8344112: Remove code to support security manager execution mode from DatagramChannel implementation

Alan Bateman · Alan Bateman · commit 7be77725eab6 · 2024-11-13T16:50:54.000Z
Reviewed-by: dfuchs
diff --git a/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java b/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java
@@ -60,8 +60,6 @@
 import java.nio.channels.SelectionKey;
 import java.nio.channels.spi.AbstractSelectableChannel;
 import java.nio.channels.spi.SelectorProvider;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -293,8 +291,7 @@ public DatagramSocket socket() {
     public SocketAddress getLocalAddress() throws IOException {
         synchronized (stateLock) {
             ensureOpen();
-            // Perform security check before returning address
-            return Net.getRevealedLocalAddress(localAddress);
+            return localAddress;
         }
     }
 
@@ -573,24 +570,16 @@ public SocketAddress receive(ByteBuffer dst) throws IOException {
                 SocketAddress remote = beginRead(blocking, false);
                 configureSocketNonBlockingIfVirtualThread();
                 boolean connected = (remote != null);
-                @SuppressWarnings("removal")
-                SecurityManager sm = System.getSecurityManager();
-                if (connected || (sm == null)) {
-                    // connected or no security manager
-                    int n = receive(dst, connected);
-                    if (blocking) {
-                        while (IOStatus.okayToRetry(n) && isOpen()) {
-                            park(Net.POLLIN);
-                            n = receive(dst, connected);
-                        }
-                    }
-                    if (n > 0 || (n == 0 && isOpen())) {
-                        // sender address is in socket address buffer
-                        sender = sourceSocketAddress();
+                int n = receive(dst, connected);
+                if (blocking) {
+                    while (IOStatus.okayToRetry(n) && isOpen()) {
+                        park(Net.POLLIN);
+                        n = receive(dst, connected);
                     }
-                } else {
-                    // security manager and unconnected
-                    sender = untrustedReceive(dst);
+                }
+                if (n > 0 || (n == 0 && isOpen())) {
+                    // sender address is in socket address buffer
+                    sender = sourceSocketAddress();
                 }
                 return sender;
             } finally {
@@ -601,49 +590,6 @@ public SocketAddress receive(ByteBuffer dst) throws IOException {
         }
     }
 
-    /**
-     * Receives a datagram into an untrusted buffer. When there is a security
-     * manager set, and the socket is not connected, datagrams have to be received
-     * into a buffer that is not accessible to the user. The datagram is copied
-     * into the user's buffer when the sender address is accepted by the security
-     * manager.
-     */
-    private SocketAddress untrustedReceive(ByteBuffer dst) throws IOException {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        assert readLock.isHeldByCurrentThread()
-                && sm != null && remoteAddress == null;
-
-        boolean blocking = isBlocking();
-        for (;;) {
-            int n;
-            ByteBuffer bb = Util.getTemporaryDirectBuffer(dst.remaining());
-            try {
-                n = receive(bb, false);
-                if (n >= 0) {
-                    // sender address is in socket address buffer
-                    InetSocketAddress isa = sourceSocketAddress();
-                    try {
-                        sm.checkAccept(isa.getAddress().getHostAddress(), isa.getPort());
-                        bb.flip();
-                        dst.put(bb);
-                        return isa;
-                    } catch (SecurityException se) {
-                        // ignore datagram
-                    }
-                }
-            } finally {
-                Util.releaseTemporaryDirectBuffer(bb);
-            }
-
-            if (blocking && IOStatus.okayToRetry(n) && isOpen()) {
-                park(Net.POLLIN);
-            } else {
-                return null;
-            }
-        }
-    }
-
     /**
      * Receives a datagram.
      *
@@ -675,58 +621,30 @@ void blockingReceive(DatagramPacket p, long nanos) throws IOException {
                 bufLength = DatagramPackets.getBufLength(p);
             }
 
