8344397: Remove Security Manager dependencies from java.security and sun.security packages

Reviewed-by: rriggs, hchao, weijun, alanb

Author: seanjmullan

src/java.base/share/classes/java/lang/Class.java

@@ -53,6 +53,7 @@
 import java.lang.reflect.TypeVariable;
 import java.lang.constant.Constable;
 import java.net.URL;
+import java.security.AllPermission;
 import java.security.Permissions;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
@@ -89,7 +90,6 @@
 import sun.reflect.generics.repository.MethodRepository;
 import sun.reflect.generics.repository.ConstructorRepository;
 import sun.reflect.generics.scope.ClassScope;
-import sun.security.util.SecurityConstants;
 import sun.reflect.annotation.*;
 import sun.reflect.misc.ReflectUtil;
 
@@ -2720,7 +2720,7 @@ private static class Holder {
         private static final ProtectionDomain allPermDomain;
         static {
             Permissions perms = new Permissions();
-            perms.add(SecurityConstants.ALL_PERMISSION);
+            perms.add(new AllPermission());
             allPermDomain = new ProtectionDomain(null, perms);
         }
     }

src/java.base/share/classes/java/security/AccessControlContext.java

@@ -44,14 +44,6 @@
 public final class AccessControlContext {
 
     private ProtectionDomain[] context;
-    // isPrivileged and isAuthorized are referenced by the VM - do not remove
-    // or change their names
-    private boolean isPrivileged;
-    private boolean isAuthorized = false;
-
-    // Note: This field is directly used by the virtual machine
-    // native codes. Don't touch it.
-    private AccessControlContext privilegedContext;
 
     @SuppressWarnings("removal")
     private DomainCombiner combiner = null;

src/java.base/share/classes/java/security/Provider.java

@@ -345,12 +345,6 @@ public String toString() {
         return name + " version " + versionStr;
     }
 
