From abacece8265996aaec888c8f109f2e476ec7a8e3 Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Thu, 14 Nov 2024 07:39:28 +0000 Subject: [PATCH] 8344011: Remove usage of security manager from Class and reflective APIs Reviewed-by: liach, yzheng, rriggs --- .../share/classes/java/lang/Class.java | 404 +----------------- .../share/classes/java/lang/Module.java | 13 +- .../share/classes/java/lang/ModuleLayer.java | 24 -- .../share/classes/java/lang/Package.java | 8 +- .../classes/java/lang/PublicMethods.java | 8 +- .../AbstractValidatingLambdaMetafactory.java | 5 +- .../java/lang/invoke/InfoFromMemberName.java | 20 +- .../invoke/InnerClassLambdaMetafactory.java | 6 +- .../java/lang/invoke/MethodHandleImpl.java | 6 +- .../java/lang/invoke/MethodHandleProxies.java | 30 +- .../java/lang/invoke/MethodHandleStatics.java | 3 +- .../java/lang/invoke/MethodHandles.java | 182 +------- .../classes/java/lang/invoke/MethodType.java | 14 - .../java/lang/invoke/SerializedLambda.java | 23 +- .../java/lang/reflect/AccessibleObject.java | 29 +- .../java/lang/reflect/Constructor.java | 1 - .../classes/java/lang/reflect/Field.java | 2 - .../classes/java/lang/reflect/Method.java | 1 - .../classes/java/lang/reflect/Proxy.java | 158 +------ .../java/lang/reflect/ProxyGenerator.java | 50 +-- .../classes/java/util/ServiceLoader.java | 196 ++------- .../internal/constant/MethodTypeDescImpl.java | 13 +- .../internal/reflect/ReflectionFactory.java | 25 +- .../classes/sun/invoke/util/VerifyAccess.java | 19 +- .../classes/sun/reflect/misc/ReflectUtil.java | 170 +------- .../cds/appcds/StaticArchiveWithLambda.java | 4 +- 26 files changed, 163 insertions(+), 1251 deletions(-) diff --git a/src/java.base/share/classes/java/lang/Class.java b/src/java.base/share/classes/java/lang/Class.java index bb091235646..ba63f2d538f 100644 --- a/src/java.base/share/classes/java/lang/Class.java +++ b/src/java.base/share/classes/java/lang/Class.java @@ -30,7 +30,6 @@ import java.lang.constant.ClassDesc; import java.lang.constant.ConstantDescs; import java.lang.invoke.TypeDescriptor; import java.lang.invoke.MethodHandles; -import java.lang.module.ModuleReader; import java.lang.ref.SoftReference; import java.io.IOException; import java.io.InputStream; @@ -54,9 +53,7 @@ import java.lang.reflect.Type; import java.lang.reflect.TypeVariable; import java.lang.constant.Constable; import java.net.URL; -import java.security.AccessController; import java.security.Permissions; -import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.Arrays; @@ -73,10 +70,8 @@ import java.util.Set; import java.util.stream.Collectors; import jdk.internal.constant.ConstantUtils; -import jdk.internal.javac.PreviewFeature; import jdk.internal.loader.BootLoader; import jdk.internal.loader.BuiltinClassLoader; -import jdk.internal.misc.PreviewFeatures; import jdk.internal.misc.Unsafe; import jdk.internal.module.Resources; import jdk.internal.reflect.CallerSensitive; @@ -84,7 +79,6 @@ import jdk.internal.reflect.CallerSensitiveAdapter; import jdk.internal.reflect.ConstantPool; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; -import jdk.internal.vm.annotation.ForceInline; import jdk.internal.vm.annotation.IntrinsicCandidate; import jdk.internal.vm.annotation.Stable; @@ -540,41 +534,10 @@ public final class Class implements java.io.Serializable, * @jls 13.1 The Form of a Binary * @since 1.2 */ - @CallerSensitive - public static Class forName(String name, boolean initialize, - ClassLoader loader) + public static Class forName(String name, boolean initialize, ClassLoader loader) throws ClassNotFoundException { - Class caller = null; - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - // Reflective call to get caller class is only needed if a security manager - // is present. Avoid the overhead of making this call otherwise. - caller = Reflection.getCallerClass(); - } - return forName(name, initialize, loader, caller); - } - - // Caller-sensitive adapter method for reflective invocation - @CallerSensitiveAdapter - private static Class forName(String name, boolean initialize, ClassLoader loader, Class caller) - throws ClassNotFoundException - { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - // Reflective call to get caller class is only needed if a security manager - // is present. Avoid the overhead of making this call otherwise. - if (loader == null) { - ClassLoader ccl = ClassLoader.getClassLoader(caller); - if (ccl != null) { - sm.checkPermission( - SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - } - } - return forName0(name, initialize, loader, caller); + return forName0(name, initialize, loader, null); } /** Called after security check for system loader access checks have been made. */ @@ -620,38 +583,11 @@ public final class Class implements java.io.Serializable, * @jls 12.3 Linking of Classes and Interfaces * @since 9 */ - @SuppressWarnings("removal") - @CallerSensitive public static Class forName(Module module, String name) { - Class caller = null; - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - caller = Reflection.getCallerClass(); - } - return forName(module, name, caller); - } - - // Caller-sensitive adapter method for reflective invocation - @SuppressWarnings("removal") - @CallerSensitiveAdapter - private static Class forName(Module module, String name, Class caller) { Objects.requireNonNull(module); Objects.requireNonNull(name); - ClassLoader cl; - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - if (caller != null && caller.getModule() != module) { - // if caller is null, Class.forName is the last java frame on the stack. - // java.base has all permissions - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - PrivilegedAction pa = module::getClassLoader; - cl = AccessController.doPrivileged(pa); - } else { - cl = module.getClassLoader(); - } - + ClassLoader cl = module.getClassLoader(); if (cl != null) { return cl.loadClass(module, name); } else { @@ -740,17 +676,11 @@ public final class Class implements java.io.Serializable, * @throws ExceptionInInitializerError if the initialization * provoked by this method fails. */ - @SuppressWarnings("removal") @CallerSensitive @Deprecated(since="9") public T newInstance() throws InstantiationException, IllegalAccessException { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), false); - } - // Constructor lookup Constructor tmpConstructor = cachedConstructor; if (tmpConstructor == null) { @@ -765,13 +695,7 @@ public final class Class implements java.io.Serializable, getConstructor0(empty, Member.DECLARED)); // Disable accessibility checks on the constructor // access check is done with the true caller - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<>() { - public Void run() { - c.setAccessible(true); - return null; - } - }); + c.setAccessible(true); cachedConstructor = tmpConstructor = c; } catch (NoSuchMethodException e) { throw (InstantiationException) @@ -1035,18 +959,8 @@ public final class Class implements java.io.Serializable, * represented by this {@code Class} object. * @see java.lang.ClassLoader */ - @CallerSensitive - @ForceInline // to ensure Reflection.getCallerClass optimization public ClassLoader getClassLoader() { - ClassLoader cl = classLoader; - if (cl == null) - return null; - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - ClassLoader.checkClassLoaderPermission(cl, Reflection.getCallerClass()); - } - return cl; + return classLoader; } // Package-private to allow ClassLoader access @@ -1511,7 +1425,6 @@ public final class Class implements java.io.Serializable, * * @since 1.5 */ - @CallerSensitive public Method getEnclosingMethod() { EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo(); @@ -1533,14 +1446,7 @@ public final class Class implements java.io.Serializable, for(int i = 0; i < parameterClasses.length; i++) parameterClasses[i] = toClass(parameterTypes[i]); - // Perform access check final Class enclosingCandidate = enclosingInfo.getEnclosingClass(); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - enclosingCandidate.checkMemberAccess(sm, Member.DECLARED, - Reflection.getCallerClass(), true); - } Method[] candidates = enclosingCandidate.privateGetDeclaredMethods(false); /* @@ -1648,7 +1554,6 @@ public final class Class implements java.io.Serializable, * * @since 1.5 */ - @CallerSensitive public Constructor getEnclosingConstructor() { EnclosingMethodInfo enclosingInfo = getEnclosingMethodInfo(); @@ -1666,18 +1571,11 @@ public final class Class implements java.io.Serializable, // Convert Types to Classes; returned types *should* // be class objects since the methodDescriptor's used // don't have generics information - for(int i = 0; i < parameterClasses.length; i++) + for (int i = 0; i < parameterClasses.length; i++) parameterClasses[i] = toClass(parameterTypes[i]); - // Perform access check - final Class enclosingCandidate = enclosingInfo.getEnclosingClass(); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - enclosingCandidate.checkMemberAccess(sm, Member.DECLARED, - Reflection.getCallerClass(), true); - } + final Class enclosingCandidate = enclosingInfo.getEnclosingClass(); Constructor[] candidates = enclosingCandidate .privateGetDeclaredConstructors(false); /* @@ -1708,19 +1606,8 @@ public final class Class implements java.io.Serializable, * @return the declaring class for this class * @since 1.1 */ - @CallerSensitive public Class getDeclaringClass() { - final Class candidate = getDeclaringClass0(); - - if (candidate != null) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - candidate.checkPackageAccess(sm, - ClassLoader.getClassLoader(Reflection.getCallerClass()), true); - } - } - return candidate; + return getDeclaringClass0(); } private native Class getDeclaringClass0(); @@ -1733,7 +1620,6 @@ public final class Class implements java.io.Serializable, * @return the immediately enclosing class of the underlying class * @since 1.5 */ - @CallerSensitive public Class getEnclosingClass() { // There are five kinds of classes (or interfaces): // a) Top level classes @@ -1760,15 +1646,6 @@ public final class Class implements java.io.Serializable, else enclosingCandidate = enclosingClass; } - - if (enclosingCandidate != null) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - enclosingCandidate.checkPackageAccess(sm, - ClassLoader.getClassLoader(Reflection.getCallerClass()), true); - } - } return enclosingCandidate; } @@ -1991,36 +1868,18 @@ public final class Class implements java.io.Serializable, * members of this class * @since 1.1 */ - @SuppressWarnings("removal") - @CallerSensitive public Class[] getClasses() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), false); - } - - // Privileged so this implementation can look at DECLARED classes, - // something the caller might not have privilege to do. The code here - // is allowed to look at DECLARED classes because (1) it does not hand - // out anything other than public members and (2) public member access - // has already been ok'd by the SecurityManager. - - return java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<>() { - public Class[] run() { - List> list = new ArrayList<>(); - Class currentClass = Class.this; - while (currentClass != null) { - for (Class m : currentClass.getDeclaredClasses()) { - if (Modifier.isPublic(m.getModifiers())) { - list.add(m); - } - } - currentClass = currentClass.getSuperclass(); - } - return list.toArray(new Class[0]); + List> list = new ArrayList<>(); + Class currentClass = Class.this; + while (currentClass != null) { + for (Class m : currentClass.getDeclaredClasses()) { + if (Modifier.isPublic(m.getModifiers())) { + list.add(m); } - }); + } + currentClass = currentClass.getSuperclass(); + } + return list.toArray(new Class[0]); } @@ -2054,13 +1913,7 @@ public final class Class implements java.io.Serializable, * @jls 8.2 Class Members * @jls 8.3 Field Declarations */ - @CallerSensitive public Field[] getFields() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } return copyFields(privateGetPublicFields()); } @@ -2138,13 +1991,7 @@ public final class Class implements java.io.Serializable, * @jls 8.4 Method Declarations * @since 1.1 */ - @CallerSensitive public Method[] getMethods() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } return copyMethods(privateGetPublicMethods()); } @@ -2173,13 +2020,7 @@ public final class Class implements java.io.Serializable, * @see #getDeclaredConstructors() * @since 1.1 */ - @CallerSensitive public Constructor[] getConstructors() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } return copyConstructors(privateGetDeclaredConstructors(true)); } @@ -2219,14 +2060,8 @@ public final class Class implements java.io.Serializable, * @jls 8.2 Class Members * @jls 8.3 Field Declarations */ - @CallerSensitive public Field getField(String name) throws NoSuchFieldException { Objects.requireNonNull(name); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } Field field = getField0(name); if (field == null) { throw new NoSuchFieldException(name); @@ -2322,15 +2157,9 @@ public final class Class implements java.io.Serializable, * @jls 8.4 Method Declarations * @since 1.1 */ - @CallerSensitive public Method getMethod(String name, Class... parameterTypes) throws NoSuchMethodException { Objects.requireNonNull(name); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } Method method = getMethod0(name, parameterTypes); if (method == null) { throw new NoSuchMethodException(methodToString(name, parameterTypes)); @@ -2363,14 +2192,8 @@ public final class Class implements java.io.Serializable, * @see #getDeclaredConstructor(Class[]) * @since 1.1 */ - @CallerSensitive public Constructor getConstructor(Class... parameterTypes) throws NoSuchMethodException { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.PUBLIC, Reflection.getCallerClass(), true); - } return getReflectionFactory().copyConstructor( getConstructor0(parameterTypes, Member.PUBLIC)); } @@ -2392,13 +2215,7 @@ public final class Class implements java.io.Serializable, * @since 1.1 * @jls 8.5 Member Class and Interface Declarations */ - @CallerSensitive public Class[] getDeclaredClasses() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), false); - } return getDeclaredClasses0(); } @@ -2425,13 +2242,7 @@ public final class Class implements java.io.Serializable, * @jls 8.2 Class Members * @jls 8.3 Field Declarations */ - @CallerSensitive public Field[] getDeclaredFields() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } return copyFields(privateGetDeclaredFields(false)); } @@ -2467,13 +2278,7 @@ public final class Class implements java.io.Serializable, * @jls 8.10 Record Classes * @since 16 */ - @CallerSensitive public RecordComponent[] getRecordComponents() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } if (!isRecord()) { return null; } @@ -2519,13 +2324,7 @@ public final class Class implements java.io.Serializable, * programming language and JVM modeling in core reflection * @since 1.1 */ - @CallerSensitive public Method[] getDeclaredMethods() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } return copyMethods(privateGetDeclaredMethods(false)); } @@ -2550,13 +2349,7 @@ public final class Class implements java.io.Serializable, * @see #getConstructors() * @jls 8.8 Constructor Declarations */ - @CallerSensitive public Constructor[] getDeclaredConstructors() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } return copyConstructors(privateGetDeclaredConstructors(false)); } @@ -2581,14 +2374,8 @@ public final class Class implements java.io.Serializable, * @jls 8.2 Class Members * @jls 8.3 Field Declarations */ - @CallerSensitive public Field getDeclaredField(String name) throws NoSuchFieldException { Objects.requireNonNull(name); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } Field field = searchFields(privateGetDeclaredFields(false), name); if (field == null) { throw new NoSuchFieldException(name); @@ -2626,15 +2413,9 @@ public final class Class implements java.io.Serializable, * @jls 8.4 Method Declarations * @since 1.1 */ - @CallerSensitive public Method getDeclaredMethod(String name, Class... parameterTypes) throws NoSuchMethodException { Objects.requireNonNull(name); - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } Method method = searchMethods(privateGetDeclaredMethods(false), name, parameterTypes); if (method == null) { throw new NoSuchMethodException(methodToString(name, parameterTypes)); @@ -2703,15 +2484,8 @@ public final class Class implements java.io.Serializable, * @see #getConstructor(Class[]) * @since 1.1 */ - @CallerSensitive public Constructor getDeclaredConstructor(Class... parameterTypes) throws NoSuchMethodException { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkMemberAccess(sm, Member.DECLARED, Reflection.getCallerClass(), true); - } - return getReflectionFactory().copyConstructor( getConstructor0(parameterTypes, Member.DECLARED)); } @@ -2933,11 +2707,6 @@ public final class Class implements java.io.Serializable, * @since 1.2 */ public ProtectionDomain getProtectionDomain() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(SecurityConstants.GET_PD_PERMISSION); - } return protectionDomain(); } @@ -2972,91 +2741,6 @@ public final class Class implements java.io.Serializable, */ static native Class getPrimitiveClass(String name); - /* - * Check if client is allowed to access members. If access is denied, - * throw a SecurityException. - * - * This method also enforces package access. - * - *

Default policy: allow all clients access with normal Java access - * control. - * - *

NOTE: should only be called if a SecurityManager is installed - */ - private void checkMemberAccess(@SuppressWarnings("removal") SecurityManager sm, int which, - Class caller, boolean checkProxyInterfaces) { - /* Default policy allows access to all {@link Member#PUBLIC} members, - * as well as access to classes that have the same class loader as the caller. - * In all other cases, it requires RuntimePermission("accessDeclaredMembers") - * permission. - */ - final ClassLoader ccl = ClassLoader.getClassLoader(caller); - if (which != Member.PUBLIC) { - final ClassLoader cl = classLoader; - if (ccl != cl) { - sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); - } - } - this.checkPackageAccess(sm, ccl, checkProxyInterfaces); - } - - /* - * Checks if a client loaded in ClassLoader ccl is allowed to access this - * class under the current package access policy. If access is denied, - * throw a SecurityException. - * - * NOTE: this method should only be called if a SecurityManager is active - */ - private void checkPackageAccess(@SuppressWarnings("removal") SecurityManager sm, final ClassLoader ccl, - boolean checkProxyInterfaces) { - final ClassLoader cl = classLoader; - - if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) { - String pkg = this.getPackageName(); - if (!pkg.isEmpty()) { - // skip the package access check on a proxy class in default proxy package - if (!Proxy.isProxyClass(this) || ReflectUtil.isNonPublicProxyClass(this)) { - sm.checkPackageAccess(pkg); - } - } - } - // check package access on the proxy interfaces - if (checkProxyInterfaces && Proxy.isProxyClass(this)) { - ReflectUtil.checkProxyPackageAccess(ccl, this.getInterfaces(/* cloneArray */ false)); - } - } - - /* - * Checks if a client loaded in ClassLoader ccl is allowed to access the provided - * classes under the current package access policy. If access is denied, - * throw a SecurityException. - * - * NOTE: this method should only be called if a SecurityManager is active - * classes must be non-empty - * all classes provided must be loaded by the same ClassLoader - * NOTE: this method does not support Proxy classes - */ - private static void checkPackageAccessForPermittedSubclasses(@SuppressWarnings("removal") SecurityManager sm, - final ClassLoader ccl, Class[] subClasses) { - final ClassLoader cl = subClasses[0].classLoader; - - if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) { - Set packages = new HashSet<>(); - - for (Class c : subClasses) { - if (Proxy.isProxyClass(c)) - throw new InternalError("a permitted subclass should not be a proxy class: " + c); - String pkg = c.getPackageName(); - if (!pkg.isEmpty()) { - packages.add(pkg); - } - } - for (String pkg : packages) { - sm.checkPackageAccess(pkg); - } - } - } - /** * Add a package name prefix if the name is not absolute. Remove leading "/" * if name is absolute @@ -3732,15 +3416,12 @@ public final class Class implements java.io.Serializable, } // Fetches the factory for reflective objects - @SuppressWarnings("removal") private static ReflectionFactory getReflectionFactory() { var factory = reflectionFactory; if (factory != null) { return factory; } - return reflectionFactory = - java.security.AccessController.doPrivileged - (new ReflectionFactory.GetReflectionFactoryAction()); + return reflectionFactory = ReflectionFactory.getReflectionFactory(); } private static ReflectionFactory reflectionFactory; @@ -3766,20 +3447,13 @@ public final class Class implements java.io.Serializable, * identical to getEnumConstants except that the result is * uncloned, cached, and shared by all callers. */ - @SuppressWarnings("removal") T[] getEnumConstantsShared() { T[] constants = enumConstants; if (constants == null) { if (!isEnum()) return null; try { final Method values = getMethod("values"); - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<>() { - public Void run() { - values.setAccessible(true); - return null; - } - }); + values.setAccessible(true); @SuppressWarnings("unchecked") T[] temporaryConstants = (T[])values.invoke(null); enumConstants = constants = temporaryConstants; @@ -4160,24 +3834,11 @@ public final class Class implements java.io.Serializable, * @jvms 4.7.29 The {@code NestMembers} Attribute * @jvms 5.4.4 Access Control */ - @CallerSensitive public Class getNestHost() { if (isPrimitive() || isArray()) { return this; } - - Class host = getNestHost0(); - if (host == this) { - return this; - } - // returning a different class requires a security check - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkPackageAccess(sm, - ClassLoader.getClassLoader(Reflection.getCallerClass()), true); - } - return host; + return getNestHost0(); } /** @@ -4244,7 +3905,6 @@ public final class Class implements java.io.Serializable, * @jvms 4.7.28 The {@code NestHost} Attribute * @jvms 4.7.29 The {@code NestMembers} Attribute */ - @CallerSensitive public Class[] getNestMembers() { if (isPrimitive() || isArray()) { return new Class[] { this }; @@ -4252,17 +3912,6 @@ public final class Class implements java.io.Serializable, Class[] members = getNestMembers0(); // Can't actually enable this due to bootstrapping issues // assert(members.length != 1 || members[0] == this); // expected invariant from VM - - if (members.length > 1) { - // If we return anything other than the current class we need - // a security check - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkPackageAccess(sm, - ClassLoader.getClassLoader(Reflection.getCallerClass()), true); - } - } return members; } @@ -4432,7 +4081,6 @@ public final class Class implements java.io.Serializable, * @jls 9.1 Interface Declarations * @since 17 */ - @CallerSensitive public Class[] getPermittedSubclasses() { Class[] subClasses; if (isArray() || isPrimitive() || (subClasses = getPermittedSubclasses0()) == null) { @@ -4445,16 +4093,6 @@ public final class Class implements java.io.Serializable, .toArray(s -> new Class[s]); } } - if (subClasses.length > 0) { - // If we return some classes we need a security check: - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - checkPackageAccessForPermittedSubclasses(sm, - ClassLoader.getClassLoader(Reflection.getCallerClass()), - subClasses); - } - } return subClasses; } diff --git a/src/java.base/share/classes/java/lang/Module.java b/src/java.base/share/classes/java/lang/Module.java index a90fbc99260..4f9c09bace4 100644 --- a/src/java.base/share/classes/java/lang/Module.java +++ b/src/java.base/share/classes/java/lang/Module.java @@ -39,8 +39,6 @@ import java.lang.reflect.AccessFlag; import java.lang.reflect.AnnotatedElement; import java.net.URI; import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -64,14 +62,12 @@ import jdk.internal.misc.CDS; import jdk.internal.misc.Unsafe; import jdk.internal.misc.VM; import jdk.internal.module.ModuleBootstrap; -import jdk.internal.module.ModuleBootstrap.IllegalNativeAccess; import jdk.internal.module.ModuleLoaderMap; import jdk.internal.module.ServicesCatalog; import jdk.internal.module.Resources; import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.vm.annotation.Stable; -import sun.security.util.SecurityConstants; /** * Represents a run-time module, either {@link #isNamed() named} or unnamed. @@ -198,11 +194,6 @@ public final class Module implements AnnotatedElement { * @return The class loader for this module */ public ClassLoader getClassLoader() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } return loader; } @@ -1556,7 +1547,6 @@ public final class Module implements AnnotatedElement { // cached class file with annotations private volatile Class moduleInfoClass; - @SuppressWarnings("removal") private Class moduleInfoClass() { Class clazz = this.moduleInfoClass; if (clazz != null) @@ -1566,8 +1556,7 @@ public final class Module implements AnnotatedElement { clazz = this.moduleInfoClass; if (clazz == null) { if (isNamed()) { - PrivilegedAction> pa = this::loadModuleInfoClass; - clazz = AccessController.doPrivileged(pa); + clazz = loadModuleInfoClass(); } if (clazz == null) { class DummyModuleInfo { } diff --git a/src/java.base/share/classes/java/lang/ModuleLayer.java b/src/java.base/share/classes/java/lang/ModuleLayer.java index 4ee2b02414d..5dfd93796d2 100644 --- a/src/java.base/share/classes/java/lang/ModuleLayer.java +++ b/src/java.base/share/classes/java/lang/ModuleLayer.java @@ -44,7 +44,6 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.Stream; -import jdk.internal.javac.PreviewFeature; import jdk.internal.javac.Restricted; import jdk.internal.loader.ClassLoaderValue; import jdk.internal.loader.Loader; @@ -54,7 +53,6 @@ import jdk.internal.misc.CDS; import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.vm.annotation.Stable; -import sun.security.util.SecurityConstants; /** * A layer of modules in the Java virtual machine. @@ -505,9 +503,6 @@ public final class ModuleLayer { List parents = List.copyOf(parentLayers); checkConfiguration(cf, parents); - checkCreateClassLoaderPermission(); - checkGetClassLoaderPermission(); - try { Loader loader = new Loader(cf.modules(), parentLoader); loader.initRemotePackageMap(cf, parents); @@ -572,9 +567,6 @@ public final class ModuleLayer { List parents = List.copyOf(parentLayers); checkConfiguration(cf, parents); - checkCreateClassLoaderPermission(); - checkGetClassLoaderPermission(); - LoaderPool pool = new LoaderPool(cf, parents, parentLoader); try { ModuleLayer layer = new ModuleLayer(cf, parents, pool::loaderFor); @@ -654,8 +646,6 @@ public final class ModuleLayer { checkConfiguration(cf, parents); Objects.requireNonNull(clf); - checkGetClassLoaderPermission(); - // The boot layer is checked during module system initialization if (boot() != null) { checkForDuplicatePkgs(cf, clf); @@ -693,20 +683,6 @@ public final class ModuleLayer { } } - private static void checkCreateClassLoaderPermission() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); - } - - private static void checkGetClassLoaderPermission() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - /** * Checks a configuration and the module-to-loader mapping to ensure that * no two modules mapped to the same class loader have the same package. diff --git a/src/java.base/share/classes/java/lang/Package.java b/src/java.base/share/classes/java/lang/Package.java index d48320a66cf..424c390c8ef 100644 --- a/src/java.base/share/classes/java/lang/Package.java +++ b/src/java.base/share/classes/java/lang/Package.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,8 +30,6 @@ import java.lang.reflect.AnnotatedElement; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Objects; import jdk.internal.loader.BootLoader; @@ -417,9 +415,7 @@ public class Package extends NamedPackage implements java.lang.reflect.Annotated // find package-info.class defined by loader String cn = packageName() + ".package-info"; Module module = module(); - PrivilegedAction pa = module::getClassLoader; - @SuppressWarnings("removal") - ClassLoader loader = AccessController.doPrivileged(pa); + ClassLoader loader = module.getClassLoader(); Class c; if (loader != null) { c = loader.loadClass(module, cn); diff --git a/src/java.base/share/classes/java/lang/PublicMethods.java b/src/java.base/share/classes/java/lang/PublicMethods.java index b9851e2f049..03b3ad86a7a 100644 --- a/src/java.base/share/classes/java/lang/PublicMethods.java +++ b/src/java.base/share/classes/java/lang/PublicMethods.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,6 @@ import jdk.internal.reflect.ReflectionFactory; import java.lang.reflect.Method; import java.lang.reflect.Modifier; -import java.security.AccessController; import java.util.Arrays; import java.util.LinkedHashMap; import java.util.Map; @@ -88,10 +87,7 @@ final class PublicMethods { * Method (name, parameter types) tuple. */ private static final class Key { - @SuppressWarnings("removal") - private static final ReflectionFactory reflectionFactory = - AccessController.doPrivileged( - new ReflectionFactory.GetReflectionFactoryAction()); + private static final ReflectionFactory reflectionFactory = ReflectionFactory.getReflectionFactory(); private final String name; // must be interned (as from Method.getName()) private final Class[] ptypes; diff --git a/src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java b/src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java index a9bfff152e6..b42a8d39353 100644 --- a/src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java +++ b/src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java @@ -107,9 +107,6 @@ import static sun.invoke.util.Wrapper.isWrapperType; * implemented by invoking the implementation method * @throws LambdaConversionException If any of the meta-factory protocol * invariants are violated - * @throws SecurityException If a security manager is present, and it - * denies access - * from {@code caller} to the package of {@code implementation}. */ AbstractValidatingLambdaMetafactory(MethodHandles.Lookup caller, MethodType factoryType, @@ -138,7 +135,7 @@ import static sun.invoke.util.Wrapper.isWrapperType; this.implementation = implementation; this.implMethodType = implementation.type(); try { - this.implInfo = caller.revealDirect(implementation); // may throw SecurityException + this.implInfo = caller.revealDirect(implementation); } catch (IllegalArgumentException e) { throw new LambdaConversionException(implementation + " is not direct or cannot be cracked"); } diff --git a/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java b/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java index f01fc004986..0e73a02077a 100644 --- a/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java +++ b/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package java.lang.invoke; -import java.security.*; import java.lang.reflect.*; import java.lang.invoke.MethodHandles.Lookup; @@ -85,16 +84,13 @@ final class InfoFromMemberName implements MethodHandleInfo { // For more information see comments on {@link MethodHandleNatives#linkMethod}. throw new IllegalArgumentException("cannot reflect signature polymorphic method"); } - @SuppressWarnings("removal") - Member mem = AccessController.doPrivileged(new PrivilegedAction<>() { - public Member run() { - try { - return reflectUnchecked(); - } catch (ReflectiveOperationException ex) { - throw new IllegalArgumentException(ex); - } - } - }); + + Member mem; + try { + mem = reflectUnchecked(); + } catch (ReflectiveOperationException ex) { + throw new IllegalArgumentException(ex); + } try { Class defc = getDeclaringClass(); byte refKind = (byte) getReferenceKind(); diff --git a/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java b/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java index 93784004994..985e2bed434 100644 --- a/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java +++ b/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java @@ -29,7 +29,6 @@ import jdk.internal.constant.ClassOrInterfaceDescImpl; import jdk.internal.misc.CDS; import jdk.internal.util.ClassFileDumper; import sun.invoke.util.VerifyAccess; -import sun.security.action.GetBooleanAction; import java.io.Serializable; import java.lang.classfile.ClassBuilder; @@ -83,7 +82,7 @@ import sun.invoke.util.Wrapper; lambdaProxyClassFileDumper = ClassFileDumper.getInstance(dumpProxyClassesKey, "DUMP_LAMBDA_PROXY_CLASS_FILES"); final String disableEagerInitializationKey = "jdk.internal.lambda.disableEagerInitialization"; - disableEagerInitialization = GetBooleanAction.privilegedGetProperty(disableEagerInitializationKey); + disableEagerInitialization = Boolean.getBoolean(disableEagerInitializationKey); } // See context values in AbstractValidatingLambdaMetafactory @@ -134,9 +133,6 @@ import sun.invoke.util.Wrapper; * implemented by invoking the implementation method * @throws LambdaConversionException If any of the meta-factory protocol * invariants are violated - * @throws SecurityException If a security manager is present, and it - * denies access - * from {@code caller} to the package of {@code implementation}. */ public InnerClassLambdaMetafactory(MethodHandles.Lookup caller, MethodType factoryType, diff --git a/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java b/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java index fd3e20a524e..e94b1dc40f2 100644 --- a/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java @@ -1208,11 +1208,7 @@ abstract class MethodHandleImpl { private static boolean checkInjectedInvoker(Class hostClass, Class invokerClass) { assert (hostClass.getClassLoader() == invokerClass.getClassLoader()) : hostClass.getName()+" (CL)"; - try { - assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)"; - } catch (SecurityException ex) { - // Self-check was blocked by security manager. This is OK. - } + assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)"; try { // Test the invoker to ensure that it really injects into the right place. MethodHandle invoker = IMPL_LOOKUP.findStatic(invokerClass, "invoke_V", INVOKER_MT); diff --git a/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java b/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java index dcfa671a17f..0ab2dbfdae9 100644 --- a/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java @@ -33,8 +33,6 @@ import java.lang.ref.WeakReference; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.UndeclaredThrowableException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -56,10 +54,7 @@ import java.lang.classfile.TypeKind; import jdk.internal.constant.ConstantUtils; import jdk.internal.loader.ClassLoaders; import jdk.internal.module.Modules; -import jdk.internal.reflect.CallerSensitive; -import jdk.internal.reflect.Reflection; import jdk.internal.util.ClassFileDumper; -import sun.reflect.misc.ReflectUtil; import static java.lang.constant.ConstantDescs.*; import static java.lang.invoke.MethodHandleStatics.*; @@ -159,7 +154,6 @@ public class MethodHandleProxies { * be converted to the type required by the requested interface */ @SuppressWarnings("doclint:reference") // cross-module links - @CallerSensitive public static T asInterfaceInstance(final Class intfc, final MethodHandle target) { if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers())) throw newIllegalArgumentException("not a public interface", intfc.getName()); @@ -168,17 +162,7 @@ public class MethodHandleProxies { if (intfc.isHidden()) throw newIllegalArgumentException("a hidden interface", intfc.getName()); Objects.requireNonNull(target); - final MethodHandle mh; - @SuppressWarnings("removal") - var sm = System.getSecurityManager(); - if (sm != null) { - final Class caller = Reflection.getCallerClass(); - final ClassLoader ccl = caller != null ? caller.getClassLoader() : null; - ReflectUtil.checkProxyPackageAccess(ccl, intfc); - mh = ccl != null ? bindCaller(target, caller) : target; - } else { - mh = target; - } + final MethodHandle mh = target; // Define one hidden class for each interface. Create an instance of // the hidden class for a given target method handle which will be @@ -283,17 +267,7 @@ public class MethodHandleProxies { // define the dynamic module to the class loader of the interface var definer = new Lookup(intfc).makeHiddenClassDefiner(className, template, DUMPER); - @SuppressWarnings("removal") - var sm = System.getSecurityManager(); - Lookup lookup; - if (sm != null) { - @SuppressWarnings("removal") - var l = AccessController.doPrivileged((PrivilegedAction) () -> - definer.defineClassAsLookup(true)); - lookup = l; - } else { - lookup = definer.defineClassAsLookup(true); - } + Lookup lookup = definer.defineClassAsLookup(true); // cache the wrapper type var ret = lookup.lookupClass(); WRAPPER_TYPES.add(ret); diff --git a/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java b/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java index 7d87d4f79a8..f50edd5626a 100644 --- a/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java @@ -28,7 +28,6 @@ package java.lang.invoke; import jdk.internal.misc.CDS; import jdk.internal.misc.Unsafe; import jdk.internal.util.ClassFileDumper; -import sun.security.action.GetPropertyAction; import java.lang.reflect.ClassFileFormatVersion; import java.util.Properties; @@ -66,7 +65,7 @@ class MethodHandleStatics { static final ClassFileDumper DUMP_CLASS_FILES; static { - Properties props = GetPropertyAction.privilegedGetProperties(); + Properties props = System.getProperties(); DEBUG_METHOD_HANDLE_NAMES = Boolean.parseBoolean( props.getProperty("java.lang.invoke.MethodHandle.DEBUG_NAMES")); diff --git a/src/java.base/share/classes/java/lang/invoke/MethodHandles.java b/src/java.base/share/classes/java/lang/invoke/MethodHandles.java index b077c730440..7542b0e513a 100644 --- a/src/java.base/share/classes/java/lang/invoke/MethodHandles.java +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandles.java @@ -36,8 +36,6 @@ import jdk.internal.vm.annotation.ForceInline; import sun.invoke.util.ValueConversions; import sun.invoke.util.VerifyAccess; import sun.invoke.util.Wrapper; -import sun.reflect.misc.ReflectUtil; -import sun.security.util.SecurityConstants; import java.lang.classfile.ClassFile; import java.lang.classfile.ClassModel; @@ -243,9 +241,6 @@ public class MethodHandles { return new Lookup(targetClass); } - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) sm.checkPermission(SecurityConstants.ACCESS_PERMISSION); if (targetClass.isPrimitive()) throw new IllegalArgumentException(targetClass + " is a primitive class"); if (targetClass.isArray()) @@ -463,9 +458,6 @@ public class MethodHandles { * @since 1.8 */ public static T reflectAs(Class expected, MethodHandle target) { - @SuppressWarnings("removal") - SecurityManager smgr = System.getSecurityManager(); - if (smgr != null) smgr.checkPermission(SecurityConstants.ACCESS_PERMISSION); Lookup lookup = Lookup.IMPL_LOOKUP; // use maximally privileged lookup return lookup.revealDirect(target).reflectAs(expected, lookup); } @@ -741,8 +733,6 @@ public class MethodHandles { *