-            long startNanos = System.nanoTime();
-            long remainingNanos = nanos;
-            SocketAddress sender = null;
+            boolean completed = false;
             try {
                 SocketAddress remote = beginRead(true, false);
                 boolean connected = (remote != null);
-                do {
-                    ByteBuffer dst = tryBlockingReceive(connected, bufLength, remainingNanos);
-
+                ByteBuffer dst = tryBlockingReceive(connected, bufLength, nanos);
+                if (dst != null) {
                     // if datagram received then get sender and copy to DatagramPacket
-                    if (dst != null) {
-                        try {
-                            // sender address is in socket address buffer
-                            sender = sourceSocketAddress();
-
-                            // check sender when security manager set and not connected
-                            @SuppressWarnings("removal")
-                            SecurityManager sm = System.getSecurityManager();
-                            if (sm != null && !connected) {
-                                InetSocketAddress isa = (InetSocketAddress) sender;
-                                try {
-                                    sm.checkAccept(isa.getAddress().getHostAddress(), isa.getPort());
-                                } catch (SecurityException e) {
-                                    sender = null;
-                                }
-                            }
-
-                            if (sender != null) {
-                                // copy bytes to the DatagramPacket, and set length and sender
-                                synchronized (p) {
-                                    // re-read p.bufLength in case DatagramPacket changed
-                                    int len = Math.min(dst.limit(), DatagramPackets.getBufLength(p));
-                                    dst.get(p.getData(), p.getOffset(), len);
-                                    DatagramPackets.setLength(p, len);
-                                    p.setSocketAddress(sender);
-                                }
-                            } else {
-                                // need to retry, adjusting timeout if needed
-                                if (nanos > 0) {
-                                    remainingNanos = nanos - (System.nanoTime() - startNanos);
-                                    if (remainingNanos <= 0) {
-                                        throw new SocketTimeoutException("Receive timed out");
-                                    }
-                                }
-                            }
-                        } finally {
-                            Util.offerFirstTemporaryDirectBuffer(dst);
+                    try {
+                        SocketAddress sender = sourceSocketAddress();
+                        synchronized (p) {
+                            // copy bytes to the DatagramPacket, and set length and sender.
+                            // Need to re-read p.bufLength in case DatagramPacket changed
+                            int len = Math.min(dst.limit(), DatagramPackets.getBufLength(p));
+                            dst.get(p.getData(), p.getOffset(), len);
+                            DatagramPackets.setLength(p, len);
+                            p.setSocketAddress(sender);
                         }
+                    } finally {
+                        Util.offerFirstTemporaryDirectBuffer(dst);
                     }
-                } while (sender == null && isOpen());
+                    completed = true;
+                }
             } finally {
-                endRead(true, (sender != null));
+                endRead(true, completed);
             }
         } finally {
             readLock.unlock();
@@ -884,16 +802,7 @@ public int send(ByteBuffer src, SocketAddress target)
                     completed = (n > 0);
                 } else {
                     // not connected
-                    @SuppressWarnings("removal")
-                    SecurityManager sm = System.getSecurityManager();
                     InetAddress ia = isa.getAddress();
-                    if (sm != null) {
-                        if (ia.isMulticastAddress()) {
-                            sm.checkMulticast(ia);
-                        } else {
-                            sm.checkConnect(ia.getHostAddress(), isa.getPort());
-                        }
-                    }
                     if (ia.isLinkLocalAddress())
                         isa = IPAddressUtil.toScopedAddress(isa);
                     if (isa.getPort() == 0)
@@ -1344,10 +1253,6 @@ private void bindInternal(SocketAddress local) throws IOException {
         } else {
             isa = Net.checkAddress(local, family);
         }
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkListen(isa.getPort());
 
         Net.bind(family, fd, isa.getAddress(), isa.getPort());
         localAddress = Net.localAddress(fd);
@@ -1373,17 +1278,6 @@ public DatagramChannel connect(SocketAddress sa) throws IOException {
      */
     DatagramChannel connect(SocketAddress sa, boolean check) throws IOException {
         InetSocketAddress isa = Net.checkAddress(sa, family);
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            InetAddress ia = isa.getAddress();
-            if (ia.isMulticastAddress()) {
-                sm.checkMulticast(ia);
-            } else {
-                sm.checkConnect(ia.getHostAddress(), isa.getPort());
-                sm.checkAccept(ia.getHostAddress(), isa.getPort());
-            }
-        }
 
         readLock.lock();
         try {
@@ -1589,17 +1483,13 @@ private void repairSocket(InetSocketAddress target)
     /**
      * Defines static methods to access AbstractSelectableChannel non-public members.
      */
-    @SuppressWarnings("removal")
     private static class AbstractSelectableChannels {
         private static final Method FOREACH;
         static {
             try {
-                PrivilegedExceptionAction<Method> pae = () -> {
-                    Method m = AbstractSelectableChannel.class.getDeclaredMethod("forEach", Consumer.class);
-                    m.setAccessible(true);
-                    return m;
-                };
-                FOREACH = AccessController.doPrivileged(pae);
+                Method m = AbstractSelectableChannel.class.getDeclaredMethod("forEach", Consumer.class);
+                m.setAccessible(true);
+                FOREACH = m;
             } catch (Exception e) {
                 throw new InternalError(e);
             }
@@ -1646,11 +1536,6 @@ private MembershipKey innerJoin(InetAddress group,
                 throw new IllegalArgumentException("Source address is different type to group");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkMulticast(group);
-
         synchronized (stateLock) {
             ensureOpen();
 
