Merge pull request #21042 from theresa-m/securitymanager_4

JDK 24 remove java.security.AccessController.doPrivileged part 1

jcl/src/java.base/share/classes/com/ibm/oti/util/Msg.java

@@ -24,7 +24,9 @@
  * SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0
  */
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
 import java.security.AccessController;
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 import java.util.*;
 import com.ibm.oti.vm.*;
 
@@ -61,9 +63,18 @@ public class Msg {
 	static private Hashtable messages;
 
 	static {
+		String resourceName = "com/ibm/oti/util/ExternalMessages"; //$NON-NLS-1$
 		// Attempt to load the messages.
+		/*[IF JAVA_SPEC_VERSION >= 24]*/
+		try {
+			messages = MsgHelp.loadMessages(resourceName);
+		} catch (java.io.IOException e) {
+			// ignore: continue without messages
+		}
+		/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 		messages = (Hashtable) AccessController.doPrivileged(
-				PriviAction.loadMessages("com/ibm/oti/util/ExternalMessages")); //$NON-NLS-1$
+				PriviAction.loadMessages(resourceName));
+		/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 	}
 
 	/**

jcl/src/java.base/share/classes/com/ibm/oti/util/PriviAction.java

@@ -1,4 +1,4 @@
-/*[INCLUDE-IF Sidecar16]*/
+/*[INCLUDE-IF JAVA_SPEC_VERSION < 24]*/
 package com.ibm.oti.util;
 
 /*

jcl/src/java.base/share/classes/com/ibm/oti/util/RuntimePermissions.java

@@ -1,4 +1,4 @@
-/*[INCLUDE-IF Sidecar18-SE]*/
+/*[INCLUDE-IF JAVA_SPEC_VERSION < 24]*/
 package com.ibm.oti.util;
 
 /*

jcl/src/java.base/share/classes/com/ibm/oti/vm/BootstrapClassLoader.java

@@ -24,8 +24,6 @@
 
 import java.util.*;
 
-import com.ibm.oti.util.PriviAction;
-
 import java.io.FilePermission;
 import java.lang.reflect.Method;
 import java.security.AccessController;

jcl/src/java.base/share/classes/java/lang/Access.java

@@ -35,7 +35,6 @@
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Executable;
 import java.lang.reflect.Method;
-import java.security.AccessControlContext;
 import java.util.Map;
 
 import com.ibm.oti.reflect.AnnotationParser;
@@ -173,7 +172,7 @@ public java.lang.StackTraceElement getStackTraceElement(java.lang.Throwable arg0
 /*[IF JAVA_SPEC_VERSION < 24]*/
 	/*[PR CMVC 199693] Prevent trusted method chain attack. */
 	@SuppressWarnings("removal")
-	public Thread newThreadWithAcc(Runnable runnable, AccessControlContext acc) {
+	public Thread newThreadWithAcc(Runnable runnable, java.security.AccessControlContext acc) {
 		return new Thread(runnable, acc);
 	}
 /*[ENDIF] JAVA_SPEC_VERSION < 24 */

jcl/src/java.base/share/classes/java/lang/Class.java

@@ -23,9 +23,6 @@
 package java.lang;
 
 import java.io.InputStream;
-import java.security.AccessControlContext;
-import java.security.ProtectionDomain;
-import java.security.Permissions;
 /*[IF JAVA_SPEC_VERSION >= 12]*/
 import java.lang.constant.ClassDesc;
 /*[ENDIF] JAVA_SPEC_VERSION >= 12*/
@@ -35,6 +32,15 @@
 import java.lang.reflect.*;
 import java.net.URL;
 import java.lang.annotation.*;
+/*[IF JAVA_SPEC_VERSION < 24]*/
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
+import java.security.Permissions;
+import java.security.ProtectionDomain;
 import java.util.Collection;
 import java.util.HashMap;
 /*[IF JAVA_SPEC_VERSION >= 16]*/
@@ -49,9 +55,6 @@
 /*[ENDIF] JAVA_SPEC_VERSION >= 12 */
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedAction;
 import java.lang.ref.*;
 /*[IF JAVA_SPEC_VERSION >= 12]*/
 import java.lang.constant.ClassDesc;
@@ -91,7 +94,6 @@
 import java.lang.annotation.Repeatable;
 import java.lang.invoke.*;
 import com.ibm.oti.reflect.TypeAnnotationParser;
-import java.security.PrivilegedActionException;
 import sun.security.util.SecurityConstants;
 
