Merge pull request #20851 from theresa-m/remove_systemsec

Remove System.security field and getSecurityManager calls for JDK 24
eclipse-openj9 · Jan 8, 2025 · 08808db · 08808db
2 parents 1fbf35b + 93fd41b
commit 08808db
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 54 deletions.
diff --git a/jcl/src/java.base/share/classes/java/lang/System.java b/jcl/src/java.base/share/classes/java/lang/System.java
@@ -124,10 +124,12 @@ public final class System {
 	 */
 	private static Properties systemProperties;
 
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	/**
 	 * The System default SecurityManager.
 	 */
 	private static SecurityManager security;
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 	private static volatile Console console;
 	private static volatile boolean consoleInitialized;
@@ -594,12 +596,13 @@ static URL codeSource(Class<?> callerClass) {
  * @param		newIn 		the new value for in.
  */
 public static void setIn(InputStream newIn) {
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)	{
+	if (security != null) {
 		security.checkPermission(com.ibm.oti.util.RuntimePermissions.permissionSetIO);
 	}
-
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	setFieldImpl("in", newIn); //$NON-NLS-1$
 }
 
@@ -610,11 +613,13 @@ public static void setIn(InputStream newIn) {
  * @param		newOut 		the new value for out.
  */
 public static void setOut(java.io.PrintStream newOut) {
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)	{
+	if (security != null) {
 		security.checkPermission(com.ibm.oti.util.RuntimePermissions.permissionSetIO);
 	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	setFieldImpl("out", newOut); //$NON-NLS-1$
 }
 
@@ -625,12 +630,13 @@ public static void setOut(java.io.PrintStream newOut) {
  * @param		newErr  	the new value for err.
  */
 public static void setErr(java.io.PrintStream newErr) {
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)	{
+	if (security != null) {
 		security.checkPermission(com.ibm.oti.util.RuntimePermissions.permissionSetIO);
 	}
-
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	setFieldImpl("err", newErr); //$NON-NLS-1$
 }
 
@@ -912,11 +918,13 @@ public static void gc() {
 @SuppressWarnings("dep-ann")
 public static String getenv(String var) {
 	if (var == null) throw new NullPointerException();
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPermission(new RuntimePermission("getenv." + var)); //$NON-NLS-1$
-
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return ProcessEnvironment.getenv(var);
 }
 
@@ -925,19 +933,23 @@ public static String getenv(String var) {
  * not a copy, so that changes made to the returned
  * Properties object will be reflected in subsequent
  * calls to {@code getProperty()} and {@code getProperties()}.
+/*[IF JAVA_SPEC_VERSION < 24]
  * <p>
  * Security managers should restrict access to this
  * API if possible.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @return		the system properties
  */
 public static Properties getProperties() {
 	if (!propertiesInitialized) throw new Error("bootstrap error, system property access before init"); //$NON-NLS-1$
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPropertiesAccess();
-
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return systemProperties;
 }
 
@@ -998,10 +1010,13 @@ public static String getProperty(String prop) {
 public static String getProperty(String prop, String defaultValue) {
 	if (prop.length() == 0) throw new IllegalArgumentException();
 
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPropertyAccess(prop);
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 	if (!propertiesInitialized
 			&& !prop.equals("com.ibm.IgnoreMalformedInput") //$NON-NLS-1$
@@ -1039,11 +1054,13 @@ public static String setProperty(String prop, String value) {
 	/*[PR CMVC 80288] should check for empty key */
 	if (prop.length() == 0) throw new IllegalArgumentException();
 
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
-		security.checkPermission(
-			new PropertyPermission(prop, "write")); //$NON-NLS-1$
+	if (security != null) {
+		security.checkPermission(new PropertyPermission(prop, "write")); //$NON-NLS-1$
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 	return (String)systemProperties.setProperty(prop, value);
 }
@@ -1085,7 +1102,11 @@ public static String setProperty(String prop, String value) {
 @Deprecated(since="17", forRemoval=true)
 /*[ENDIF] JAVA_SPEC_VERSION >= 17 */
 public static SecurityManager getSecurityManager() {
+	/*[IF JAVA_SPEC_VERSION >= 24]*/
+	return null;
+	/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 	return security;
+	/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 }
 