@@ -2051,10 +1936,7 @@ private static class DatagramPackets {
         private static final VarHandle BUF_LENGTH;
         static {
             try {
-                PrivilegedExceptionAction<MethodHandles.Lookup> pa = () ->
-                    MethodHandles.privateLookupIn(DatagramPacket.class, MethodHandles.lookup());
-                @SuppressWarnings("removal")
-                MethodHandles.Lookup l = AccessController.doPrivileged(pa);
+                MethodHandles.Lookup l = MethodHandles.privateLookupIn(DatagramPacket.class, MethodHandles.lookup());
                 LENGTH = l.findVarHandle(DatagramPacket.class, "length", int.class);
                 BUF_LENGTH = l.findVarHandle(DatagramPacket.class, "bufLength", int.class);
             } catch (Exception e) {
diff --git a/src/java.base/share/classes/sun/nio/ch/DatagramSocketAdaptor.java b/src/java.base/share/classes/sun/nio/ch/DatagramSocketAdaptor.java
@@ -48,9 +48,6 @@
 import java.nio.channels.ClosedByInterruptException;
 import java.nio.channels.DatagramChannel;
 import java.nio.channels.MembershipKey;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.locks.ReentrantLock;
@@ -167,24 +164,11 @@ public SocketAddress getRemoteSocketAddress() {
 
     @Override
     public SocketAddress getLocalSocketAddress() {
-        InetSocketAddress local = dc.localAddress();
-        if (local == null || isClosed())
+        if (isClosed()) {
             return null;
-
-        InetAddress addr = local.getAddress();
-        if (addr.isAnyLocalAddress())
-            return local;
-
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            try {
-                sm.checkConnect(addr.getHostAddress(), -1);
-            } catch (SecurityException x) {
-                return new InetSocketAddress(local.getPort());
-            }
+        } else {
+            return dc.localAddress();
         }
-        return local;
     }
 
     @Override
@@ -223,17 +207,7 @@ public InetAddress getLocalAddress() {
         InetSocketAddress local = dc.localAddress();
         if (local == null)
             local = new InetSocketAddress(0);
-        InetAddress result = local.getAddress();
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            try {
-                sm.checkConnect(result.getHostAddress(), -1);
-            } catch (SecurityException x) {
-                return new InetSocketAddress(0).getAddress();
-            }
-        }
-        return result;
+        return local.getAddress();
     }
 
     @Override
@@ -484,11 +458,6 @@ public void joinGroup(SocketAddress mcastaddr, NetworkInterface netIf) throws IO
         synchronized (this) {
             MembershipKey key = dc.findMembership(group, ni);
             if (key != null) {
-                // already a member but need to check permission anyway
-                @SuppressWarnings("removal")
-                SecurityManager sm = System.getSecurityManager();
-                if (sm != null)
-                    sm.checkMulticast(group);
                 throw new SocketException("Already a member of group");
             }
             dc.join(group, ni);  // checks permission
@@ -501,10 +470,6 @@ public void leaveGroup(SocketAddress mcastaddr, NetworkInterface netIf) throws I
         NetworkInterface ni = (netIf != null) ? netIf : defaultNetworkInterface();
         if (isClosed())
             throw new SocketException("Socket is closed");
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkMulticast(group);
         synchronized (this) {
             MembershipKey key = dc.findMembership(group, ni);
             if (key == null)
@@ -541,12 +506,7 @@ public InetAddress getInterface() throws SocketException {
                     return outgoingInetAddress;
                 } else {
                     // network interface has changed so update cached values
-                    PrivilegedAction<InetAddress> pa;
-                    pa = () -> ni.inetAddresses().findFirst().orElse(null);
-                    @SuppressWarnings("removal")
-                    InetAddress ia = AccessController.doPrivileged(pa);
-                    if (ia == null)
-                        throw new SocketException("Network interface has no IP address");
+                    InetAddress ia = ni.inetAddresses().findFirst().orElse(null);
                     outgoingNetworkInterface = ni;
                     outgoingInetAddress = ia;
                     return ia;
@@ -660,10 +620,7 @@ private static class NetworkInterfaces {
         static final MethodHandle CONSTRUCTOR;
         static {
             try {
-                PrivilegedExceptionAction<Lookup> pa = () ->
-                    MethodHandles.privateLookupIn(NetworkInterface.class, MethodHandles.lookup());
-                @SuppressWarnings("removal")
-                MethodHandles.Lookup l = AccessController.doPrivileged(pa);
+                Lookup l = MethodHandles.privateLookupIn(NetworkInterface.class, MethodHandles.lookup());
                 MethodType methodType = MethodType.methodType(NetworkInterface.class);
                 GET_DEFAULT = l.findStatic(NetworkInterface.class, "getDefault", methodType);
                 methodType = MethodType.methodType(void.class, String.class, int.class, InetAddress[].class);
@@ -703,10 +660,7 @@ private static class DatagramSockets {
         private static final SocketAddress NO_DELEGATE;
         static {
             try {
-                PrivilegedExceptionAction<Lookup> pa = () ->
-                    MethodHandles.privateLookupIn(DatagramSocket.class, MethodHandles.lookup());
-                @SuppressWarnings("removal")
-                MethodHandles.Lookup l = AccessController.doPrivileged(pa);
+                Lookup l = MethodHandles.privateLookupIn(DatagramSocket.class, MethodHandles.lookup());
                 var handle = l.findStaticVarHandle(DatagramSocket.class, "NO_DELEGATE", SocketAddress.class);
                 NO_DELEGATE = (SocketAddress) handle.get();
             } catch (Exception e) {
