8344011: Remove usage of security manager from Class and reflective APIs

Reviewed-by: liach, yzheng, rriggs

Author: Alan Bateman

src/java.base/share/classes/java/lang/Class.java

@@ -39,8 +39,6 @@
 import java.lang.reflect.AnnotatedElement;
 import java.net.URI;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -64,14 +62,12 @@
 import jdk.internal.misc.Unsafe;
 import jdk.internal.misc.VM;
 import jdk.internal.module.ModuleBootstrap;
-import jdk.internal.module.ModuleBootstrap.IllegalNativeAccess;
 import jdk.internal.module.ModuleLoaderMap;
 import jdk.internal.module.ServicesCatalog;
 import jdk.internal.module.Resources;
 import jdk.internal.reflect.CallerSensitive;
 import jdk.internal.reflect.Reflection;
 import jdk.internal.vm.annotation.Stable;
-import sun.security.util.SecurityConstants;
 
 /**
  * Represents a run-time module, either {@link #isNamed() named} or unnamed.
@@ -198,11 +194,6 @@ public String getName() {
      * @return The class loader for this module
      */
     public ClassLoader getClassLoader() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
-        }
         return loader;
     }
 
@@ -1556,7 +1547,6 @@ public Annotation[] getDeclaredAnnotations() {
     // cached class file with annotations
     private volatile Class<?> moduleInfoClass;
 
-    @SuppressWarnings("removal")
     private Class<?> moduleInfoClass() {
         Class<?> clazz = this.moduleInfoClass;
         if (clazz != null)
@@ -1566,8 +1556,7 @@ private Class<?> moduleInfoClass() {
             clazz = this.moduleInfoClass;
             if (clazz == null) {
                 if (isNamed()) {
-                    PrivilegedAction<Class<?>> pa = this::loadModuleInfoClass;
-                    clazz = AccessController.doPrivileged(pa);
+                    clazz = loadModuleInfoClass();
                 }
                 if (clazz == null) {
                     class DummyModuleInfo { }

src/java.base/share/classes/java/lang/Module.java

@@ -44,7 +44,6 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import jdk.internal.javac.PreviewFeature;
 import jdk.internal.javac.Restricted;
 import jdk.internal.loader.ClassLoaderValue;
 import jdk.internal.loader.Loader;
@@ -54,7 +53,6 @@
 import jdk.internal.reflect.CallerSensitive;
 import jdk.internal.reflect.Reflection;
 import jdk.internal.vm.annotation.Stable;
-import sun.security.util.SecurityConstants;
 
 /**
  * A layer of modules in the Java virtual machine.
@@ -505,9 +503,6 @@ public static Controller defineModulesWithOneLoader(Configuration cf,
         List<ModuleLayer> parents = List.copyOf(parentLayers);
         checkConfiguration(cf, parents);
 
-        checkCreateClassLoaderPermission();
-        checkGetClassLoaderPermission();
-
         try {
             Loader loader = new Loader(cf.modules(), parentLoader);
             loader.initRemotePackageMap(cf, parents);
@@ -572,9 +567,6 @@ public static Controller defineModulesWithManyLoaders(Configuration cf,
         List<ModuleLayer> parents = List.copyOf(parentLayers);
         checkConfiguration(cf, parents);
 
-        checkCreateClassLoaderPermission();
-        checkGetClassLoaderPermission();
-
         LoaderPool pool = new LoaderPool(cf, parents, parentLoader);
         try {
             ModuleLayer layer = new ModuleLayer(cf, parents, pool::loaderFor);
@@ -654,8 +646,6 @@ public static Controller defineModules(Configuration cf,
         checkConfiguration(cf, parents);
         Objects.requireNonNull(clf);
 
-        checkGetClassLoaderPermission();
-
         // The boot layer is checked during module system initialization
         if (boot() != null) {
             checkForDuplicatePkgs(cf, clf);
@@ -693,20 +683,6 @@ private static void checkConfiguration(Configuration cf,
         }
     }
 
-    private static void checkCreateClassLoaderPermission() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
-    }
-
-    private static void checkGetClassLoaderPermission() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
-    }
-
     /**
      * Checks a configuration and the module-to-loader mapping to ensure that
      * no two modules mapped to the same class loader have the same package.

