diff --git a/jcl/src/java.base/share/classes/java/lang/Class.java b/jcl/src/java.base/share/classes/java/lang/Class.java
index f79ef1fe2a1..7f8cda65205 100644
--- a/jcl/src/java.base/share/classes/java/lang/Class.java
+++ b/jcl/src/java.base/share/classes/java/lang/Class.java
@@ -3046,7 +3046,9 @@ public boolean desiredAssertionStatus() {
* array of not more than maxDepth Classes representing the classes of
* running methods on the stack (including native methods). Frames
* representing the VM implementation of java.lang.reflect are not included
- * in the list. If stopAtPrivileged is true, the walk will terminate at any
+ * in the list.
+/*[IF JAVA_SPEC_VERSION < 24]
+ * If stopAtPrivileged is true, the walk will terminate at any
* frame running one of the following methods:
*
*
@@ -3057,6 +3059,7 @@ public boolean desiredAssertionStatus() {
*
* - This method operates on the defining classes of methods on stack.
@@ -3067,7 +3070,11 @@ public boolean desiredAssertionStatus() {
*
*
* @param maxDepth maximum depth to walk the stack, -1 for the entire stack
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * @param stopAtPrivileged has no effect
+/*[ELSE] JAVA_SPEC_VERSION >= 24
* @param stopAtPrivileged stop at privileged classes
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
* @return the array of the most recent classes on the stack
*/
@CallerSensitive
diff --git a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java
index 9684bff2300..25a5f6272da 100644
--- a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java
+++ b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java
@@ -722,6 +722,13 @@ private boolean debugHelper(Permission perm) {
}
/**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * Throws java.security.AccessControlException
+ *
+ * @param perm is ignored
+ * @exception java.security.AccessControlException
+ * is always thrown
+/*[ELSE] JAVA_SPEC_VERSION >= 24
* Checks if the permission perm is allowed in this context.
* All ProtectionDomains must grant the permission for it to be granted.
*
@@ -731,6 +738,7 @@ private boolean debugHelper(Permission perm) {
* thrown when perm is not granted.
* @exception NullPointerException
* if perm is null
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
*/
public void checkPermission(Permission perm) throws AccessControlException {
/*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -940,6 +948,7 @@ ProtectionDomain[] getContext() {
return context;
}
+/*[IF JAVA_SPEC_VERSION < 24]*/
/*
* Added to resolve: S6907662, CVE-2010-4465: System clipboard should ensure access restrictions
* Called internally from java.security.ProtectionDomain
@@ -953,6 +962,7 @@ ProtectionDomain[] getContext() {
this.domainCombiner = acc.domainCombiner;
}
}
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/*
* Added to resolve: S6907662, CVE-2010-4465: System clipboard should ensure access restrictions
diff --git a/jcl/src/java.base/share/classes/java/security/AccessController.java b/jcl/src/java.base/share/classes/java/security/AccessController.java
index cf3c744ab95..5585a40d8e6 100644
--- a/jcl/src/java.base/share/classes/java/security/AccessController.java
+++ b/jcl/src/java.base/share/classes/java/security/AccessController.java
@@ -23,7 +23,9 @@
package java.security;
import com.ibm.oti.util.Msg;
+/*[IF JAVA_SPEC_VERSION < 24]*/
import sun.security.util.SecurityConstants;
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/*[IF JAVA_SPEC_VERSION >= 9]
import jdk.internal.reflect.CallerSensitive;
@@ -44,30 +46,30 @@
@SuppressWarnings("removal")
/*[ENDIF] JAVA_SPEC_VERSION >= 17 */
public final class AccessController {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+ private static AccessControlContext ACC_NO_PERM = new AccessControlContext(
+ new ProtectionDomain[] { new ProtectionDomain(null, null) });
+/*[ELSE] JAVA_SPEC_VERSION >= 24 */
static {
// Initialize vm-internal caches
initializeInternal();
}
-/*[IF JAVA_SPEC_VERSION >= 24]*/
- private static AccessControlContext ACC_NO_PERM = new AccessControlContext(
- new ProtectionDomain[] { new ProtectionDomain(null, null) });
-/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
-
static final int OBJS_INDEX_ACC = 0;
