8344034: Remove security manager dependency in Serialization

Reviewed-by: mullan, alanb

Author: Roger Riggs

src/java.base/share/classes/java/io/ObjectInputFilter.java

@@ -29,8 +29,6 @@
 import jdk.internal.util.StaticProperty;
 
 import java.lang.reflect.InvocationTargetException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
@@ -630,17 +628,13 @@ final class Config {
             configLog = System.getLogger("java.io.serialization");
 
             // Get the values of the system properties, if they are defined
-            @SuppressWarnings("removal")
             String factoryClassName = StaticProperty.jdkSerialFilterFactory() != null
                     ? StaticProperty.jdkSerialFilterFactory()
-                    : AccessController.doPrivileged((PrivilegedAction<String>) () ->
-                        Security.getProperty(SERIAL_FILTER_FACTORY_PROPNAME));
+                    : Security.getProperty(SERIAL_FILTER_FACTORY_PROPNAME);
 
-            @SuppressWarnings("removal")
             String filterString = StaticProperty.jdkSerialFilter() != null
                     ? StaticProperty.jdkSerialFilter()
-                    : AccessController.doPrivileged((PrivilegedAction<String>) () ->
-                        Security.getProperty(SERIAL_FILTER_PROPNAME));
+                    : Security.getProperty(SERIAL_FILTER_PROPNAME);
 
             // Initialize the static filter if the jdk.serialFilter is present
             String filterMessage = null;
@@ -734,11 +728,6 @@ public static ObjectInputFilter getSerialFilter() {
          */
         public static void setSerialFilter(ObjectInputFilter filter) {
             Objects.requireNonNull(filter, "filter");
-            @SuppressWarnings("removal")
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                sm.checkPermission(ObjectStreamConstants.SERIAL_FILTER_PERMISSION);
-            }
             if (invalidFilterMessage != null) {
                 throw new IllegalStateException(invalidFilterMessage);
             }
@@ -831,11 +820,6 @@ static BinaryOperator<ObjectInputFilter> getSerialFilterFactorySingleton() {
          */
         public static void setSerialFilterFactory(BinaryOperator<ObjectInputFilter> filterFactory) {
             Objects.requireNonNull(filterFactory, "filterFactory");
-            @SuppressWarnings("removal")
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                sm.checkPermission(ObjectStreamConstants.SERIAL_FILTER_PERMISSION);
-            }
             if (filterFactoryNoReplace.getAndSet(true)) {
                 final String msg = serialFilterFactory != null
                         ? "Cannot replace filter factory: " + serialFilterFactory.getClass().getName()

src/java.base/share/classes/java/io/ObjectInputStream.java

@@ -34,13 +34,7 @@
 import java.lang.reflect.Modifier;
 import java.lang.reflect.Proxy;
 import java.nio.charset.StandardCharsets;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
-import java.util.Map;
 import java.util.Objects;
 
 import jdk.internal.access.JavaLangAccess;
@@ -49,8 +43,6 @@
 import jdk.internal.misc.Unsafe;
 import jdk.internal.util.ByteArray;
 import sun.reflect.misc.ReflectUtil;
-import sun.security.action.GetBooleanAction;
-import sun.security.action.GetIntegerAction;
 
 /**
  * An ObjectInputStream deserializes primitive data and objects previously
@@ -278,26 +270,26 @@ protected Boolean computeValue(Class<?> type) {
          * have been read.
          * See {@link #setObjectInputFilter(ObjectInputFilter)}
          */
-        static final boolean SET_FILTER_AFTER_READ = GetBooleanAction
-                .privilegedGetProperty("jdk.serialSetFilterAfterRead");
+        static final boolean SET_FILTER_AFTER_READ =
+                Boolean.getBoolean("jdk.serialSetFilterAfterRead");
 
         /**
          * Property to control {@link GetField#get(String, Object)} conversion of
          * {@link ClassNotFoundException} to {@code null}. If set to {@code true}
          * {@link GetField#get(String, Object)} returns null otherwise
          * throwing {@link ClassNotFoundException}.
          */
-        private static final boolean GETFIELD_CNFE_RETURNS_NULL = GetBooleanAction
-                .privilegedGetProperty("jdk.serialGetFieldCnfeReturnsNull");
+        private static final boolean GETFIELD_CNFE_RETURNS_NULL =
+                Boolean.getBoolean("jdk.serialGetFieldCnfeReturnsNull");
 
         /**
          * Property to override the implementation limit on the number
          * of interfaces allowed for Proxies. The property value is clamped to 0..65535.
          * The maximum number of interfaces allowed for a proxy is limited to 65535 by
          * {@link java.lang.reflect.Proxy#newProxyInstance(ClassLoader, Class[], InvocationHandler)}.
          */
-        static final int PROXY_INTERFACE_LIMIT = Math.clamp(GetIntegerAction
-                .privilegedGetProperty("jdk.serialProxyInterfaceLimit", 65535), 0, 65535);
+        static final int PROXY_INTERFACE_LIMIT =
+                Math.clamp(Integer.getInteger("jdk.serialProxyInterfaceLimit", 65535), 0, 65535);
     }
 
