Skip to content

Commit

Permalink
8344397: Remove Security Manager dependencies from java.security and …
Browse files Browse the repository at this point in the history 
…sun.security packages

Reviewed-by: rriggs, hchao, weijun, alanb
  • Loading branch information
@seanjmullan
seanjmullan committed Dec 2, 2024
1 parent 3d0d0e6 commit 940aa7c
Show file tree
Hide file tree
Showing 45 changed files with 407 additions and 1,437 deletions.
4 changes: 2 additions & 2 deletions src/java.base/share/classes/java/lang/Class.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
import java.lang.reflect.TypeVariable;
import java.lang.constant.Constable;
import java.net.URL;
import java.security.AllPermission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.ArrayList;
Expand Down Expand Up @@ -89,7 +90,6 @@
import sun.reflect.generics.repository.MethodRepository;
import sun.reflect.generics.repository.ConstructorRepository;
import sun.reflect.generics.scope.ClassScope;
import sun.security.util.SecurityConstants;
import sun.reflect.annotation.*;
import sun.reflect.misc.ReflectUtil;

Expand Down Expand Up @@ -2720,7 +2720,7 @@ private static class Holder {
private static final ProtectionDomain allPermDomain;
static {
Permissions perms = new Permissions();
perms.add(SecurityConstants.ALL_PERMISSION);
perms.add(new AllPermission());
allPermDomain = new ProtectionDomain(null, perms);
}
}
Expand Down
8 changes: 0 additions & 8 deletions src/java.base/share/classes/java/security/AccessControlContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,6 @@
public final class AccessControlContext {

private ProtectionDomain[] context;
// isPrivileged and isAuthorized are referenced by the VM - do not remove
// or change their names
private boolean isPrivileged;
private boolean isAuthorized = false;

// Note: This field is directly used by the virtual machine
// native codes. Don't touch it.
private AccessControlContext privilegedContext;

@SuppressWarnings("removal")
private DomainCombiner combiner = null;
Expand Down
57 changes: 18 additions & 39 deletions src/java.base/share/classes/java/security/Provider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,12 +345,6 @@ public String toString() {
return name + " version " + versionStr;
}

/*
* override the following methods to ensure that provider
* information can only be changed if the caller has the appropriate
* permissions.
*/

/**
* Clears this {@code Provider} so that it no longer contains the properties
* used to look up facilities implemented by the {@code Provider}.
Expand All @@ -359,7 +353,7 @@ public String toString() {
*/
@Override
public synchronized void clear() {
check("clearProviderProperties."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider properties");
}
Expand All @@ -376,7 +370,7 @@ public synchronized void clear() {
*/
@Override
public synchronized void load(InputStream inStream) throws IOException {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Load " + name + " provider properties");
}
Expand All @@ -394,7 +388,7 @@ public synchronized void load(InputStream inStream) throws IOException {
*/
@Override
public synchronized void putAll(Map<?,?> t) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Put all " + name + " provider properties");
}
Expand Down Expand Up @@ -461,7 +455,7 @@ public Collection<Object> values() {
*/
@Override
public synchronized Object put(Object key, Object value) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Set " + name + " provider property [" +
key + "/" + value +"]");
Expand All @@ -478,7 +472,7 @@ public synchronized Object put(Object key, Object value) {
*/
@Override
public synchronized Object putIfAbsent(Object key, Object value) {
check("putProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Set " + name + " provider property [" +
key + "/" + value +"]");
Expand All @@ -494,7 +488,7 @@ public synchronized Object putIfAbsent(Object key, Object value) {
*/
@Override
public synchronized Object remove(Object key) {
check("removeProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider property " + key);
}
Expand All @@ -509,7 +503,7 @@ public synchronized Object remove(Object key) {
*/
@Override
public synchronized boolean remove(Object key, Object value) {
check("removeProviderProperty."+name);
checkInitialized();
if (debug != null) {
debug.println("Remove " + name + " provider property " + key);
}
Expand All @@ -525,7 +519,7 @@ public synchronized boolean remove(Object key, Object value) {
@Override
public synchronized boolean replace(Object key, Object oldValue,
Object newValue) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Replace " + name + " provider property " + key);
}
Expand All @@ -540,7 +534,7 @@ public synchronized boolean replace(Object key, Object oldValue,
*/
@Override
public synchronized Object replace(Object key, Object value) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Replace " + name + " provider property " + key);
}
Expand All @@ -558,7 +552,7 @@ public synchronized Object replace(Object key, Object value) {
@Override
public synchronized void replaceAll(BiFunction<? super Object,
? super Object, ? extends Object> function) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ReplaceAll " + name + " provider property ");
}
Expand All @@ -575,8 +569,7 @@ public synchronized void replaceAll(BiFunction<? super Object,
@Override
public synchronized Object compute(Object key, BiFunction<? super Object,
? super Object, ? extends Object> remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Compute " + name + " provider property " + key);
}
Expand All @@ -594,8 +587,7 @@ public synchronized Object compute(Object key, BiFunction<? super Object,
@Override
public synchronized Object computeIfAbsent(Object key,
Function<? super Object, ? extends Object> mappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ComputeIfAbsent " + name + " provider property " +
key);
Expand All @@ -613,8 +605,7 @@ public synchronized Object computeIfAbsent(Object key,
public synchronized Object computeIfPresent(Object key,
BiFunction<? super Object, ? super Object, ? extends Object>
remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("ComputeIfPresent " + name + " provider property " +
key);
Expand All @@ -635,8 +626,7 @@ public synchronized Object computeIfPresent(Object key,
public synchronized Object merge(Object key, Object value,
BiFunction<? super Object, ? super Object, ? extends Object>
remappingFunction) {
check("putProviderProperty." + name);
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println("Merge " + name + " provider property " + key);
}
Expand Down Expand Up @@ -694,15 +684,6 @@ private void checkInitialized() {
}
}

private void check(String directive) {
checkInitialized();
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}