src/java.base/share/classes/java/lang/ModuleLayer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,8 +30,6 @@
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Objects;
 
 import jdk.internal.loader.BootLoader;
@@ -417,9 +415,7 @@ private Class<?> getPackageInfo() {
             // find package-info.class defined by loader
             String cn = packageName() + ".package-info";
             Module module = module();
-            PrivilegedAction<ClassLoader> pa = module::getClassLoader;
-            @SuppressWarnings("removal")
-            ClassLoader loader = AccessController.doPrivileged(pa);
+            ClassLoader loader = module.getClassLoader();
             Class<?> c;
             if (loader != null) {
                 c = loader.loadClass(module, cn);

src/java.base/share/classes/java/lang/Package.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
 
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.security.AccessController;
 import java.util.Arrays;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -88,10 +87,7 @@ Method[] toArray() {
      * Method (name, parameter types) tuple.
      */
     private static final class Key {
-        @SuppressWarnings("removal")
-        private static final ReflectionFactory reflectionFactory =
-            AccessController.doPrivileged(
-                new ReflectionFactory.GetReflectionFactoryAction());
+        private static final ReflectionFactory reflectionFactory = ReflectionFactory.getReflectionFactory();
 
         private final String name; // must be interned (as from Method.getName())
         private final Class<?>[] ptypes;

src/java.base/share/classes/java/lang/PublicMethods.java

@@ -107,9 +107,6 @@
      *                   implemented by invoking the implementation method
      * @throws LambdaConversionException If any of the meta-factory protocol
      *         invariants are violated
-     * @throws SecurityException If a security manager is present, and it
-     *         <a href="MethodHandles.Lookup.html#secmgr">denies access</a>
-     *         from {@code caller} to the package of {@code implementation}.
      */
     AbstractValidatingLambdaMetafactory(MethodHandles.Lookup caller,
                                         MethodType factoryType,
@@ -138,7 +135,7 @@
         this.implementation = implementation;
         this.implMethodType = implementation.type();
         try {
-            this.implInfo = caller.revealDirect(implementation); // may throw SecurityException
+            this.implInfo = caller.revealDirect(implementation);
         } catch (IllegalArgumentException e) {
             throw new LambdaConversionException(implementation + " is not direct or cannot be cracked");
         }

src/java.base/share/classes/java/lang/invoke/AbstractValidatingLambdaMetafactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package java.lang.invoke;
 
-import java.security.*;
 import java.lang.reflect.*;
 import java.lang.invoke.MethodHandles.Lookup;
 
@@ -85,16 +84,13 @@ public <T extends Member> T reflectAs(Class<T> expected, Lookup lookup) {
             // For more information see comments on {@link MethodHandleNatives#linkMethod}.
             throw new IllegalArgumentException("cannot reflect signature polymorphic method");
         }
-        @SuppressWarnings("removal")
-        Member mem = AccessController.doPrivileged(new PrivilegedAction<>() {
-                public Member run() {
-                    try {
-                        return reflectUnchecked();
-                    } catch (ReflectiveOperationException ex) {
-                        throw new IllegalArgumentException(ex);
-                    }
-                }
-            });
+
+        Member mem;
+        try {
+            mem = reflectUnchecked();
+        } catch (ReflectiveOperationException ex) {
+            throw new IllegalArgumentException(ex);
+        }
         try {
             Class<?> defc = getDeclaringClass();
             byte refKind = (byte) getReferenceKind();

src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java

@@ -29,7 +29,6 @@
 import jdk.internal.misc.CDS;
 import jdk.internal.util.ClassFileDumper;
 import sun.invoke.util.VerifyAccess;
-import sun.security.action.GetBooleanAction;
 
 import java.io.Serializable;
 import java.lang.classfile.ClassBuilder;
@@ -83,7 +82,7 @@
         lambdaProxyClassFileDumper = ClassFileDumper.getInstance(dumpProxyClassesKey, "DUMP_LAMBDA_PROXY_CLASS_FILES");
 
         final String disableEagerInitializationKey = "jdk.internal.lambda.disableEagerInitialization";
-        disableEagerInitialization = GetBooleanAction.privilegedGetProperty(disableEagerInitializationKey);
+        disableEagerInitialization = Boolean.getBoolean(disableEagerInitializationKey);
     }
 