static final int OBJS_INDEX_PDS = 1;
static final int OBJS_ARRAY_SIZE = 3;
static final int OBJS_INDEX_PERMS_OR_CACHECHECKED = 2;
-private static native void initializeInternal();
+ private static native void initializeInternal();
-/* [PR CMVC 188787] Enabling -Djava.security.debug option within WAS keeps JVM busy */
-static final class DebugRecursionDetection {
- private static ThreadLocal tlDebug = new ThreadLocal<>();
- static ThreadLocal getTlDebug() {
- return tlDebug;
+ /* [PR CMVC 188787] Enabling -Djava.security.debug option within WAS keeps JVM busy */
+ static final class DebugRecursionDetection {
+ private static ThreadLocal tlDebug = new ThreadLocal<>();
+ static ThreadLocal getTlDebug() {
+ return tlDebug;
+ }
}
-}
+/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
/*[PR 1FDIC6B] J9JCL:WIN95 - AccessController missing private no-arg constructor */
/**
@@ -77,6 +79,7 @@ private AccessController() {
super();
}
+/*[IF JAVA_SPEC_VERSION < 24]*/
/**
* The object array returned has following format:
*
@@ -192,7 +195,6 @@ private static void throwACE(boolean debug, Permission perm, ProtectionDomain pD
}
}
-/*[IF JAVA_SPEC_VERSION < 24]*/
/**
* Helper method to check whether the running program is allowed to access the resource
* being guarded by the given Permission argument
@@ -275,7 +277,6 @@ private static boolean checkPermissionHelper(Permission perm, AccessControlConte
}
return limitedPermImplied;
}
-/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/**
* Helper to print debug stack information for checkPermission().
@@ -365,8 +366,15 @@ private static boolean debugHelperJEP140(Object[] objects, Permission perm) {
debugPrintStack(debug, perm);
return debug;
}
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * Throws AccessControlException
+ *
+ * @param perm is ignored
+ * @exception AccessControlException is always thrown
+/*[ELSE] JAVA_SPEC_VERSION >= 24
* Checks whether the running program is allowed to
* access the resource being guarded by the given
* Permission argument.
@@ -374,6 +382,7 @@ private static boolean debugHelperJEP140(Object[] objects, Permission perm) {
* @param perm the permission to check
* @exception AccessControlException if access is not allowed.
* NullPointerException if perm is null
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
*/
public static void checkPermission(Permission perm) throws AccessControlException {
/*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -437,24 +446,9 @@ public static void checkPermission(Permission perm) throws AccessControlExceptio
}
/**
- * Used to keep the context live during doPrivileged().
- *
- * @param context the context to retain
- *
- * @see #doPrivileged(PrivilegedAction, AccessControlContext)
- */
-private static void keepalive(AccessControlContext context) {
- return;
-}
-
-/**
- * @param perms the permissions to retain
- */
-private static void keepalive(Permission... perms) {
- return;
-}
-
-/**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * @return an AccessControlContext with no permissions
+/*[ELSE] JAVA_SPEC_VERSION >= 24
* Answers the access controller context of the current thread,
* including the inherited ones. It basically retrieves all the
* protection domains from the calling stack and creates an
@@ -463,6 +457,7 @@ private static void keepalive(Permission... perms) {
* @return an AccessControlContext which captures the current state
*
* @see AccessControlContext
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
*/
public static AccessControlContext getContext() {
/*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -472,6 +467,25 @@ public static AccessControlContext getContext() {
/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
}
+/*[IF JAVA_SPEC_VERSION < 24]*/
+/**
+ * Used to keep the context live during doPrivileged().
+ *
+ * @param context the context to retain
+ *
+ * @see #doPrivileged(PrivilegedAction, AccessControlContext)
+ */
+private static void keepalive(AccessControlContext context) {
+ return;
+}
+
+/**
+ * @param perms the permissions to retain
+ */
+private static void keepalive(Permission... perms) {
+ return;
+}
+
/**
* This is a helper method for getContext() and doPrivilegedWithCombiner methods.
