8344446: Remove security manager dependency from module jdk.sctp

Reviewed-by: mullan, alanb
This commit is contained in:
Brian Burkhalter 2024-11-19 20:30:02 +00:00
parent aac1f9af01
commit f6f73ce70d
4 changed files with 11 additions and 103 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,8 +30,6 @@ import java.net.SocketException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.io.FileDescriptor; import java.io.FileDescriptor;
import java.io.IOException; import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections; import java.util.Collections;
import java.util.Set; import java.util.Set;
import java.util.HashSet; import java.util.HashSet;
@ -194,11 +192,6 @@ public class SctpChannelImpl extends SctpChannel
SctpNet.throwAlreadyBoundException(); SctpNet.throwAlreadyBoundException();
InetSocketAddress isa = (local == null) ? InetSocketAddress isa = (local == null) ?
new InetSocketAddress(0) : Net.checkAddress(local); new InetSocketAddress(0) : Net.checkAddress(local);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkListen(isa.getPort());
}
Net.bind(fd, isa.getAddress(), isa.getPort()); Net.bind(fd, isa.getAddress(), isa.getPort());
InetSocketAddress boundIsa = Net.localAddress(fd); InetSocketAddress boundIsa = Net.localAddress(fd);
port = boundIsa.getPort(); port = boundIsa.getPort();
@ -364,11 +357,6 @@ public class SctpChannelImpl extends SctpChannel
synchronized (sendLock) { synchronized (sendLock) {
ensureOpenAndUnconnected(); ensureOpenAndUnconnected();
InetSocketAddress isa = Net.checkAddress(endpoint); InetSocketAddress isa = Net.checkAddress(endpoint);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkConnect(isa.getAddress().getHostAddress(),
isa.getPort());
synchronized (blockingLock()) { synchronized (blockingLock()) {
int n = 0; int n = 0;
try { try {
@ -1094,16 +1082,10 @@ public class SctpChannelImpl extends SctpChannel
loadSctpLibrary(); loadSctpLibrary();
} }
@SuppressWarnings({"removal", "restricted"}) @SuppressWarnings("restricted")
private static void loadSctpLibrary() { private static void loadSctpLibrary() {
IOUtil.load(); /* loads nio & net native libraries */ IOUtil.load(); /* loads nio & net native libraries */
AccessController.doPrivileged(
new PrivilegedAction<>() {
public Void run() {
System.loadLibrary("sctp"); System.loadLibrary("sctp");
return null;
}
});
initIDs(); initIDs();
} }
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -149,10 +149,6 @@ public class SctpMultiChannelImpl extends SctpMultiChannel
InetSocketAddress isa = (local == null) ? InetSocketAddress isa = (local == null) ?
new InetSocketAddress(0) : Net.checkAddress(local); new InetSocketAddress(0) : Net.checkAddress(local);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkListen(isa.getPort());
Net.bind(fd, isa.getAddress(), isa.getPort()); Net.bind(fd, isa.getAddress(), isa.getPort());
InetSocketAddress boundIsa = Net.localAddress(fd); InetSocketAddress boundIsa = Net.localAddress(fd);
@ -508,21 +504,6 @@ public class SctpMultiChannelImpl extends SctpMultiChannel
resultContainer.getMessageInfo(); resultContainer.getMessageInfo();
info.setAssociation(lookupAssociation(info. info.setAssociation(lookupAssociation(info.
