8066709: Make some JDK system properties read only

Reviewed-by: lancea, sundar, bchristi, weijun, mchung, alanb, mullan

src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java

@@ -29,8 +29,8 @@
 import java.nio.file.attribute.*;
 import java.nio.file.spi.FileTypeDetector;
 import java.io.IOException;
-import java.security.AccessController;
-import sun.security.action.GetPropertyAction;
+
+import jdk.internal.util.StaticProperty;
 
 /**
  * Linux implementation of FileSystemProvider
@@ -102,7 +102,7 @@ public <A extends BasicFileAttributes> A readAttributes(Path file,
 
     @Override
     FileTypeDetector getFileTypeDetector() {
-        String userHome = GetPropertyAction.privilegedGetProperty("user.home");
+        String userHome = StaticProperty.userHome();
         Path userMimeTypes = Path.of(userHome, ".mime.types");
         Path etcMimeTypes = Path.of("/etc/mime.types");
 

src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java

@@ -27,6 +27,7 @@
 
 import java.nio.file.Path;
 import java.nio.file.spi.FileTypeDetector;
+import jdk.internal.util.StaticProperty;
 import sun.security.action.GetPropertyAction;
 
 /**
@@ -45,8 +46,7 @@ MacOSXFileSystem newFileSystem(String dir) {
 
     @Override
     FileTypeDetector getFileTypeDetector() {
-        Path userMimeTypes = Path.of(GetPropertyAction
-                .privilegedGetProperty("user.home"), ".mime.types");
+        Path userMimeTypes = Path.of(StaticProperty.userHome(), ".mime.types");
 
         return chain(new MimeTypesFileTypeDetector(userMimeTypes),
                      new UTIFileTypeDetector());

src/java.base/share/classes/java/lang/System.java

@@ -59,6 +59,7 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Stream;
 
+import jdk.internal.util.StaticProperty;
 import jdk.internal.module.ModuleBootstrap;
 import jdk.internal.module.ServicesCatalog;
 import jdk.internal.reflect.CallerSensitive;
@@ -669,7 +670,16 @@ public static native void arraycopy(Object src,  int  srcPos,
      * {@code getProperties} operation, it may choose to permit the
      * {@link #getProperty(String)} operation.
      *
-     * @implNote In addition to the standard system properties, the system
+     * @apiNote
+     * <strong>Changing a standard system property may have unpredictable results
+     * unless otherwise specified.</strong>
+     * Property values may be cached during initialization or on first use.
+     * Setting a standard property after initialization using {@link #getProperties()},
+     * {@link #setProperties(Properties)}, {@link #setProperty(String, String)}, or
+     * {@link #clearProperty(String)} may not have the desired effect.
+     *
+     * @implNote
+     * In addition to the standard system properties, the system
      * properties may include the following keys:
      * <table class="striped">
      * <caption style="display:none">Shows property keys and associated values</caption>
@@ -736,6 +746,11 @@ public static String lineSeparator() {
      * {@code null}, then the current set of system properties is
      * forgotten.
      *
+     * @apiNote
+     * <strong>Changing a standard system property may have unpredictable results
+     * unless otherwise specified</strong>.
+     * See {@linkplain #getProperties getProperties} for details.
+     *
      * @param      props   the new system properties.
      * @throws     SecurityException  if a security manager exists and its
      *             {@code checkPropertiesAccess} method doesn't allow access
@@ -768,6 +783,11 @@ public static void setProperties(Properties props) {
      * properties is first created and initialized in the same manner as
      * for the {@code getProperties} method.
      *
+     * @apiNote
+     * <strong>Changing a standard system property may have unpredictable results
+     * unless otherwise specified</strong>.
+     * See {@linkplain #getProperties getProperties} for details.
+     *
      * @param      key   the name of the system property.
      * @return     the string value of the system property,
      *             or {@code null} if there is no property with that key.
@@ -837,6 +857,11 @@ public static String getProperty(String key, String def) {
      * If no exception is thrown, the specified property is set to the given
      * value.
      *
+     * @apiNote
+     * <strong>Changing a standard system property may have unpredictable results
+     * unless otherwise specified</strong>.
+     * See {@linkplain #getProperties getProperties} for details.
+     *
      * @param      key   the name of the system property.
      * @param      value the value of the system property.
      * @return     the previous value of the system property,
@@ -875,6 +900,11 @@ public static String setProperty(String key, String value) {
      * permission. This may result in a SecurityException being thrown.
      * If no exception is thrown, the specified property is removed.
      *
+     * @apiNote
+     * <strong>Changing a standard system property may have unpredictable results
+     * unless otherwise specified</strong>.
+     * See {@linkplain #getProperties getProperties} method for details.
+     *
      * @param      key   the name of the system property to be removed.
      * @return     the previous string value of the system property,
      *             or {@code null} if there was no property with that key.
@@ -1927,6 +1957,7 @@ private static void initPhase1() {
         VM.saveAndRemoveProperties(props);
 
