Skip to content

Commit aebcf82

Browse files
theresa-mtheresa-m
committed
Disable security manager in java.lang.System
- Throw an error on initialization if java.security.manager attempts to add a security manager - configure setSecurityManager to always throw an UnsupportedOperationException - getSecurityManager will always return null since a security manager can't be set Signed-off-by: Theresa Mammarella <[email protected]>
1 parent 730f00c commit aebcf82

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

jcl/src/java.base/share/classes/com/ibm/oti/util/ExternalMessages-MasterIndex.properties

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -482,6 +482,8 @@ K0A02="Bootstrap method returned null."
482482
K0B00="The Security Manager is deprecated and will be removed in a future release"
483483
K0B01="Library name must not contain a file path: {0}"
484484
K0B02="Enabling a SecurityManager currently unsupported when -XX:+EnableCRIUSupport is specified"
485+
K0B03="Setting a Security Manager is not supported"
486+
K0B04="A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported."
485487

486488
#java.lang.Throwable
487489
K0C00="Non-standard List class not permitted in suppressedExceptions serial stream"

jcl/src/java.base/share/classes/java/lang/System.java

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1265,6 +1265,9 @@ static void checkTmpDir() {
12651265

12661266
/*[IF JAVA_SPEC_VERSION >= 9]*/
12671267
static void initSecurityManager(ClassLoader applicationClassLoader) {
1268+
/*[IF JAVA_SPEC_VERSION >= 24]*/
1269+
boolean throwErrorOnInit = false;
1270+
/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
12681271
String javaSecurityManager = internalGetProperties().getProperty("java.security.manager"); //$NON-NLS-1$
12691272
if (null == javaSecurityManager) {
12701273
/*[IF JAVA_SPEC_VERSION >= 18]*/
@@ -1273,14 +1276,21 @@ static void initSecurityManager(ClassLoader applicationClassLoader) {
12731276
/* Do nothing. */
12741277
/*[ENDIF] JAVA_SPEC_VERSION >= 18 */
12751278
} else if ("allow".equals(javaSecurityManager)) { //$NON-NLS-1$
1279+
/*[IF JAVA_SPEC_VERSION >= 24]*/
1280+
throwErrorOnInit = true;
1281+
/*[ELSE] JAVA_SPEC_VERSION >= 24 */
12761282
/* Do nothing. */
1283+
/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
12771284
} else if ("disallow".equals(javaSecurityManager)) { //$NON-NLS-1$
12781285
/*[IF JAVA_SPEC_VERSION > 11]*/
12791286
throwUOEFromSetSM = true;
12801287
/*[ELSE] JAVA_SPEC_VERSION > 11 */
12811288
/* Do nothing. */
12821289
/*[ENDIF] JAVA_SPEC_VERSION > 11 */
12831290
} else {
1291+
/*[IF JAVA_SPEC_VERSION >= 24]*/
1292+
throwErrorOnInit = true;
1293+
/*[ELSE] JAVA_SPEC_VERSION >= 24 */
12841294
/*[IF JAVA_SPEC_VERSION >= 17]*/
12851295
initialErr.println("WARNING: A command line option has enabled the Security Manager"); //$NON-NLS-1$
12861296
initialErr.println("WARNING: The Security Manager is deprecated and will be removed in a future release"); //$NON-NLS-1$
@@ -1297,7 +1307,14 @@ static void initSecurityManager(ClassLoader applicationClassLoader) {
12971307
throw new Error(Msg.getString("K0631", e.toString()), e); //$NON-NLS-1$
12981308
}
12991309
}
1310+
/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
13001311
}
1312+
/*[IF JAVA_SPEC_VERSION >= 24]*/
1313+
if (throwErrorOnInit) {
1314+
/*[MSG "K0B04", "A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported."]*/
1315+
throw new Error(Msg.getString("K0B04")); //$NON-NLS-1$
1316+
}
1317+
/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
13011318
}
13021319
/*[ENDIF] JAVA_SPEC_VERSION >= 9 */
13031320

@@ -1315,17 +1332,25 @@ static boolean allowSecurityManager() {
13151332
*
13161333
* @param s the new security manager
13171334
*
1335+
/*[IF JAVA_SPEC_VERSION >= 24]
1336+
* @throws UnsupportedOperationException always
1337+
/*[ELSE] JAVA_SPEC_VERSION >= 24
13181338
* @throws SecurityException if the security manager has already been set and its checkPermission method doesn't allow it to be replaced.
13191339
/*[IF JAVA_SPEC_VERSION > 11]
13201340
* @throws UnsupportedOperationException if s is non-null and a special token "disallow" has been set for system property "java.security.manager"
13211341
* which indicates that a security manager is not allowed to be set dynamically.
13221342
/*[ENDIF] JAVA_SPEC_VERSION > 11
1343+
/*[ENDIF] JAVA_SPEC_VERSION >= 24
13231344
*/
13241345
/*[IF JAVA_SPEC_VERSION >= 17]*/
13251346
@Deprecated(since="17", forRemoval=true)
13261347
@CallerSensitive
13271348
/*[ENDIF] JAVA_SPEC_VERSION >= 17 */
13281349
public static void setSecurityManager(final SecurityManager s) {
1350+
/*[IF JAVA_SPEC_VERSION >= 24]*/
1351+
/*[MSG "K0B03", "Setting a Security Manager is not supported"]*/
1352+
throw new UnsupportedOperationException(Msg.getString("K0B03")); //$NON-NLS-1$
1353+
/*[ELSE] JAVA_SPEC_VERSION >= 24*/
13291354
/*[IF CRIU_SUPPORT]*/
13301355
if (openj9.internal.criu.InternalCRIUSupport.isCRIUSupportEnabled()) {
13311356
/*[MSG "K0B02", "Enabling a SecurityManager currently unsupported when -XX:+EnableCRIUSupport is specified"]*/
@@ -1403,6 +1428,7 @@ public Void run() {
14031428
currentSecurity.checkPermission(com.ibm.oti.util.RuntimePermissions.permissionSetSecurityManager);
14041429
}
14051430
security = s;
1431+
/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
14061432
}
14071433

14081434
/**

0 commit comments

Comments
 (0)