8344149: Remove usage of Security Manager from java.rmi

Reviewed-by: rriggs, kevinw, aefimov

Author: Stuart Marks

src/java.rmi/share/classes/java/rmi/MarshalledObject.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,8 +35,6 @@
 import java.io.ObjectStreamConstants;
 import java.io.OutputStream;
 import java.io.Serializable;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 import sun.rmi.server.MarshalInputStream;
 import sun.rmi.server.MarshalOutputStream;
@@ -317,21 +315,17 @@ private static class MarshalledObjectInputStream
          * <code>null</code>, then all annotations will be
          * <code>null</code>.
          */
-        @SuppressWarnings("removal")
         MarshalledObjectInputStream(InputStream objIn, InputStream locIn,
                     ObjectInputFilter filter)
             throws IOException
         {
             super(objIn);
             this.locIn = (locIn == null ? null : new ObjectInputStream(locIn));
             if (filter != null) {
-                AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-                    MarshalledObjectInputStream.this.setObjectInputFilter(filter);
-                    if (MarshalledObjectInputStream.this.locIn != null) {
-                        MarshalledObjectInputStream.this.locIn.setObjectInputFilter(filter);
-                    }
-                    return null;
-                });
+                MarshalledObjectInputStream.this.setObjectInputFilter(filter);
+                if (MarshalledObjectInputStream.this.locIn != null) {
+                    MarshalledObjectInputStream.this.locIn.setObjectInputFilter(filter);
+                }
             }
         }
 

src/java.rmi/share/classes/java/rmi/server/LogStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,14 +120,6 @@ public static synchronized PrintStream getDefaultStream() {
      */
     @Deprecated
     public static synchronized void setDefaultStream(PrintStream newDefault) {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-
-        if (sm != null) {
-            sm.checkPermission(
-                new java.util.logging.LoggingPermission("control", null));
-        }
-
         defaultStream = newDefault;
     }
 

src/java.rmi/share/classes/java/rmi/server/ObjID.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,8 +30,6 @@
 import java.io.ObjectInput;
 import java.io.ObjectOutput;
 import java.io.Serializable;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.SecureRandom;
 import java.util.concurrent.atomic.AtomicLong;
 
@@ -242,9 +240,7 @@ public String toString() {
     }
 
     private static boolean useRandomIDs() {
-        @SuppressWarnings("removal")
-        String value = AccessController.doPrivileged(
-            (PrivilegedAction<String>) () -> System.getProperty("java.rmi.server.randomIDs"));
+        String value = System.getProperty("java.rmi.server.randomIDs");
         return value == null ? true : Boolean.parseBoolean(value);
     }
 }

src/java.rmi/share/classes/java/rmi/server/RMIClassLoader.java

@@ -27,8 +27,6 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Iterator;
 import java.util.ServiceLoader;
 
@@ -112,12 +110,7 @@ public class RMIClassLoader {
         newDefaultProviderInstance();
 
     /** provider instance */
-    @SuppressWarnings("removal")
-    private static final RMIClassLoaderSpi provider =
-        AccessController.doPrivileged(
-            new PrivilegedAction<RMIClassLoaderSpi>() {
-                public RMIClassLoaderSpi run() { return initializeProvider(); }
-            });
+    private static final RMIClassLoaderSpi provider = initializeProvider();
 
     /*
      * Disallow anyone from creating one of these.
@@ -538,11 +531,6 @@ public static String getClassAnnotation(Class<?> cl) {
      * @since   1.4
      */
     public static RMIClassLoaderSpi getDefaultProviderInstance() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission("setFactory"));
-        }
         return defaultProvider;
     }
 

src/java.rmi/share/classes/java/rmi/server/RMISocketFactory.java

@@ -131,11 +131,6 @@ public static synchronized void setSocketFactory(RMISocketFactory fac)
         if (factory != null) {
             throw new SocketException("factory already defined");
         }
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkSetFactory();
-        }
         factory = fac;
     }
 