// legacyMap changed since last call to getServices()
private transient volatile boolean legacyChanged;
// serviceMap changed since last call to getServices()
Expand Down Expand Up @@ -789,8 +770,6 @@ private static boolean checkLegacy(Object key) {

/**
* Copies all the mappings from the specified Map to this provider.
* Internal method to be called AFTER the security check has been
* performed.
*/
private void implPutAll(Map<?,?> t) {
for (Map.Entry<?,?> e : t.entrySet()) {
Expand Down Expand Up @@ -1239,7 +1218,7 @@ public Set<Service> getServices() {
* @since 1.5
*/
protected void putService(Service s) {
check("putProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println(name + ".putService(): " + s);
}
Expand Down Expand Up @@ -1303,7 +1282,7 @@ Service getDefaultSecureRandomService() {
private void putPropertyStrings(Service s) {
String type = s.getType();
String algorithm = s.getAlgorithm();
// use super() to avoid permission check and other processing
// use super() to avoid other processing
super.put(type + "." + algorithm, s.getClassName());
for (String alias : s.getAliases()) {
super.put(ALIAS_PREFIX + type + "." + alias, algorithm);
Expand All @@ -1321,7 +1300,7 @@ private void putPropertyStrings(Service s) {
private void removePropertyStrings(Service s) {
String type = s.getType();
String algorithm = s.getAlgorithm();
// use super() to avoid permission check and other processing
// use super() to avoid other processing
super.remove(type + "." + algorithm);
for (String alias : s.getAliases()) {
super.remove(ALIAS_PREFIX + type + "." + alias);
Expand All @@ -1346,7 +1325,7 @@ private void removePropertyStrings(Service s) {
* @since 1.5
*/
protected void removeService(Service s) {
check("removeProviderProperty." + name);
checkInitialized();
if (debug != null) {
debug.println(name + ".removeService(): " + s);
}
Expand Down
6 changes: 1 addition & 5 deletions src/java.base/share/classes/java/security/SecureRandom.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -942,11 +942,7 @@ private static final class StrongPatternHolder {
public static SecureRandom getInstanceStrong()
throws NoSuchAlgorithmException {

@SuppressWarnings("removal")
String property = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> Security.getProperty(
"securerandom.strongAlgorithms"));

String property = Security.getProperty("securerandom.strongAlgorithms");
if (property == null || property.isEmpty()) {
throw new NoSuchAlgorithmException(
"Null/empty securerandom.strongAlgorithms Security Property");
Expand Down
42 changes: 2 additions & 40 deletions src/java.base/share/classes/java/security/Security.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,14 +312,7 @@ private static void debugLoad(boolean start, Object source) {
}

static {
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call, etc)
@SuppressWarnings("removal")
var dummy = AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
initialize();
return null;
});
initialize();
// Set up JavaSecurityPropertiesAccess in SharedSecrets
SharedSecrets.setJavaSecurityPropertiesAccess(new JavaSecurityPropertiesAccess() {
@Override
Expand Down Expand Up @@ -475,15 +468,13 @@ public static String getAlgorithmProperty(String algName,
*/
public static synchronized int insertProviderAt(Provider provider,
int position) {
String providerName = provider.getName();
checkInsertProvider(providerName);
ProviderList list = Providers.getFullProviderList();
ProviderList newList = ProviderList.insertAt(list, provider, position - 1);
if (list == newList) {
return -1;
}
Providers.setProviderList(newList);
return newList.getIndex(providerName) + 1;
return newList.getIndex(provider.getName()) + 1;
}

/**
Expand Down Expand Up @@ -527,7 +518,6 @@ public static int addProvider(Provider provider) {
* @see #addProvider
*/
public static synchronized void removeProvider(String name) {
check("removeProvider." + name);
ProviderList list = Providers.getFullProviderList();
ProviderList newList = ProviderList.remove(list, name);
Providers.setProviderList(newList);
Expand Down Expand Up @@ -822,7 +812,6 @@ static Object[] getImpl(String algorithm, String type, Provider provider,
*/
public static String getProperty(String key) {
SecPropLoader.checkReservedKey(key);
check("getProperty." + key);
String name = props.getProperty(key);
if (name != null)
name = name.trim(); // could be a class name with trailing ws
Expand All @@ -845,7 +834,6 @@ public static String getProperty(String key) {
*/
public static void setProperty(String key, String datum) {
SecPropLoader.checkReservedKey(key);
check("setProperty." + key);
props.put(key, datum);

SecurityPropertyModificationEvent spe = new SecurityPropertyModificationEvent();
Expand All @@ -859,32 +847,6 @@ public static void setProperty(String key, String datum) {
}
}

private static void check(String directive) {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}

private static void checkInsertProvider(String name) {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
try {
security.checkSecurityAccess("insertProvider");
} catch (SecurityException se1) {
try {
security.checkSecurityAccess("insertProvider." + name);
} catch (SecurityException se2) {
// throw first exception, but add second to suppressed
se1.addSuppressed(se2);
throw se1;
}
}
}
}

private static class Criteria {
private final String serviceName;
private final String algName;
Expand Down
Loading

0 comments on commit 940aa7c

Please sign in to comment.