    *
  • access private fields, methods, and constructors of the lookup class and its nestmates *
  • create method handles which {@link Lookup#findSpecial emulate invokespecial} instructions - *
  • avoid package access checks - * for classes accessible to the lookup class *
  • create {@link Lookup#in delegated lookup objects} which have private access to other classes * within the same package member *
@@ -1759,23 +1749,11 @@ public class MethodHandles { * @see ClassLoader#defineClass(String,byte[],int,int,ProtectionDomain) */ public Class defineClass(byte[] bytes) throws IllegalAccessException { - ensureDefineClassPermission(); if ((lookupModes() & PACKAGE) == 0) throw new IllegalAccessException("Lookup does not have PACKAGE access"); return makeClassDefiner(bytes.clone()).defineClass(false); } - private void ensureDefineClassPermission() { - if (allowedModes == TRUSTED) return; - - if (!hasFullPrivilegeAccess()) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(new RuntimePermission("defineClass")); - } - } - /** * The set of class options that specify whether a hidden class created by * {@link Lookup#defineHiddenClass(byte[], boolean, ClassOption...) @@ -2042,7 +2020,6 @@ public class MethodHandles { { Objects.requireNonNull(bytes); int flags = ClassOption.optionsToFlag(options); - ensureDefineClassPermission(); if (!hasFullPrivilegeAccess()) { throw new IllegalAccessException(this + " does not have full privilege access"); } @@ -2128,7 +2105,6 @@ public class MethodHandles { int flags = ClassOption.optionsToFlag(options); - ensureDefineClassPermission(); if (!hasFullPrivilegeAccess()) { throw new IllegalAccessException(this + " does not have full privilege access"); } @@ -2768,7 +2744,6 @@ assertEquals("[x, y, z]", pb.command().toString()); if (!VerifyAccess.isClassAccessible(targetClass, lookupClass, prevLookupClass, allowedModes)) { throw makeAccessException(targetClass); } - checkSecurityManager(targetClass); // ensure class initialization Unsafe.getUnsafe().ensureClassInitialized(targetClass); @@ -2872,7 +2847,6 @@ assertEquals("[x, y, z]", pb.command().toString()); if (!isClassAccessible(targetClass)) { throw makeAccessException(targetClass); } - checkSecurityManager(targetClass); return targetClass; } @@ -3292,7 +3266,7 @@ return mh1; assert(method.isMethod()); @SuppressWarnings("deprecation") Lookup lookup = m.isAccessible() ? IMPL_LOOKUP : this; - return lookup.getDirectMethodNoSecurityManager(refKind, method.getDeclaringClass(), method, findBoundCallerLookup(method)); + return lookup.getDirectMethod(refKind, method.getDeclaringClass(), method, findBoundCallerLookup(method)); } private MethodHandle unreflectForMH(Method m) { // these names require special lookups because they throw UnsupportedOperationException @@ -3343,7 +3317,7 @@ return mh1; MemberName method = new MemberName(m, true); assert(method.isMethod()); // ignore m.isAccessible: this is a new kind of access - return specialLookup.getDirectMethodNoSecurityManager(REF_invokeSpecial, method.getDeclaringClass(), method, findBoundCallerLookup(method)); + return specialLookup.getDirectMethod(REF_invokeSpecial, method.getDeclaringClass(), method, findBoundCallerLookup(method)); } /** @@ -3375,12 +3349,12 @@ return mh1; assert(ctor.isConstructor()); @SuppressWarnings("deprecation") Lookup lookup = c.isAccessible() ? IMPL_LOOKUP : this; - return lookup.getDirectConstructorNoSecurityManager(ctor.getDeclaringClass(), ctor); + return lookup.getDirectConstructor(ctor.getDeclaringClass(), ctor); } /* * Produces a method handle that is capable of creating instances of the given class - * and instantiated by the given constructor. No security manager check. + * and instantiated by the given constructor. * * This method should only be used by ReflectionFactory::newConstructorForSerialization. */ @@ -3473,7 +3447,7 @@ return mh1; : MethodHandleNatives.refKindIsGetter(field.getReferenceKind())); @SuppressWarnings("deprecation") Lookup lookup = f.isAccessible() ? IMPL_LOOKUP : this; - return lookup.getDirectFieldNoSecurityManager(field.getReferenceKind(), f.getDeclaringClass(), field); + return lookup.getDirectField(field.getReferenceKind(), f.getDeclaringClass(), field); } /** @@ -3550,8 +3524,8 @@ return mh1; public VarHandle unreflectVarHandle(Field f) throws IllegalAccessException { MemberName getField = new MemberName(f, false); MemberName putField = new MemberName(f, true); - return getFieldVarHandleNoSecurityManager(getField.getReferenceKind(), putField.getReferenceKind(), - f.getDeclaringClass(), getField, putField); + return getFieldVarHandle(getField.getReferenceKind(), putField.getReferenceKind(), + f.getDeclaringClass(), getField, putField); } /** @@ -3586,10 +3560,9 @@ return mh1; if (refKind == REF_invokeVirtual && defc.isInterface()) // Symbolic reference is through interface but resolves to Object method (toString, etc.) refKind = REF_invokeInterface; - // Check SM permissions and member access before cracking. + // Check member access before cracking. try { checkAccess(refKind, defc, member); - checkSecurityManager(defc, member); } catch (IllegalAccessException ex) { throw new IllegalArgumentException(ex); } @@ -3716,69 +3689,6 @@ return mh1; return (allowedModes & (PRIVATE|MODULE)) == (PRIVATE|MODULE); } - /** - * Perform steps 1 and 2b access checks - * for ensureInitialized, findClass or accessClass. - */ - void checkSecurityManager(Class refc) { - if (allowedModes == TRUSTED) return; - - @SuppressWarnings("removal") - SecurityManager smgr = System.getSecurityManager(); - if (smgr == null) return; - - // Step 1: - boolean fullPrivilegeLookup = hasFullPrivilegeAccess(); - if (!fullPrivilegeLookup || - !VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) { - ReflectUtil.checkPackageAccess(refc); - } - - // Step 2b: - if (!fullPrivilegeLookup) { - smgr.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - } - - /** - * Perform steps 1, 2a and 3 access checks. - * Determines a trustable caller class to compare with refc, the symbolic reference class. - * If this lookup object has full privilege access except original access, - * then the caller class is the lookupClass. - * - * Lookup object created by {@link MethodHandles#privateLookupIn(Class, Lookup)} - * from the same module skips the security permission check. - */ - void checkSecurityManager(Class refc, MemberName m) { - Objects.requireNonNull(refc); - Objects.requireNonNull(m); - - if (allowedModes == TRUSTED) return; - - @SuppressWarnings("removal") - SecurityManager smgr = System.getSecurityManager(); - if (smgr == null) return; - - // Step 1: - boolean fullPrivilegeLookup = hasFullPrivilegeAccess(); - if (!fullPrivilegeLookup || - !VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) { - ReflectUtil.checkPackageAccess(refc); - } - - // Step 2a: - if (m.isPublic()) return; - if (!fullPrivilegeLookup) { - smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); - } - - // Step 3: - Class defc = m.getDeclaringClass(); - if (!fullPrivilegeLookup && defc != refc) { - ReflectUtil.checkPackageAccess(defc); - } - } - void checkMethod(byte refKind, Class refc, MemberName m) throws IllegalAccessException { boolean wantStatic = (refKind == REF_invokeStatic); String message; @@ -3918,30 +3828,18 @@ return mh1; /** Check access and get the requested method. */ private MethodHandle getDirectMethod(byte refKind, Class refc, MemberName method, Lookup callerLookup) throws IllegalAccessException { final boolean doRestrict = true; - final boolean checkSecurity = true; - return getDirectMethodCommon(refKind, refc, method, checkSecurity, doRestrict, callerLookup); + return getDirectMethodCommon(refKind, refc, method, doRestrict, callerLookup); } /** Check access and get the requested method, for invokespecial with no restriction on the application of narrowing rules. */ private MethodHandle getDirectMethodNoRestrictInvokeSpecial(Class refc, MemberName method, Lookup callerLookup) throws IllegalAccessException { final boolean doRestrict = false; - final boolean checkSecurity = true; - return getDirectMethodCommon(REF_invokeSpecial, refc, method, checkSecurity, doRestrict, callerLookup); - } - /** Check access and get the requested method, eliding security manager checks. */ - private MethodHandle getDirectMethodNoSecurityManager(byte refKind, Class refc, MemberName method, Lookup callerLookup) throws IllegalAccessException { - final boolean doRestrict = true; - final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants - return getDirectMethodCommon(refKind, refc, method, checkSecurity, doRestrict, callerLookup); + return getDirectMethodCommon(REF_invokeSpecial, refc, method, doRestrict, callerLookup); } /** Common code for all methods; do not call directly except from immediately above. */ private MethodHandle getDirectMethodCommon(byte refKind, Class refc, MemberName method, - boolean checkSecurity, boolean doRestrict, Lookup boundCaller) throws IllegalAccessException { checkMethod(refKind, refc, method); - // Optionally check with the security manager; this isn't needed for unreflect* calls. - if (checkSecurity) - checkSecurityManager(refc, method); assert(!method.isMethodHandleInvoke()); if (refKind == REF_invokeSpecial && @@ -4010,21 +3908,11 @@ return mh1; /** Check access and get the requested field. */ private MethodHandle getDirectField(byte refKind, Class refc, MemberName field) throws IllegalAccessException { - final boolean checkSecurity = true; - return getDirectFieldCommon(refKind, refc, field, checkSecurity); - } - /** Check access and get the requested field, eliding security manager checks. */ - private MethodHandle getDirectFieldNoSecurityManager(byte refKind, Class refc, MemberName field) throws IllegalAccessException { - final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants - return getDirectFieldCommon(refKind, refc, field, checkSecurity); + return getDirectFieldCommon(refKind, refc, field); } /** Common code for all fields; do not call directly except from immediately above. */ - private MethodHandle getDirectFieldCommon(byte refKind, Class refc, MemberName field, - boolean checkSecurity) throws IllegalAccessException { + private MethodHandle getDirectFieldCommon(byte refKind, Class refc, MemberName field) throws IllegalAccessException { checkField(refKind, refc, field); - // Optionally check with the security manager; this isn't needed for unreflect* calls. - if (checkSecurity) - checkSecurityManager(refc, field); DirectMethodHandle dmh = DirectMethodHandle.make(refc, field); boolean doRestrict = (MethodHandleNatives.refKindHasReceiver(refKind) && restrictProtectedReceiver(field)); @@ -4035,26 +3923,17 @@ return mh1; private VarHandle getFieldVarHandle(byte getRefKind, byte putRefKind, Class refc, MemberName getField, MemberName putField) throws IllegalAccessException { - final boolean checkSecurity = true; - return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField, checkSecurity); - } - private