stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344231: SecurityManager cleanup in java.lang.module and jdk.internal.module

Browse Source 
Reviewed-by: alanb
This commit is contained in:
Eirik Bjørsnøs 2024-11-15 19:21:07 +00:00
parent 1bb0d3baaa
commit f62e05ee96
4 changed files with 8 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/java.base/share/classes/java/lang/module/ModuleFinder.java
View File

@ -26,9 +26,6 @@
package java.lang.module;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@ -130,16 +127,8 @@ public interface ModuleFinder {
*
* @return A {@code ModuleFinder} that locates the system modules
*/
@SuppressWarnings("removal")
static ModuleFinder ofSystem() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("accessSystemModules"));
PrivilegedAction<ModuleFinder> pa = SystemModuleFinders::ofSystem;
return AccessController.doPrivileged(pa);
} else {
return SystemModuleFinders.ofSystem();
}
return SystemModuleFinders.ofSystem();
}
/**

10
src/java.base/share/classes/jdk/internal/module/ModuleReferences.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -370,14 +370,6 @@ class ModuleReferences {
ExplodedModuleReader(Path dir) {
this.dir = dir;
// when running with a security manager then check that the caller
// has access to the directory.
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
boolean unused = Files.isDirectory(dir);
}
}
/**

7
src/java.base/share/classes/jdk/internal/module/Modules.java
View File

@ -32,8 +32,6 @@ import java.lang.module.ModuleFinder;
import java.lang.module.ModuleReference;
import java.lang.module.ResolvedModule;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.List;
import java.util.Map;
@ -155,10 +153,7 @@ public class Modules {
public static void addProvides(Module m, Class<?> service, Class<?> impl) {
ModuleLayer layer = m.getLayer();
PrivilegedAction<ClassLoader> pa = m::getClassLoader;
@SuppressWarnings("removal")
ClassLoader loader = AccessController.doPrivileged(pa);
ClassLoader loader = m.getClassLoader();
ClassLoader platformClassLoader = ClassLoaders.platformClassLoader();
if (layer == null || loader == null || loader == platformClassLoader) {
// update ClassLoader catalog

46
src/java.base/share/classes/jdk/internal/module/SystemModuleFinders.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,8 +38,6 @@ import java.net.URLConnection;
import java.nio.ByteBuffer;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayDeque;
import java.util.Collections;
import java.util.Deque;
@ -208,21 +206,7 @@ public final class SystemModuleFinders {
Path dir = Path.of(home, "modules");
if (!Files.isDirectory(dir))
throw new InternalError("Unable to detect the run-time image");
ModuleFinder f = ModulePath.of(ModuleBootstrap.patcher(), dir);
return new ModuleFinder() {
@SuppressWarnings("removal")
@Override
public Optional<ModuleReference> find(String name) {
PrivilegedAction<Optional<ModuleReference>> pa = () -> f.find(name);
return AccessController.doPrivileged(pa);
}
@SuppressWarnings("removal")
@Override
public Set<ModuleReference> findAll() {
PrivilegedAction<Set<ModuleReference>> pa = f::findAll;
return AccessController.doPrivileged(pa);
}
};
return ModulePath.of(ModuleBootstrap.patcher(), dir);
}
/**
@ -314,7 +298,7 @@ public final class SystemModuleFinders {
Supplier<ModuleReader> readerSupplier = new Supplier<>() {
@Override
public ModuleReader get() {
return new SystemModuleReader(mn, uri);
return new SystemModuleReader(mn);
}
};
@ -377,9 +361,7 @@ public final class SystemModuleFinders {
}
/**
* Holder class for the ImageReader
*
* @apiNote This class must be loaded before a security manager is set.
* Holder class for the ImageReader.
*/
private static class SystemImage {
static final ImageReader READER = ImageReaderFactory.getImageReader();
@ -396,25 +378,7 @@ public final class SystemModuleFinders {
private final String module;
private volatile boolean closed;
/**
* If there is a security manager set then check permission to
* connect to the run-time image.
*/
private static void checkPermissionToConnect(URI uri) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
URLConnection uc = uri.toURL().openConnection();
sm.checkPermission(uc.getPermission());
} catch (IOException ioe) {
throw new UncheckedIOException(ioe);
}
}
}
SystemModuleReader(String module, URI uri) {
checkPermissionToConnect(uri);
SystemModuleReader(String module) {
this.module = module;
}