts to load a class on behalf
* the true caller (application).
* Does nothing
*/
public static void checkPackageAccess(String name) {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
String cname = name.replace('/', '.');
if (cname.startsWith("[")) {
int b = cname.lastIndexOf('[') + 2;
if (b > 1 && b < cname.length()) {
cname = cname.substring(b);
}
}
int i = cname.lastIndexOf('.');
if (i != -1) {
s.checkPackageAccess(cname.substring(0, i));
}
}
}
/**
* Returns true.
*/
public static boolean isPackageAccessible(Class<?> clazz) {
try {
checkPackageAccess(clazz);
} catch (SecurityException e) {
return false;
}
return true;
}
// Returns true if p is an ancestor of cl i.e. class loader 'p' can
// be found in the cl's delegation chain
private static boolean isAncestor(ClassLoader p, ClassLoader cl) {
ClassLoader acl = cl;
do {
acl = acl.getParent();
if (p == acl) {
return true;
}
} while (acl != null);
/**
* Returns false.
*/
public static boolean needsPackageAccessCheck(ClassLoader from, ClassLoader to) {
return false;
}
/**
* Returns true if package access check is needed for reflective
* access from a class loader 'from' to classes or members in
* a class defined by class loader 'to'. This method returns true
* if 'from' is not the same as or an ancestor of 'to'. All code
* in a system domain are granted with all permission and so this
* method returns false if 'from' class loader is a class loader
* loading system classes. On the other hand, if a class loader
* attempts to access system domain classes, it requires package
* access check and this method will return true.
*/
public static boolean needsPackageAccessCheck(ClassLoader from, ClassLoader to) {
if (from == null || from == to)
return false;
if (to == null)
return true;
return !isAncestor(from, to);
}
/**
* Check package access on the proxy interfaces that the given proxy class
* implements.
*
* @param clazz Proxy class object
* Does nothing
*/
public static void checkProxyPackageAccess(Class<?> clazz) {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
privateCheckProxyPackageAccess(s, clazz);
}
}
/**
* NOTE: should only be called if a SecurityManager is installed
*/
private static void privateCheckProxyPackageAccess(@SuppressWarnings("removal") SecurityManager s, Class<?> clazz) {
// check proxy interfaces if the given class is a proxy class
if (Proxy.isProxyClass(clazz)) {
for (Class<?> intf : clazz.getInterfaces()) {
privateCheckPackageAccess(s, intf);
}
}
}
/**
* Access check on the interfaces that a proxy class implements and throw
* {@code SecurityException} if it accesses a restricted package from
* the caller's class loader.
*
* @param ccl the caller's class loader
* @param interfaces the list of interfaces that a proxy class implements
* Does nothing.
*/
public static void checkProxyPackageAccess(ClassLoader ccl,
Class<?>... interfaces)
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
for (Class<?> intf : interfaces) {
ClassLoader cl = intf.getClassLoader();
if (needsPackageAccessCheck(ccl, cl)) {
privateCheckPackageAccess(sm, intf);
}
}
}
Class<?>... interfaces) {
}
// Note that bytecode instrumentation tools may exclude 'sun.*'

4
test/hotspot/jtreg/runtime/cds/appcds/StaticArchiveWithLambda.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -53,7 +53,7 @@ public class StaticArchiveWithLambda {
"-Xlog:class+load,cds")
.setArchiveName(archiveName);
CDSTestUtils.createArchiveAndCheck(opts)
.shouldContain("Skipping java/lang/invoke/BoundMethodHandle$Species_LLLL because it is dynamically generated");
.shouldHaveExitValue(0);
// run with archive
CDSOptions runOpts = (new CDSOptions())