RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v2]
Alan Bateman
alanb at openjdk.org
Wed Oct 23 12:56:40 UTC 2024
On Wed, 23 Oct 2024 12:44:53 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
>> Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 97 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
>> - Change apiNote to deprecated annotation on checkAccess methods. Change method dedescription to "Does nothing".
>> - Sanitize the class descriptions of DelegationPermission and ServicePermission
>> by removing text that refers to granting permissions, but avoid changes that
>> affect the API specification, such as the description and format of input
>> parameters.
>> - Restored methods in RMIConnection to throw SecurityExceptions again but
>> with adjusted text that avoids the word "permission".
>> - Add text to class description of MBeanServer stating that implementations
>> may throw SecurityException if authorization doesn't allow access to resource.
>> - Restore text about needing permissions from the desktop environment in the
>> getPixelColor and createScreenCapture methods.
>> - Add api note to getClassContext to use StackWalker instead and
>> add DROP_METHOD_INFO option to StackWalker.
>> - Change checkAccess() methods to be no-ops, rather than throwing
>> SecurityException.
>> - Merge
>> - Merge
>> - ... and 87 more: https://git.openjdk.org/jdk/compare/f50bd0d9...f89d9d09
>
> src/hotspot/share/prims/jvm.cpp line 1272:
>
>> 1270:
>> 1271:
>> 1272: // Returns the inherited_access_control_context field of the running thread.
>
> There's some code in this file in
> static void trace_class_resolution_impl(Klass* to_class, TRAPS) {
>
> That does this:
>
>
> while (!vfst.at_end()) {
> Method* m = vfst.method();
> if (!vfst.method()->method_holder()->is_subclass_of(vmClasses::ClassLoader_klass())&&
> !vfst.method()->method_holder()->is_subclass_of(access_controller_klass) &&
> !vfst.method()->method_holder()->is_subclass_of(privileged_action_klass)) {
> break;
> }
> last_caller = m;
> vfst.next();
> }
>
>
> Is this dead code that should be removed?
This tracing skips ClassLoader frames, you'll continue to see these when using Class.forName.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1812694528
More information about the serviceability-dev
mailing list