8334493: Remove SecurityManager Permissions infrastructure from DiagnosticCommands

Reviewed-by: lmesnik, alanb, coleenp
This commit is contained in:
Kevin Walls 2024-11-28 09:54:25 +00:00
parent 56f1e4ef05
commit d33ad07c32
17 changed files with 16 additions and 396 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2023, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -41,10 +41,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = { "java.lang.management.ManagementPermission", "monitor", nullptr };
return p;
}
void execute(DCmdSource source, TRAPS) override; void execute(DCmdSource source, TRAPS) override;
}; };

View File

@ -1,6 +1,6 @@
/* /*
* Copyright (c) 2021 SAP SE. All rights reserved. * Copyright (c) 2021 SAP SE. All rights reserved.
* Copyright (c) 2021, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -42,10 +42,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = { "java.lang.management.ManagementPermission", "control", nullptr };
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018 SAP SE. All rights reserved. * Copyright (c) 2018 SAP SE. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
@ -46,11 +46,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on number of class loaders and classes loaded."; return "Medium: Depends on number of class loaders and classes loaded.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
static int num_arguments() { return 3; } static int num_arguments() { return 3; }
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);

View File

@ -58,12 +58,6 @@ public:
static int num_arguments() { static int num_arguments() {
return 0; return 0;
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
}; };

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -59,10 +59,6 @@ class JfrStartFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Medium: Depending on the settings for a recording, the impact can range from low to high."; return "Medium: Depending on the settings for a recording, the impact can range from low to high.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdStart"; return "jdk/jfr/internal/dcmd/DCmdStart";
} }
@ -84,10 +80,6 @@ class JfrDumpFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdDump"; return "jdk/jfr/internal/dcmd/DCmdDump";
} }
@ -109,10 +101,6 @@ class JfrCheckFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdCheck"; return "jdk/jfr/internal/dcmd/DCmdCheck";
} }
@ -134,10 +122,6 @@ class JfrStopFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdStop"; return "jdk/jfr/internal/dcmd/DCmdStop";
} }
@ -159,10 +143,6 @@ class JfrViewFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdView"; return "jdk/jfr/internal/dcmd/DCmdView";
} }
@ -184,10 +164,6 @@ class JfrQueryFlightRecordingDCmd : public JfrDCmd {
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual const char* javaClass() const { virtual const char* javaClass() const {
return "jdk/jfr/internal/dcmd/DCmdQuery"; return "jdk/jfr/internal/dcmd/DCmdQuery";
} }
@ -225,10 +201,6 @@ class JfrConfigureFlightRecorderDCmd : public DCmdWithParser {
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
static int num_arguments() { return 10; } static int num_arguments() { return 10; }
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
virtual void print_help(const char* name) const; virtual void print_help(const char* name) const;

View File

@ -58,11 +58,6 @@ class LogDiagnosticCommand : public DCmdWithParser {
static const char* description() { static const char* description() {
return "Lists current log configuration, enables/disables/configures a log output, or rotates all logs."; return "Lists current log configuration, enables/disables/configures a log output, or rotates all logs.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "control", nullptr};
return p;
}
}; };
#endif // SHARE_LOGGING_LOGDIAGNOSTICCOMMAND_HPP #endif // SHARE_LOGGING_LOGDIAGNOSTICCOMMAND_HPP

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020 SAP SE. All rights reserved. * Copyright (c) 2018, 2020 SAP SE. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
@ -52,11 +52,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on number of classes loaded."; return "Medium: Depends on number of classes loaded.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
static int num_arguments() { return 8; } static int num_arguments() { return 8; }
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -53,11 +53,6 @@ class NMTDCmd: public DCmdWithParser {
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
private: private:

View File

@ -151,8 +151,7 @@ void DCmd::register_dcmds(){
DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<CompilationMemoryStatisticDCmd>(full_export, true, false)); DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<CompilationMemoryStatisticDCmd>(full_export, true, false));
// Enhanced JMX Agent Support // Enhanced JMX Agent Support
// These commands won't be exported via the DiagnosticCommandMBean until an // These commands not currently exported via the DiagnosticCommandMBean
// appropriate permission is created for them
uint32_t jmx_agent_export_flags = DCmd_Source_Internal | DCmd_Source_AttachAPI; uint32_t jmx_agent_export_flags = DCmd_Source_Internal | DCmd_Source_AttachAPI;
DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<JMXStartRemoteDCmd>(jmx_agent_export_flags, true,false)); DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<JMXStartRemoteDCmd>(jmx_agent_export_flags, true,false));
DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<JMXStartLocalDCmd>(jmx_agent_export_flags, true,false)); DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<JMXStartLocalDCmd>(jmx_agent_export_flags, true,false));

View File

@ -64,11 +64,6 @@ public:
return "Print JVM version information."; return "Print JVM version information.";
} }
static const char* impact() { return "Low"; } static const char* impact() { return "Low"; }
static const JavaPermission permission() {
JavaPermission p = {"java.util.PropertyPermission",
"java.vm.version", "read"};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -80,11 +75,6 @@ public:
return "Print the command line used to start this VM instance."; return "Print the command line used to start this VM instance.";
} }
static const char* impact() { return "Low"; } static const char* impact() { return "Low"; }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS) { virtual void execute(DCmdSource source, TRAPS) {
Arguments::print_on(_output); Arguments::print_on(_output);
} }
@ -101,11 +91,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.util.PropertyPermission",
"*", "read"};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -123,11 +108,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -146,11 +126,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -164,11 +139,6 @@ public:
static const char* impact() { static const char* impact() {
return "High"; return "High";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -186,11 +156,6 @@ public:
return "Load JVMTI native agent."; return "Load JVMTI native agent.";
} }
static const char* impact() { return "Low"; } static const char* impact() { return "Low"; }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
#endif // INCLUDE_JVMTI #endif // INCLUDE_JVMTI
@ -208,11 +173,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -240,11 +200,6 @@ public:
return "Print information about JVM environment and status."; return "Print information about JVM environment and status.";
} }
static const char* impact() { return "Low"; } static const char* impact() { return "Low"; }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -284,11 +239,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -303,11 +253,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -334,11 +279,6 @@ public:
return "High: Depends on Java heap size and content. " return "High: Depends on Java heap size and content. "
"Request a full GC unless the '-all' option is specified."; "Request a full GC unless the '-all' option is specified.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
#endif // INCLUDE_SERVICES #endif // INCLUDE_SERVICES
@ -360,11 +300,6 @@ public:
static const char* impact() { static const char* impact() {
return "High: Depends on Java heap size and content."; return "High: Depends on Java heap size and content.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -387,11 +322,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on number of loaded classes."; return "Medium: Depends on number of loaded classes.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -412,11 +342,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Pause time depends on number of loaded classes"; return "Medium: Pause time depends on number of loaded classes";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
#endif // INCLUDE_CDS #endif // INCLUDE_CDS
@ -436,11 +361,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on the number of threads."; return "Medium: Depends on the number of threads.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -546,12 +466,6 @@ public:
return "Print the management agent status."; return "Print the management agent status.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -568,11 +482,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -592,11 +501,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
#endif // LINUX #endif // LINUX
@ -613,11 +517,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium"; return "Medium";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -633,11 +532,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -659,11 +553,6 @@ public:
return "Low: Depends on code heap size and content. " return "Low: Depends on code heap size and content. "
"Holds CodeCache_lock during analysis step, usually sub-second duration."; "Holds CodeCache_lock during analysis step, usually sub-second duration.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
//---< END >--- CodeHeap State Analytics. //---< END >--- CodeHeap State Analytics.
@ -680,11 +569,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -700,11 +584,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -723,11 +602,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -743,11 +617,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low"; return "Low";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -809,11 +678,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on Java content."; return "Medium: Depends on Java content.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -832,11 +696,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on Java content."; return "Medium: Depends on Java content.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -855,11 +714,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on Java content."; return "Medium: Depends on Java content.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -878,11 +732,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on number of loaded classes."; return "Medium: Depends on number of loaded classes.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -902,11 +751,6 @@ public:
static const char* impact() { static const char* impact() {
return "Low: Depends on event log size. "; return "Low: Depends on event log size. ";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -929,10 +773,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Depends on the number of threads."; return "Medium: Depends on the number of threads.";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission", "monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -952,11 +792,6 @@ public:
static const char* impact() { static const char* impact() {
return "Medium: Pause time depends on number of compiled methods"; return "Medium: Pause time depends on number of compiled methods";
} }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"monitor", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -970,11 +805,6 @@ public:
return "Prints an annotated process memory map of the VM process (linux and Windows only)."; return "Prints an annotated process memory map of the VM process (linux and Windows only).";
} }
static const char* impact() { return "Medium; can be high for very large java heaps."; } static const char* impact() { return "Medium; can be high for very large java heaps."; }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };
@ -988,11 +818,6 @@ public:
return "Dumps an annotated process memory map to an output file (linux and Windows only)."; return "Dumps an annotated process memory map to an output file (linux and Windows only).";
} }
static const char* impact() { return "Medium; can be high for very large java heaps."; } static const char* impact() { return "Medium; can be high for very large java heaps."; }
static const JavaPermission permission() {
JavaPermission p = {"java.lang.management.ManagementPermission",
"control", nullptr};
return p;
}
virtual void execute(DCmdSource source, TRAPS); virtual void execute(DCmdSource source, TRAPS);
}; };