     /*
@@ -386,7 +378,6 @@ private static class Logging {
      */
     @SuppressWarnings("this-escape")
     public ObjectInputStream(InputStream in) throws IOException {
-        verifySubclass();
         bin = new BlockDataInputStream(in);
         handles = new HandleTable(10);
         vlist = new ValidationList();
@@ -416,11 +407,6 @@ public ObjectInputStream(InputStream in) throws IOException {
      *      fails due to invalid serial filter or serial filter factory properties.
      */
     protected ObjectInputStream() throws IOException {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
-        }
         bin = null;
         handles = null;
         vlist = null;
@@ -907,13 +893,6 @@ protected boolean enableResolveObject(boolean enable) {
         if (enable == enableResolve) {
             return enable;
         }
-        if (enable) {
-            @SuppressWarnings("removal")
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                sm.checkPermission(SUBSTITUTION_PERMISSION);
-            }
-        }
         enableResolve = enable;
         return !enableResolve;
     }
@@ -1309,11 +1288,6 @@ public final ObjectInputFilter getObjectInputFilter() {
      * @since 9
      */
     public final void setObjectInputFilter(ObjectInputFilter filter) {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(ObjectStreamConstants.SERIAL_FILTER_PERMISSION);
-        }
         if (totalObjectRefs > 0 && !Caches.SET_FILTER_AFTER_READ) {
             throw new IllegalStateException(
                     "filter can not be set after an object has been read");
@@ -1571,58 +1545,29 @@ public abstract boolean get(String name, boolean val)
         public abstract Object get(String name, Object val) throws IOException, ClassNotFoundException;
     }
 
-    /**
-     * Verifies that this (possibly subclass) instance can be constructed
-     * without violating security constraints: the subclass must not override
-     * security-sensitive non-final methods, or else the
-     * "enableSubclassImplementation" SerializablePermission is checked.
-     */
-    private void verifySubclass() {
-        Class<?> cl = getClass();
-        if (cl == ObjectInputStream.class) {
-            return;
-        }
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm == null) {
-            return;
-        }
-        boolean result = Caches.subclassAudits.get(cl);
-        if (!result) {
-            sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
-        }
-    }
-
     /**
      * Performs reflective checks on given subclass to verify that it doesn't
      * override security-sensitive non-final methods.  Returns TRUE if subclass
      * is "safe", FALSE otherwise.
      */
-    @SuppressWarnings("removal")
     private static Boolean auditSubclass(Class<?> subcl) {
-        return AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
-                public Boolean run() {
-                    for (Class<?> cl = subcl;
-                         cl != ObjectInputStream.class;
-                         cl = cl.getSuperclass())
-                    {
-                        try {
-                            cl.getDeclaredMethod(
-                                "readUnshared", (Class[]) null);
-                            return Boolean.FALSE;
-                        } catch (NoSuchMethodException ex) {
-                        }
-                        try {
-                            cl.getDeclaredMethod("readFields", (Class[]) null);
-                            return Boolean.FALSE;
-                        } catch (NoSuchMethodException ex) {
-                        }
-                    }
-                    return Boolean.TRUE;
-                }
+        for (Class<?> cl = subcl;
+             cl != ObjectInputStream.class;
+             cl = cl.getSuperclass())
+        {
+            try {
+                cl.getDeclaredMethod(
+                    "readUnshared", (Class[]) null);
+                return Boolean.FALSE;
+            } catch (NoSuchMethodException ex) {
             }
-        );
+            try {
+                cl.getDeclaredMethod("readFields", (Class[]) null);
+                return Boolean.FALSE;
+            } catch (NoSuchMethodException ex) {
+            }
+        }
+        return Boolean.TRUE;
     }
 
     /**
@@ -2702,16 +2647,11 @@ private static class Callback {
             final ObjectInputValidation obj;
             final int priority;
             Callback next;
-            @SuppressWarnings("removal")
-            final AccessControlContext acc;
 
-            Callback(ObjectInputValidation obj, int priority, Callback next,
-                @SuppressWarnings("removal") AccessControlContext acc)
-            {
+            Callback(ObjectInputValidation obj, int priority, Callback next) {
                 this.obj = obj;
                 this.priority = priority;
                 this.next = next;
-                this.acc = acc;
             }
         }
 
@@ -2740,12 +2680,10 @@ void register(ObjectInputValidation obj, int priority)
                 prev = cur;
                 cur = cur.next;
             }
-            @SuppressWarnings("removal")
-            AccessControlContext acc = AccessController.getContext();
             if (prev != null) {
-                prev.next = new Callback(obj, priority, cur, acc);
+                prev.next = new Callback(obj, priority, cur);
             } else {
-                list = new Callback(obj, priority, list, acc);
+                list = new Callback(obj, priority, list);
             }
         }
 
@@ -2756,23 +2694,15 @@ void register(ObjectInputValidation obj, int priority)
          * throws an InvalidObjectException, the callback process is terminated
          * and the exception propagated upwards.
          */
-        @SuppressWarnings("removal")
         void doCallbacks() throws InvalidObjectException {
             try {
                 while (list != null) {
-                    AccessController.doPrivileged(
-                        new PrivilegedExceptionAction<Void>()
-                    {
-                        public Void run() throws InvalidObjectException {
-                            list.obj.validateObject();
-                            return null;
-                        }
-                    }, list.acc);
+                    list.obj.validateObject();
                     list = list.next;
                 }
-            } catch (PrivilegedActionException ex) {
+            } catch (InvalidObjectException ex) {
                 list = null;
-                throw (InvalidObjectException) ex.getException();
+                throw ex;
             }
         }