@@ -181,11 +176,6 @@ public static synchronized RMISocketFactory getDefaultSocketFactory() {
      */
     public static synchronized void setFailureHandler(RMIFailureHandler fh)
     {
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkSetFactory();
-        }
         handler = fh;
     }
 

src/java.rmi/share/classes/sun/rmi/log/ReliableLog.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,9 +27,6 @@
 
 import java.io.*;
 import java.lang.reflect.Constructor;
-import java.rmi.server.RMIClassLoader;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 /**
  * This class is a simple implementation of a reliable Log.  The
@@ -132,15 +129,13 @@ public class ReliableLog {
      * if an exception occurs during invocation of the handler's
      * snapshot method or if other IOException occurs.
      */
-    @SuppressWarnings("removal")
     public ReliableLog(String dirPath,
                      LogHandler handler,
                      boolean pad)
         throws IOException
     {
         super();
-        this.Debug = AccessController.doPrivileged(
-            (PrivilegedAction<Boolean>) () -> Boolean.getBoolean("sun.rmi.log.debug"));
+        this.Debug = Boolean.getBoolean("sun.rmi.log.debug");
         dir = new File(dirPath);
         if (!(dir.exists() && dir.isDirectory())) {
             // create directory
@@ -331,19 +326,10 @@ public synchronized void update(Object value, boolean forceToDisk)
     private static Constructor<? extends LogFile>
         getLogClassConstructor() {
 
-        @SuppressWarnings("removal")
-        String logClassName = AccessController.doPrivileged(
-            (PrivilegedAction<String>) () -> System.getProperty("sun.rmi.log.class"));
+        String logClassName = System.getProperty("sun.rmi.log.class");
         if (logClassName != null) {
             try {
-                @SuppressWarnings("removal")
-                ClassLoader loader =
-                    AccessController.doPrivileged(
-                        new PrivilegedAction<ClassLoader>() {
-                            public ClassLoader run() {
-                               return ClassLoader.getSystemClassLoader();
-                            }
-                        });
+                ClassLoader loader = ClassLoader.getSystemClassLoader();
                 Class<? extends LogFile> cl =
                     loader.loadClass(logClassName).asSubclass(LogFile.class);
                 return cl.getConstructor(String.class, String.class);

src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java

@@ -263,7 +263,6 @@ public String[] list()
      * Check that the caller has access to perform indicated operation.
      * The client must be on same the same host as this server.
      */
-    @SuppressWarnings("removal")
     public static void checkAccess(String op) throws AccessException {
 
         try {
@@ -370,7 +369,6 @@ private static URL[] pathToURLs(String path) {
      *          {@link ObjectInputFilter.Status#REJECTED} if rejected,
      *          otherwise {@link ObjectInputFilter.Status#UNDECIDED}
      */
-    @SuppressWarnings("removal")
     private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) {
         if (registryFilter != null) {
             ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo);

src/java.rmi/share/classes/sun/rmi/runtime/Log.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@
 import java.io.OutputStream;
 import java.lang.StackWalker.StackFrame;
 import java.rmi.server.LogStream;
-import java.security.PrivilegedAction;
 import java.util.Set;
 import java.util.logging.Handler;
 import java.util.logging.SimpleFormatter;
@@ -69,9 +68,7 @@ public abstract class Log {
     /* selects log implementation */
     private static final LogFactory logFactory;
     static {
-        @SuppressWarnings("removal")
-        boolean useOld = java.security.AccessController.doPrivileged(
-            (PrivilegedAction<Boolean>) () -> Boolean.getBoolean("sun.rmi.log.useOld"));
+        boolean useOld = Boolean.getBoolean("sun.rmi.log.useOld");
 
         /* set factory to select the logging facility to use */
         logFactory = (useOld ? (LogFactory) new LogStreamLogFactory() :
@@ -177,17 +174,12 @@ public Log createLog(final String loggerName, String oldLogName,
     private static class LoggerLog extends Log {
 
         /* alternate console handler for RMI loggers */
-        @SuppressWarnings("removal")
-        private static final Handler alternateConsole =
-                java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<Handler>() {
-                    public Handler run() {
-                            InternalStreamHandler alternate =
-                                new InternalStreamHandler(System.err);
-                            alternate.setLevel(Level.ALL);
-                            return alternate;
-                        }
-                });
+        private static final Handler alternateConsole;
+        static {
+            var alternate = new InternalStreamHandler(System.err);
+            alternate.setLevel(Level.ALL);
+            alternateConsole = alternate;
+        }
 
