Skip to content

Commit

Permalink
8344235: Revisit SecurityManager usage in java.logging after JEP 486 …
Browse files Browse the repository at this point in the history 
…integration
  • Loading branch information
@dfuch
dfuch committed Nov 20, 2024
1 parent 7e92d2c commit 169e8c2
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 202 deletions.
102 changes: 31 additions & 71 deletions src/java.base/share/classes/jdk/internal/logger/BootstrapLogger.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,9 +25,6 @@

package jdk.internal.logger;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
Expand Down Expand Up @@ -131,15 +128,8 @@ private static ExecutorService getExecutor() {
@Override
public Thread newThread(Runnable r) {
ExecutorService owner = getExecutor();
@SuppressWarnings("removal")
Thread thread = AccessController.doPrivileged(new PrivilegedAction<Thread>() {
@Override
public Thread run() {
Thread t = InnocuousThread.newThread(new BootstrapMessageLoggerTask(owner, r));
t.setName("BootstrapMessageLoggerTask-"+t.getName());
return t;
}
}, null, new RuntimePermission("enableContextClassLoaderOverride"));
Thread thread = InnocuousThread.newThread(new BootstrapMessageLoggerTask(owner, r));
thread.setName("BootstrapMessageLoggerTask-" + thread.getName());
thread.setDaemon(true);
return thread;
}
Expand Down Expand Up @@ -269,8 +259,6 @@ static final class LogEvent {
// the parameters etc... we need to store the context of the
// caller who logged the message - so that we can reuse it when
// we finally log the message.
@SuppressWarnings("removal")
final AccessControlContext acc;

// The next event in the queue
LogEvent next;
Expand All @@ -279,7 +267,6 @@ static final class LogEvent {
private LogEvent(BootstrapLogger bootstrap, Level level,
ResourceBundle bundle, String msg,
Throwable thrown, Object[] params) {
this.acc = AccessController.getContext();
this.timeMillis = System.currentTimeMillis();
this.nanoAdjustment = VM.getNanoTimeAdjustment(timeMillis);
this.level = level;
Expand All @@ -298,7 +285,6 @@ private LogEvent(BootstrapLogger bootstrap, Level level,
private LogEvent(BootstrapLogger bootstrap, Level level,
Supplier<String> msgSupplier,
Throwable thrown, Object[] params) {
this.acc = AccessController.getContext();
this.timeMillis = System.currentTimeMillis();
this.nanoAdjustment = VM.getNanoTimeAdjustment(timeMillis);
this.level = level;
Expand All @@ -319,7 +305,6 @@ private LogEvent(BootstrapLogger bootstrap,
String sourceClass, String sourceMethod,
ResourceBundle bundle, String msg,
Throwable thrown, Object[] params) {
this.acc = AccessController.getContext();
this.timeMillis = System.currentTimeMillis();
this.nanoAdjustment = VM.getNanoTimeAdjustment(timeMillis);
this.level = null;
Expand All @@ -340,7 +325,6 @@ private LogEvent(BootstrapLogger bootstrap,
String sourceClass, String sourceMethod,
Supplier<String> msgSupplier,
Throwable thrown, Object[] params) {
this.acc = AccessController.getContext();
this.timeMillis = System.currentTimeMillis();
this.nanoAdjustment = VM.getNanoTimeAdjustment(timeMillis);
this.level = null;
Expand Down Expand Up @@ -444,20 +428,12 @@ static LogEvent valueOf(BootstrapLogger bootstrap, Level level,
Objects.requireNonNull(level),
Objects.requireNonNull(msgSupplier), null, null);
}
@SuppressWarnings("removal")

static void log(LogEvent log, Logger logger) {
final SecurityManager sm = System.getSecurityManager();
// not sure we can actually use lambda here. We may need to create
// an anonymous class. Although if we reach here, then it means
// the VM is booted.
if (sm == null || log.acc == null) {
BootstrapExecutors.submit(() -> log.log(logger));
} else {
BootstrapExecutors.submit(() ->
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
log.log(logger); return null;
}, log.acc));
}
BootstrapExecutors.submit(() -> log.log(logger));
}