 /*[IF JAVA_SPEC_VERSION >= 18]*/
@@ -484,7 +486,16 @@ boolean casAnnotationType(AnnotationType oldType, AnnotationType newType) {
 	AnnotationVars localAnnotationVars = getAnnotationVars();
 	long localTypeOffset = AnnotationVars.annotationTypeOffset;
 	if (-1 == localTypeOffset) {
-		Field field = AccessController.doPrivileged(new PrivilegedAction<Field>() {
+		Field field;
+		/*[IF JAVA_SPEC_VERSION >= 24]*/
+		try {
+			field = AnnotationVars.class.getDeclaredField("annotationType"); //$NON-NLS-1$
+		} catch (Exception e) {
+			throw newInternalError(e);
+		}
+		/*[ELSE] JAVA_SPEC_VERSION >= 24 */
+		field = AccessController.doPrivileged(new PrivilegedAction<Field>() {
+			@Override
 			public Field run() {
 				try {
 					return AnnotationVars.class.getDeclaredField("annotationType"); //$NON-NLS-1$
@@ -493,6 +504,7 @@ public Field run() {
 				}
 			}
 		});
+		/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 		localTypeOffset = getUnsafe().objectFieldOffset(field);
 		AnnotationVars.annotationTypeOffset = localTypeOffset;
 	}
@@ -509,7 +521,9 @@ public Field run() {
  * of a class as described in the class definition of
  * java.lang.Class, however Classes representing base
  * types can not be found using this method.
+/*[IF JAVA_SPEC_VERSION < 24]
  * Security rules will be obeyed.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @param		className			The name of the non-base type class to find
  * @param		initializeBoolean	A boolean indicating whether the class should be
@@ -614,7 +628,9 @@ private static Class<?> forNameHelper(
  * It does not invoke the class initializer.
  * Note that this method does not check whether the
  * requested class is accessible to its caller.
+/*[IF JAVA_SPEC_VERSION < 24]
  * Security rules will be obeyed.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @param module The name of the module
  * @param name The name of the non-base type class to find
@@ -629,14 +645,15 @@ public static Class<?> forName(Module module, String name)
 /*[IF JAVA_SPEC_VERSION >= 18]*/
 	return forNameHelper(module, name, null, false);
 /*[ELSE] JAVA_SPEC_VERSION >= 18 */
-	@SuppressWarnings("removal")
-	SecurityManager sm = null;
 	ClassLoader classLoader;
 	Class<?> c;
 
 	if ((null == module) || (null == name)) {
 		throw new NullPointerException();
 	}
+	/*[IF JAVA_SPEC_VERSION < 24]*/
+	@SuppressWarnings("removal")
+	SecurityManager sm = null;
 	if (J9VMInternals.initialized) {
 		sm = System.getSecurityManager();
 	}
@@ -651,7 +668,9 @@ public ClassLoader run() {
 				return module.getClassLoader();
 			}
 		});
-	} else {
+	} else
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
+	{
 		classLoader = module.getClassLoader();
 	}
 