         lineSeparator = props.getProperty("line.separator");
+        StaticProperty.javaHome();          // Load StaticProperty to cache the property values
         VersionProps.init();
 
         FileInputStream fdIn = new FileInputStream(FileDescriptor.in);

src/java.base/share/classes/java/net/SocksSocketImpl.java

@@ -30,10 +30,11 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
+
+import jdk.internal.util.StaticProperty;
 import sun.net.SocksProxy;
 import sun.net.spi.DefaultProxySelector;
 import sun.net.www.ParseUtil;
-import sun.security.action.GetPropertyAction;
 /* import org.ietf.jgss.*; */
 
 /**
@@ -178,7 +179,7 @@ public PasswordAuthentication run() {
                 userName = pw.getUserName();
                 password = new String(pw.getPassword());
             } else {
-                userName = GetPropertyAction.privilegedGetProperty("user.name");
+                userName = StaticProperty.userName();
             }
             if (userName == null)
                 return false;
@@ -1088,7 +1089,7 @@ private String getUserName() {
                 userName = System.getProperty("user.name");
             } catch (SecurityException se) { /* swallow Exception */ }
         } else {
-            userName = GetPropertyAction.privilegedGetProperty("user.name");
+            userName = StaticProperty.userName();
         }
         return userName;
     }

src/java.base/share/classes/java/security/Security.java

@@ -31,6 +31,7 @@
 import java.net.URL;
 
 import jdk.internal.misc.SharedSecrets;
+import jdk.internal.util.StaticProperty;
 import sun.security.util.Debug;
 import sun.security.util.PropertyExpander;
 
@@ -214,7 +215,7 @@ private static File securityPropFile(String filename) {
         // maybe check for a system property which will specify where to
         // look. Someday.
         String sep = File.separator;
-        return new File(System.getProperty("java.home") + sep + "conf" + sep +
+        return new File(StaticProperty.javaHome() + sep + "conf" + sep +
                         "security" + sep + filename);
     }
 

src/java.base/share/classes/java/time/zone/TzdbZoneRulesProvider.java

@@ -61,19 +61,19 @@
  */
 package java.time.zone;
 
+import jdk.internal.util.StaticProperty;
+
 import java.io.ByteArrayInputStream;
 import java.io.BufferedInputStream;
 import java.io.DataInputStream;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.IOException;
 import java.io.StreamCorruptedException;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.NavigableMap;
-import java.util.Objects;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.concurrent.ConcurrentHashMap;
@@ -106,7 +106,7 @@ final class TzdbZoneRulesProvider extends ZoneRulesProvider {
      */
     public TzdbZoneRulesProvider() {
         try {
-            String libDir = System.getProperty("java.home") + File.separator + "lib";
+            String libDir = StaticProperty.javaHome() + File.separator + "lib";
             try (DataInputStream dis = new DataInputStream(
                      new BufferedInputStream(new FileInputStream(
                          new File(libDir, "tzdb.dat"))))) {

src/java.base/share/classes/java/util/Currency.java

@@ -42,6 +42,8 @@
 import java.util.regex.Matcher;
 import java.util.spi.CurrencyNameProvider;
 import java.util.stream.Collectors;
+
+import jdk.internal.util.StaticProperty;
 import sun.util.locale.provider.CalendarDataUtility;
 import sun.util.locale.provider.LocaleServiceProviderPool;
 import sun.util.logging.PlatformLogger;
@@ -236,7 +238,7 @@ public Void run() {
                 // look for the properties file for overrides
                 String propsFile = System.getProperty("java.util.currency.data");
                 if (propsFile == null) {
-                    propsFile = System.getProperty("java.home") + File.separator + "lib" +
+                    propsFile = StaticProperty.javaHome() + File.separator + "lib" +
                         File.separator + "currency.properties";
                 }
                 try {
@@ -578,7 +580,7 @@ public int getNumericCode() {
 