     // See context values in AbstractValidatingLambdaMetafactory
@@ -134,9 +133,6 @@
      *                   implemented by invoking the implementation method
      * @throws LambdaConversionException If any of the meta-factory protocol
      *         invariants are violated
-     * @throws SecurityException If a security manager is present, and it
-     *         <a href="MethodHandles.Lookup.html#secmgr">denies access</a>
-     *         from {@code caller} to the package of {@code implementation}.
      */
     public InnerClassLambdaMetafactory(MethodHandles.Lookup caller,
                                        MethodType factoryType,

src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java

@@ -1208,11 +1208,7 @@ private static MethodHandle restoreToType(MethodHandle vamh,
 
         private static boolean checkInjectedInvoker(Class<?> hostClass, Class<?> invokerClass) {
             assert (hostClass.getClassLoader() == invokerClass.getClassLoader()) : hostClass.getName()+" (CL)";
-            try {
-                assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)";
-            } catch (SecurityException ex) {
-                // Self-check was blocked by security manager. This is OK.
-            }
+            assert (hostClass.getProtectionDomain() == invokerClass.getProtectionDomain()) : hostClass.getName()+" (PD)";
             try {
                 // Test the invoker to ensure that it really injects into the right place.
                 MethodHandle invoker = IMPL_LOOKUP.findStatic(invokerClass, "invoke_V", INVOKER_MT);

src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java

@@ -33,8 +33,6 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.UndeclaredThrowableException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -56,10 +54,7 @@
 import jdk.internal.constant.ConstantUtils;
 import jdk.internal.loader.ClassLoaders;
 import jdk.internal.module.Modules;
-import jdk.internal.reflect.CallerSensitive;
-import jdk.internal.reflect.Reflection;
 import jdk.internal.util.ClassFileDumper;
-import sun.reflect.misc.ReflectUtil;
 
 import static java.lang.constant.ConstantDescs.*;
 import static java.lang.invoke.MethodHandleStatics.*;
@@ -159,7 +154,6 @@ private MethodHandleProxies() { }  // do not instantiate
      *         be converted to the type required by the requested interface
      */
     @SuppressWarnings("doclint:reference") // cross-module links
-    @CallerSensitive
     public static <T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle target) {
         if (!intfc.isInterface() || !Modifier.isPublic(intfc.getModifiers()))
             throw newIllegalArgumentException("not a public interface", intfc.getName());
@@ -168,17 +162,7 @@ public static <T> T asInterfaceInstance(final Class<T> intfc, final MethodHandle
         if (intfc.isHidden())
             throw newIllegalArgumentException("a hidden interface", intfc.getName());
         Objects.requireNonNull(target);
-        final MethodHandle mh;
-        @SuppressWarnings("removal")
-        var sm = System.getSecurityManager();
-        if (sm != null) {
-            final Class<?> caller = Reflection.getCallerClass();
-            final ClassLoader ccl = caller != null ? caller.getClassLoader() : null;
-            ReflectUtil.checkProxyPackageAccess(ccl, intfc);
-            mh = ccl != null ? bindCaller(target, caller) : target;
-        } else {
-            mh = target;
-        }
+        final MethodHandle mh = target;
 
         // Define one hidden class for each interface.  Create an instance of
         // the hidden class for a given target method handle which will be
@@ -283,17 +267,7 @@ private static Class<?> newProxyClass(Class<?> intfc) {
         // define the dynamic module to the class loader of the interface
         var definer = new Lookup(intfc).makeHiddenClassDefiner(className, template, DUMPER);
 
-        @SuppressWarnings("removal")
-        var sm = System.getSecurityManager();
-        Lookup lookup;
-        if (sm != null) {
-            @SuppressWarnings("removal")
-            var l = AccessController.doPrivileged((PrivilegedAction<Lookup>) () ->
-                    definer.defineClassAsLookup(true));
-            lookup = l;
-        } else {
-            lookup = definer.defineClassAsLookup(true);
-        }
+        Lookup lookup = definer.defineClassAsLookup(true);
         // cache the wrapper type
         var ret = lookup.lookupClass();
         WRAPPER_TYPES.add(ret);

src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java

@@ -28,7 +28,6 @@
 import jdk.internal.misc.CDS;
 import jdk.internal.misc.Unsafe;
 import jdk.internal.util.ClassFileDumper;
-import sun.security.action.GetPropertyAction;
 
 import java.lang.reflect.ClassFileFormatVersion;
 import java.util.Properties;
@@ -66,7 +65,7 @@ private MethodHandleStatics() { }  // do not instantiate
     static final ClassFileDumper DUMP_CLASS_FILES;
 
     static {
-        Properties props = GetPropertyAction.privilegedGetProperties();
+        Properties props = System.getProperties();
         DEBUG_METHOD_HANDLE_NAMES = Boolean.parseBoolean(
                 props.getProperty("java.lang.invoke.MethodHandle.DEBUG_NAMES"));