VarHandle getFieldVarHandleNoSecurityManager(byte getRefKind, byte putRefKind, - Class refc, MemberName getField, MemberName putField) - throws IllegalAccessException { - final boolean checkSecurity = false; - return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField, checkSecurity); + return getFieldVarHandleCommon(getRefKind, putRefKind, refc, getField, putField); } private VarHandle getFieldVarHandleCommon(byte getRefKind, byte putRefKind, - Class refc, MemberName getField, MemberName putField, - boolean checkSecurity) throws IllegalAccessException { + Class refc, MemberName getField, + MemberName putField) throws IllegalAccessException { assert getField.isStatic() == putField.isStatic(); assert getField.isGetter() && putField.isSetter(); assert MethodHandleNatives.refKindIsStatic(getRefKind) == MethodHandleNatives.refKindIsStatic(putRefKind); assert MethodHandleNatives.refKindIsGetter(getRefKind) && MethodHandleNatives.refKindIsSetter(putRefKind); checkField(getRefKind, refc, getField); - if (checkSecurity) - checkSecurityManager(refc, getField); if (!putField.isFinal()) { // A VarHandle does not support updates to final fields, any @@ -4062,8 +3941,6 @@ return mh1; // therefore the following write-based accessibility checks are // only required for non-final fields checkField(putRefKind, refc, putField); - if (checkSecurity) - checkSecurityManager(refc, putField); } boolean doRestrict = (MethodHandleNatives.refKindHasReceiver(getRefKind) && @@ -4081,22 +3958,12 @@ return mh1; } /** Check access and get the requested constructor. */ private MethodHandle getDirectConstructor(Class refc, MemberName ctor) throws IllegalAccessException { - final boolean checkSecurity = true; - return getDirectConstructorCommon(refc, ctor, checkSecurity); - } - /** Check access and get the requested constructor, eliding security manager checks. */ - private MethodHandle getDirectConstructorNoSecurityManager(Class refc, MemberName ctor) throws IllegalAccessException { - final boolean checkSecurity = false; // not needed for reflection or for linking CONSTANT_MH constants - return getDirectConstructorCommon(refc, ctor, checkSecurity); + return getDirectConstructorCommon(refc, ctor); } /** Common code for all constructors; do not call directly except from immediately above. */ - private MethodHandle getDirectConstructorCommon(Class refc, MemberName ctor, - boolean checkSecurity) throws IllegalAccessException { + private MethodHandle getDirectConstructorCommon(Class refc, MemberName ctor) throws IllegalAccessException { assert(ctor.isConstructor()); checkAccess(REF_newInvokeSpecial, refc, ctor); - // Optionally check with the security manager; this isn't needed for unreflect* calls. - if (checkSecurity) - checkSecurityManager(refc, ctor); assert(!MethodHandleNatives.isCallerSensitive(ctor)); // maybeBindCaller not relevant here return DirectMethodHandle.make(ctor).setVarargs(ctor); } @@ -4163,14 +4030,9 @@ return mh1; return false; } } - try { - MemberName resolved2 = publicLookup().resolveOrNull(refKind, + MemberName resolved2 = publicLookup().resolveOrNull(refKind, new MemberName(refKind, defc, member.getName(), member.getType())); - if (resolved2 == null) { - return false; - } - checkSecurityManager(defc, resolved2); - } catch (SecurityException ex) { + if (resolved2 == null) { return false; } return true; @@ -4178,11 +4040,11 @@ return mh1; private MethodHandle getDirectMethodForConstant(byte refKind, Class defc, MemberName member) throws ReflectiveOperationException { if (MethodHandleNatives.refKindIsField(refKind)) { - return getDirectFieldNoSecurityManager(refKind, defc, member); + return getDirectField(refKind, defc, member); } else if (MethodHandleNatives.refKindIsMethod(refKind)) { - return getDirectMethodNoSecurityManager(refKind, defc, member, findBoundCallerLookup(member)); + return getDirectMethod(refKind, defc, member, findBoundCallerLookup(member)); } else if (refKind == REF_newInvokeSpecial) { - return getDirectConstructorNoSecurityManager(defc, member); + return getDirectConstructor(defc, member); } // oops throw newIllegalArgumentException("bad MethodHandle constant #"+member); diff --git a/src/java.base/share/classes/java/lang/invoke/MethodType.java b/src/java.base/share/classes/java/lang/invoke/MethodType.java index a7afea7c939..2b3843b09e3 100644 --- a/src/java.base/share/classes/java/lang/invoke/MethodType.java +++ b/src/java.base/share/classes/java/lang/invoke/MethodType.java @@ -28,21 +28,15 @@ package java.lang.invoke; import java.lang.constant.ClassDesc; import java.lang.constant.Constable; import java.lang.constant.MethodTypeDesc; -import java.lang.ref.Reference; -import java.lang.ref.ReferenceQueue; -import java.lang.ref.WeakReference; import java.util.Arrays; import java.util.Collections; import java.util.function.Supplier; import java.util.List; import java.util.Map; -import java.util.NoSuchElementException; import java.util.Objects; import java.util.Optional; import java.util.StringJoiner; import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; -import java.util.stream.Stream; import jdk.internal.util.ReferencedKeySet; import jdk.internal.util.ReferenceKey; @@ -50,7 +44,6 @@ import jdk.internal.vm.annotation.Stable; import sun.invoke.util.BytecodeDescriptor; import sun.invoke.util.VerifyType; import sun.invoke.util.Wrapper; -import sun.security.util.SecurityConstants; import static java.lang.invoke.MethodHandleStatics.UNSAFE; import static java.lang.invoke.MethodHandleStatics.newIllegalArgumentException; @@ -1183,13 +1176,6 @@ class MethodType public static MethodType fromMethodDescriptorString(String descriptor, ClassLoader loader) throws IllegalArgumentException, TypeNotPresentException { - if (loader == null) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - } return fromDescriptor(descriptor, (loader == null) ? ClassLoader.getSystemClassLoader() : loader); } diff --git a/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java b/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java index 41aec5c47a1..3767bf23388 100644 --- a/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java +++ b/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,6 @@ import java.io.Serializable; import java.io.InvalidObjectException; import java.io.ObjectStreamException; import java.lang.reflect.Method; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Objects; /** @@ -265,25 +262,11 @@ public final class SerializedLambda implements Serializable { @java.io.Serial private Object readResolve() throws ObjectStreamException { try { - @SuppressWarnings("removal") - Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<>() { - @Override - public Method run() throws Exception { - Method m = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class); - m.setAccessible(true); - return m; - } - }); - + Method deserialize = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class); + deserialize.setAccessible(true); return deserialize.invoke(null, this); } catch (ReflectiveOperationException roe) { throw new InvalidObjectException("ReflectiveOperationException during deserialization", roe); - } catch (PrivilegedActionException e) { - Exception cause = e.getException(); - if (cause instanceof RuntimeException re) - throw re; - else - throw new RuntimeException("Exception in SerializedLambda.readResolve", e); } } diff --git a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java index 8ed4485666f..a045f9c196a 100644 --- a/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java +++ b/src/java.base/share/classes/java/lang/reflect/AccessibleObject.java @@ -28,15 +28,12 @@ package java.lang.reflect; import java.lang.annotation.Annotation; import java.lang.invoke.MethodHandle; import java.lang.ref.WeakReference; -import java.security.AccessController; import jdk.internal.access.SharedSecrets; import jdk.internal.misc.VM; import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; -import sun.security.action.GetPropertyAction; -import sun.security.util.SecurityConstants; /** * The {@code AccessibleObject} class is the base class for {@code Field}, @@ -81,17 +78,6 @@ public class AccessibleObject implements AnnotatedElement { SharedSecrets.setJavaLangReflectAccess(new ReflectAccess()); } - static void checkPermission() { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - // SecurityConstants.ACCESS_PERMISSION is used to check - // whether a client has sufficient privilege to defeat Java - // language access control checks. - sm.checkPermission(SecurityConstants.ACCESS_PERMISSION); - } - } - /** * Convenience method to set the {@code accessible} flag for an * array of reflected objects. @@ -114,7 +100,6 @@ public class AccessibleObject implements AnnotatedElement { */ @CallerSensitive public static void setAccessible(AccessibleObject[] array, boolean flag) { - checkPermission(); if (flag) { Class caller = Reflection.getCallerClass(); array = array.clone(); @@ -196,7 +181,6 @@ public class AccessibleObject implements AnnotatedElement { */ @CallerSensitive // overrides in Method/Field/Constructor are @CS public void setAccessible(boolean flag) { - AccessibleObject.checkPermission(); setAccessible0(flag); } @@ -257,8 +241,6 @@ public class AccessibleObject implements AnnotatedElement { */ @CallerSensitive public final boolean trySetAccessible() { - AccessibleObject.checkPermission(); - if (override == true) return true; // if it's not a Constructor, Method, Field then no access check @@ -502,10 +484,7 @@ public class AccessibleObject implements AnnotatedElement { // Reflection factory used by subclasses for creating field, // method, and constructor accessors. Note that this is called // very early in the bootstrapping process. - @SuppressWarnings("removal") - static final ReflectionFactory reflectionFactory = - AccessController.doPrivileged( - new ReflectionFactory.GetReflectionFactoryAction()); + static final ReflectionFactory reflectionFactory = ReflectionFactory.getReflectionFactory(); /** * {@inheritDoc} @@ -623,8 +602,7 @@ public class AccessibleObject implements AnnotatedElement { // For non-public members or members in package-private classes, // it is necessary to perform somewhat expensive access checks. // If the access check succeeds for a given class, it will - // always succeed (it is not affected by the granting or revoking - // of permissions); we speed up the check in the common case by + // always succeed; we speed up the check in the common case by // remembering the last Class for which the check succeeded. // // The simple access check for Constructor is to see if @@ -756,8 +734,7 @@ public class AccessibleObject implements AnnotatedElement { */ private static boolean printStackTraceWhenAccessFails() { if (!printStackPropertiesSet && VM.initLevel() >= 1) { - String s = GetPropertyAction.privilegedGetProperty( - "sun.reflect.debugModuleAccessChecks"); + String s = System.getProperty("sun.reflect.debugModuleAccessChecks"); if (s != null) { printStackWhenAccessFails = !s.equalsIgnoreCase("false"); } diff --git a/src/java.base/share/classes/java/lang/reflect/Constructor.java b/src/java.base/share/classes/java/lang/reflect/Constructor.java index 5eeceb68920..30445307369 100644 --- a/src/java.base/share/classes/java/lang/reflect/Constructor.java +++ b/src/java.base/share/classes/java/lang/reflect/Constructor.java @@ -181,7 +181,6 @@ public final class Constructor extends Executable { @Override @CallerSensitive public void setAccessible(boolean flag) { - AccessibleObject.checkPermission(); if (flag) { checkCanSetAccessible(Reflection.getCallerClass()); } diff --git a/src/java.base/share/classes/java/lang/reflect/Field.java b/src/java.base/share/classes/java/lang/reflect/Field.java index f13893310a9..bffa211fe12 100644 --- a/src/java.base/share/classes/java/lang/reflect/Field.java +++ b/src/java.base/share/classes/java/lang/reflect/Field.java @@ -170,7 +170,6 @@ class Field extends AccessibleObject implements Member { @Override @CallerSensitive public void setAccessible(boolean flag) { - AccessibleObject.checkPermission(); if (flag) checkCanSetAccessible(Reflection.getCallerClass()); setAccessible0(flag); } @@ -1155,7 +1154,6 @@ class Field extends AccessibleObject implements Member { modifiers); } - // security check is done before calling this method private FieldAccessor getFieldAccessor() { FieldAccessor a = fieldAccessor; return (a != null) ? a : acquireFieldAccessor(); diff --git a/src/java.base/share/classes/java/lang/reflect/Method.java b/src/java.base/share/classes/java/lang/reflect/Method.java