// non default methods from PlatformLogger.Bridge interface
Expand Down Expand Up @@ -510,20 +486,9 @@ static LogEvent valueOf(BootstrapLogger bootstrap, PlatformLogger.Level level,
Objects.requireNonNull(level), sourceClass,
sourceMethod, msgSupplier, thrown, null);
}
@SuppressWarnings("removal")

static void log(LogEvent log, PlatformLogger.Bridge logger) {
final SecurityManager sm = System.getSecurityManager();
if (sm == null || log.acc == null) {
BootstrapExecutors.submit(() -> log.log(logger));
} else {
// not sure we can actually use lambda here. We may need to create
// an anonymous class. Although if we reach here, then it means
// the VM is booted.
BootstrapExecutors.submit(() ->
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
log.log(logger); return null;
}, log.acc));
}
BootstrapExecutors.submit(() -> log.log(logger));
}

static void log(LogEvent event) {
Expand Down Expand Up @@ -897,37 +862,32 @@ private LoggingBackend(boolean useLoggerFinder) {
// We do not want this field to get initialized if VM.isBooted() is false.
@SuppressWarnings("removal")
private static final class DetectBackend {
static final LoggingBackend detectedBackend;
static {
detectedBackend = AccessController.doPrivileged(new PrivilegedAction<LoggingBackend>() {
@Override
public LoggingBackend run() {
final Iterator<LoggerFinder> iterator =
ServiceLoader.load(LoggerFinder.class, ClassLoader.getSystemClassLoader())
static final LoggingBackend detectedBackend = detectBackend();

static LoggingBackend detectBackend() {
final Iterator<LoggerFinder> iterator =
ServiceLoader.load(LoggerFinder.class, ClassLoader.getSystemClassLoader())
.iterator();
if (iterator.hasNext()) {
return LoggingBackend.CUSTOM; // Custom Logger Provider is registered
}
// No custom logger provider: we will be using the default
// backend.
final Iterator<DefaultLoggerFinder> iterator2 =
ServiceLoader.loadInstalled(DefaultLoggerFinder.class)
if (iterator.hasNext()) {
return LoggingBackend.CUSTOM; // Custom Logger Provider is registered
}
// No custom logger provider: we will be using the default
// backend.
final Iterator<DefaultLoggerFinder> iterator2 =
ServiceLoader.loadInstalled(DefaultLoggerFinder.class)
.iterator();
if (iterator2.hasNext()) {
// LoggingProviderImpl is registered. The default
// implementation is java.util.logging
String cname = System.getProperty("java.util.logging.config.class");
String fname = System.getProperty("java.util.logging.config.file");
return (cname != null || fname != null)
? LoggingBackend.JUL_WITH_CONFIG
: LoggingBackend.JUL_DEFAULT;
} else {
// SimpleConsoleLogger is used
return LoggingBackend.NONE;
}
}
});

if (iterator2.hasNext()) {
// LoggingProviderImpl is registered. The default
// implementation is java.util.logging
String cname = System.getProperty("java.util.logging.config.class");
String fname = System.getProperty("java.util.logging.config.file");
return (cname != null || fname != null)
? LoggingBackend.JUL_WITH_CONFIG
: LoggingBackend.JUL_DEFAULT;
} else {
// SimpleConsoleLogger is used
return LoggingBackend.NONE;
}
}
}

Expand Down
38 changes: 3 additions & 35 deletions src/java.base/share/classes/jdk/internal/logger/DefaultLoggerFinder.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -36,8 +36,6 @@
import java.lang.System.LoggerFinder;
import java.lang.System.Logger;
import java.lang.ref.ReferenceQueue;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.ResourceBundle;

Expand Down Expand Up @@ -70,7 +68,7 @@
* that provides the necessary configuration.
*
* @apiNote Programmers are not expected to call this class directly.
* Instead they should rely on the static methods defined by {@link
* Instead, they should rely on the static methods defined by {@link
* java.lang.System java.lang.System} or {@link sun.util.logging.PlatformLogger
* sun.util.logging.PlatformLogger}.
*
Expand All @@ -81,30 +79,12 @@
*/
public class DefaultLoggerFinder extends LoggerFinder {

static final RuntimePermission LOGGERFINDER_PERMISSION =
new RuntimePermission("loggerFinder");

