8344217: Remove calls to SecurityManager and doPrivileged in java.net.DatagramSocket and java.net.NetMulticastSocket after JEP 486 integration

dfuch · dfuch · commit 519bb268a068 · 2024-11-25T10:08:47.000Z
Reviewed-by: alanb, rriggs, jpai
diff --git a/src/java.base/share/classes/java/net/DatagramSocket.java b/src/java.base/share/classes/java/net/DatagramSocket.java
@@ -387,14 +387,9 @@ public void bind(SocketAddress addr) throws SocketException {
      * this socket is unknown - it may or may not be connected to the address
      * that it was previously connected to.
      *
-     * <p> Care should be taken to ensure that a connected datagram socket
-     * is not shared with untrusted code. When a socket is connected,
-     * {@link #receive receive} and {@link #send send} <b>will not perform
-     * any security checks</b> on incoming and outgoing packets, other than
-     * matching the packet's and the socket's address and port. On a send
-     * operation, if the packet's address is set and the packet's address
-     * and the socket's address do not match, an {@code IllegalArgumentException}
-     * will be thrown. A socket connected to a multicast address may only
+     * <p> When the socket is connected, the send method checks that the
+     * packet's address matches the remote address that the socket is
+     * connected to. A socket connected to a multicast address may only
      * be used to send packets. Datagrams in the socket's {@linkplain
      * java.net.StandardSocketOptions#SO_RCVBUF socket receive buffer}, which
      * have not been {@linkplain #receive(DatagramPacket) received} before invoking
@@ -1087,11 +1082,6 @@ public DatagramChannel getChannel() {
         if (factory != null) {
             throw new SocketException("factory already defined");
         }
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkSetFactory();
-        }
         factory = fac;
     }
 
diff --git a/src/java.base/share/classes/java/net/NetMulticastSocket.java b/src/java.base/share/classes/java/net/NetMulticastSocket.java
@@ -27,9 +27,6 @@
 
 import java.io.IOException;
 import java.io.UncheckedIOException;
-import java.nio.channels.DatagramChannel;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
 import java.util.Enumeration;
 import java.util.Objects;
 import java.util.Set;
@@ -110,16 +107,6 @@ private synchronized void connectInternal(InetAddress address, int port) throws
         checkAddress(address, "connect");
         if (isClosed())
             return;
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            if (address.isMulticastAddress()) {
-                security.checkMulticast(address);
-            } else {
-                security.checkConnect(address.getHostAddress(), port);
-                security.checkAccept(address.getHostAddress(), port);
-            }
-        }
 