-    /*
-     * override the following methods to ensure that provider
-     * information can only be changed if the caller has the appropriate
-     * permissions.
-     */
-
     /**
      * Clears this {@code Provider} so that it no longer contains the properties
      * used to look up facilities implemented by the {@code Provider}.
@@ -359,7 +353,7 @@ public String toString() {
      */
     @Override
     public synchronized void clear() {
-        check("clearProviderProperties."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Remove " + name + " provider properties");
         }
@@ -376,7 +370,7 @@ public synchronized void clear() {
      */
     @Override
     public synchronized void load(InputStream inStream) throws IOException {
-        check("putProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Load " + name + " provider properties");
         }
@@ -394,7 +388,7 @@ public synchronized void load(InputStream inStream) throws IOException {
      */
     @Override
     public synchronized void putAll(Map<?,?> t) {
-        check("putProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Put all " + name + " provider properties");
         }
@@ -461,7 +455,7 @@ public Collection<Object> values() {
      */
     @Override
     public synchronized Object put(Object key, Object value) {
-        check("putProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Set " + name + " provider property [" +
                           key + "/" + value +"]");
@@ -478,7 +472,7 @@ public synchronized Object put(Object key, Object value) {
      */
     @Override
     public synchronized Object putIfAbsent(Object key, Object value) {
-        check("putProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Set " + name + " provider property [" +
                           key + "/" + value +"]");
@@ -494,7 +488,7 @@ public synchronized Object putIfAbsent(Object key, Object value) {
      */
     @Override
     public synchronized Object remove(Object key) {
-        check("removeProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Remove " + name + " provider property " + key);
         }
@@ -509,7 +503,7 @@ public synchronized Object remove(Object key) {
      */
     @Override
     public synchronized boolean remove(Object key, Object value) {
-        check("removeProviderProperty."+name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Remove " + name + " provider property " + key);
         }
@@ -525,7 +519,7 @@ public synchronized boolean remove(Object key, Object value) {
     @Override
     public synchronized boolean replace(Object key, Object oldValue,
             Object newValue) {
-        check("putProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Replace " + name + " provider property " + key);
         }
@@ -540,7 +534,7 @@ public synchronized boolean replace(Object key, Object oldValue,
      */
     @Override
     public synchronized Object replace(Object key, Object value) {
-        check("putProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Replace " + name + " provider property " + key);
         }
@@ -558,7 +552,7 @@ public synchronized Object replace(Object key, Object value) {
     @Override
     public synchronized void replaceAll(BiFunction<? super Object,
             ? super Object, ? extends Object> function) {
-        check("putProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("ReplaceAll " + name + " provider property ");
         }
@@ -575,8 +569,7 @@ public synchronized void replaceAll(BiFunction<? super Object,
     @Override
     public synchronized Object compute(Object key, BiFunction<? super Object,
             ? super Object, ? extends Object> remappingFunction) {
-        check("putProviderProperty." + name);
-        check("removeProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Compute " + name + " provider property " + key);
         }
@@ -594,8 +587,7 @@ public synchronized Object compute(Object key, BiFunction<? super Object,
     @Override
     public synchronized Object computeIfAbsent(Object key,
             Function<? super Object, ? extends Object> mappingFunction) {
-        check("putProviderProperty." + name);
-        check("removeProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("ComputeIfAbsent " + name + " provider property " +
                     key);
@@ -613,8 +605,7 @@ public synchronized Object computeIfAbsent(Object key,
     public synchronized Object computeIfPresent(Object key,
             BiFunction<? super Object, ? super Object, ? extends Object>
             remappingFunction) {
-        check("putProviderProperty." + name);
-        check("removeProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("ComputeIfPresent " + name + " provider property " +
                     key);
@@ -635,8 +626,7 @@ public synchronized Object computeIfPresent(Object key,
     public synchronized Object merge(Object key, Object value,
             BiFunction<? super Object, ? super Object, ? extends Object>
             remappingFunction) {
-        check("putProviderProperty." + name);
-        check("removeProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println("Merge " + name + " provider property " + key);
         }
@@ -694,15 +684,6 @@ private void checkInitialized() {
         }
     }
 
-    private void check(String directive) {
-        checkInitialized();
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkSecurityAccess(directive);
-        }
-    }
-
     // legacyMap changed since last call to getServices()
     private transient volatile boolean legacyChanged;
     // serviceMap changed since last call to getServices()
@@ -789,8 +770,6 @@ private static boolean checkLegacy(Object key) {
 
     /**
      * Copies all the mappings from the specified Map to this provider.
-     * Internal method to be called AFTER the security check has been
-     * performed.
      */
     private void implPutAll(Map<?,?> t) {
         for (Map.Entry<?,?> e : t.entrySet()) {
@@ -1239,7 +1218,7 @@ public Set<Service> getServices() {
      * @since 1.5
      */
     protected void putService(Service s) {
-        check("putProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println(name + ".putService(): " + s);
         }
@@ -1303,7 +1282,7 @@ Service getDefaultSecureRandomService() {
     private void putPropertyStrings(Service s) {
         String type = s.getType();
         String algorithm = s.getAlgorithm();
-        // use super() to avoid permission check and other processing
+        // use super() to avoid other processing
         super.put(type + "." + algorithm, s.getClassName());
         for (String alias : s.getAliases()) {
             super.put(ALIAS_PREFIX + type + "." + alias, algorithm);
@@ -1321,7 +1300,7 @@ private void putPropertyStrings(Service s) {
     private void removePropertyStrings(Service s) {
         String type = s.getType();
         String algorithm = s.getAlgorithm();
-        // use super() to avoid permission check and other processing
+        // use super() to avoid other processing
         super.remove(type + "." + algorithm);
         for (String alias : s.getAliases()) {
             super.remove(ALIAS_PREFIX + type + "." + alias);
@@ -1346,7 +1325,7 @@ private void removePropertyStrings(Service s) {
      * @since 1.5
      */
     protected void removeService(Service s) {
-        check("removeProviderProperty." + name);
+        checkInitialized();
         if (debug != null) {
             debug.println(name + ".removeService(): " + s);
         }

src/java.base/share/classes/java/security/SecureRandom.java

@@ -942,11 +942,7 @@ private static final class StrongPatternHolder {
     public static SecureRandom getInstanceStrong()
             throws NoSuchAlgorithmException {
 