         /** handler to which messages are copied */
         private InternalStreamHandler copyHandler = null;
@@ -199,22 +191,14 @@ public Handler run() {
         private LoggerPrintStream loggerSandwich;
 
         /** creates a Log which will delegate to the given logger */
-        @SuppressWarnings("removal")
         private LoggerLog(final Logger logger, final Level level) {
             this.logger = logger;
 
-            if (level != null){
-                java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<Void>() {
-                        public Void run() {
-                            if (!logger.isLoggable(level)) {
-                                logger.setLevel(level);
-                            }
-                            logger.addHandler(alternateConsole);
-                            return null;
-                        }
-                    }
-                );
+            if (level != null) {
+                if (!logger.isLoggable(level)) {
+                    logger.setLevel(level);
+                }
+                logger.addHandler(alternateConsole);
             }
         }
 
@@ -247,8 +231,6 @@ public String toString() {
         /**
          * Set the output stream associated with the RMI server call
          * logger.
-         *
-         * Calling code needs LoggingPermission "control".
          */
         public synchronized void setOutputStream(OutputStream out) {
             if (out != null) {

src/java.rmi/share/classes/sun/rmi/runtime/NewThreadAction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,11 @@
 
 package sun.rmi.runtime;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import sun.security.util.SecurityConstants;
-
 /**
- * A PrivilegedAction for creating a new thread conveniently with an
- * AccessController.doPrivileged construct.
+ * A utility class for creating threads. The constructors take a
+ * variety of parameters to configure the thread. The run() method
+ * creates and sets up the thread and returns it, but does not
+ * start it.
  *
  * All constructors allow the choice of the Runnable for the new
  * thread to execute, the name of the new thread (which will be
@@ -48,34 +46,27 @@
  *
  * @author      Peter Jones
  **/
-public final class NewThreadAction implements PrivilegedAction<Thread> {
+public final class NewThreadAction {
 
     /** cached reference to the system (root) thread group */
-    @SuppressWarnings("removal")
-    static final ThreadGroup systemThreadGroup =
-        AccessController.doPrivileged(new PrivilegedAction<ThreadGroup>() {
-            public ThreadGroup run() {
-                ThreadGroup group = Thread.currentThread().getThreadGroup();
-                ThreadGroup parent;
-                while ((parent = group.getParent()) != null) {
-                    group = parent;
-                }
-                return group;
-            }
-        });
+    static final ThreadGroup systemThreadGroup;
+    static {
+        ThreadGroup group = Thread.currentThread().getThreadGroup();
+        ThreadGroup parent;
+        while ((parent = group.getParent()) != null) {
+            group = parent;
+        }
+        systemThreadGroup = group;
+    }
+
 
     /**
-     * special child of the system thread group for running tasks that
-     * may execute user code, so that the security policy for threads in
-     * the system thread group will not apply
+     * Special child of the system thread group for running tasks that
+     * may execute user code. The need for a separate thread group may
+     * be a vestige of it having had a different security policy from
+     * the system thread group, so this might no longer be necessary.
      */
-    @SuppressWarnings("removal")
-    static final ThreadGroup userThreadGroup =
-        AccessController.doPrivileged(new PrivilegedAction<ThreadGroup>() {
-            public ThreadGroup run() {
-                return new ThreadGroup(systemThreadGroup, "RMI Runtime");
-            }
-        });
+    static final ThreadGroup userThreadGroup = new ThreadGroup(systemThreadGroup, "RMI Runtime");
 
     private final ThreadGroup group;
     private final Runnable runnable;
@@ -128,11 +119,6 @@ public NewThreadAction(Runnable runnable, String name, boolean daemon,
     }
 
     public Thread run() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
-        }
         Thread t = new Thread(group, runnable, "RMI " + name);
         t.setContextClassLoader(ClassLoader.getSystemClassLoader());
         t.setDaemon(daemon);