Skip to content

8344034: Remove security manager dependency in Serialization #22041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 234 commits into from
Closed

8344034: Remove security manager dependency in Serialization #22041

wants to merge 234 commits into from

Conversation

@RogerRiggs
Copy link
Contributor

@RogerRiggs RogerRiggs commented Nov 12, 2024
edited by openjdk bot
Loading

After JDK-8338411, Serialization implementation dependencies on SecurityManager, doPrivildged, and AccessController are removed.
Some refactoring to cleanup the remaining code is expected.

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8344034: Remove security manager dependency in Serialization (Bug - P4)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22041/head:pull/22041
$ git checkout pull/22041

Update a local copy of the PR:
$ git checkout pull/22041
$ git pull https://git.openjdk.org/jdk.git pull/22041/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 22041

View PR using the GUI difftool:
$ git pr show -t 22041

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22041.diff

Using Webrev

Link to Webrev Comment

AlanBateman and others added 30 commits September 30, 2024 18:02
@AlanBateman
Initial load of JEP 486 implementation
ef70021 
Co-authored-by: Sean Mullan <[email protected]>
Co-authored-by: Alan Bateman <[email protected]>
Co-authored-by: Weijun Wang <[email protected]>
Co-authored-by: Aleksei Efimov <[email protected]>
Co-authored-by: Brian Burkhalter <[email protected]>
Co-authored-by: Daniel Fuchs <[email protected]>
Co-authored-by: Harshitha Onkar <[email protected]>
Co-authored-by: Joe Wang <[email protected]>
Co-authored-by: Jorn Vernee <[email protected]>
Co-authored-by: Justin Lu <[email protected]>
Co-authored-by: Kevin Walls <[email protected]>>
Co-authored-by: Lance Andersen <[email protected]>
Co-authored-by: Naoto Sato <[email protected]>
Co-authored-by: Roger Riggs <[email protected]>
Co-authored-by: Brent Christian <[email protected]>
@AlanBateman
ServerSocket bind/accept no longer throw SecurityException
591d3d6
@AlanBateman
Merge
781eecd
@stuart-marks
hack out Security Manager from LoaderHandler
4035376
@stuart-marks
Update spec for RMIClassLoader
6d2006d
@stuart-marks
Fix whitespace.
6c325c2
@stuart-marks
Restore URL parsing to LoaderHandler::getClassLoader.
463d46b
@AlanBateman
Merge
439ed26
@AlanBateman
Remove vmTestbase/nsk/jvmti/AttachOnDemand/attach004/TestDescription.…
53e06d0 
…java, not useful without SM
@seanjmullan
Remove leftover SecurityException text from RMIConnection.getObjectIn…
9e1cec8 
…stance.
@seanjmullan
Remove leftover "@see java.lang.SecurityManager#checkSetFactory" from
7cf5824 
setInitialContextFactoryBuilder and setObjectFactoryBuilder methods in
javax.naming.spi.NamingManager.
@seanjmullan
Remove unnecessary comma.
77b58bf
@AlanBateman
Merge
b5f2ca3
@seanjmullan
Fix typo.
938737a
@seanjmullan
Remove text about granting permission and add api note indicating
2612400 
permission cannot be used anymore to control access.
@seanjmullan
Remove text about implementers using Security Manager checks from class
4688f78 
description.
@seanjmullan
Remove Security Manager text from EXIT_ON_CLOSE.
34da8c7
@seanjmullan
Removed TestSecurityManagerChecks.java - this test was testing permis…
c62c4ad 
…sion

