stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344231: SecurityManager cleanup in java.lang.module and jdk.internal.module

Browse Source 
Reviewed-by: alanb
This commit is contained in:
Eirik Bjørsnøs 2024-11-15 19:21:07 +00:00
parent 1bb0d3baaa
commit f62e05ee96
4 changed files with 8 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/java.base/share/classes/java/lang/module/ModuleFinder.java
View File

@ -26,9 +26,6 @@
package java.lang.module; package java.lang.module;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
@ -130,17 +127,9 @@ public interface ModuleFinder {
* *
* @return A {@code ModuleFinder} that locates the system modules * @return A {@code ModuleFinder} that locates the system modules
*/ */
@SuppressWarnings("removal")
static ModuleFinder ofSystem() { static ModuleFinder ofSystem() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("accessSystemModules"));
PrivilegedAction<ModuleFinder> pa = SystemModuleFinders::ofSystem;
return AccessController.doPrivileged(pa);
} else {
return SystemModuleFinders.ofSystem(); return SystemModuleFinders.ofSystem();
} }
}
/** /**
* Returns a module finder that locates modules on the file system by * Returns a module finder that locates modules on the file system by

10
src/java.base/share/classes/jdk/internal/module/ModuleReferences.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -370,14 +370,6 @@ class ModuleReferences {
ExplodedModuleReader(Path dir) { ExplodedModuleReader(Path dir) {
this.dir = dir; this.dir = dir;
// when running with a security manager then check that the caller
// has access to the directory.
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
boolean unused = Files.isDirectory(dir);
}
} }
/** /**

7
src/java.base/share/classes/jdk/internal/module/Modules.java
View File

@ -32,8 +32,6 @@ import java.lang.module.ModuleFinder;
import java.lang.module.ModuleReference; import java.lang.module.ModuleReference;
import java.lang.module.ResolvedModule; import java.lang.module.ResolvedModule;
import java.net.URI; import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -155,10 +153,7 @@ public class Modules {
public static void addProvides(Module m, Class<?> service, Class<?> impl) { public static void addProvides(Module m, Class<?> service, Class<?> impl) {
ModuleLayer layer = m.getLayer(); ModuleLayer layer = m.getLayer();
PrivilegedAction<ClassLoader> pa = m::getClassLoader; ClassLoader loader = m.getClassLoader();
@SuppressWarnings("removal")
ClassLoader loader = AccessController.doPrivileged(pa);
ClassLoader platformClassLoader = ClassLoaders.platformClassLoader(); ClassLoader platformClassLoader = ClassLoaders.platformClassLoader();
if (layer == null || loader == null || loader == platformClassLoader) { if (layer == null || loader == null || loader == platformClassLoader) {
// update ClassLoader catalog // update ClassLoader catalog

46
src/java.base/share/classes/jdk/internal/module/SystemModuleFinders.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -38,8 +38,6 @@ import java.net.URLConnection;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayDeque; import java.util.ArrayDeque;
import java.util.Collections; import java.util.Collections;
import java.util.Deque; import java.util.Deque;
@ -208,21 +206,7 @@ public final class SystemModuleFinders {
Path dir = Path.of(home, "modules"); Path dir = Path.of(home, "modules");
if (!Files.isDirectory(dir)) if (!Files.isDirectory(dir))
throw new InternalError("Unable to detect the run-time image"); throw new InternalError("Unable to detect the run-time image");
ModuleFinder f = ModulePath.of(ModuleBootstrap.patcher(), dir); return ModulePath.of(ModuleBootstrap.patcher(), dir);
return new ModuleFinder() {
@SuppressWarnings("removal")
@Override
public Optional<ModuleReference> find(String name) {
PrivilegedAction<Optional<ModuleReference>> pa = () -> f.find(name);
return AccessController.doPrivileged(pa);
}
@SuppressWarnings("removal")
@Override
public Set<ModuleReference> findAll() {
PrivilegedAction<Set<ModuleReference>> pa = f::findAll;
return AccessController.doPrivileged(pa);
}
};
} }
/** /**
@ -314,7 +298,7 @@ public final class SystemModuleFinders {
Supplier<ModuleReader> readerSupplier = new Supplier<>() { Supplier<ModuleReader> readerSupplier = new Supplier<>() {
@Override @Override
public ModuleReader get() { public ModuleReader get() {
return new SystemModuleReader(mn, uri); return new SystemModuleReader(mn);
} }
}; };
@ -377,9 +361,7 @@ public final class SystemModuleFinders {
} }
/** /**
* Holder class for the ImageReader * Holder class for the ImageReader.
*
* @apiNote This class must be loaded before a security manager is set.
*/ */
private static class SystemImage { private static class SystemImage {
static final ImageReader READER = ImageReaderFactory.getImageReader(); static final ImageReader READER = ImageReaderFactory.getImageReader();
@ -396,25 +378,7 @@ public final class SystemModuleFinders {
private final String module; private final String module;
private volatile boolean closed; private volatile boolean closed;
/** SystemModuleReader(String module) {
* If there is a security manager set then check permission to
* connect to the run-time image.
*/
private static void checkPermissionToConnect(URI uri) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
URLConnection uc = uri.toURL().openConnection();
sm.checkPermission(uc.getPermission());
} catch (IOException ioe) {
throw new UncheckedIOException(ioe);
}
}
}
SystemModuleReader(String module, URI uri) {
checkPermissionToConnect(uri);
this.module = module; this.module = module;
} }