associationID())); associationID()));
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
InetSocketAddress isa = (InetSocketAddress)info.address();
if (!addressMap.containsKey(isa)) {
/* must be a new association */
try {
sm.checkAccept(isa.getAddress().getHostAddress(),
isa.getPort());
} catch (SecurityException se) {
buffer.clear();
throw se;
}
}
}
assert info.association() != null; assert info.association() != null;
return info; return info;
@ -805,12 +786,6 @@ public class SctpMultiChannelImpl extends SctpMultiChannel
checkStreamNumber(association, messageInfo.streamNumber()); checkStreamNumber(association, messageInfo.streamNumber());
assocId = association.associationID(); assocId = association.associationID();
} else { /* must be new association */
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkConnect(addr.getAddress().getHostAddress(),
addr.getPort());
} }
} else { } else {
throw new AssertionError( throw new AssertionError(

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,8 +32,6 @@ import java.net.SocketAddress;
import java.nio.channels.AlreadyBoundException; import java.nio.channels.AlreadyBoundException;
import java.util.Set; import java.util.Set;
import java.util.HashSet; import java.util.HashSet;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.net.util.IPAddressUtil; import sun.net.util.IPAddressUtil;
import sun.nio.ch.IOUtil; import sun.nio.ch.IOUtil;
import sun.nio.ch.Net; import sun.nio.ch.Net;
@ -91,41 +89,14 @@ public class SctpNet {
SocketAddress[] saa = getLocalAddresses0(fd); SocketAddress[] saa = getLocalAddresses0(fd);
if (saa != null) { if (saa != null) {
set = getRevealedLocalAddressSet(saa); set = new HashSet<>(saa.length);
for (SocketAddress sa : saa)
set.add(sa);
} }
return set; return set;
} }
private static Set<SocketAddress> getRevealedLocalAddressSet(
SocketAddress[] saa)
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
Set<SocketAddress> set = new HashSet<>(saa.length);
for (SocketAddress sa : saa) {
set.add(getRevealedLocalAddress(sa, sm));
}
return set;
}
private static SocketAddress getRevealedLocalAddress(SocketAddress sa,
@SuppressWarnings("removal") SecurityManager sm)
{
if (sm == null || sa == null)
return sa;
InetSocketAddress ia = (InetSocketAddress)sa;
try{
sm.checkConnect(ia.getAddress().getHostAddress(), -1);
// Security check passed
} catch (SecurityException e) {
// Return loopback address
return new InetSocketAddress(InetAddress.getLoopbackAddress(),
ia.getPort());
}
return sa;
}
static Set<SocketAddress> getRemoteAddresses(int fd, int assocId) static Set<SocketAddress> getRemoteAddresses(int fd, int assocId)
throws IOException { throws IOException {
Set<SocketAddress> set = null; Set<SocketAddress> set = null;
@ -336,13 +307,7 @@ public class SctpNet {
@SuppressWarnings({"removal", "restricted"}) @SuppressWarnings({"removal", "restricted"})
private static void loadSctpLibrary() { private static void loadSctpLibrary() {
IOUtil.load(); // loads nio & net native libraries IOUtil.load(); // loads nio & net native libraries
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sctp"); System.loadLibrary("sctp");
return null;
}
});
init(); init();
} }
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -109,10 +109,6 @@ public class SctpServerChannelImpl extends SctpServerChannel
InetSocketAddress isa = (local == null) ? InetSocketAddress isa = (local == null) ?
new InetSocketAddress(0) : Net.checkAddress(local); new InetSocketAddress(0) : Net.checkAddress(local);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkListen(isa.getPort());
Net.bind(fd, isa.getAddress(), isa.getPort()); Net.bind(fd, isa.getAddress(), isa.getPort());
InetSocketAddress boundIsa = Net.localAddress(fd); InetSocketAddress boundIsa = Net.localAddress(fd);
@ -217,7 +213,6 @@ public class SctpServerChannelImpl extends SctpServerChannel
throw new ClosedChannelException(); throw new ClosedChannelException();
if (!isBound()) if (!isBound())
throw new NotYetBoundException(); throw new NotYetBoundException();
SctpChannel sc = null;
int n = 0; int n = 0;
FileDescriptor newfd = new FileDescriptor(); FileDescriptor newfd = new FileDescriptor();
@ -244,16 +239,7 @@ public class SctpServerChannelImpl extends SctpServerChannel
return null; return null;
IOUtil.configureBlocking(newfd, true); IOUtil.configureBlocking(newfd, true);
InetSocketAddress isa = isaa[0]; return new SctpChannelImpl(provider(), newfd);
sc = new SctpChannelImpl(provider(), newfd);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkAccept(isa.getAddress().getHostAddress(),
isa.getPort());
return sc;
} }
} }