Skip to content

Commit 0615bc5

Browse files
committed
Adapt JDK-8338411: Implement JEP 486: Permanently Disable the Security Manager.
1 parent 976bcb1 commit 0615bc5

File tree

6 files changed

+24
-8
lines changed

6 files changed

+24
-8
lines changed

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/JavaLangSubstitutions.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -428,6 +428,7 @@ private static String getProperty(String key, String def) {
428428
* passed to the image builder.
429429
*/
430430
@Alias @RecomputeFieldValue(kind = Kind.FromAlias, isFinal = true) //
431+
@TargetElement(onlyWith = JDK21OrEarlier.class)
431432
private static int allowSecurityManager = 1;
432433

433434
/**
@@ -440,6 +441,7 @@ private static String getProperty(String key, String def) {
440441
*/
441442
@Substitute
442443
@SuppressWarnings({"removal", "javadoc"})
444+
@TargetElement(onlyWith = JDK21OrEarlier.class)
443445
private static void setSecurityManager(SecurityManager sm) {
444446
if (sm != null) {
445447
/* Read the property collected at isolate creation as that is what happens on the JVM */

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SecuritySubstitutions.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@
7575
* All security checks are disabled.
7676
*/
7777

78-
@TargetClass(java.security.AccessController.class)
78+
@TargetClass(value = java.security.AccessController.class, onlyWith = JDK21OrEarlier.class)
7979
@Platforms(InternalPlatform.NATIVE_ONLY.class)
8080
@SuppressWarnings({"unused"})
8181
final class Target_java_security_AccessController {
@@ -432,11 +432,11 @@ public boolean test(Class<?> originalClass) {
432432
}
433433
}
434434

435-
@TargetClass(value = java.security.Policy.class, innerClass = "PolicyInfo")
435+
@TargetClass(value = java.security.Policy.class, innerClass = "PolicyInfo", onlyWith = JDK21OrEarlier.class)
436436
final class Target_java_security_Policy_PolicyInfo {
437437
}
438438

439-
@TargetClass(java.security.Policy.class)
439+
@TargetClass(value = java.security.Policy.class, onlyWith = JDK21OrEarlier.class)
440440
final class Target_java_security_Policy {
441441

442442
@Delete //
@@ -503,7 +503,7 @@ public boolean implies(ProtectionDomain domain, Permission permission) {
503503
* version is more fool-proof in case someone manually registers security providers for reflective
504504
* instantiation.
505505
*/
506-
@TargetClass(className = "sun.security.provider.PolicySpiFile")
506+
@TargetClass(className = "sun.security.provider.PolicySpiFile", onlyWith = JDK21OrEarlier.class)
507507
@SuppressWarnings({"unused", "static-method", "deprecation"})
508508
final class Target_sun_security_provider_PolicySpiFile {
509509

@@ -536,7 +536,7 @@ private void engineRefresh() {
536536
}
537537

538538
@Delete("Substrate VM does not use SecurityManager, so loading a security policy file would be misleading")
539-
@TargetClass(className = "sun.security.provider.PolicyFile")
539+
@TargetClass(className = "sun.security.provider.PolicyFile", onlyWith = JDK21OrEarlier.class)
540540
final class Target_sun_security_provider_PolicyFile {
541541
}
542542

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/Target_java_security_AccessControlContext.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,10 @@
3232
import com.oracle.svm.core.annotate.Substitute;
3333
import com.oracle.svm.core.annotate.TargetClass;
3434

35+
import com.oracle.svm.core.annotate.TargetElement;
3536
import sun.security.util.Debug;
3637

37-
@TargetClass(java.security.AccessControlContext.class)
38+
@TargetClass(value = java.security.AccessControlContext.class, onlyWith = JDK21OrEarlier.class)
3839
final class Target_java_security_AccessControlContext {
3940

4041
@Alias //

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/thread/JavaThreads.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -382,7 +382,9 @@ static void initializeNewThread(
382382

383383
PlatformThreads.setThreadStatus(fromTarget(tjlt), ThreadStatus.NEW);
384384

385-
tjlt.inheritedAccessControlContext = acc != null ? acc : AccessController.getContext();
385+
if (JavaVersionUtil.JAVA_SPEC == 21) {
386+
tjlt.inheritedAccessControlContext = acc != null ? acc : AccessController.getContext();
387+
}
386388

387389
initNewThreadLocalsAndLoader(tjlt, inheritThreadLocals, parent);
388390

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/thread/Target_java_lang_Thread.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@
3131
import java.util.Map;
3232
import java.util.Objects;
3333

34+
import com.oracle.svm.core.jdk.JDKUtils;
35+
import jdk.graal.compiler.serviceprovider.JavaVersionUtil;
3436
import org.graalvm.nativeimage.IsolateThread;
3537
import org.graalvm.nativeimage.Platforms;
3638
import org.graalvm.nativeimage.impl.InternalPlatform;
@@ -115,6 +117,7 @@ public final class Target_java_lang_Thread {
115117
*/
116118
@Alias //
117119
@RecomputeFieldValue(kind = RecomputeFieldValue.Kind.Reset) //
120+
@TargetElement(onlyWith = JDK21OrEarlier.class)
118121
public AccessControlContext inheritedAccessControlContext;
119122

120123
@Alias //
@@ -252,7 +255,9 @@ private Target_java_lang_Thread(String name, int characteristics, boolean bound)
252255

253256
this.name = (name != null) ? name : "";
254257
this.tid = Target_java_lang_Thread_ThreadIdentifiers.next();
255-
this.inheritedAccessControlContext = Target_java_lang_Thread_Constants.NO_PERMISSIONS_ACC;
258+
if (JavaVersionUtil.JAVA_SPEC == 21) {
259+
this.inheritedAccessControlContext = Target_java_lang_Thread_Constants.NO_PERMISSIONS_ACC;
260+
}
256261

257262
boolean inheritThreadLocals = (characteristics & NO_INHERIT_THREAD_LOCALS) == 0;
258263
JavaThreads.initNewThreadLocalsAndLoader(this, inheritThreadLocals, Thread.currentThread());
@@ -538,6 +543,7 @@ boolean isTerminated() {
538543
final class Target_java_lang_Thread_Constants {
539544
// Checkstyle: stop
540545
@SuppressWarnings("removal") //
546+
@TargetElement(onlyWith = JDK21OrEarlier.class)
541547
@Alias static AccessControlContext NO_PERMISSIONS_ACC;
542548

543549
@Alias static ThreadGroup VTHREAD_GROUP;

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/AccessControlContextReplacerFeature.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,11 @@ public void duringSetup(DuringSetupAccess access) {
8686
access.registerObjectReplacer(AccessControlContextReplacerFeature::replaceAccessControlContext);
8787
}
8888

89+
@Override
90+
public boolean isInConfiguration(IsInConfigurationAccess access) {
91+
return JavaVersionUtil.JAVA_SPEC <= 21;
92+
}
93+
8994
private static boolean isSimpleContext(AccessControlContext ctx) {
9095
/*
9196
* In addition to aforementioned allow-listed contexts we also allow inclusion of very

0 commit comments

Comments
 (0)