index e60d83de0c8..f1d5ee63919 100644 --- a/src/java.base/share/classes/java/lang/reflect/Method.java +++ b/src/java.base/share/classes/java/lang/reflect/Method.java @@ -173,7 +173,6 @@ public final class Method extends Executable { @Override @CallerSensitive public void setAccessible(boolean flag) { - AccessibleObject.checkPermission(); if (flag) checkCanSetAccessible(Reflection.getCallerClass()); setAccessible0(flag); } diff --git a/src/java.base/share/classes/java/lang/reflect/Proxy.java b/src/java.base/share/classes/java/lang/reflect/Proxy.java index fade83c0b38..77f3d3e1e71 100644 --- a/src/java.base/share/classes/java/lang/reflect/Proxy.java +++ b/src/java.base/share/classes/java/lang/reflect/Proxy.java @@ -30,8 +30,6 @@ import java.lang.invoke.MethodHandles; import java.lang.invoke.MethodType; import java.lang.invoke.WrongMethodTypeException; import java.lang.module.ModuleDescriptor; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayDeque; import java.util.Arrays; import java.util.Collections; @@ -52,13 +50,9 @@ import jdk.internal.access.JavaLangAccess; import jdk.internal.access.SharedSecrets; import jdk.internal.module.Modules; import jdk.internal.misc.VM; -import jdk.internal.reflect.CallerSensitive; -import jdk.internal.reflect.Reflection; import jdk.internal.loader.ClassLoaderValue; import jdk.internal.vm.annotation.Stable; import sun.reflect.misc.ReflectUtil; -import sun.security.action.GetPropertyAction; -import sun.security.util.SecurityConstants; import static java.lang.invoke.MethodType.methodType; import static java.lang.module.ModuleDescriptor.Modifier.SYNTHETIC; @@ -366,17 +360,11 @@ public class Proxy implements java.io.Serializable { * @see Package and Module Membership of Proxy Class */ @Deprecated - @CallerSensitive public static Class getProxyClass(ClassLoader loader, Class... interfaces) throws IllegalArgumentException { - @SuppressWarnings("removal") - Class caller = System.getSecurityManager() == null - ? null - : Reflection.getCallerClass(); - - return getProxyConstructor(caller, loader, interfaces) + return getProxyConstructor(loader, interfaces) .getDeclaringClass(); } @@ -386,25 +374,18 @@ public class Proxy implements java.io.Serializable { * and an array of interfaces. The returned constructor will have the * {@link Constructor#setAccessible(boolean) accessible} flag already set. * - * @param caller passed from a public-facing @CallerSensitive method if - * SecurityManager is set or {@code null} if there's no - * SecurityManager * @param loader the class loader to define the proxy class * @param interfaces the list of interfaces for the proxy class * to implement * @return a Constructor of the proxy class taking single * {@code InvocationHandler} parameter */ - private static Constructor getProxyConstructor(Class caller, - ClassLoader loader, + private static Constructor getProxyConstructor(ClassLoader loader, Class... interfaces) { // optimization for single interface if (interfaces.length == 1) { Class intf = interfaces[0]; - if (caller != null) { - checkProxyAccess(caller, loader, intf); - } return proxyCache.sub(intf).computeIfAbsent( loader, (ld, clv) -> new ProxyBuilder(ld, clv.key()).build() @@ -412,9 +393,6 @@ public class Proxy implements java.io.Serializable { } else { // interfaces cloned final Class[] intfsArray = interfaces.clone(); - if (caller != null) { - checkProxyAccess(caller, loader, intfsArray); - } final List> intfs = Arrays.asList(intfsArray); return proxyCache.sub(intfs).computeIfAbsent( loader, @@ -423,39 +401,6 @@ public class Proxy implements java.io.Serializable { } } - /* - * Check permissions required to create a Proxy class. - * - * To define a proxy class, it performs the access checks as in - * Class.forName (VM will invoke ClassLoader.checkPackageAccess): - * 1. "getClassLoader" permission check if loader == null - * 2. checkPackageAccess on the interfaces it implements - * - * To get a constructor and new instance of a proxy class, it performs - * the package access check on the interfaces it implements - * as in Class.getConstructor. - * - * If an interface is non-public, the proxy class must be defined by - * the defining loader of the interface. If the caller's class loader - * is not the same as the defining loader of the interface, the VM - * will throw IllegalAccessError when the generated proxy class is - * being defined. - */ - private static void checkProxyAccess(Class caller, - ClassLoader loader, - Class ... interfaces) - { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - ClassLoader ccl = caller.getClassLoader(); - if (loader == null && ccl != null) { - sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION); - } - ReflectUtil.checkProxyPackageAccess(ccl, interfaces); - } - } - /** * Builder for a proxy class. * @@ -516,7 +461,7 @@ public class Proxy implements java.io.Serializable { ? proxyClassNamePrefix + num : context.packageName() + "." + proxyClassNamePrefix + num; - ClassLoader loader = getLoader(context.module()); + ClassLoader loader = context.module().getClassLoader(); trace(proxyName, context.module(), loader, interfaces); /* @@ -586,8 +531,7 @@ public class Proxy implements java.io.Serializable { } } - private static final String DEBUG = - GetPropertyAction.privilegedGetProperty("jdk.proxy.debug", ""); + private static final String DEBUG = System.getProperty("jdk.proxy.debug", ""); private static boolean isDebug() { return !DEBUG.isEmpty(); @@ -618,7 +562,7 @@ public class Proxy implements java.io.Serializable { this.interfaces = interfaces; this.context = proxyClassContext(loader, interfaces, refTypes); - assert getLoader(context.module()) == loader; + assert context.module().getClassLoader() == loader; } ProxyBuilder(ClassLoader loader, Class intf) { @@ -630,11 +574,7 @@ public class Proxy implements java.io.Serializable { * accessible flag already set. If the target module does not have access * to any interface types, IllegalAccessError will be thrown by the VM * at defineClass time. - * - * Must call the checkProxyAccess method to perform permission checks - * before calling this. */ - @SuppressWarnings("removal") Constructor build() { Class proxyClass = defineProxyClass(context, interfaces); @@ -644,12 +584,7 @@ public class Proxy implements java.io.Serializable { } catch (NoSuchMethodException e) { throw new InternalError(e.toString(), e); } - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - cons.setAccessible(true); - return null; - } - }); + cons.setAccessible(true); return cons; } @@ -788,7 +723,7 @@ public class Proxy implements java.io.Serializable { throw new IllegalArgumentException( "cannot have non-public interfaces in different packages"); } - if (getLoader(m) != loader) { + if (m.getClassLoader() != loader) { // the specified loader is not the same class loader // of the non-public interface throw new IllegalArgumentException( @@ -979,36 +914,24 @@ public class Proxy implements java.io.Serializable { * * @see Package and Module Membership of Proxy Class */ - @CallerSensitive public static Object newProxyInstance(ClassLoader loader, Class[] interfaces, InvocationHandler h) { Objects.requireNonNull(h); - @SuppressWarnings("removal") - final Class caller = System.getSecurityManager() == null - ? null - : Reflection.getCallerClass(); - /* * Look up or generate the designated proxy class and its constructor. */ - Constructor cons = getProxyConstructor(caller, loader, interfaces); + Constructor cons = getProxyConstructor(loader, interfaces); - return newProxyInstance(caller, cons, h); + return newProxyInstance(cons, h); } - private static Object newProxyInstance(Class caller, // null if no SecurityManager - Constructor cons, - InvocationHandler h) { + private static Object newProxyInstance(Constructor cons, InvocationHandler h) { /* * Invoke its constructor with the designated invocation handler. */ try { - if (caller != null) { - checkNewProxyPermission(caller, cons.getDeclaringClass()); - } - return cons.newInstance(new Object[]{h}); } catch (IllegalAccessException | InstantiationException e) { throw new InternalError(e.toString(), e); @@ -1022,35 +945,6 @@ public class Proxy implements java.io.Serializable { } } - private static void checkNewProxyPermission(Class caller, Class proxyClass) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - if (ReflectUtil.isNonPublicProxyClass(proxyClass)) { - ClassLoader ccl = caller.getClassLoader(); - ClassLoader pcl = proxyClass.getClassLoader(); - - // do permission check if the caller is in a different runtime package - // of the proxy class - String pkg = proxyClass.getPackageName(); - String callerPkg = caller.getPackageName(); - - if (pcl != ccl || !pkg.equals(callerPkg)) { - sm.checkPermission(new ReflectPermission("newProxyInPackage." + pkg)); - } - } - } - } - - /** - * Returns the class loader for the given module. - */ - @SuppressWarnings("removal") - private static ClassLoader getLoader(Module m) { - PrivilegedAction pa = m::getClassLoader; - return AccessController.doPrivileged(pa); - } - /** * Returns true if the given class is a proxy class. * @@ -1075,8 +969,6 @@ public class Proxy implements java.io.Serializable { * @throws IllegalArgumentException if the argument is not a * proxy instance */ - @SuppressWarnings("removal") - @CallerSensitive public static InvocationHandler getInvocationHandler(Object proxy) throws IllegalArgumentException { @@ -1089,16 +981,6 @@ public class Proxy implements java.io.Serializable { final Proxy p = (Proxy) proxy; final InvocationHandler ih = p.h; - if (System.getSecurityManager() != null) { - Class ihClass = ih.getClass(); - Class caller = Reflection.getCallerClass(); - if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), - ihClass.getClassLoader())) - { - ReflectUtil.checkPackageAccess(ihClass); - } - } - return ih; } @@ -1249,20 +1131,14 @@ public class Proxy implements java.io.Serializable { * * @return a lookup for proxy class of this proxy instance */ - @SuppressWarnings("removal") private static MethodHandles.Lookup proxyClassLookup(MethodHandles.Lookup caller, Class proxyClass) { - return AccessController.doPrivileged(new PrivilegedAction<>() { - @Override - public MethodHandles.Lookup run() { - try { - Method m = proxyClass.getDeclaredMethod("proxyClassLookup", MethodHandles.Lookup.class); - m.setAccessible(true); - return (MethodHandles.Lookup) m.invoke(null, caller); - } catch (ReflectiveOperationException e) { - throw new InternalError(e); - } - } - }); + try { + Method m = proxyClass.getDeclaredMethod("proxyClassLookup", MethodHandles.Lookup.class); + m.setAccessible(true); + return (MethodHandles.Lookup) m.invoke(null, caller); + } catch (ReflectiveOperationException e) { + throw new InternalError(e); + } } /* diff --git a/src/java.base/share/classes/java/lang/reflect/ProxyGenerator.java b/src/java.base/share/classes/java/lang/reflect/ProxyGenerator.java index efbb3919ef5..96e0a7e729f 100644 --- a/src/java.base/share/classes/java/lang/reflect/ProxyGenerator.java +++ b/src/java.base/share/classes/java/lang/reflect/ProxyGenerator.java @@ -43,7 +43,6 @@ import java.util.Objects; import jdk.internal.constant.ClassOrInterfaceDescImpl; import jdk.internal.constant.ConstantUtils; import jdk.internal.constant.MethodTypeDescImpl; -import sun.security.action.GetBooleanAction; import static java.lang.classfile.ClassFile.