-        @SuppressWarnings("removal")
-        String property = AccessController.doPrivileged(
-                (PrivilegedAction<String>) () -> Security.getProperty(
-                    "securerandom.strongAlgorithms"));
-
+        String property = Security.getProperty("securerandom.strongAlgorithms");
         if (property == null || property.isEmpty()) {
             throw new NoSuchAlgorithmException(
                 "Null/empty securerandom.strongAlgorithms Security Property");

src/java.base/share/classes/java/security/Security.java

@@ -312,14 +312,7 @@ private static void debugLoad(boolean start, Object source) {
     }
 
     static {
-        // doPrivileged here because there are multiple
-        // things in initialize that might require privs.
-        // (the FileInputStream call and the File.exists call, etc)
-        @SuppressWarnings("removal")
-        var dummy = AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
-            initialize();
-            return null;
-        });
+        initialize();
         // Set up JavaSecurityPropertiesAccess in SharedSecrets
         SharedSecrets.setJavaSecurityPropertiesAccess(new JavaSecurityPropertiesAccess() {
             @Override
@@ -475,15 +468,13 @@ public static String getAlgorithmProperty(String algName,
      */
     public static synchronized int insertProviderAt(Provider provider,
             int position) {
-        String providerName = provider.getName();
-        checkInsertProvider(providerName);
         ProviderList list = Providers.getFullProviderList();
         ProviderList newList = ProviderList.insertAt(list, provider, position - 1);
         if (list == newList) {
             return -1;
         }
         Providers.setProviderList(newList);
-        return newList.getIndex(providerName) + 1;
+        return newList.getIndex(provider.getName()) + 1;
     }
 
     /**
@@ -527,7 +518,6 @@ public static int addProvider(Provider provider) {
      * @see #addProvider
      */
     public static synchronized void removeProvider(String name) {
-        check("removeProvider." + name);
         ProviderList list = Providers.getFullProviderList();
         ProviderList newList = ProviderList.remove(list, name);
         Providers.setProviderList(newList);
@@ -822,7 +812,6 @@ static Object[] getImpl(String algorithm, String type, Provider provider,
      */
     public static String getProperty(String key) {
         SecPropLoader.checkReservedKey(key);
-        check("getProperty." + key);
         String name = props.getProperty(key);
         if (name != null)
             name = name.trim(); // could be a class name with trailing ws
@@ -845,7 +834,6 @@ public static String getProperty(String key) {
      */
     public static void setProperty(String key, String datum) {
         SecPropLoader.checkReservedKey(key);
-        check("setProperty." + key);
         props.put(key, datum);
 
         SecurityPropertyModificationEvent spe = new SecurityPropertyModificationEvent();
@@ -859,32 +847,6 @@ public static void setProperty(String key, String datum) {
         }
     }
 
-    private static void check(String directive) {
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkSecurityAccess(directive);
-        }
-    }
-
-    private static void checkInsertProvider(String name) {
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            try {
-                security.checkSecurityAccess("insertProvider");
-            } catch (SecurityException se1) {
-                try {
-                    security.checkSecurityAccess("insertProvider." + name);
-                } catch (SecurityException se2) {
-                    // throw first exception, but add second to suppressed
-                    se1.addSuppressed(se2);
-                    throw se1;
-                }
-            }
-        }
-    }
-
     private static class Criteria {
         private final String serviceName;
         private final String algName;