View File

@ -587,7 +587,7 @@ GrowableArray<DCmdInfo*>* DCmdFactory::DCmdInfo_list(DCmdSource source ) {
if (!factory->is_hidden() && (factory->export_flags() & source)) { if (!factory->is_hidden() && (factory->export_flags() & source)) {
array->append(new DCmdInfo(factory->name(), array->append(new DCmdInfo(factory->name(),
factory->description(), factory->impact(), factory->description(), factory->impact(),
factory->permission(), factory->num_arguments(), factory->num_arguments(),
factory->is_enabled())); factory->is_enabled()));
} }
factory = factory->next(); factory = factory->next();

View File

@ -40,16 +40,6 @@ enum DCmdSource {
DCmd_Source_MBean = 0x04U // invocation via a MBean DCmd_Source_MBean = 0x04U // invocation via a MBean
}; };
// Warning: strings referenced by the JavaPermission struct are passed to
// the native part of the JDK. Avoid use of dynamically allocated strings
// that could be de-allocated before the JDK native code had time to
// convert them into Java Strings.
struct JavaPermission {
const char* _class;
const char* _name;
const char* _action;
};
// CmdLine is the class used to handle a command line containing a single // CmdLine is the class used to handle a command line containing a single
// diagnostic command and its arguments. It provides methods to access the // diagnostic command and its arguments. It provides methods to access the
// command name and the beginning of the arguments. The class is also // command name and the beginning of the arguments. The class is also
@ -127,23 +117,20 @@ protected:
const char* const _name; /* Name of the diagnostic command */ const char* const _name; /* Name of the diagnostic command */
const char* const _description; /* Short description */ const char* const _description; /* Short description */
const char* const _impact; /* Impact on the JVM */ const char* const _impact; /* Impact on the JVM */
const JavaPermission _permission; /* Java Permission required to execute this command if any */
const int _num_arguments; /* Number of supported options or arguments */ const int _num_arguments; /* Number of supported options or arguments */
const bool _is_enabled; /* True if the diagnostic command can be invoked, false otherwise */ const bool _is_enabled; /* True if the diagnostic command can be invoked, false otherwise */
public: public:
DCmdInfo(const char* name, DCmdInfo(const char* name,
const char* description, const char* description,
const char* impact, const char* impact,
JavaPermission permission,
int num_arguments, int num_arguments,
bool enabled) bool enabled)
: _name(name), _description(description), _impact(impact), _permission(permission), : _name(name), _description(description), _impact(impact),
_num_arguments(num_arguments), _is_enabled(enabled) {} _num_arguments(num_arguments), _is_enabled(enabled) {}
const char* name() const { return _name; } const char* name() const { return _name; }
bool name_equals(const char* cmd_name) const; bool name_equals(const char* cmd_name) const;
const char* description() const { return _description; } const char* description() const { return _description; }
const char* impact() const { return _impact; } const char* impact() const { return _impact; }
const JavaPermission& permission() const { return _permission; }
int num_arguments() const { return _num_arguments; } int num_arguments() const { return _num_arguments; }
bool is_enabled() const { return _is_enabled; } bool is_enabled() const { return _is_enabled; }
}; };
@ -261,19 +248,6 @@ public:
// impact depends on the heap size. // impact depends on the heap size.
static const char* impact() { return "Low: No impact"; } static const char* impact() { return "Low: No impact"; }
// The permission() method returns the description of Java Permission. This
// permission is required when the diagnostic command is invoked via the
// DiagnosticCommandMBean. The rationale for this permission check is that
// the DiagnosticCommandMBean can be used to perform remote invocations of
// diagnostic commands through the PlatformMBeanServer. The (optional) Java
