RFR: 8344365: SecurityManager cleanups in java.sql and java.sql.rowset modules [v4]

Chen Liang liach at openjdk.org
Mon Nov 18 21:23:47 UTC 2024


On Mon, 18 Nov 2024 20:34:26 GMT, Eirik Bjørsnøs <eirbjo at openjdk.org> wrote:

>> Please review this PR which cleans up SecurityManager-related code in `java.sql` and `java.sql.rowset` modules post JEP-486
>> 
>> There are quite a few changes to review, but all relatively straightforward:
>> 
>> `DriverManager`
>> * Remove `SecurityManager::checkPermission` calls in the `setLogWriter`, `setLogStream` and `deregisterDriver` methods
>> * Remove two now-unused package private SQLPermission constants
>> * `ensureDriversInitialized` is updated to remove `AccessController::doPrivileged` when reading a system property and when initializing drivers
>> 
>> `CachedRowSetImpl`
>> *  Remove `AccessController::doPrivileged` when getting a `SyncFactory` instance
>> * `getObject` is update to remove a call to `ReflectUtil::checkPackageAccess`
>> 
>> `CachedRowSetWriter`
>> * A call to `ReflectUtil::checkPackageAccess` is removed.
>> 
>> `SerialJavaObject`
>> *  `getFields` is updated to remove call to `ReflectUtil::checkPackageAccess`. `@CallerSensitive` is no longer needed for this method.
>> * The test `CheckCSMs.java` is updated to remove references to `SerialJavaObject:getFields`
>> 
>> `SyncFactory`
>> * `initMapIfNecessary` is updated to remove call to `AccessController::doPrivileged` when reading system properties and when reading properties from an input stream
>> * `getInstance` is updated to remove calls to `ReflectUtil::checkPackageAccess`
>> * `setLogger` method is updated to remove call to `SecurityManager::checkPermission`
>> * `setJNDIContext` methods are updated to remove call to `SecurityManager::checkPermission`
>> 
>> `RowsetProvider`
>> *  Static initializer is updated to call `System::getProperty` directly
>> * `newFactory` is updated to call `System::getProperty` directly
>> * `newFactory` is updated to not call `ReflectUtil.checkPackageAccess`
>> * `getContextClassLoader` is updated to not call `AccessController::doPrivileged`
>> * `getFactoryClass` is updated to not call `ReflectUtil.checkPackageAccess`
>> * `getSystemProperty` is removed
>> 
>> 
>> `SQLInputImpl`
>> *  A call to `ReflectUtil::checkPackageAccess` is removed
>> 
>>  `TestPolicy.java` in `test/java/sql/testng/util`
>> * This  is now unused and removed
>> 
>> Ran `test/jdk/java/sql` and `test/jdk/javax/sql` tests locally. GHA results pending.
>
> Eirik Bjørsnøs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove ObjectStreamField#getType from UNSUPPORTED_VIRTUAL_METHODS, a leftover from JDK-8344034

test/jdk/jdk/internal/reflect/CallerSensitive/CheckCSMs.java line 1:

> 1: /*

Your mailing list message recommends removal of this test. This test covers more than ensuring that CSMs are final or static; it actually scans all platform classes to ensure CSMs are present wherever they are needed.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22185#discussion_r1847290956


More information about the core-libs-dev mailing list