JDK24: Permanently Disable the Security Manager #20625
Conversation
| <disables> | ||
| <disable> | ||
| <comment>https://github.com/eclipse-openj9/openj9/issues/20563</comment> | ||
| <version>24+</version> |
There was a problem hiding this comment.
@llxia is this the preferred way to disable tests from running in future versions? The security tests should run for JDK 11-23 only. I've mostly seen the block used in temporarily disabled tests so I wanted to check since this would be a permanent change.
There was a problem hiding this comment.
disable is for temporary excludes. In this case, we should set <version>[11, 23]</version> . Example code: https://github.com/adoptium/TKG/blob/master/examples/jdkVersion/playlist.xml#L39
theresa-m
force-pushed
the
fix_20563
branch
3 times, most recently
from
888855d
to
7ab4eda
Compare
|
@JasonFengJ9 Please review these changes |
There was a problem hiding this comment.
The natives related to checkPermission() can be ifdef out for JDK24+ such as
openj9/runtime/jcl/common/java_lang_Class.cpp
Line 1406 in 48709bf
| @@ -1265,6 +1265,10 @@ static void checkTmpDir() { | |||
|
|
|||
| /*[IF JAVA_SPEC_VERSION >= 9]*/ | |||
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |||
There was a problem hiding this comment.
initSecurityManager() can be removed at
There was a problem hiding this comment.
This is still needed since initSecurityManager is used to detect settings of the java.security.manager property.
There was a problem hiding this comment.
initSecurityManager() reads the system property java.security.manager, and sets throwUOEFromSetSM which can be skipped within setSecurityManager().
System.initSecurityManager(applicationClassLoader) seems not needed for JDK24+.
There was a problem hiding this comment.
It will still be needed to throw an exception on startup for illegal java.security.manager manager settings triggered by throwErrorOnInit .
There was a problem hiding this comment.
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |
| String javaSecurityManager = internalGetProperties().getProperty("java.security.manager"); //$NON-NLS-1$ | |
| if (null == javaSecurityManager) { | |
| /*[IF JAVA_SPEC_VERSION >= 18]*/ | |
| throwUOEFromSetSM = true; | |
| /*[ELSE] JAVA_SPEC_VERSION >= 18 */ | |
| /* Do nothing. */ | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 18 */ | |
| } else if ("disallow".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| /*[IF JAVA_SPEC_VERSION > 11]*/ | |
| throwUOEFromSetSM = true; | |
| /*[ELSE] JAVA_SPEC_VERSION > 11 */ | |
| /* Do nothing. */ | |
| /*[ENDIF] JAVA_SPEC_VERSION > 11 */ | |
| } else { | |
| /*[IF JAVA_SPEC_VERSION >= 24]*/ | |
| /*[MSG "K0B04", "A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported."]*/ | |
| throw new Error(Msg.getString("K0B04")); //$NON-NLS-1$ | |
| /*[ELSE] JAVA_SPEC_VERSION >= 24 */ | |
| if ("allow".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| /* Do nothing. */ | |
| } else { | |
| /*[IF JAVA_SPEC_VERSION >= 17]*/ | |
| initialErr.println("WARNING: A command line option has enabled the Security Manager"); //$NON-NLS-1$ | |
| initialErr.println("WARNING: The Security Manager is deprecated and will be removed in a future release"); //$NON-NLS-1$ | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 17 */ | |
| if (javaSecurityManager.isEmpty() || "default".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| setSecurityManager(new SecurityManager()); | |
| } else { | |
| try { | |
| Constructor<?> constructor = Class.forName(javaSecurityManager, true, applicationClassLoader).getConstructor(); | |
| constructor.setAccessible(true); | |
| setSecurityManager((SecurityManager)constructor.newInstance()); | |
| } catch (Throwable e) { | |
| /*[MSG "K0631", "JVM can't set custom SecurityManager due to {0}"]*/ | |
| throw new Error(Msg.getString("K0631", e.toString()), e); //$NON-NLS-1$ | |
| } | |
| } | |
| } | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 24 */ | |
| } | |
| } |
There was a problem hiding this comment.