* Answers the access controller context of the current thread including the inherited ones.
@@ -637,6 +651,7 @@ private static int getNewAuthorizedState(AccessControlContext acc, ProtectionDom
}
return newAuthorizedState;
}
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/**
* Helper method to combine the ProtectionDomain objects
@@ -753,8 +768,10 @@ public static T doPrivileged(PrivilegedAction action) {
@CallerSensitive
public static T doPrivileged(PrivilegedAction action, AccessControlContext context) {
T result = action.run();
+ /*[IF JAVA_SPEC_VERSION < 24]*/
/*[PR 108112] context is not kept alive*/
keepalive(context);
+ /*[ENDIF] JAVA_SPEC_VERSION < 24 */
return result;
}
@@ -820,8 +837,10 @@ public static T doPrivileged (PrivilegedExceptionAction action, AccessCon
{
try {
T result = action.run();
+ /*[IF JAVA_SPEC_VERSION < 24]*/
/*[PR 108112] context is not kept alive*/
keepalive(context);
+ /*[ENDIF] JAVA_SPEC_VERSION < 24 */
return result;
} catch (RuntimeException ex) {
throw ex;
@@ -849,7 +868,11 @@ public static T doPrivileged (PrivilegedExceptionAction action, AccessCon
*/
@CallerSensitive
public static T doPrivilegedWithCombiner(PrivilegedAction action) {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+ return doPrivileged(action, null);
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
return doPrivileged(action, doPrivilegedWithCombinerHelper(null));
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
}
/**
@@ -876,9 +899,14 @@ public static T doPrivilegedWithCombiner(PrivilegedAction action) {
public static T doPrivilegedWithCombiner(PrivilegedExceptionAction action)
throws PrivilegedActionException
{
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+ return doPrivileged(action, null);
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
return doPrivileged(action, doPrivilegedWithCombinerHelper(null));
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
}
+/*[IF JAVA_SPEC_VERSION < 24]*/
/**
* Helper method to check if any permission is null
*
@@ -894,6 +922,7 @@ private static void checkPermsNPE(Permission... perms) {
}
}
}
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
/**
* Performs the privileged action specified by action.
@@ -922,10 +951,14 @@ private static void checkPermsNPE(Permission... perms) {
public static T doPrivileged(PrivilegedAction action,
AccessControlContext context, Permission... perms)
{
+/*[IF JAVA_SPEC_VERSION < 24]*/
checkPermsNPE(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
T result = action.run();
+/*[IF JAVA_SPEC_VERSION < 24]*/
keepalive(context);
keepalive(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
return result;
}
@@ -954,8 +987,13 @@ public static T doPrivileged(PrivilegedAction action,
public static T doPrivilegedWithCombiner(PrivilegedAction action,
AccessControlContext context, Permission... perms)
{
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+ return doPrivileged(action, context, perms); // 24 - perms?
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
checkPermsNPE(perms);
return doPrivileged(action, doPrivilegedWithCombinerHelper(context), perms);
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
+
}
/**
@@ -989,10 +1027,14 @@ public static T doPrivileged(PrivilegedExceptionAction action,
throws PrivilegedActionException
{
try {
+/*[IF JAVA_SPEC_VERSION < 24]*/
checkPermsNPE(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
T result = action.run();
+/*[IF JAVA_SPEC_VERSION < 24]*/
keepalive(context);
keepalive(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
return result;
} catch (RuntimeException ex) {
throw ex;
@@ -1029,10 +1071,15 @@ public static T doPrivilegedWithCombiner(PrivilegedExceptionAction action
AccessControlContext context, Permission... perms)
throws PrivilegedActionException
{
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+ return doPrivileged(action, context, perms);
+/*[ELSE] JAVA_SPEC_VERSION >= 24 */
checkPermsNPE(perms);
return doPrivileged(action, doPrivilegedWithCombinerHelper(context), perms);
+/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
}
+/*[IF JAVA_SPEC_VERSION < 24]*/
/**
* Helper method to construct an AccessControlContext for doPrivilegedWithCombiner methods.
