Proper getStackAccessControlContext implementation

Fixed imports and warnings in SecuritySubstitutions
Implemented PrivilegedStack and use FastThreadLocal
Added missing getProtectionDomain method
Recompute contexts from static initializers in runtime
Disallow NO_CONTEXT_SINGLETON in executePrivileged
Work around crash when ProcessPropertiesSupport is missing getExecutable impementation

Author: lazar-mitrovic

sdk/src/org.graalvm.nativeimage/src/org/graalvm/nativeimage/impl/ProcessPropertiesSupport.java

@@ -45,7 +45,9 @@
 import org.graalvm.nativeimage.c.function.CEntryPointLiteral;
 
 public interface ProcessPropertiesSupport {
-    String getExecutableName();
+    default String getExecutableName() {
+        return "java";
+    }
 
     long getProcessID();
 

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/hub/DynamicHub.java

@@ -54,6 +54,8 @@
 import java.util.Set;
 import java.util.StringJoiner;
 
+import com.oracle.svm.core.SubstrateOptions;
+import com.oracle.svm.core.jdk.JNIPlatformNativeLibrarySupport;
 import org.graalvm.compiler.core.common.NumUtil;
 import org.graalvm.compiler.core.common.SuppressFBWarnings;
 import org.graalvm.compiler.serviceprovider.JavaVersionUtil;
@@ -333,6 +335,10 @@ public void setModule(Object module) {
         perms.add(SecurityConstants.ALL_PERMISSION);
         CodeSource cs;
         try {
+            if (SubstrateOptions.UseDedicatedVMOperationThread.getValue()) {
+                // We need to initialize encodings before we can invoke toURI()
+                JNIPlatformNativeLibrarySupport.singleton().initializeBuiltinLibraries();
+            }
             // Try to use executable image's name as code source for the class.
             // The file location can be used by Java code to determine its location on disk, similar
             // to argv[0].

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RecomputedFields.java

@@ -35,6 +35,8 @@
 import java.lang.reflect.Modifier;
 import java.nio.charset.CharsetDecoder;
 import java.nio.charset.CoderResult;
+import java.security.AccessControlContext;
+import java.security.Permission;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -46,6 +48,7 @@
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.Consumer;
 
+import org.graalvm.compiler.phases.common.LazyValue;
 import org.graalvm.compiler.serviceprovider.GraalUnsafeAccess;
 import org.graalvm.compiler.serviceprovider.JavaVersionUtil;
 import org.graalvm.nativeimage.ImageSingletons;
@@ -354,12 +357,70 @@ public static int getCommonPoolParallelism() {
     @TargetElement(onlyWith = JDK8OrEarlier.class)
     static native ForkJoinPool makeCommonPool();
 
+    @Alias //
+    @TargetElement(onlyWith = JDK11OrLater.class) //
+    public static native AccessControlContext contextWithPermissions(Permission... perms);
+
     @Alias //
     @TargetElement(onlyWith = JDK11OrLater.class) //
     Target_java_util_concurrent_ForkJoinPool(byte forCommonPoolOnly) {
     }
 }
 
+/**
+ * Since AccessControlContextFeature replaces all AccessControlContext objects with
+ * NO_CONTEXT_SINGLETON, we need to reinitialize them in runtime.
+ */
+@TargetClass(className = "java.util.concurrent.ForkJoinPool$DefaultForkJoinWorkerThreadFactory", onlyWith = JDK11OrLater.class)
+@SuppressWarnings("unused") //
+final class Target_java_util_concurrent_ForkJoinPool_DefaultForkJoinWorkerThreadFactory {
+    @Alias @InjectAccessors(DefaultForkJoinWorkerThreadFactoryAcc.class) static AccessControlContext ACC;
+}
+
+class DefaultForkJoinWorkerThreadFactoryAcc {
+    static LazyValue<AccessControlContext> acc = new LazyValue<>(() -> AccessControllerUtil.contextWithPermissions(
+                    new RuntimePermission("getClassLoader"),
+                    new RuntimePermission("setContextClassLoader")));
+
+    static AccessControlContext get() {
+        return acc.get();
+    }
+}
+
+@TargetClass(className = "java.util.concurrent.ForkJoinPool$InnocuousForkJoinWorkerThreadFactory", onlyWith = JDK11OrLater.class)
+@SuppressWarnings("unused") //
+final class Target_java_util_concurrent_ForkJoinPool_InnocuousForkJoinWorkerThreadFactory {
+    @Alias @InjectAccessors(InnocuousForkJoinWorkerThreadFactoryAcc.class) static AccessControlContext ACC;
+}
+
+class InnocuousForkJoinWorkerThreadFactoryAcc {
+    static LazyValue<AccessControlContext> acc = new LazyValue<>(() -> AccessControllerUtil.contextWithPermissions(
+                    new RuntimePermission("modifyThread"),
+                    new RuntimePermission("enableContextClassLoaderOverride"),
+                    new RuntimePermission("modifyThreadGroup"),
+                    new RuntimePermission("getClassLoader"),
+                    new RuntimePermission("setContextClassLoader")));
+
+    static AccessControlContext get() {
+        return acc.get();
+    }
+}
+
+@TargetClass(className = "java.util.Calendar$CalendarAccessControlContext")
+@SuppressWarnings("unused") //
+final class Target_java_util_Calendar_CalendarAccessControlContext  {
+    @Alias @InjectAccessors(CalendarAccessControlContextAcc.class) static AccessControlContext INSTANCE;
+}
+
+class CalendarAccessControlContextAcc {
+    static LazyValue<AccessControlContext> acc = new LazyValue<>(() -> AccessControllerUtil.contextWithPermissions(
+            new RuntimePermission("accessClassInPackage.sun.util.calendar")));
+
+    static AccessControlContext get() {
+        return acc.get();
+    }
+}
+
 /**
  * An injected field to replace ForkJoinPool.common.
  *