*; import java.lang.classfile.attribute.StackMapFrameInfo; @@ -106,9 +105,8 @@ final class ProxyGenerator { */ @SuppressWarnings("removal") private static final boolean SAVE_GENERATED_FILES = - java.security.AccessController.doPrivileged( - new GetBooleanAction( - "jdk.proxy.ProxyGenerator.saveGeneratedFiles")); + Boolean.getBoolean("jdk.proxy.ProxyGenerator.saveGeneratedFiles"); + /* Preloaded ProxyMethod objects for methods in java.lang.Object */ private static final Method OBJECT_HASH_CODE_METHOD; @@ -215,27 +213,21 @@ final class ProxyGenerator { final byte[] classFile = gen.generateClassFile(); if (SAVE_GENERATED_FILES) { - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public Void run() { - try { - int i = name.lastIndexOf('.'); - Path path; - if (i > 0) { - Path dir = Path.of(name.substring(0, i).replace('.', '/')); - Files.createDirectories(dir); - path = dir.resolve(name.substring(i + 1) + ".class"); - } else { - path = Path.of(name + ".class"); - } - Files.write(path, classFile); - return null; - } catch (IOException e) { - throw new InternalError( - "I/O exception saving generated file: " + e); - } - } - }); + try { + int i = name.lastIndexOf('.'); + Path path; + if (i > 0) { + Path dir = Path.of(name.substring(0, i).replace('.', '/')); + Files.createDirectories(dir); + path = dir.resolve(name.substring(i + 1) + ".class"); + } else { + path = Path.of(name + ".class"); + } + Files.write(path, classFile); + return null; + } catch (IOException e) { + throw new InternalError("I/O exception saving generated file: " + e); + } } return classFile; @@ -565,11 +557,6 @@ final class ProxyGenerator { /** * Generate the class initializer. - * Discussion: Currently, for Proxy to work with SecurityManager, - * we rely on the parameter classes of the methods to be computed - * from Proxy instead of via user code paths like bootstrap method - * lazy evaluation. That might change if we can pass in the live - * Method objects directly.. */ private void generateStaticInitializer(ClassBuilder clb) { clb.withMethodBody(CLASS_INIT_NAME, MTD_void, ACC_STATIC, cob -> { @@ -786,9 +773,6 @@ final class ProxyGenerator { * Generate code for initializing the static field that stores * the Method object for this proxy method. A class loader is * anticipated at local variable index 0. - * The generated code must be run in an AccessController.doPrivileged - * block if a SecurityManager is present, as otherwise the code - * cannot pass {@code null} ClassLoader to forName. */ private void codeFieldInitialization(CodeBuilder cob) { var cp = cob.constantPool(); diff --git a/src/java.base/share/classes/java/util/ServiceLoader.java b/src/java.base/share/classes/java/util/ServiceLoader.java index 07ed1875190..c634d6321c0 100644 --- a/src/java.base/share/classes/java/util/ServiceLoader.java +++ b/src/java.base/share/classes/java/util/ServiceLoader.java @@ -35,11 +35,6 @@ import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.net.URL; import java.net.URLConnection; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.function.Consumer; import java.util.function.Supplier; import java.util.stream.Stream; @@ -396,10 +391,6 @@ public final class ServiceLoader // null when locating provider using a module layer private final ClassLoader loader; - // The access control context taken when the ServiceLoader is created - @SuppressWarnings("removal") - private final AccessControlContext acc; - // The lazy-lookup iterator for iterator operations private Iterator> lookupIterator1; private final List instantiatedProviders = new ArrayList<>(); @@ -462,7 +453,6 @@ public final class ServiceLoader * If {@code svc} is not accessible to {@code caller} or the caller * module does not use the service type. */ - @SuppressWarnings("removal") private ServiceLoader(Class caller, ModuleLayer layer, Class svc) { Objects.requireNonNull(caller); Objects.requireNonNull(layer); @@ -473,9 +463,6 @@ public final class ServiceLoader this.serviceName = svc.getName(); this.layer = layer; this.loader = null; - this.acc = (System.getSecurityManager() != null) - ? AccessController.getContext() - : null; } /** @@ -486,7 +473,6 @@ public final class ServiceLoader * If {@code svc} is not accessible to {@code caller} or the caller * module does not use the service type. */ - @SuppressWarnings("removal") private ServiceLoader(Class caller, Class svc, ClassLoader cl) { Objects.requireNonNull(svc); @@ -515,9 +501,6 @@ public final class ServiceLoader this.serviceName = svc.getName(); this.layer = null; this.loader = cl; - this.acc = (System.getSecurityManager() != null) - ? AccessController.getContext() - : null; } /** @@ -529,7 +512,6 @@ public final class ServiceLoader * @throws ServiceConfigurationError * If the caller module does not use the service type. */ - @SuppressWarnings("removal") private ServiceLoader(Module callerModule, Class svc, ClassLoader cl) { if (!callerModule.canUse(svc)) { fail(svc, callerModule + " does not declare `uses`"); @@ -539,9 +521,6 @@ public final class ServiceLoader this.serviceName = svc.getName(); this.layer = null; this.loader = cl; - this.acc = (System.getSecurityManager() != null) - ? AccessController.getContext() - : null; } /** @@ -601,7 +580,6 @@ public final class ServiceLoader * provider method or there is more than one public static * provider method */ - @SuppressWarnings("removal") private Method findStaticProviderMethod(Class clazz) { List methods = null; try { @@ -628,12 +606,7 @@ public final class ServiceLoader } } if (result != null) { - Method m = result; - PrivilegedAction pa = () -> { - m.setAccessible(true); - return null; - }; - AccessController.doPrivileged(pa); + result.setAccessible(true); } return result; } @@ -644,27 +617,16 @@ public final class ServiceLoader * @throws ServiceConfigurationError if the class does not have * public no-arg constructor */ - @SuppressWarnings("removal") private Constructor getConstructor(Class clazz) { - PrivilegedExceptionAction> pa - = new PrivilegedExceptionAction<>() { - @Override - public Constructor run() throws Exception { - Constructor ctor = clazz.getConstructor(); - if (inExplicitModule(clazz)) - ctor.setAccessible(true); - return ctor; - } - }; Constructor ctor = null; try { - ctor = AccessController.doPrivileged(pa); - } catch (Throwable x) { - if (x instanceof PrivilegedActionException) - x = x.getCause(); + ctor = clazz.getConstructor(); + } catch (NoSuchMethodException ex) { String cn = clazz.getName(); - fail(service, cn + " Unable to get public no-arg constructor", x); + fail(service, cn + " Unable to get public no-arg constructor", ex); } + if (inExplicitModule(clazz)) + ctor.setAccessible(true); return ctor; } @@ -678,29 +640,23 @@ public final class ServiceLoader final Class type; final Method factoryMethod; // factory method or null final Constructor ctor; // public no-args constructor or null - @SuppressWarnings("removal") - final AccessControlContext acc; ProviderImpl(Class service, Class type, - Method factoryMethod, - @SuppressWarnings("removal") AccessControlContext acc) { + Method factoryMethod) { this.service = service; this.type = type; this.factoryMethod = factoryMethod; this.ctor = null; - this.acc = acc; } ProviderImpl(Class service, Class type, - Constructor ctor, - @SuppressWarnings("removal") AccessControlContext acc) { + Constructor ctor) { this.service = service; this.type = type; this.factoryMethod = null; this.ctor = ctor; - this.acc = acc; } @Override @@ -723,36 +679,14 @@ public final class ServiceLoader * permissions that are restricted by the security context of whatever * created this loader. */ - @SuppressWarnings("removal") private S invokeFactoryMethod() { Object result = null; - Throwable exc = null; - if (acc == null) { - try { - result = factoryMethod.invoke(null); - } catch (Throwable x) { - exc = x; - } - } else { - PrivilegedExceptionAction pa = new PrivilegedExceptionAction<>() { - @Override - public Object run() throws Exception { - return factoryMethod.invoke(null); - } - }; - // invoke factory method with permissions restricted by acc - try { - result = AccessController.doPrivileged(pa, acc); - } catch (Throwable x) { - if (x instanceof PrivilegedActionException) - x = x.getCause(); - exc = x; - } - } - if (exc != null) { - if (exc instanceof InvocationTargetException) - exc = exc.getCause(); - fail(service, factoryMethod + " failed", exc); + try { + result = factoryMethod.invoke(null); + } catch (Throwable ex) { + if (ex instanceof InvocationTargetException) + ex = ex.getCause(); + fail(service, factoryMethod + " failed", ex); } if (result == null) { fail(service, factoryMethod + " returned null"); @@ -767,38 +701,16 @@ public final class ServiceLoader * with a security manager then the constructor runs with permissions that * are restricted by the security context of whatever created this loader. */ - @SuppressWarnings("removal") private S newInstance() { S p = null; - Throwable exc = null; - if (acc == null) { - try { - p = ctor.newInstance(); - } catch (Throwable x) { - exc = x; - } - } else { - PrivilegedExceptionAction pa = new PrivilegedExceptionAction<>() { - @Override - public S run() throws Exception { - return ctor.newInstance(); - } - }; - // invoke constructor with permissions restricted by acc - try { - p = AccessController.doPrivileged(pa, acc); - } catch (Throwable x) { - if (x instanceof PrivilegedActionException) - x = x.getCause(); - exc = x; - } - } - if (exc != null) { - if (exc instanceof InvocationTargetException) - exc = exc.getCause(); + try { + p = ctor.newInstance(); + } catch (Throwable ex) { + if (ex instanceof InvocationTargetException) + ex = ex.getCause(); String cn = ctor.getDeclaringClass().getName(); fail(service, - "Provider " + cn + " could not be instantiated", exc); + "Provider " + cn + " could not be instantiated", ex); } return p; } @@ -809,15 +721,14 @@ public final class ServiceLoader @Override public int hashCode() { - return Objects.hash(service, type, acc); + return Objects.hash(service, type); } @Override public boolean equals(Object ob) { return ob instanceof @SuppressWarnings("unchecked")ProviderImpl that && this.service == that.service - && this.type == that.type - && Objects.equals(this.acc, that.acc); + && this.type == that.type; } } @@ -831,7 +742,6 @@ public final class ServiceLoader * isn't the expected sub-type (or doesn't define a provider * factory method that returns the expected type) */ - @SuppressWarnings("removal") private Provider loadProvider(ServiceProvider provider) { Module module = provider.module(); if (!module.canRead(service.getModule())) { @@ -841,22 +751,10 @@ public final class ServiceLoader String cn = provider.providerName(); Class clazz = null; - if (acc == null) { - try { - clazz = Class.forName(module, cn); - } catch (LinkageError e) { - fail(service, "Unable to load " + cn, e); - } - } else { - PrivilegedExceptionAction> pa = () -> Class.forName(module, cn); - try { - clazz = AccessController.doPrivileged(pa); - } catch (Throwable x) { - if (x instanceof PrivilegedActionException) - x = x.getCause(); - fail(service, "Unable to load " + cn, x); - return null; - } + try { + clazz = Class.forName(module, cn); + } catch (LinkageError e) { + fail(service, "Unable to load " + cn, e); } if (clazz == null) { fail(service, "Provider " + cn + " not found"); @@ -878,7 +776,7 @@ public final class ServiceLoader @SuppressWarnings("unchecked") Class type = (Class) returnType; - return new ProviderImpl(service, type, factoryMethod, acc); + return new ProviderImpl(service, type, factoryMethod); } } @@ -891,7 +789,7 @@ public final class ServiceLoader Class type = (Class) clazz; @SuppressWarnings("unchecked") Constructor ctor = (Constructor ) getConstructor(clazz); - return new ProviderImpl(service, type, ctor, acc); + return new ProviderImpl(service, type, ctor); } /** @@ -997,20 +895,6 @@ public final class ServiceLoader return catalog.findServices(serviceName); } - /** - * Returns the class loader that a module is defined to - */ - @SuppressWarnings("removal") - private ClassLoader loaderFor(Module module) { - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - return module.getClassLoader(); - } else { - PrivilegedAction pa = module::getClassLoader; - return AccessController.doPrivileged(pa); - } - } - /** * Returns an iterator to iterate over the implementations of {@code * service} in modules defined to the given class loader or in custom @@ -1041,7 +925,7 @@ public final class ServiceLoader while (iterator.hasNext()) { ModuleLayer layer = iterator.next(); for (ServiceProvider sp : providers(layer)) { - ClassLoader l = loaderFor(sp.module()); + ClassLoader l = sp.module().getClassLoader(); if (l != null && l != platformClassLoader) { allProviders.add(sp); } @@ -1225,7 +1109,7 @@ public final class ServiceLoader Class type = (Class) clazz; Constructor ctor = (Constructor)getConstructor(clazz); - ProviderImpl p = new ProviderImpl(service, type, ctor, acc); + ProviderImpl p = new ProviderImpl(service, type, ctor); nextProvider = (ProviderImpl) p; } else { fail(service, clazz.getName() + " not a subtype"); @@ -1253,30 +1137,14 @@ public final class ServiceLoader } } - @SuppressWarnings("removal") @Override public boolean hasNext() { - if (acc == null) { - return hasNextService(); - } else { - PrivilegedAction action = new PrivilegedAction<>() { - public Boolean run() { return hasNextService(); } - }; - return AccessController.doPrivileged(action, acc); - } + return hasNextService(); } - @SuppressWarnings("removal") @Override public Provider next() { - if (acc == null) { - return nextService(); - } else { - PrivilegedAction> action = new PrivilegedAction<>() { - public Provider run() { return nextService(); } - }; - return AccessController.doPrivileged(action, acc); - } + return nextService(); } } diff --git a/src/java.base/share/classes/jdk/internal/constant/MethodTypeDescImpl.java b/src/java.base/share/classes/jdk/internal/constant/MethodTypeDescImpl.java index 826fc095bbd..fcbf6064853 100644 --- a/src/java.base/share/classes/jdk/internal/constant/MethodTypeDescImpl.java +++ b/src/java.base/share/classes/jdk/internal/constant/MethodTypeDescImpl.java @@ -32,8 +32,6 @@ import java.lang.constant.ConstantDescs; import java.lang.constant.MethodTypeDesc; import java.lang.invoke.MethodHandles; import java.lang.invoke.MethodType; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -320,15 +318,8 @@ public final class MethodTypeDescImpl implements MethodTypeDesc { public MethodType resolveConstantDesc(MethodHandles.Lookup lookup) throws ReflectiveOperationException { MethodType mtype; try { - @SuppressWarnings("removal") - MethodType mt = AccessController.doPrivileged(new PrivilegedAction<>() { - @Override - public MethodType run() { - return MethodType.fromMethodDescriptorString(descriptorString(), - lookup.lookupClass().getClassLoader()); - } - }); - mtype = mt; + mtype = MethodType.fromMethodDescriptorString(descriptorString(), + lookup.lookupClass().getClassLoader()); } catch (TypeNotPresentException ex) { throw (ClassNotFoundException) ex.getCause(); } diff --git a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java index b0d9c7154cd..bcaa8bacbaa 100644 --- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java +++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java @@ -40,13 +40,10 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.security.PrivilegedAction; -import java.util.Properties; import jdk.internal.access.JavaLangReflectAccess; import jdk.internal.access.SharedSecrets; import jdk.internal.misc.VM; import jdk.internal.vm.annotation.Stable; -import sun.security.action.GetPropertyAction; -import sun.security.util.SecurityConstants; /**

