RFR: JDK-8288475: Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed

Jaikiran Pai jpai at openjdk.org
Fri Jun 17 06:47:51 UTC 2022 

On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jkuhn at openjdk.org> wrote:

> * This adds additional permissions to the jdk.random module (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
> * The annotations of the provider classes are now parsed early.  
>   This avoids putting the parts that can trigger the parsing into an `AccessController.doPrivileged()` block.
> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will only return `RandomGenerator`s that are loaded by a system domain loader.  
>   This avoids parsing annotations of user classes from a privileged context.

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 170:

> 168:                     .filter(p -> !p.type().isAnnotationPresent(Deprecated.class) &&
> 169:                             p.type().isAnnotationPresent(RandomGeneratorProperties.class))
> 170:                     .toList();

Hello Johannes, I haven't yet fully grasped this change, so a few questions:

1. Does this change now mean that in the presence of a SecurityManager, the `RandomGeneratorFactory.all()` method will no longer return instances of `RandomGeneratorFactory` which belong to the application's classloader (those added as Service provider implementations of that interface within the application's jar for example)? Would that then contradict the expectations of the `RandomGeneratorFactory.all()` API and is there any other way to obtain those application specific implementations?
2. I see that this patch now calls `VM.isSystemDomainLoader` in the presence of the SecurityManager. That method implementation internally calls `ClassLoader.getPlatformClassLoader()` which has SecurityManager checks for the `RuntimePermission` for `getClassLoader` permission. Does this call then have to be in a privileged block?
3. Is this entire issue specific only to the `RandomGeneratorFactory.all()` method? For example, I see that there are some other methods which also use the ServiceProvider API to find the relevant provider implementation and there's also an `isDeprecated` method which checks for the presence of an annotation on the provider's implementation. Are those methods affected too?
4.

-------------

PR: https://git.openjdk.org/jdk/pull/9180

More information about the security-dev mailing list