8344231: SecurityManager cleanup in java.lang.module and jdk.internal.module
Reviewed-by: alanb
This commit is contained in:
parent
1bb0d3baaa
commit
f62e05ee96
@ -26,9 +26,6 @@
|
||||
package java.lang.module;
|
||||
|
||||
import java.nio.file.Path;
|
||||
import java.security.AccessController;
|
||||
import java.security.Permission;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
@ -130,17 +127,9 @@ public interface ModuleFinder {
|
||||
*
|
||||
* @return A {@code ModuleFinder} that locates the system modules
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
static ModuleFinder ofSystem() {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new RuntimePermission("accessSystemModules"));
|
||||
PrivilegedAction<ModuleFinder> pa = SystemModuleFinders::ofSystem;
|
||||
return AccessController.doPrivileged(pa);
|
||||
} else {
|
||||
return SystemModuleFinders.ofSystem();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a module finder that locates modules on the file system by
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -370,14 +370,6 @@ class ModuleReferences {
|
||||
|
||||
ExplodedModuleReader(Path dir) {
|
||||
this.dir = dir;
|
||||
|
||||
// when running with a security manager then check that the caller
|
||||
// has access to the directory.
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
boolean unused = Files.isDirectory(dir);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -32,8 +32,6 @@ import java.lang.module.ModuleFinder;
|
||||
import java.lang.module.ModuleReference;
|
||||
import java.lang.module.ResolvedModule;
|
||||
import java.net.URI;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -155,10 +153,7 @@ public class Modules {
|
||||
public static void addProvides(Module m, Class<?> service, Class<?> impl) {
|
||||
ModuleLayer layer = m.getLayer();
|
||||
|
||||
PrivilegedAction<ClassLoader> pa = m::getClassLoader;
|
||||
@SuppressWarnings("removal")
|
||||
ClassLoader loader = AccessController.doPrivileged(pa);
|
||||
|
||||
ClassLoader loader = m.getClassLoader();
|
||||
ClassLoader platformClassLoader = ClassLoaders.platformClassLoader();
|
||||
if (layer == null || loader == null || loader == platformClassLoader) {
|
||||
// update ClassLoader catalog
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,8 +38,6 @@ import java.net.URLConnection;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayDeque;
|
||||
import java.util.Collections;
|
||||
import java.util.Deque;
|
||||
@ -208,21 +206,7 @@ public final class SystemModuleFinders {
|
||||
Path dir = Path.of(home, "modules");
|
||||
if (!Files.isDirectory(dir))
|
||||
throw new InternalError("Unable to detect the run-time image");
|
||||
ModuleFinder f = ModulePath.of(ModuleBootstrap.patcher(), dir);
|
||||
return new ModuleFinder() {
|
||||
@SuppressWarnings("removal")
|
||||
@Override
|
||||
public Optional<ModuleReference> find(String name) {
|
||||
PrivilegedAction<Optional<ModuleReference>> pa = () -> f.find(name);
|
||||
return AccessController.doPrivileged(pa);
|
||||
}
|
||||
@SuppressWarnings("removal")
|
||||
@Override
|
||||
public Set<ModuleReference> findAll() {
|
||||
PrivilegedAction<Set<ModuleReference>> pa = f::findAll;
|
||||
return AccessController.doPrivileged(pa);
|
||||
}
|
||||
};
|
||||
return ModulePath.of(ModuleBootstrap.patcher(), dir);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -314,7 +298,7 @@ public final class SystemModuleFinders {
|
||||
Supplier<ModuleReader> readerSupplier = new Supplier<>() {
|
||||
@Override
|
||||
public ModuleReader get() {
|
||||
return new SystemModuleReader(mn, uri);
|
||||
return new SystemModuleReader(mn);
|
||||
}
|
||||
};
|
||||
|
||||
@ -377,9 +361,7 @@ public final class SystemModuleFinders {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holder class for the ImageReader
|
||||
*
|
||||
* @apiNote This class must be loaded before a security manager is set.
|
||||
* Holder class for the ImageReader.
|
||||
*/
|
||||
private static class SystemImage {
|
||||
static final ImageReader READER = ImageReaderFactory.getImageReader();
|
||||
@ -396,25 +378,7 @@ public final class SystemModuleFinders {
|
||||
private final String module;
|
||||
private volatile boolean closed;
|
||||
|
||||
/**
|
||||
* If there is a security manager set then check permission to
|
||||
* connect to the run-time image.
|
||||
*/
|
||||
private static void checkPermissionToConnect(URI uri) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
try {
|
||||
URLConnection uc = uri.toURL().openConnection();
|
||||
sm.checkPermission(uc.getPermission());
|
||||
} catch (IOException ioe) {
|
||||
throw new UncheckedIOException(ioe);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
SystemModuleReader(String module, URI uri) {
|
||||
checkPermissionToConnect(uri);
|
||||
SystemModuleReader(String module) {
|
||||
this.module = module;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user