Merge pull request #932 from theresa-m/securitymanager

keithc-ca · web-flow · commit d41e8a8d6d70 · 2025-02-04T22:43:24.000-05:00
Remove AccessController.doPrivileged uses from closed/src
diff --git a/closed/src/java.base/share/classes/java/io/ClassByNameCache.java b/closed/src/java.base/share/classes/java/io/ClassByNameCache.java
@@ -1,6 +1,6 @@
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2017, 2022 All Rights Reserved
+ * (c) Copyright IBM Corp. 2017, 2025 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,6 @@
 
 import java.lang.ref.ReferenceQueue;
 import java.lang.ref.WeakReference;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 /* ClassByNameCache is Primarily responsible for Caching the results of the className lookups and hence to avoid
@@ -63,8 +61,11 @@ public ClassByNameCache() {
             loader = loader.getParent();
         }
         setCanonicalSystemLoaderRef(null);
-        AccessController.doPrivileged(
-                new CreateReaperAction(this, staleLoaderRefs)).start();
+
+        Reaper reaper = new Reaper(this, staleLoaderRefs);
+        com.ibm.oti.vm.VM.getVMLangAccess()
+                .createThread(reaper, "ClassByNameCache Reaper", true, false, true, null)
+                .start();
     }
     /*
      * sets Canonical Loader reference for the loader
@@ -197,22 +198,6 @@ Class<?> get() throws ClassNotFoundException {
         }
     }
 
-    private static final class CreateReaperAction
-            implements PrivilegedAction<Thread> {
-        private final ClassByNameCache cache;
-        private final ReferenceQueue<Object> queue;
-
-        CreateReaperAction(ClassByNameCache cache, ReferenceQueue<Object> queue) {
-            this.cache = cache;
-            this.queue = queue;
-        }
-
-        public Thread run() {
-            Reaper reaper = new Reaper(cache, queue);
-            return com.ibm.oti.vm.VM.getVMLangAccess().createThread(reaper, "ClassByNameCache Reaper", true, false, true, null);
-        }
-    }
-
     private static final class Reaper implements Runnable {
         private final WeakReference<ClassByNameCache> cacheRef;
         private final ReferenceQueue<Object> queue;
diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -117,9 +117,8 @@ private static long loadCryptoLibraries() {
         return osslVersion;
     }
 
-    @SuppressWarnings("removal")
     private NativeCrypto() {
-        ossl_ver = AccessController.doPrivileged((PrivilegedAction<Long>) () -> loadCryptoLibraries()).longValue();
+        ossl_ver = loadCryptoLibraries();
         if (ossl_ver != -1) {
             isOpenSSLFIPS = isOpenSSLFIPS();
         } else {
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -1,6 +1,6 @@
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2025 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,10 +24,8 @@
 package openj9.internal.security;
 
 import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.Provider.Service;
 import java.time.LocalDate;
@@ -93,30 +91,20 @@ public final class RestrictedSecurity {
         supportedPlatformsOpenJCEPlus.put("Arch", List.of("amd64", "ppc64", "s390x"));
         supportedPlatformsOpenJCEPlus.put("OS", List.of("Linux", "AIX", "Windows"));
 
-        @SuppressWarnings("removal")
-        String[] props = AccessController.doPrivileged(
-                new PrivilegedAction<>() {
-                    @Override
-                    public String[] run() {
-                        return new String[] { System.getProperty("semeru.fips"),
-                                System.getProperty("semeru.customprofile"),
-                                System.getProperty("os.name"),
-                                System.getProperty("os.arch"),
-                                System.getProperty("semeru.fips.allowsetproperties") };
-                    }
-                });
+        String osName = System.getProperty("os.name");
+        String osArch = System.getProperty("os.arch");
 
         boolean isOsSupported, isArchSupported;
         // Check whether the NSS FIPS solution is supported.
         isOsSupported = false;
         for (String os: supportedPlatformsNSS.get("OS")) {
-            if (props[2].contains(os)) {
+            if (osName.contains(os)) {
                 isOsSupported = true;
             }
         }
         isArchSupported = false;
         for (String arch: supportedPlatformsNSS.get("Arch")) {
-            if (props[3].contains(arch)) {
+            if (osArch.contains(arch)) {
                 isArchSupported = true;
             }
         }
@@ -125,13 +113,13 @@ public String[] run() {
         // Check whether the OpenJCEPlus FIPS solution is supported.
         isOsSupported = false;
         for (String os: supportedPlatformsOpenJCEPlus.get("OS")) {
-            if (props[2].contains(os)) {
+            if (osName.contains(os)) {
                 isOsSupported = true;
             }
         }
         isArchSupported = false;
         for (String arch: supportedPlatformsOpenJCEPlus.get("Arch")) {
-            if (props[3].contains(arch)) {
+            if (osArch.contains(arch)) {
                 isArchSupported = true;
             }
         }
@@ -140,8 +128,8 @@ public String[] run() {
         // Check the default solution to see if FIPS is supported.
         isFIPSSupported = isNSSSupported;
 
-        userEnabledFIPS = Boolean.parseBoolean(props[0]);
-        allowSetProperties = Boolean.parseBoolean(props[4]);
+        userEnabledFIPS = Boolean.getBoolean("semeru.fips");
+        allowSetProperties = Boolean.getBoolean("semeru.fips.allowsetproperties");
 
         if (userEnabledFIPS) {
             if (isFIPSSupported) {
@@ -151,12 +139,8 @@ public String[] run() {
         }
 
         // If user has specified a profile, use that
-        if (props[1] != null) {
-            selectedProfile = props[1];
-            userSetProfile = true;
-        } else {
-            userSetProfile = false;
-        }
+        selectedProfile = System.getProperty("semeru.customprofile");
+        userSetProfile = selectedProfile != null;
 
         // Check if FIPS is supported on this platform without explicitly setting a profile.
         if (userEnabledFIPS && !isFIPSSupported && !userSetProfile) {