/**
* Creates a new instance of DefaultLoggerFinder.
* @throws SecurityException if the calling code does not have the
* {@code RuntimePermission("loggerFinder")}
*/
protected DefaultLoggerFinder() {
this(checkPermission());
}

private DefaultLoggerFinder(Void unused) {
// nothing to do.
}

private static Void checkPermission() {
@SuppressWarnings("removal")
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(LOGGERFINDER_PERMISSION);
}
return null;
}

// SharedLoggers is a default cache of loggers used when JUL is not
// present - in that case we use instances of SimpleConsoleLogger which
Expand Down Expand Up @@ -139,23 +119,14 @@ synchronized Logger get(Function<String, Logger> loggerSupplier, final String na
static final SharedLoggers application = new SharedLoggers();
}

@SuppressWarnings("removal")
public static boolean isSystem(Module m) {
return AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public Boolean run() {
// returns true if moduleCL is the platform class loader
// or one of its ancestors.
return VM.isSystemDomainLoader(m.getClassLoader());
}
});
return VM.isSystemDomainLoader(m.getClassLoader());
}

@Override
public final Logger getLogger(String name, Module module) {
Objects.requireNonNull(name, "name");
Objects.requireNonNull(module, "module");
checkPermission();
return demandLoggerFor(name, module);
}

Expand All @@ -176,11 +147,8 @@ public final Logger getLocalizedLogger(String name, ResourceBundle bundle,
* @param name The name of the logger.
* @param module The module on behalf of which the logger is created.
* @return A {@link Logger logger} suitable for the application usage.
* @throws SecurityException if the calling code does not have the
* {@code RuntimePermission("loggerFinder")}.
*/
protected Logger demandLoggerFor(String name, Module module) {
checkPermission();
if (isSystem(module)) {
return SharedLoggers.system.get(SimpleConsoleLogger::makeSimpleLogger, name);
} else {
Expand Down
25 changes: 4 additions & 21 deletions src/java.base/share/classes/jdk/internal/logger/LazyLoggers.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,8 +25,6 @@

package jdk.internal.logger;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.function.BiFunction;
import java.lang.System.LoggerFinder;
import java.lang.System.Logger;
Expand All @@ -44,9 +42,6 @@
*/
public final class LazyLoggers {

static final RuntimePermission LOGGERFINDER_PERMISSION =
new RuntimePermission("loggerFinder");

private LazyLoggers() {
throw new InternalError();
}
Expand Down Expand Up @@ -341,7 +336,6 @@ PlatformLogger.Bridge platformProxy() {

// Do not expose this outside of this package.
private static volatile LoggerFinder provider;
@SuppressWarnings("removal")
private static LoggerFinder accessLoggerFinder() {
LoggerFinder prov = provider;
if (prov == null) {
Expand All @@ -350,10 +344,7 @@ private static LoggerFinder accessLoggerFinder() {
// the result.
// This is just an optimization to avoid the cost of calling
// doPrivileged every time.
final SecurityManager sm = System.getSecurityManager();
prov = sm == null ? LoggerFinder.getLoggerFinder() :
AccessController.doPrivileged(
(PrivilegedAction<LoggerFinder>)LoggerFinder::getLoggerFinder);
prov = LoggerFinder.getLoggerFinder();
if (prov instanceof TemporaryLoggerFinder) return prov;
provider = prov;
}
Expand Down Expand Up @@ -403,17 +394,9 @@ static Logger makeLazyLogger(String name, Module module, BooleanSupplier isLoadi
* @param module module on behalf of which the logger is created
* @return The logger returned by the LoggerFinder.
*/
@SuppressWarnings("removal")
static Logger getLoggerFromFinder(String name, Module module) {
final SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return accessLoggerFinder().getLogger(name, module);
} else {
return AccessController.doPrivileged((PrivilegedAction<Logger>)
() -> {return accessLoggerFinder().getLogger(name, module);},
null, LOGGERFINDER_PERMISSION);
}
}
return accessLoggerFinder().getLogger(name, module);
}

/**
* Returns a (possibly lazy) Logger for the caller.
Expand Down
Loading

0 comments on commit 169e8c2

Please sign in to comment.