8344231: SecurityManager cleanup in java.lang.module and jdk.internal.module

Eirik Bjørsnøs · Eirik Bjørsnøs · commit f62e05ee9608 · 2024-11-15T19:21:07.000Z
Reviewed-by: alanb
diff --git a/src/java.base/share/classes/java/lang/module/ModuleFinder.java b/src/java.base/share/classes/java/lang/module/ModuleFinder.java
@@ -26,9 +26,6 @@
 package java.lang.module;
 
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.Permission;
-import java.security.PrivilegedAction;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -130,16 +127,8 @@ public interface ModuleFinder {
      *
      * @return A {@code ModuleFinder} that locates the system modules
      */
-    @SuppressWarnings("removal")
     static ModuleFinder ofSystem() {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission("accessSystemModules"));
-            PrivilegedAction<ModuleFinder> pa = SystemModuleFinders::ofSystem;
-            return AccessController.doPrivileged(pa);
-        } else {
-            return SystemModuleFinders.ofSystem();
-        }
+        return SystemModuleFinders.ofSystem();
     }
 
     /**
diff --git a/src/java.base/share/classes/jdk/internal/module/ModuleReferences.java b/src/java.base/share/classes/jdk/internal/module/ModuleReferences.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -370,14 +370,6 @@ static class ExplodedModuleReader implements ModuleReader {
 
         ExplodedModuleReader(Path dir) {
             this.dir = dir;
-
-            // when running with a security manager then check that the caller
-            // has access to the directory.
-            @SuppressWarnings("removal")
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                boolean unused = Files.isDirectory(dir);
-            }
         }
 
         /**
diff --git a/src/java.base/share/classes/jdk/internal/module/Modules.java b/src/java.base/share/classes/jdk/internal/module/Modules.java
@@ -32,8 +32,6 @@
 import java.lang.module.ModuleReference;
 import java.lang.module.ResolvedModule;
 import java.net.URI;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -155,10 +153,7 @@ public static void addUses(Module m, Class<?> service) {
     public static void addProvides(Module m, Class<?> service, Class<?> impl) {
         ModuleLayer layer = m.getLayer();
 
-        PrivilegedAction<ClassLoader> pa = m::getClassLoader;
-        @SuppressWarnings("removal")
-        ClassLoader loader = AccessController.doPrivileged(pa);
-
+        ClassLoader loader = m.getClassLoader();
         ClassLoader platformClassLoader = ClassLoaders.platformClassLoader();
         if (layer == null || loader == null || loader == platformClassLoader) {
             // update ClassLoader catalog
diff --git a/src/java.base/share/classes/jdk/internal/module/SystemModuleFinders.java b/src/java.base/share/classes/jdk/internal/module/SystemModuleFinders.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,8 +38,6 @@
 import java.nio.ByteBuffer;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayDeque;
 import java.util.Collections;
 import java.util.Deque;
@@ -208,21 +206,7 @@ public static ModuleFinder ofSystem() {
         Path dir = Path.of(home, "modules");
         if (!Files.isDirectory(dir))
             throw new InternalError("Unable to detect the run-time image");
-        ModuleFinder f = ModulePath.of(ModuleBootstrap.patcher(), dir);
-        return new ModuleFinder() {
-            @SuppressWarnings("removal")
-            @Override
-            public Optional<ModuleReference> find(String name) {
-                PrivilegedAction<Optional<ModuleReference>> pa = () -> f.find(name);
-                return AccessController.doPrivileged(pa);
-            }
-            @SuppressWarnings("removal")
-            @Override
-            public Set<ModuleReference> findAll() {
-                PrivilegedAction<Set<ModuleReference>> pa = f::findAll;
-                return AccessController.doPrivileged(pa);
-            }
-        };
+        return ModulePath.of(ModuleBootstrap.patcher(), dir);
     }
 
     /**
@@ -314,7 +298,7 @@ static ModuleReference toModuleReference(ModuleDescriptor descriptor,
         Supplier<ModuleReader> readerSupplier = new Supplier<>() {
             @Override
             public ModuleReader get() {
-                return new SystemModuleReader(mn, uri);
+                return new SystemModuleReader(mn);
             }
         };
 
@@ -377,9 +361,7 @@ public byte[] generate(String algorithm) {
     }
 
     /**
-     * Holder class for the ImageReader
-     *
-     * @apiNote This class must be loaded before a security manager is set.
+     * Holder class for the ImageReader.
      */
     private static class SystemImage {
         static final ImageReader READER = ImageReaderFactory.getImageReader();
@@ -396,25 +378,7 @@ private static class SystemModuleReader implements ModuleReader {
         private final String module;
         private volatile boolean closed;
 
-        /**
-         * If there is a security manager set then check permission to
-         * connect to the run-time image.
-         */
-        private static void checkPermissionToConnect(URI uri) {
-            @SuppressWarnings("removal")
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                try {
-                    URLConnection uc = uri.toURL().openConnection();
-                    sm.checkPermission(uc.getPermission());
-                } catch (IOException ioe) {
-                    throw new UncheckedIOException(ioe);
-                }
-            }
-        }
-
-        SystemModuleReader(String module, URI uri) {
-            checkPermissionToConnect(uri);
+        SystemModuleReader(String module) {
             this.module = module;
         }
 