Can you clarify the benefits of this approach over the existing change?
| @@ -727,10 +727,15 @@ private boolean debugHelper(Permission perm) { | |||
| * | |||
| * @param perm java.security.Permission | |||
| * the permission to check | |||
| /*[IF JAVA_SPEC_VERSION >= 24] | |||
There was a problem hiding this comment.
The API description should be changed for JDK24 such as Throws AccessControlException.
jcl/src/java.base/share/classes/java/security/AccessController.java
Outdated
Show resolved
Hide resolved
.../functional/cmdLineTests/shareClassTests/DataHelperTests/DataHelperTests_SecurityManager.xml
Outdated
Show resolved
Hide resolved
test/functional/cmdLineTests/shareClassTests/DataHelperTests/playlist.xml
Outdated
Show resolved
Hide resolved
test/functional/Java8andUp/src/org/openj9/test/attachAPI/TestAttachAPI.java
Outdated
Show resolved
Hide resolved
|
FYI #20655 |
theresa-m
force-pushed
the
fix_20563
branch
2 times, most recently
from
fce9383
to
fc9e6eb
Compare
| /*[MSG "K0637", "A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported."]*/ | ||
| throw new Error(Msg.getString("K0637")); //$NON-NLS-1$ | ||
| } | ||
| /*[ENDIF] JAVA_SPEC_VERSION >= 24 */ |
There was a problem hiding this comment.
I think throwErrorOnInit isn't needed, the Error can be moved around Line 1278 whenever java.security.manager is detected.
There was a problem hiding this comment.
I liked the variable since the -Djava.security.manager=disallow case should not throw an exception.
There was a problem hiding this comment.
The message should be prefixed with "Error: "; see SecurityManagerWarnings.java.
There was a problem hiding this comment.
That is from java.lang.Error. The example output from https://openjdk.org/jeps/486 is:
java.lang.Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
at java.lang.System.initPhase3(java.base@24/System.java:2067)
jcl/src/java.base/share/classes/com/ibm/oti/util/ExternalMessages-MasterIndex.properties
Outdated
Show resolved
Hide resolved
| @@ -49,25 +51,25 @@ public final class AccessController { | |||
| initializeInternal(); | |||
| } | |||
|
|
|||
| private static native void initializeInternal(); | |||
There was a problem hiding this comment.
This native can be removed for JDK24+, I expect J9JavaVM->doPrivilegedMethodID_XXX are not needed along with
openj9/runtime/jcl/common/acccont.c
Line 28 in 3da9d2f
There was a problem hiding this comment.
I have excluded these and am running a personal build to see if there are any impacted tests.
There was a problem hiding this comment.
I have excluded and opened an issue for the one failure I found #20702.
theresa-m
force-pushed
the
fix_20563
branch
3 times, most recently
from
72168cc
to
c9cabc6
Compare
Do you mind if I do this in a second pull request? This change set is already getting large. |
Sounds good. |
| @@ -1265,6 +1265,10 @@ static void checkTmpDir() { | |||
|
|
|||
| /*[IF JAVA_SPEC_VERSION >= 9]*/ | |||
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |||
There was a problem hiding this comment.