 /**
@@ -1118,10 +1139,11 @@ public static int identityHashCode(Object anObject) {
  * @param pathName the path of the file to be loaded
  *
  * @throws UnsatisfiedLinkError if the library could not be loaded
- * @throws SecurityException if the library was not allowed to be loaded
  * @throws NullPointerException if pathName is null
 /*[IF JAVA_SPEC_VERSION >= 24]
  * @throws IllegalCallerException if the caller belongs to a module where native access is not enabled
+/*[ELSE] JAVA_SPEC_VERSION >= 24
+ * @throws SecurityException if the library was not allowed to be loaded
 /*[ENDIF] JAVA_SPEC_VERSION >= 24
  */
 @CallerSensitive
@@ -1132,14 +1154,14 @@ public static void load(String pathName) {
 	/*[IF JAVA_SPEC_VERSION >= 24]*/
 	Class<?> caller = Reflection.getCallerClass();
 	Reflection.ensureNativeAccess(caller, System.class, "load", false);
-	/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
-
+	/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 	@SuppressWarnings("removal")
 	SecurityManager smngr = System.getSecurityManager();
 	if (smngr != null) {
 		smngr.checkLink(pathName);
 	}
-/*[IF JAVA_SPEC_VERSION >= 15]*/
+	/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
+	/*[IF JAVA_SPEC_VERSION >= 15]*/
 	/*[IF PLATFORM-mz31 | PLATFORM-mz64]*/
 	ClassLoader.loadZOSLibrary(getCallerClass(), pathName);
 	/*[ELSE] PLATFORM-mz31 | PLATFORM-mz64 */
@@ -1150,9 +1172,9 @@ public static void load(String pathName) {
 	}
 	ClassLoader.loadLibrary(getCallerClass(), fileName);
 	/*[ENDIF] PLATFORM-mz31 | PLATFORM-mz64 */
-/*[ELSE] JAVA_SPEC_VERSION >= 15 */
+	/*[ELSE] JAVA_SPEC_VERSION >= 15 */
 	ClassLoader.loadLibraryWithPath(pathName, ClassLoader.callerClassLoader(), null);
-/*[ENDIF] JAVA_SPEC_VERSION >= 15 */
+	/*[ENDIF] JAVA_SPEC_VERSION >= 15 */
 }
 
 /**
@@ -1161,10 +1183,11 @@ public static void load(String pathName) {
  * @param libName the name of the library to load
  *
  * @throws UnsatisfiedLinkError if the library could not be loaded
- * @throws SecurityException if the library was not allowed to be loaded
  * @throws NullPointerException if libName is null
 /*[IF JAVA_SPEC_VERSION >= 24]
  * @throws IllegalCallerException if the caller belongs to a module where native access is not enabled
+/*[ELSE] JAVA_SPEC_VERSION >= 24
+ * @throws SecurityException if the library was not allowed to be loaded
 /*[ENDIF] JAVA_SPEC_VERSION >= 24
  */
 @CallerSensitive
@@ -1187,12 +1210,13 @@ public static void loadLibrary(String libName) {
 			throw new UnsatisfiedLinkError(Msg.getString("K0B01", libName)); //$NON-NLS-1$
 		}
 	}
-
+/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager smngr = System.getSecurityManager();
 	if (smngr != null) {
 		smngr.checkLink(libName);
 	}
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 /*[IF JAVA_SPEC_VERSION >= 15]*/
 	Class<?> callerClass = getCallerClass();
 /*[ELSE]*/
@@ -1248,17 +1272,22 @@ public static void runFinalizersOnExit(boolean flag) {
  * Sets the system properties. Note that the object which is passed in
  * is not copied, so that subsequent changes made to it will be reflected
  * in calls to {@code getProperty()} and {@code getProperties()}.
+/*[IF JAVA_SPEC_VERSION < 24]
  * <p>
  * Security managers should restrict access to this
  * API if possible.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * @param		p			the properties to set
  */
 public static void setProperties(Properties p) {
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPropertiesAccess();
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	if (p == null) {
 		ensureProperties(false);
 	} else {
@@ -1519,10 +1548,13 @@ public static String clearProperty(String prop) {
 	if (!propertiesInitialized) throw new Error("bootstrap error, system property access before init: " + prop); //$NON-NLS-1$
 
 	if (prop.length() == 0) throw new IllegalArgumentException();
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPermission(new PropertyPermission(prop, "write")); //$NON-NLS-1$
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return (String)systemProperties.remove(prop);
 }
 
@@ -1532,11 +1564,13 @@ public static String clearProperty(String prop) {
  * @return	an unmodifiable Map containing all of the system environment variables.
  */
 public static Map<String, String> getenv() {
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	@SuppressWarnings("removal")
 	SecurityManager security = System.getSecurityManager();
-	if (security != null)
+	if (security != null) {
 		security.checkPermission(new RuntimePermission("getenv.*")); //$NON-NLS-1$
-
+	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return ProcessEnvironment.getenv();
 }
 