@@ -694,7 +713,7 @@ private static Class<?> forNameHelper(Module module, String name, Class<?> calle
 	if ((null == module) || (null == name)) {
 		throw new NullPointerException();
 	}
-/*[IF JAVA_SPEC_VERSION < 24]*/
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager sm = null;
 	if (J9VMInternals.initialized) {
@@ -714,7 +733,7 @@ public ClassLoader run() {
 			}
 		});
 	} else
-/*[ENDIF] JAVA_SPEC_VERSION < 24 */
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	{
 		classLoader = module.getClassLoader();
 	}
@@ -840,7 +859,9 @@ public ClassLoader getClassLoader() {
 /**
  * Returns the classloader used to load the receiver's class.
  * Returns null if the class was loaded by the bootstrap (system) class loader.
+/*[IF JAVA_SPEC_VERSION < 24]
  * This skips security checks.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  * @return the receiver's class loader or null
  * @see java.lang.ClassLoader
  */
@@ -1848,7 +1869,9 @@ private Method throwExceptionOrReturnNull(boolean throwException, String name, C
  *	public Method getMethod(String name, Class<?>... parameterTypes)
  *	List<Method> getDeclaredPublicMethods(String name, Class<?>... parameterTypes)
  *	Method findMethod(boolean publicOnly, String methodName, Class<?>... parameterTypes)
+/*[IF JAVA_SPEC_VERSION < 24]
  * without going thorough security checking
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @param	throwException boolean
  *				true - throw exception in this helper;
@@ -2428,8 +2451,10 @@ public String getName() {
  * Note: In order to conserve space in embedded targets, we allow this
  * method to answer null for classes in the system protection domain
  * (i.e. for system classes). System classes are always given full
- * permissions (i.e. AllPermission). This is not changeable via the
- * java.security.Policy.
+ * permissions (i.e. AllPermission).
+/*[IF JAVA_SPEC_VERSION < 24]
+ * This is not changeable via the java.security.Policy.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @return		ProtectionDomain
  *					the receiver's ProtectionDomain.
@@ -3573,9 +3598,12 @@ private MethodHandle getValueMethod(final Class<? extends Annotation> containedT
 	MethodHandle valueMethod = localAnnotationVars.valueMethod;
 	if (valueMethod == null) {
 		final MethodType methodType = MethodType.methodType(Array.newInstance(containedType, 0).getClass());
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		valueMethod = AccessController.doPrivileged(new PrivilegedAction<MethodHandle>() {
 			@Override
 			public MethodHandle run() {
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
+				MethodHandle handle;
 				try {
 					MethodHandles.Lookup localImplLookup = implLookup;
 					if (localImplLookup == null) {
@@ -3592,7 +3620,7 @@ public MethodHandle run() {
 						getUnsafe().putOrderedObject(Class.class, implLookupOffset, localImplLookup);
 						/*[ENDIF] JAVA_SPEC_VERSION >= 9 */
 					}
-					MethodHandle handle = localImplLookup.findVirtual(Class.this, "value", methodType); //$NON-NLS-1$
+					handle = localImplLookup.findVirtual(Class.this, "value", methodType); //$NON-NLS-1$
 					if (AnnotationVars.valueMethodOffset == -1) {
 						Field valueMethodField = AnnotationVars.class.getDeclaredField("valueMethod"); //$NON-NLS-1$
 						AnnotationVars.valueMethodOffset = getUnsafe().objectFieldOffset(valueMethodField);
@@ -3604,14 +3632,18 @@ public MethodHandle run() {
 					/*[ELSE] JAVA_SPEC_VERSION >= 9 */
 					getUnsafe().putOrderedObject(localAnnotationVars, AnnotationVars.valueMethodOffset, handle);
 					/*[ENDIF] JAVA_SPEC_VERSION >= 9 */
-					return handle;
 				} catch (NoSuchMethodException e) {
-					return null;
+					handle = null;
 				} catch (IllegalAccessException | NoSuchFieldException e) {
 					throw newInternalError(e);
 				}
+		/*[IF JAVA_SPEC_VERSION >= 24]*/
+				valueMethod = handle;
+		/*[ELSE] JAVA_SPEC_VERSION >= 24 */
+				return handle;
 			}
 		});
+		/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 	}
 	return valueMethod;
 }
@@ -3981,6 +4013,10 @@ T[] getEnumConstantsShared() {
 	T[] enums = localEnumVars.cachedEnumConstants;
 	if (null == enums && isEnum()) {
 		try {
+			/*[IF JAVA_SPEC_VERSION >= 24]*/
+			Method values = getMethod("values"); //$NON-NLS-1$
+			values.setAccessible(true);
+			/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 			final PrivilegedExceptionAction<Method> privilegedAction = new PrivilegedExceptionAction<Method>() {
 				@Override
 				public Method run() throws Exception {
@@ -3993,6 +4029,7 @@ public Method run() throws Exception {
 			};
 