     /**
      * Returns the 3 digit ISO 4217 numeric code of this currency as a {@code String}.
-     * Unlike {@link getNumericCode()}, which returns the numeric code as {@code int},
+     * Unlike {@link #getNumericCode()}, which returns the numeric code as {@code int},
      * this method always returns the numeric code as a 3 digit string.
      * e.g. a numeric value of 32 would be returned as "032",
      * and a numeric value of 6 would be returned as "006".

src/java.base/share/classes/java/util/TimeZone.java

@@ -39,10 +39,9 @@
 package java.util;
 
 import java.io.Serializable;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.time.ZoneId;
-import java.util.Properties;
+
+import jdk.internal.util.StaticProperty;
 import sun.security.action.GetPropertyAction;
 import sun.util.calendar.ZoneInfo;
 import sun.util.calendar.ZoneInfoFile;
@@ -667,7 +666,7 @@ private static synchronized TimeZone setDefaultZone() {
         // if the time zone ID is not set (yet), perform the
         // platform to Java time zone ID mapping.
         if (zoneID == null || zoneID.isEmpty()) {
-            String javaHome = props.getProperty("java.home");
+            String javaHome = StaticProperty.javaHome();
             try {
                 zoneID = getSystemTimeZoneID(javaHome);
                 if (zoneID == null) {

src/java.base/share/classes/javax/crypto/JceSecurity.java.template

@@ -57,6 +57,8 @@ import java.security.*;
 
 import java.security.Provider.Service;
 
+import jdk.internal.util.StaticProperty;
+
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
 import sun.security.util.Debug;
@@ -71,8 +73,8 @@ import sun.security.util.Debug;
  */
 
 final class JceSecurity {
-  
-  	
+
+
     private static final Debug debug = Debug.getInstance("jca");
 
     static final SecureRandom RANDOM = new SecureRandom();
@@ -307,7 +309,7 @@ final class JceSecurity {
 
         // Prepend java.home to get the full path.  normalize() in
         // case an extra "." or ".." snuck in somehow.
-        String javaHomeProperty = System.getProperty("java.home");
+        String javaHomeProperty = StaticProperty.javaHome();
         Path javaHomePolicyPath = Paths.get(javaHomeProperty, "conf",
                 "security", "policy").normalize();
         Path cryptoPolicyPath = Paths.get(javaHomeProperty, "conf", "security",

src/java.base/share/classes/jdk/internal/loader/BootLoader.java

@@ -46,6 +46,7 @@
 import jdk.internal.misc.SharedSecrets;
 import jdk.internal.module.Modules;
 import jdk.internal.module.ServicesCatalog;
+import jdk.internal.util.StaticProperty;
 
 /**
  * Find resources and packages in modules defined to the boot class loader or
@@ -57,7 +58,7 @@ private BootLoader() { }
 
     // The unnamed module for the boot loader
     private static final Module UNNAMED_MODULE;
-    private static final String JAVA_HOME = System.getProperty("java.home");
+    private static final String JAVA_HOME = StaticProperty.javaHome();
 
     static {
         UNNAMED_MODULE = SharedSecrets.getJavaLangAccess().defineUnnamedModule(null);

src/java.base/share/classes/jdk/internal/module/SystemModuleFinders.java

@@ -61,6 +61,7 @@
 import jdk.internal.jimage.ImageReaderFactory;
 import jdk.internal.misc.JavaNetUriAccess;
 import jdk.internal.misc.SharedSecrets;
+import jdk.internal.util.StaticProperty;
 import jdk.internal.module.ModuleHashes.HashSupplier;
 
 /**
@@ -183,7 +184,7 @@ public static ModuleFinder ofSystem() {
         }
 
         // probe to see if this is an images build
-        String home = System.getProperty("java.home");
+        String home = StaticProperty.javaHome();
         Path modules = Path.of(home, "lib", "modules");
         if (Files.isRegularFile(modules)) {
             if (USE_FAST_PATH) {