@@ -1897,10 +1931,14 @@ public abstract static class LoggerFinder {
 	/**
 	 * Checks needed runtime permissions
 	 *
+	/*[IF JAVA_SPEC_VERSION < 24]
 	 * @throws SecurityException if RuntimePermission("loggerFinder") is not allowed
+	/*[ENDIF] JAVA_SPEC_VERSION < 24
 	 */
 	protected LoggerFinder() {
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		verifyPermissions();
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	}
 
 	/**
@@ -1911,10 +1949,14 @@ protected LoggerFinder() {
 	 * @param callerModule The module for which the logger is being requested
 	 * @return an instance of Logger
 	 * @throws NullPointerException if loggerName or callerModule is null
+	/*[IF JAVA_SPEC_VERSION < 24]
 	 * @throws SecurityException if RuntimePermission("loggerFinder") is not allowed
+	/*[ENDIF] JAVA_SPEC_VERSION < 24
 	 */
 	public Logger getLocalizedLogger(String loggerName, ResourceBundle bundle, Module callerModule) {
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		verifyPermissions();
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 		Objects.requireNonNull(loggerName);
 		Objects.requireNonNull(callerModule);
 		Logger logger = this.getLogger(loggerName, callerModule);
@@ -1929,18 +1971,24 @@ public Logger getLocalizedLogger(String loggerName, ResourceBundle bundle, Modul
 	 * @param callerModule The module for which the logger is being requested
 	 * @return a Logger suitable for use within the given module
 	 * @throws NullPointerException if loggerName or callerModule is null
+	/*[IF JAVA_SPEC_VERSION < 24]
 	 * @throws SecurityException if RuntimePermission("loggerFinder") is not allowed
+	/*[ENDIF] JAVA_SPEC_VERSION < 24
 	 */
 	public abstract Logger getLogger(String loggerName, Module callerModule);
 
 	/**
 	 * Returns the LoggerFinder instance
 	 *
 	 * @return the LoggerFinder instance.
+	/*[IF JAVA_SPEC_VERSION < 24]
 	 * @throws SecurityException if RuntimePermission("loggerFinder") is not allowed
+	/*[ENDIF] JAVA_SPEC_VERSION < 24
 	 */
 	public static LoggerFinder getLoggerFinder() {
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		verifyPermissions();
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 		LoggerFinder localFinder = loggerFinder;
 		if (localFinder == null) {
 			localFinder = AccessController.doPrivileged(
@@ -1957,13 +2005,15 @@ public static LoggerFinder getLoggerFinder() {
 		return localFinder;
 	}
 
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	private static void verifyPermissions() {
 		@SuppressWarnings("removal")
 		SecurityManager securityManager = System.getSecurityManager();
-		if (securityManager != null)	{
+		if (securityManager != null) {
 			securityManager.checkPermission(com.ibm.oti.util.RuntimePermissions.permissionLoggerFinder);
 		}
 	}
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 }
 
 /**

diff --git a/runtime/oti/vm_api.h b/runtime/oti/vm_api.h
@@ -2920,8 +2920,7 @@ fieldIndexTableRemove(J9JavaVM* vm, J9Class *ramClass);
 
 
 /* ---------------- resolvesupport.c ---------------- */
-/*
- */
+#if JAVA_SPEC_VERSION < 24
 /**
  * Perform a package access check from the ProtectionDomain to the targetClass
  * No check is required if no SecurityManager is in place.  If a check is required and the
@@ -2949,6 +2948,7 @@ packageAccessIsLegal(J9VMThread *currentThread, J9Class *targetClass, j9object_t
  */
 BOOLEAN
 requirePackageAccessCheck(J9JavaVM *vm, J9ClassLoader *srcClassLoader, J9Module *srcModule, J9Class *targetClass);
+#endif /* JAVA_SPEC_VERSION < 24 */
 
 /**
  * @brief

diff --git a/runtime/oti/vmconstantpool.xml b/runtime/oti/vmconstantpool.xml
@@ -502,7 +502,7 @@ SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0-only WITH Classpath-ex
 	<!-- Static method references needed to support VirtualThread/Continuation. -->
 	<staticmethodref class="jdk/internal/vm/Continuation" name="enter" signature="(Ljdk/internal/vm/Continuation;)V" versions="19-"/>
 	<!-- Security manager check -->
-	<staticfieldref class="java/lang/System" name="security" signature="Ljava/lang/SecurityManager;"/>
+	<staticfieldref class="java/lang/System" name="security" signature="Ljava/lang/SecurityManager;" versions="8-23"/>
 
 	<!-- VM constants in java -->
 	<staticfieldref class="com/ibm/oti/vm/VM" name="J9_GC_WRITE_BARRIER_TYPE" signature="I"/>