 			Method values = AccessController.doPrivileged(privilegedAction);
+			/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 			Object rawEnums = values.invoke(this);
 			if ((rawEnums == null) || !rawEnums.getClass().isArray()) {
 				return null;
@@ -4016,7 +4053,14 @@ public Method run() throws Exception {
 			/*[ELSE] JAVA_SPEC_VERSION >= 9 */
 			getUnsafe().putOrderedObject(localEnumVars, localEnumConstantsOffset, enums);
 			/*[ENDIF] JAVA_SPEC_VERSION >= 9 */
-		} catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException | PrivilegedActionException e) {
+		} catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException
+		/*[IF JAVA_SPEC_VERSION >= 24]*/
+			| NoSuchMethodException
+		/*[ELSE] JAVA_SPEC_VERSION >= 24 */
+			| PrivilegedActionException
+		/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
+			e
+		) {
 			enums = null;
 		}
 	}

jcl/src/java.base/share/classes/java/lang/J9VMInternals.java

@@ -25,16 +25,18 @@
 import com.ibm.oti.vm.J9UnmodifiableClass;
 import java.lang.ref.SoftReference;
 import java.lang.reflect.*;
+/*[IF JAVA_SPEC_VERSION < 24]*/
+import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
+import java.security.CodeSource;
+import java.security.ProtectionDomain;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Properties;
 import java.util.WeakHashMap;
-import java.security.AccessControlContext;
-import java.security.CodeSource;
-import java.security.ProtectionDomain;
 import java.io.FileDescriptor;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -271,8 +273,11 @@ private static void ensureError(Throwable err) {
 	private static native Throwable newInstance(Class exceptionClass, Class constructorClass);
 
 	private static Throwable cloneThrowable(final Throwable throwable, final HashMap hashMapThrowable) {
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		return (Throwable)AccessController.doPrivileged(new PrivilegedAction() {
+			@Override
 			public Object run() {
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 				Throwable clone;
 				try {
 					Class cls = throwable.getClass();
@@ -305,8 +310,10 @@ public Object run() {
 					clone = new Throwable(Msg.getString("K05c3", e, throwable.toString())); //$NON-NLS-1$
 				}
 				return clone;
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 			}
 		});
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	}
 
 	/**
@@ -612,9 +619,11 @@ private static String[] getClassInfoStrings(final Class<?> clazz, String classPa
 			ClassLoader classLoader = clazz.getClassLoader();
 			if (classLoader != null) {
 				classLoaderStr = classLoader.toString();
+				/*[IF JAVA_SPEC_VERSION < 24]*/
 				classPath = AccessController.doPrivileged(new PrivilegedAction<String>() {
 					@Override
 					public String run() {
+				/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 						String path = null;
 						try {
 							ProtectionDomain pd = clazz.getProtectionDomain();
@@ -629,9 +638,13 @@ public String run() {
 							}
 						} catch (Exception e) {
 						}
+				/*[IF JAVA_SPEC_VERSION >= 24]*/
+						classPath = path;
+				/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 						return path;
 					}
 				});
+				/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 			}
 		}
 		if (classPath != null) {

jcl/src/java.base/share/classes/java/lang/RuntimePermission.java

@@ -1,4 +1,4 @@
-/*[INCLUDE-IF Sidecar16]*/
+/*[INCLUDE-IF JAVA_SPEC_VERSION < 24]*/
 package java.lang;
 
 /*