         if (port == 0) {
             throw new SocketException("Can't connect to port 0");
@@ -181,11 +168,7 @@ public synchronized void bind(SocketAddress addr) throws SocketException {
         InetAddress iaddr = epoint.getAddress();
         int port = epoint.getPort();
         checkAddress(iaddr, "bind");
-        @SuppressWarnings("removal")
-        SecurityManager sec = System.getSecurityManager();
-        if (sec != null) {
-            sec.checkListen(port);
-        }
+
         try {
             getImpl().bind(port, iaddr);
         } catch (SocketException e) {
@@ -289,22 +272,7 @@ public void send(DatagramPacket p) throws IOException {
                 }
                 if (packetPort < 0 || packetPort > 0xFFFF)
                     throw new IllegalArgumentException("port out of range: " + packetPort);
-                // check the address is ok with the security manager on every send.
-                @SuppressWarnings("removal")
-                SecurityManager security = System.getSecurityManager();
-
-                // The reason you want to synchronize on datagram packet
-                // is because you don't want an applet to change the address
-                // while you are trying to send the packet for example
-                // after the security check but before the send.
-                if (security != null) {
-                    if (packetAddress.isMulticastAddress()) {
-                        security.checkMulticast(packetAddress);
-                    } else {
-                        security.checkConnect(packetAddress.getHostAddress(),
-                                packetPort);
-                    }
-                }
+
                 if (packetPort == 0) {
                     throw new SocketException("Can't send to port 0");
                 }
@@ -333,41 +301,13 @@ public synchronized void receive(DatagramPacket p) throws IOException {
         synchronized (p) {
             if (!isBound())
                 bind(new InetSocketAddress(0));
-            if (connectState == ST_NOT_CONNECTED) {
-                // check the address is ok with the security manager before every recv.
-                @SuppressWarnings("removal")
-                SecurityManager security = System.getSecurityManager();
-                if (security != null) {
-                    while (true) {
-                        int peekPort = 0;
-                        // peek at the packet to see who it is from.
-                        DatagramPacket peekPacket = new DatagramPacket(new byte[1], 1);
-                        peekPort = getImpl().peekData(peekPacket);
-                        String peekAd = peekPacket.getAddress().getHostAddress();
-                        try {
-                            security.checkAccept(peekAd, peekPort);
-                            // security check succeeded - so now break
-                            // and recv the packet.
-                            break;
-                        } catch (SecurityException se) {
-                            // Throw away the offending packet by consuming
-                            // it in a tmp buffer.
-                            DatagramPacket tmp = new DatagramPacket(new byte[1], 1);
-                            getImpl().receive(tmp);
-
-                            // silently discard the offending packet
-                            // and continue: unknown/malicious
-                            // entities on nets should not make
-                            // runtime throw security exception and
-                            // disrupt the applet by sending random
-                            // datagram packets.
-                            continue;
-                        }
-                    } // end of while
-                }
-            }
             DatagramPacket tmp = null;
+            // explicitFilter may be set to 'true' at connect() time and will
+            // be set to 'false' in disconnect() - or when there's no more
+            // pending packets to filter. If explicitFilter is true,
+            // it means we're connected.
             if (explicitFilter) {
+                assert connectState == ST_CONNECTED;
                 // We have to do the filtering the old fashioned way since
                 // the native impl doesn't support connect or the connect
                 // via the impl failed, or .. "explicitFilter" may be set when
@@ -394,8 +334,7 @@ public synchronized void receive(DatagramPacket p) throws IOException {
                     }
                 }
             }
-            // If the security check succeeds, or the datagram is
-            // connected then receive the packet
+            // receive the packet
             getImpl().receive(p);
             if (explicitFilter && tmp == null) {
                 // packet was not filtered, account for it here
@@ -423,11 +362,6 @@ public InetAddress getLocalAddress() {
             if (in.isAnyLocalAddress()) {
                 in = InetAddress.anyLocalAddress();
             }
-            @SuppressWarnings("removal")
-            SecurityManager s = System.getSecurityManager();
-            if (s != null) {
-                s.checkConnect(in.getHostAddress(), -1);
-            }
         } catch (Exception e) {
             in = InetAddress.anyLocalAddress(); // "0.0.0.0"
         }
@@ -691,11 +625,6 @@ public void joinGroup(InetAddress mcastaddr) throws IOException {
         }
 
         checkAddress(mcastaddr, "joinGroup");
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkMulticast(mcastaddr);
-        }
 
         if (!mcastaddr.isMulticastAddress()) {
             throw new SocketException("Not a multicast address");
@@ -722,11 +651,6 @@ public void leaveGroup(InetAddress mcastaddr) throws IOException {
         }
 
         checkAddress(mcastaddr, "leaveGroup");
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkMulticast(mcastaddr);
-        }
 
         if (!mcastaddr.isMulticastAddress()) {
             throw new SocketException("Not a multicast address");
@@ -745,11 +669,6 @@ public void joinGroup(SocketAddress mcastaddr, NetworkInterface netIf)
             throw new IllegalArgumentException("Unsupported address type");
 
         checkAddress(addr.getAddress(), "joinGroup");
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkMulticast(addr.getAddress());
-        }
 
         if (!addr.getAddress().isMulticastAddress()) {
             throw new SocketException("Not a multicast address");
@@ -768,11 +687,6 @@ public void leaveGroup(SocketAddress mcastaddr, NetworkInterface netIf)
             throw new IllegalArgumentException("Unsupported address type");
 
         checkAddress(addr.getAddress(), "leaveGroup");
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkMulticast(addr.getAddress());
-        }
 
         if (!addr.getAddress().isMulticastAddress()) {
             throw new SocketException("Not a multicast address");
@@ -893,22 +807,10 @@ public void send(DatagramPacket p, byte ttl)
             synchronized(p) {
                 InetAddress packetAddress = p.getAddress();
                 checkAddress(packetAddress, "send");
-                if (connectState == NetMulticastSocket.ST_NOT_CONNECTED) {
+                if (connectState == ST_NOT_CONNECTED) {
                     if (packetAddress == null) {
                         throw new IllegalArgumentException("Address not set");
                     }
-                    // Security manager makes sure that the multicast address
-                    // is allowed one and that the ttl used is less
-                    // than the allowed maxttl.
-                    SecurityManager security = System.getSecurityManager();
-                    if (security != null) {
-                        if (packetAddress.isMulticastAddress()) {
-                            security.checkMulticast(packetAddress, ttl);
-                        } else {
-                            security.checkConnect(packetAddress.getHostAddress(),
-                                    p.getPort());
-                        }
-                    }
                 } else {
                     // we're connected
                     if (packetAddress == null) {