// Permission associated with each diagnostic command should ease the work
// of system administrators to write policy files granting permissions to
// execute diagnostic commands to remote users. Any diagnostic command with
// a potential impact on security should overwrite this method.
static const JavaPermission permission() {
JavaPermission p = {nullptr, nullptr, nullptr};
return p;
}
// num_arguments() is used by the DCmdFactoryImpl::get_num_arguments() template functions. // num_arguments() is used by the DCmdFactoryImpl::get_num_arguments() template functions.
// All subclasses should override this to report the actual number of arguments. // All subclasses should override this to report the actual number of arguments.
static int num_arguments() { return 0; } static int num_arguments() { return 0; }
@ -387,7 +361,6 @@ public:
virtual const char* name() const = 0; virtual const char* name() const = 0;
virtual const char* description() const = 0; virtual const char* description() const = 0;
virtual const char* impact() const = 0; virtual const char* impact() const = 0;
virtual const JavaPermission permission() const = 0;
virtual const char* disabled_message() const = 0; virtual const char* disabled_message() const = 0;
// Register a DCmdFactory to make a diagnostic command available. // Register a DCmdFactory to make a diagnostic command available.
// Once registered, a diagnostic command must not be unregistered. // Once registered, a diagnostic command must not be unregistered.
@ -431,9 +404,6 @@ public:
const char* impact() const { const char* impact() const {
return DCmdClass::impact(); return DCmdClass::impact();
} }
const JavaPermission permission() const {
return DCmdClass::permission();
}
const char* disabled_message() const { const char* disabled_message() const {
return DCmdClass::disabled_message(); return DCmdClass::disabled_message();
} }

View File

@ -2013,10 +2013,6 @@ JVM_ENTRY(void, jmm_GetDiagnosticCommandInfo(JNIEnv *env, jobjectArray cmds,
infoArray[i].name = info->name(); infoArray[i].name = info->name();
infoArray[i].description = info->description(); infoArray[i].description = info->description();
infoArray[i].impact = info->impact(); infoArray[i].impact = info->impact();
JavaPermission p = info->permission();
infoArray[i].permission_class = p._class;
infoArray[i].permission_name = p._name;
infoArray[i].permission_action = p._action;
infoArray[i].num_arguments = info->num_arguments(); infoArray[i].num_arguments = info->num_arguments();
infoArray[i].enabled = info->is_enabled(); infoArray[i].enabled = info->is_enabled();
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -138,26 +138,6 @@ import javax.management.DynamicMBean;
* <td>True if the diagnostic command is enabled, false otherwise</td> * <td>True if the diagnostic command is enabled, false otherwise</td>
* </tr> * </tr>
* <tr> * <tr>
* <th scope="row">dcmd.permissionClass</th><td>String</td>
* <td>Some diagnostic command might require a specific permission to be
* executed, in addition to the MBeanPermission to invoke their
* associated MBean operation. This field returns the fully qualified
* name of the permission class or null if no permission is required
* </td>
* </tr>
* <tr>
* <th scope="row">dcmd.permissionName</th><td>String</td>
* <td>The fist argument of the permission required to execute this
* diagnostic command or null if no permission is required</td>
* </tr>
* <tr>
* <th scope="row">dcmd.permissionAction</th><td>String</td>
* <td>The second argument of the permission required to execute this
* diagnostic command or null if the permission constructor has only
* one argument (like the ManagementPermission) or if no permission
* is required</td>
* </tr>
* <tr>
* <th scope="row">dcmd.arguments</th><td>Descriptor</td> * <th scope="row">dcmd.arguments</th><td>Descriptor</td>
* <td>A Descriptor instance containing the descriptions of options and * <td>A Descriptor instance containing the descriptions of options and
* arguments supported by the diagnostic command (see below)</td> * arguments supported by the diagnostic command (see below)</td>