*
@@ -1052,5 +1099,6 @@ private static AccessControlContext doPrivilegedWithCombinerHelper(AccessControl
}
return fixedContext;
}
+/*[ENDIF] JAVA_SPEC_VERSION < 24*/
}
diff --git a/runtime/jcl/CMakeLists.txt b/runtime/jcl/CMakeLists.txt
index 55127cbb450..679dccbf579 100644
--- a/runtime/jcl/CMakeLists.txt
+++ b/runtime/jcl/CMakeLists.txt
@@ -106,7 +106,6 @@ target_link_libraries(jclse
target_sources(jclse
PRIVATE
- ${CMAKE_CURRENT_SOURCE_DIR}/common/acccont.c
${CMAKE_CURRENT_SOURCE_DIR}/common/annparser.c
${CMAKE_CURRENT_SOURCE_DIR}/common/attach.c
${CMAKE_CURRENT_SOURCE_DIR}/common/bootstrp.c
@@ -165,6 +164,10 @@ target_sources(jclse
${CMAKE_CURRENT_SOURCE_DIR}/filesys/vmfilesys.c
)
+if(JAVA_SPEC_VERSION LESS 24)
+ target_sources(jclse PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/common/acccont.c)
+endif()
+
if(OMR_OS_WINDOWS)
target_sources(jclse PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/win32/syshelp.c)
else()
diff --git a/runtime/jcl/common/java_lang_Class.cpp b/runtime/jcl/common/java_lang_Class.cpp
index fb26b2f1232..440f0dde3af 100644
--- a/runtime/jcl/common/java_lang_Class.cpp
+++ b/runtime/jcl/common/java_lang_Class.cpp
@@ -44,6 +44,9 @@ typedef enum {
STATE_IMPLIED = 1
} StackWalkingStates;
+#define STACK_WALK_STATE_MAGIC (void *)1
+
+#if JAVA_SPEC_VERSION < 24
typedef enum {
OBJS_ARRAY_IDX_ACC = 0,
OBJS_ARRAY_IDX_PDS = 1,
@@ -51,7 +54,6 @@ typedef enum {
OBJS_ARRAY_SIZE = 3
} ObjsArraySizeNindex;
-#define STACK_WALK_STATE_MAGIC (void *)1
#define STACK_WALK_STATE_LIMITED_DOPRIVILEGED (void *)2
#define STACK_WALK_STATE_FULL_DOPRIVILEGED (void *)3
@@ -59,6 +61,7 @@ static UDATA isPrivilegedFrameIterator(J9VMThread * currentThread, J9StackWalkSt
static UDATA isPrivilegedFrameIteratorGetAccSnapshot(J9VMThread * currentThread, J9StackWalkState * walkState);
static UDATA frameIteratorGetAccSnapshotHelper(J9VMThread * currentThread, J9StackWalkState * walkState, j9object_t acc, j9object_t perm);
static j9object_t storePDobjectsHelper(J9VMThread* vmThread, J9Class* arrayClass, J9StackWalkState* walkState, j9object_t contextObject, U_32 arraySize, UDATA framesWalked, I_32 startPos, BOOLEAN dupCallerPD);
+#endif /* JAVA_SPEC_VERSION < 24 */
static BOOLEAN checkInnerClassHelper(J9Class* declaringClass, J9Class* declaredClass);
jobject JNICALL
@@ -80,6 +83,7 @@ Java_java_lang_Class_getDeclaredAnnotationsData(JNIEnv *env, jobject jlClass)
return result;
}
+#if JAVA_SPEC_VERSION < 24
static UDATA
isPrivilegedFrameIterator(J9VMThread * currentThread, J9StackWalkState * walkState)
{
@@ -129,6 +133,7 @@ isPrivilegedFrameIterator(J9VMThread * currentThread, J9StackWalkState * walkSta
return J9_STACKWALK_KEEP_ITERATING;
}
+#endif /* JAVA_SPEC_VERSION < 24 */
jobject JNICALL
Java_java_lang_Class_getStackClasses(JNIEnv *env, jclass jlHeapClass, jint maxDepth, jboolean stopAtPrivileged)