checks of the Class.getNestHost and getNestMembers methods, which no
longer apply.
@AlanBateman
Drop reference to permissions from Font.getFont
d8e15dd
@AlanBateman
Merge
29c0bb2
@AlanBateman
Update record tests to not require SM
23e0f09
@AlanBateman
Remove tests for repeating annotations with SM set, no SM case well t…
bd27286 
…ested by other tests
@AlanBateman
Change reflect/Nestmates/TestReflectionAPI to not test with a SM set
7f451ea
@AlanBateman
Remove test/langtools/tools/javac/api/ToolProvider/ToolProviderTest.j…
c9ab253 
…ava, useless without SM
@seanjmullan
Remove text about granting permissions to module from
36522ed 
ModuleDescriptor.location().
@seanjmullan
Remove text about Proxy objects being granted AllPermission.
c769f2d
@seanjmullan
Remove text about needing ReflectPermission to access AccessibleObject.
79b4b21
@igraves
JDK-8003881: Prevent lambda implementing inner classes from allowing …
e46d99c 
…attacker to create new instances
@igraves
JDK-8007035: deprecate public void SecurityManager.checkMemberAccess(…
422c489 
…Class<?> clazz, int which)
@AlanBateman
Update copyright header
1f4be6f
@openjdk openjdk bot removed the merge-conflict Pull request has merge conflict with target branch label Nov 12, 2024
turbanoff
turbanoff reviewed Nov 13, 2024
View reviewed changes
src/java.base/share/classes/java/io/ObjectInputFilter.java
Copy link
Member

@turbanoff turbanoff Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should all usages of SecurityManager be removed from this class?

@AlanBateman
Copy link
Contributor

AlanBateman commented Nov 13, 2024

ObjectInputFilter.setSerialFilter and setSerialFilterFactory, have they been missed?

seanjmullan
seanjmullan reviewed Nov 14, 2024
View reviewed changes
src/java.base/share/classes/java/io/ObjectOutputStream.java Outdated
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"sun.io.serialization.extendedDebugInfo")).booleanValue();
private static final boolean extendedDebugInfo = Boolean.getBoolean("sun.io.serialization.extendedDebugInfo");
Copy link
Member

@seanjmullan seanjmullan Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: bit of a long line, consider breaking into 2 lines.

seanjmullan
seanjmullan approved these changes Nov 14, 2024
View reviewed changes
Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good other than 2 small comments.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Nov 14, 2024
@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Nov 14, 2024
seanjmullan
seanjmullan approved these changes Nov 14, 2024
View reviewed changes
Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates look good.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Nov 14, 2024
@RogerRiggs
Copy link
Contributor Author

RogerRiggs commented Nov 14, 2024

Updates passed CI tier1, tier2, tier3

@RogerRiggs
Copy link
Contributor Author

RogerRiggs commented Nov 18, 2024

/integrate

@openjdk
Copy link

openjdk bot commented Nov 18, 2024

Going to push as commit 9b0ab92.
Since your change was applied there have been 67 commits pushed to the master branch:

  • d52d136: 8344221: Remove calls to SecurityManager and and doPrivileged in java.net.IDN, java.net.URL, java.net.URLConnection, sun.net.util.URLUtil, and java.net.URLStreamHandlerProvider after JEP 486 integration
  • dfddbca: 8341916: Remove ProtectionDomain related hotspot code and tests
  • 5eb0733: 8344383: Include ZipArchive and JarArchive directly
  • b8b70c8: 8344379: [s390x] build failure due to missing change from JDK-8339466
  • 5fc4322: 8288298: Resolve multiline message parsing ambiguities in UL
  • ea8f289: 8344271: Comparison build fails due to difference in doc summary
  • b9c6ce9: 8344122: IGV: Extend c2 IdealGraphPrinter to send subgraphs to IGV
  • 00ff6a3: 8344105: Remove SecurityManager and related calls from jdk.attach and jdk.hotspot.agent
  • 475feb0: 8344056: Use markdown format for man pages
  • 6c2ae44: 8344204: IGV: Button to enable/disable cutting of long edges
  • ... and 57 more: https://git.openjdk.org/jdk/compare/752e1629555f0ec8630373ec87b049afdd709ea6...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Nov 18, 2024
@openjdk openjdk bot closed this Nov 18, 2024
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Nov 18, 2024
@openjdk
Copy link

openjdk bot commented Nov 18, 2024

@RogerRiggs Pushed as commit 9b0ab92.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@eirbjo eirbjo mentioned this pull request Nov 18, 2024
Closed
3 tasks
@RogerRiggs RogerRiggs deleted the 8344034-sm-removal-serialization branch February 24, 2025 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@turbanoff turbanoff turbanoff left review comments

@AlanBateman AlanBateman AlanBateman approved these changes

@seanjmullan seanjmullan seanjmullan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core-libs [email protected] integrated Pull request has been integrated

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.