View File

@ -28,7 +28,6 @@ package com.sun.management.internal;
import com.sun.management.DiagnosticCommandMBean; import com.sun.management.DiagnosticCommandMBean;
import java.lang.reflect.Constructor; import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.util.*; import java.util.*;
import javax.management.Attribute; import javax.management.Attribute;
import javax.management.AttributeList; import javax.management.AttributeList;
@ -104,48 +103,12 @@ public class DiagnosticCommandImpl extends NotificationEmitterSupport
String name; String name;
String cmd; String cmd;
DiagnosticCommandInfo info; DiagnosticCommandInfo info;
Permission permission;
Wrapper(String name, String cmd, DiagnosticCommandInfo info) Wrapper(String name, String cmd, DiagnosticCommandInfo info)
throws InstantiationException { throws InstantiationException {
this.name = name; this.name = name;
this.cmd = cmd; this.cmd = cmd;
this.info = info; this.info = info;
this.permission = null;
Exception cause = null;
if (info.getPermissionClass() != null) {
try {
Class<?> c = Class.forName(info.getPermissionClass());
if (info.getPermissionAction() == null) {
try {
Constructor<?> constructor = c.getConstructor(String.class);
permission = (Permission) constructor.newInstance(info.getPermissionName());
} catch (InstantiationException | IllegalAccessException
| IllegalArgumentException | InvocationTargetException
| NoSuchMethodException | SecurityException ex) {
cause = ex;
}
}
if (permission == null) {
try {
Constructor<?> constructor = c.getConstructor(String.class, String.class);
permission = (Permission) constructor.newInstance(
info.getPermissionName(),
info.getPermissionAction());
} catch (InstantiationException | IllegalAccessException
| IllegalArgumentException | InvocationTargetException
| NoSuchMethodException | SecurityException ex) {
cause = ex;
}
}
} catch (ClassNotFoundException ex) { }
if (permission == null) {
InstantiationException iex =
new InstantiationException("Unable to instantiate required permission");
iex.initCause(cause);
}
}
} }
public String execute(String[] args) { public String execute(String[] args) {
@ -297,9 +260,6 @@ public class DiagnosticCommandImpl extends NotificationEmitterSupport
map.put("dcmd.name", w.info.getName()); map.put("dcmd.name", w.info.getName());
map.put("dcmd.description", w.info.getDescription()); map.put("dcmd.description", w.info.getDescription());
map.put("dcmd.vmImpact", w.info.getImpact()); map.put("dcmd.vmImpact", w.info.getImpact());
map.put("dcmd.permissionClass", w.info.getPermissionClass());
map.put("dcmd.permissionName", w.info.getPermissionName());
map.put("dcmd.permissionAction", w.info.getPermissionAction());
map.put("dcmd.enabled", w.info.isEnabled()); map.put("dcmd.enabled", w.info.isEnabled());
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append("help "); sb.append("help ");