The master factory for all reflective objects, both those in java.lang.reflect (Fields, Methods, Constructors) as well as their @@ -93,27 +90,12 @@ public class ReflectionFactory { * Provides the caller with the capability to instantiate reflective * objects. * - *

First, if there is a security manager, its - * checkPermission method is called with a {@link - * java.lang.RuntimePermission} with target - * "reflectionFactoryAccess". This may result in a - * security exception. - * *

The returned ReflectionFactory object should be * carefully guarded by the caller, since it can be used to read and * write private data and invoke private methods, as well as to load * unverified bytecodes. It must never be passed to untrusted code. - * - * @exception SecurityException if a security manager exists and its - * checkPermission method doesn't allow - * access to the RuntimePermission "reflectionFactoryAccess". */ + */ public static ReflectionFactory getReflectionFactory() { - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkPermission( - SecurityConstants.REFLECTION_FACTORY_ACCESS_PERMISSION); - } return soleInstance; } @@ -549,11 +531,10 @@ public class ReflectionFactory { private static Config loadConfig() { assert VM.isModuleSystemInited(); - Properties props = GetPropertyAction.privilegedGetProperties(); boolean useNativeAccessorOnly = - "true".equals(props.getProperty("jdk.reflect.useNativeAccessorOnly")); + "true".equals(System.getProperty("jdk.reflect.useNativeAccessorOnly")); boolean disableSerialConstructorChecks = - "true".equals(props.getProperty("jdk.disableSerialConstructorChecks")); + "true".equals(System.getProperty("jdk.disableSerialConstructorChecks")); return new Config(useNativeAccessorOnly, disableSerialConstructorChecks); } diff --git a/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java b/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java index 076d04632c9..850da5ef83d 100644 --- a/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java +++ b/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java @@ -311,8 +311,6 @@ public class VerifyAccess { // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary // will record the first successful result. Unsuccessful results are not stored. // - // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary - // class loader about the binding of the proposed name (type.getName()). // The looked up type ("res") is compared for equality against the proposed // type ("type") and then is discarded. Thus, the worst that can happen to // the "child" class loader is that it is bothered to load and report a class @@ -320,17 +318,12 @@ public class VerifyAccess { // memoization. And the caller never gets to look at the alternate type binding // ("res"), whether it exists or not. final String name = type.getName(); - @SuppressWarnings("removal") - Class res = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<>() { - public Class run() { - try { - return Class.forName(name, false, refcLoader); - } catch (ClassNotFoundException | LinkageError e) { - return null; // Assume the class is not found - } - } - }); + Class res = null; + try { + res = Class.forName(name, false, refcLoader); + } catch (ClassNotFoundException | LinkageError e) { + // Assume the class is not found + } return (type == res); } diff --git a/src/java.base/share/classes/sun/reflect/misc/ReflectUtil.java b/src/java.base/share/classes/sun/reflect/misc/ReflectUtil.java index 540a9d64110..86eadc2b2ee 100644 --- a/src/java.base/share/classes/sun/reflect/misc/ReflectUtil.java +++ b/src/java.base/share/classes/sun/reflect/misc/ReflectUtil.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,6 @@ * questions. */ - package sun.reflect.misc; import java.lang.reflect.Member; @@ -31,16 +30,13 @@ import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; import jdk.internal.reflect.Reflection; -import sun.security.util.SecurityConstants; public final class ReflectUtil { private ReflectUtil() { } - public static Class forName(String name) - throws ClassNotFoundException { - checkPackageAccess(name); + public static Class forName(String name) throws ClassNotFoundException { return Class.forName(name); } @@ -73,182 +69,48 @@ public final class ReflectUtil { } /** - * Does a conservative approximation of member access check. Use this if - * you don't have an actual 'userland' caller Class/ClassLoader available. - * This might be more restrictive than a precise member access check where - * you have a caller, but should never allow a member access that is - * forbidden. - * - * @param m the {@code Member} about to be accessed + * Does nothing. */ - public static void conservativeCheckMemberAccess(Member m) throws SecurityException{ - @SuppressWarnings("removal") - final SecurityManager sm = System.getSecurityManager(); - if (sm == null) - return; - - // Check for package access on the declaring class. - // - // In addition, unless the member and the declaring class are both - // public check for access declared member permissions. - // - // This is done regardless of ClassLoader relations between the {@code - // Member m} and any potential caller. - - final Class declaringClass = m.getDeclaringClass(); - - privateCheckPackageAccess(sm, declaringClass); - - if (Modifier.isPublic(m.getModifiers()) && - Modifier.isPublic(declaringClass.getModifiers())) - return; - - // Check for declared member access. - sm.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION); + public static void conservativeCheckMemberAccess(Member m) { } /** - * Checks package access on the given class. - * - * If it is a {@link Proxy#isProxyClass(java.lang.Class)} that implements - * a non-public interface (i.e. may be in a non-restricted package), - * also check the package access on the proxy interfaces. + * Does nothing. */ public static void checkPackageAccess(Class clazz) { - @SuppressWarnings("removal") - SecurityManager s = System.getSecurityManager(); - if (s != null) { - privateCheckPackageAccess(s, clazz); - } } /** - * NOTE: should only be called if a SecurityManager is installed - */ - private static void privateCheckPackageAccess(@SuppressWarnings("removal") SecurityManager s, Class clazz) { - String pkg = clazz.getPackageName(); - if (!pkg.isEmpty()) { - s.checkPackageAccess(pkg); - } - - if (isNonPublicProxyClass(clazz)) { - privateCheckProxyPackageAccess(s, clazz); - } - } - - /** - * Checks package access on the given classname. - * This method is typically called when the Class instance is not - * available and the caller attempts to load a class on behalf - * the true caller (application). + * Does nothing */ public static void checkPackageAccess(String name) { - @SuppressWarnings("removal") - SecurityManager s = System.getSecurityManager(); - if (s != null) { - String cname = name.replace('/', '.'); - if (cname.startsWith("[")) { - int b = cname.lastIndexOf('[') + 2; - if (b > 1 && b < cname.length()) { - cname = cname.substring(b); - } - } - int i = cname.lastIndexOf('.'); - if (i != -1) { - s.checkPackageAccess(cname.substring(0, i)); - } - } } + /** + * Returns true. + */ public static boolean isPackageAccessible(Class clazz) { - try { - checkPackageAccess(clazz); - } catch (SecurityException e) { - return false; - } return true; } - // Returns true if p is an ancestor of cl i.e. class loader 'p' can - // be found in the cl's delegation chain - private static boolean isAncestor(ClassLoader p, ClassLoader cl) { - ClassLoader acl = cl; - do { - acl = acl.getParent(); - if (p == acl) { - return true; - } - } while (acl != null); + /** + * Returns false. + */ + public static boolean needsPackageAccessCheck(ClassLoader from, ClassLoader to) { return false; } /** - * Returns true if package access check is needed for reflective - * access from a class loader 'from' to classes or members in - * a class defined by class loader 'to'. This method returns true - * if 'from' is not the same as or an ancestor of 'to'. All code - * in a system domain are granted with all permission and so this - * method returns false if 'from' class loader is a class loader - * loading system classes. On the other hand, if a class loader - * attempts to access system domain classes, it requires package - * access check and this method will return true. - */ - public static boolean needsPackageAccessCheck(ClassLoader from, ClassLoader to) { - if (from == null || from == to) - return false; - - if (to == null) - return true; - - return !isAncestor(from, to); - } - - /** - * Check package access on the proxy interfaces that the given proxy class - * implements. - * - * @param clazz Proxy class object + * Does nothing */ public static void checkProxyPackageAccess(Class clazz) { - @SuppressWarnings("removal") - SecurityManager s = System.getSecurityManager(); - if (s != null) { - privateCheckProxyPackageAccess(s, clazz); - } } /** - * NOTE: should only be called if a SecurityManager is installed - */ - private static void privateCheckProxyPackageAccess(@SuppressWarnings("removal") SecurityManager s, Class clazz) { - // check proxy interfaces if the given class is a proxy class - if (Proxy.isProxyClass(clazz)) { - for (Class intf : clazz.getInterfaces()) { - privateCheckPackageAccess(s, intf); - } - } - } - /** - * Access check on the interfaces that a proxy class implements and throw - * {@code SecurityException} if it accesses a restricted package from - * the caller's class loader. - * - * @param ccl the caller's class loader - * @param interfaces the list of interfaces that a proxy class implements + * Does nothing. */ public static void checkProxyPackageAccess(ClassLoader ccl, - Class... interfaces) - { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - for (Class intf : interfaces) { - ClassLoader cl = intf.getClassLoader(); - if (needsPackageAccessCheck(ccl, cl)) { - privateCheckPackageAccess(sm, intf); - } - } - } + Class... interfaces) { } // Note that bytecode instrumentation tools may exclude 'sun.*' diff --git a/test/hotspot/jtreg/runtime/cds/appcds/StaticArchiveWithLambda.java b/test/hotspot/jtreg/runtime/cds/appcds/StaticArchiveWithLambda.java index 9bab98a5d2c..76440c81fcf 100644 --- a/test/hotspot/jtreg/runtime/cds/appcds/StaticArchiveWithLambda.java +++ b/test/hotspot/jtreg/runtime/cds/appcds/StaticArchiveWithLambda.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,7 +53,7 @@ public class StaticArchiveWithLambda { "-Xlog:class+load,cds") .setArchiveName(archiveName); CDSTestUtils.createArchiveAndCheck(opts) - .shouldContain("Skipping java/lang/invoke/BoundMethodHandle$Species_LLLL because it is dynamically generated"); + .shouldHaveExitValue(0); // run with archive CDSOptions runOpts = (new CDSOptions())