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |
| static void initSecurityManager(ClassLoader applicationClassLoader) { | |
| String javaSecurityManager = internalGetProperties().getProperty("java.security.manager"); //$NON-NLS-1$ | |
| if (null == javaSecurityManager) { | |
| /*[IF JAVA_SPEC_VERSION >= 18]*/ | |
| throwUOEFromSetSM = true; | |
| /*[ELSE] JAVA_SPEC_VERSION >= 18 */ | |
| /* Do nothing. */ | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 18 */ | |
| } else if ("disallow".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| /*[IF JAVA_SPEC_VERSION > 11]*/ | |
| throwUOEFromSetSM = true; | |
| /*[ELSE] JAVA_SPEC_VERSION > 11 */ | |
| /* Do nothing. */ | |
| /*[ENDIF] JAVA_SPEC_VERSION > 11 */ | |
| } else { | |
| /*[IF JAVA_SPEC_VERSION >= 24]*/ | |
| /*[MSG "K0B04", "A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported."]*/ | |
| throw new Error(Msg.getString("K0B04")); //$NON-NLS-1$ | |
| /*[ELSE] JAVA_SPEC_VERSION >= 24 */ | |
| if ("allow".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| /* Do nothing. */ | |
| } else { | |
| /*[IF JAVA_SPEC_VERSION >= 17]*/ | |
| initialErr.println("WARNING: A command line option has enabled the Security Manager"); //$NON-NLS-1$ | |
| initialErr.println("WARNING: The Security Manager is deprecated and will be removed in a future release"); //$NON-NLS-1$ | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 17 */ | |
| if (javaSecurityManager.isEmpty() || "default".equals(javaSecurityManager)) { //$NON-NLS-1$ | |
| setSecurityManager(new SecurityManager()); | |
| } else { | |
| try { | |
| Constructor<?> constructor = Class.forName(javaSecurityManager, true, applicationClassLoader).getConstructor(); | |
| constructor.setAccessible(true); | |
| setSecurityManager((SecurityManager)constructor.newInstance()); | |
| } catch (Throwable e) { | |
| /*[MSG "K0631", "JVM can't set custom SecurityManager due to {0}"]*/ | |
| throw new Error(Msg.getString("K0631", e.toString()), e); //$NON-NLS-1$ | |
| } | |
| } | |
| } | |
| /*[ENDIF] JAVA_SPEC_VERSION >= 24 */ | |
| } | |
| } |
| @@ -637,6 +651,7 @@ private static int getNewAuthorizedState(AccessControlContext acc, ProtectionDom | |||
| } | |||
| return newAuthorizedState; | |||
| } | |||
| /*[ENDIF] JAVA_SPEC_VERSION < 24 */ | |||
There was a problem hiding this comment.
This can be moved to L722 to include toArrayOfProtectionDomains().
| checkPermsNPE(perms); | ||
| /*[ENDIF] JAVA_SPEC_VERSION < 24 */ |
There was a problem hiding this comment.
keepalive() can be removed for JDK24+.
| @@ -25,6 +25,7 @@ | |||
| #include "j9.h" | |||
| #include "j9port.h" | |||
|
|
|||
| #if JAVA_SPEC_VERSION < 24 | |||
There was a problem hiding this comment.
This file can be removed for JDK24+.
There was a problem hiding this comment.
How do I do that?
| @@ -55,10 +55,12 @@ typedef enum { | |||
| #define STACK_WALK_STATE_LIMITED_DOPRIVILEGED (void *)2 | |||
| #define STACK_WALK_STATE_FULL_DOPRIVILEGED (void *)3 | |||
|
|
|||
| #if JAVA_SPEC_VERSION < 24 | |||
There was a problem hiding this comment.
ObjsArraySizeNindex, STACK_WALK_STATE_LIMITED_DOPRIVILEGED and STACK_WALK_STATE_FULL_DOPRIVILEGED can be removed for JDK24+.
Signed-off-by: Theresa Mammarella <[email protected]>
Signed-off-by: Theresa Mammarella <[email protected]>
Signed-off-by: Theresa Mammarella <[email protected]>
to a different job and exclude from 24+. Signed-off-by: Theresa Mammarella <[email protected]>
Signed-off-by: Theresa Mammarella <[email protected]>
Signed-off-by: Theresa Mammarella <[email protected]>
Signed-off-by: Theresa Mammarella <[email protected]>
- Throw an error on initialization if java.security.manager attempts to add a security manager - configure setSecurityManager to always throw an UnsupportedOperationException - getSecurityManager will always return null since a security manager can't be set Signed-off-by: Theresa Mammarella <[email protected]>
... for further investigation. Signed-off-by: Theresa Mammarella <[email protected]>
Related: #20563