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -38,9 +38,6 @@ class DiagnosticCommandInfo {
private final String name; private final String name;
private final String description; private final String description;
private final String impact; private final String impact;
private final String permissionClass;
private final String permissionName;
private final String permissionAction;
private final boolean enabled; private final boolean enabled;
private final List<DiagnosticCommandArgumentInfo> arguments; private final List<DiagnosticCommandArgumentInfo> arguments;
@ -73,43 +70,6 @@ class DiagnosticCommandInfo {
return impact; return impact;
} }
/**
* Returns the name of the permission class required to be allowed
* to invoke the diagnostic command, or null if no permission
* is required.
*
* @return the name of the permission class name required to be allowed
* to invoke the diagnostic command, or null if no permission
* is required
*/
String getPermissionClass() {
return permissionClass;
}
/**
* Returns the permission name required to be allowed to invoke the
* diagnostic command, or null if no permission is required.
*
* @return the permission name required to be allowed to invoke the
* diagnostic command, or null if no permission is required
*/
String getPermissionName() {
return permissionName;
}
/**
* Returns the permission action required to be allowed to invoke the
* diagnostic command, or null if no permission is required or
* if the permission has no action specified.
*
* @return the permission action required to be allowed to invoke the
* diagnostic command, or null if no permission is required or
* if the permission has no action specified
*/
String getPermissionAction() {
return permissionAction;
}
/** /**
* Returns {@code true} if the diagnostic command is enabled, * Returns {@code true} if the diagnostic command is enabled,
* {@code false} otherwise. The enabled/disabled * {@code false} otherwise. The enabled/disabled
@ -134,17 +94,13 @@ class DiagnosticCommandInfo {
} }
DiagnosticCommandInfo(String name, String description, DiagnosticCommandInfo(String name, String description,
String impact, String permissionClass, String impact,
String permissionName, String permissionAction,
boolean enabled, boolean enabled,
List<DiagnosticCommandArgumentInfo> arguments) List<DiagnosticCommandArgumentInfo> arguments)
{ {
this.name = name; this.name = name;
this.description = description; this.description = description;
this.impact = impact; this.impact = impact;
this.permissionClass = permissionClass;
this.permissionName = permissionName;
this.permissionAction = permissionAction;
this.enabled = enabled; this.enabled = enabled;
this.arguments = arguments; this.arguments = arguments;
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -191,10 +191,9 @@ Java_com_sun_management_internal_DiagnosticCommandImpl_getDiagnosticCommandInfo
} }
jmm_interface_management_ext->GetDiagnosticCommandInfo(env, commands, dcmd_info_array); jmm_interface_management_ext->GetDiagnosticCommandInfo(env, commands, dcmd_info_array);
for (i=0; i<num_commands; i++) { for (i=0; i<num_commands; i++) {
// Ensure capacity for 6 + 3 local refs: // Ensure capacity for 6 local refs:
// 6 => jname, jdesc, jimpact, cmd, args, obj // 6 => jname, jdesc, jimpact, cmd, args, obj
// 3 => permission class, name, action (*env)->PushLocalFrame(env, 6);
(*env)->PushLocalFrame(env, 6 + 3);
cmd = (*env)->GetObjectArrayElement(env, commands, i); cmd = (*env)->GetObjectArrayElement(env, commands, i);
args = getDiagnosticCommandArgumentInfoArray(env, args = getDiagnosticCommandArgumentInfoArray(env,
@ -218,11 +217,8 @@ Java_com_sun_management_internal_DiagnosticCommandImpl_getDiagnosticCommandInfo
obj = JNU_NewObjectByName(env, obj = JNU_NewObjectByName(env,
"com/sun/management/internal/DiagnosticCommandInfo", "com/sun/management/internal/DiagnosticCommandInfo",
"(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLjava/util/List;)V", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLjava/util/List;)V",
jname, jdesc, jimpact, jname, jdesc, jimpact,
dcmd_info_array[i].permission_class==NULL?NULL:(*env)->NewStringUTF(env,dcmd_info_array[i].permission_class),
dcmd_info_array[i].permission_name==NULL?NULL:(*env)->NewStringUTF(env,dcmd_info_array[i].permission_name),
dcmd_info_array[i].permission_action==NULL?NULL:(*env)->NewStringUTF(env,dcmd_info_array[i].permission_action),
dcmd_info_array[i].enabled, dcmd_info_array[i].enabled,
args); args);
if (obj == NULL) { if (obj == NULL) {