@@ -165,10 +170,12 @@ Java_java_lang_Class_getStackClasses(JNIEnv *env, jclass jlHeapClass, jint maxDe
walkState.maxFrames = maxDepth;
walkState.walkThread = vmThread;
+#if JAVA_SPEC_VERSION < 24
if (stopAtPrivileged) {
walkFlags |= J9_STACKWALK_ITERATE_FRAMES;
walkState.frameWalkFunction = isPrivilegedFrameIterator;
}
+#endif /* JAVA_SPEC_VERSION < 24 */
walkState.flags = walkFlags;
if (vm->walkStackFrames(vmThread, &walkState) != J9_STACKWALK_RC_NONE) {
@@ -1201,6 +1208,7 @@ Java_java_lang_Class_permittedSubclassesImpl(JNIEnv *env, jobject cls)
return permittedSubclassesHelper(env, cls);
}
+#if JAVA_SPEC_VERSION < 24
static UDATA
frameIteratorGetAccSnapshotHelper(J9VMThread * currentThread, J9StackWalkState * walkState, j9object_t acc, j9object_t perm)
{
@@ -1423,13 +1431,11 @@ Java_java_security_AccessController_getAccSnapshot(JNIEnv* env, jclass jsAccessC
if (NULL != vmThread->currentException) {
goto _walkStateUninitialized;
}
-#if JAVA_SPEC_VERSION < 24
/* AccessControlContext is allocated in the same space as the thread, so no exception can occur */
contextObject = vmThread->threadObject;
if (NULL != contextObject) {
contextObject = J9VMJAVALANGTHREAD_INHERITEDACCESSCONTROLCONTEXT(vmThread, contextObject);
}
-#endif /* JAVA_SPEC_VERSION < 24 */
/* Walk the stack, caching the constant pools of the frames. */
walkState.skipCount = startingFrame + 1; /* skip this JNI frame as well */
walkState.userData1 = STACK_WALK_STATE_MAGIC; /* set to NULL when a limited doPrivileged frame is discovered */
@@ -1821,7 +1827,7 @@ storePDobjectsHelper(J9VMThread* vmThread, J9Class* arrayClass, J9StackWalkState
}
return arrayObject;
}
-
+#endif /* JAVA_SPEC_VERSION < 24 */
jobject JNICALL
Java_java_lang_Class_getNestHostImpl(JNIEnv *env, jobject recv)
diff --git a/runtime/oti/j9nonbuilder.h b/runtime/oti/j9nonbuilder.h
index 5c562bbec62..dcbf4adcc88 100644
--- a/runtime/oti/j9nonbuilder.h
+++ b/runtime/oti/j9nonbuilder.h
@@ -5852,10 +5852,12 @@ typedef struct J9JavaVM {
/* extensionClassLoader holds the platform class loader in Java 11+ */
struct J9ClassLoader* extensionClassLoader;
struct J9ClassLoader* applicationClassLoader;
+#if JAVA_SPEC_VERSION < 24
UDATA doPrivilegedMethodID1;
UDATA doPrivilegedMethodID2;
UDATA doPrivilegedWithContextMethodID1;
UDATA doPrivilegedWithContextMethodID2;
+#endif /* JAVA_SPEC_VERSION < 24 */
void* defaultMemorySpace;
j9object_t* systemThreadGroupRef;
omrthread_monitor_t classLoaderBlocksMutex;
@@ -6116,8 +6118,10 @@ typedef struct J9JavaVM {
omrthread_monitor_t nativeLibraryMonitor;
UDATA freePreviousClassLoaders;
struct J9ClassLoader* anonClassLoader;
+#if JAVA_SPEC_VERSION < 24
UDATA doPrivilegedWithContextPermissionMethodID1;
UDATA doPrivilegedWithContextPermissionMethodID2;
+#endif /* JAVA_SPEC_VERSION < 24 */
UDATA nativeLibrariesLoadMethodID;
#if defined(J9VM_INTERP_CUSTOM_SPIN_OPTIONS)
struct J9Pool *customSpinOptions;