From 7b85f875f0c918fda82d768221ca56744510d997 Mon Sep 17 00:00:00 2001 From: Theresa Mammarella Date: Tue, 4 Feb 2025 11:40:32 -0500 Subject: [PATCH] Remove AccessController.doPrivileged uses from closed/src Signed-off-by: Theresa Mammarella --- .../classes/java/io/ClassByNameCache.java | 24 ++++--------------- .../jdk/crypto/jniprovider/NativeCrypto.java | 3 +-- .../internal/security/RestrictedSecurity.java | 11 +-------- 3 files changed, 6 insertions(+), 32 deletions(-) diff --git a/closed/src/java.base/share/classes/java/io/ClassByNameCache.java b/closed/src/java.base/share/classes/java/io/ClassByNameCache.java index 1aa671051c9..06778338eda 100644 --- a/closed/src/java.base/share/classes/java/io/ClassByNameCache.java +++ b/closed/src/java.base/share/classes/java/io/ClassByNameCache.java @@ -26,8 +26,6 @@ import java.lang.ref.ReferenceQueue; import java.lang.ref.WeakReference; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Objects; import java.util.concurrent.ConcurrentHashMap; /* ClassByNameCache is Primarily responsible for Caching the results of the className lookups and hence to avoid @@ -63,8 +61,10 @@ public ClassByNameCache() { loader = loader.getParent(); } setCanonicalSystemLoaderRef(null); - AccessController.doPrivileged( - new CreateReaperAction(this, staleLoaderRefs)).start(); + + Reaper reaper = new Reaper(this, staleLoaderRefs); + Thread t = com.ibm.oti.vm.VM.getVMLangAccess().createThread(reaper, "ClassByNameCache Reaper", true, false, true, null); + t.start(); } /* * sets Canonical Loader reference for the loader @@ -197,22 +197,6 @@ Class get() throws ClassNotFoundException { } } - private static final class CreateReaperAction - implements PrivilegedAction { - private final ClassByNameCache cache; - private final ReferenceQueue queue; - - CreateReaperAction(ClassByNameCache cache, ReferenceQueue queue) { - this.cache = cache; - this.queue = queue; - } - - public Thread run() { - Reaper reaper = new Reaper(cache, queue); - return com.ibm.oti.vm.VM.getVMLangAccess().createThread(reaper, "ClassByNameCache Reaper", true, false, true, null); - } - } - private static final class Reaper implements Runnable { private final WeakReference cacheRef; private final ReferenceQueue queue; diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java index cb78bdbc55b..c62c5cd9aa6 100644 --- a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java +++ b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java @@ -117,9 +117,8 @@ private static long loadCryptoLibraries() { return osslVersion; } - @SuppressWarnings("removal") private NativeCrypto() { - ossl_ver = AccessController.doPrivileged((PrivilegedAction) () -> loadCryptoLibraries()).longValue(); + ossl_ver = loadCryptoLibraries(); if (ossl_ver != -1) { isOpenSSLFIPS = isOpenSSLFIPS(); } else { diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java index 9e8d2f23a96..c3f058692e3 100644 --- a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java +++ b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java @@ -24,10 +24,8 @@ package openj9.internal.security; import java.nio.charset.StandardCharsets; -import java.security.AccessController; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.Provider.Service; import java.time.LocalDate; @@ -93,18 +91,11 @@ public final class RestrictedSecurity { supportedPlatformsOpenJCEPlus.put("Arch", List.of("amd64", "ppc64", "s390x")); supportedPlatformsOpenJCEPlus.put("OS", List.of("Linux", "AIX", "Windows")); - @SuppressWarnings("removal") - String[] props = AccessController.doPrivileged( - new PrivilegedAction<>() { - @Override - public String[] run() { - return new String[] { System.getProperty("semeru.fips"), + String[] props = new String[] { System.getProperty("semeru.fips"), System.getProperty("semeru.customprofile"), System.getProperty("os.name"), System.getProperty("os.arch"), System.getProperty("semeru.fips.allowsetproperties") }; - } - }); boolean isOsSupported, isArchSupported; // Check whether the NSS FIPS solution is supported.