java.security comment update and exclude helper methods

Signed-off-by: Theresa Mammarella <[email protected]>
eclipse-openj9 · Dec 2, 2024 · 4f82040 · 4f82040
1 parent c1b81ed
commit 4f82040
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 38 deletions.
diff --git a/jcl/src/java.base/share/classes/java/lang/Class.java b/jcl/src/java.base/share/classes/java/lang/Class.java
@@ -3046,7 +3046,9 @@ public boolean desiredAssertionStatus() {
  * array of not more than maxDepth Classes representing the classes of
  * running methods on the stack (including native methods).  Frames
  * representing the VM implementation of java.lang.reflect are not included
- * in the list.  If stopAtPrivileged is true, the walk will terminate at any
+ * in the list.
+/*[IF JAVA_SPEC_VERSION < 24]
+ * If stopAtPrivileged is true, the walk will terminate at any
  * frame running one of the following methods:
  *
  * <code><ul>
@@ -3057,6 +3059,7 @@ public boolean desiredAssertionStatus() {
  * </ul></code>
  *
  * If one of the doPrivileged methods is found, the walk terminate and that frame is NOT included in the returned array.
+/*[ENDIF] JAVA_SPEC_VERSION < 24
  *
  * Notes: <ul>
  * 	 <li> This method operates on the defining classes of methods on stack.
@@ -3067,7 +3070,11 @@ public boolean desiredAssertionStatus() {
  *</ul>
  *
  * @param 		maxDepth			maximum depth to walk the stack, -1 for the entire stack
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * @param 		stopAtPrivileged	has no effect
+/*[ELSE] JAVA_SPEC_VERSION >= 24
  * @param 		stopAtPrivileged	stop at privileged classes
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
  * @return		the array of the most recent classes on the stack
  */
 @CallerSensitive

diff --git a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java
@@ -722,6 +722,13 @@ private boolean debugHelper(Permission perm) {
 }
 
 /**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * Throws java.security.AccessControlException
+ *
+ * @param       perm is ignored
+ * @exception	java.security.AccessControlException
+ * 					is always thrown
+/*[ELSE] JAVA_SPEC_VERSION >= 24
  * Checks if the permission <code>perm</code> is allowed in this context.
  * All ProtectionDomains must grant the permission for it to be granted.
  *
@@ -731,6 +738,7 @@ private boolean debugHelper(Permission perm) {
  *                  thrown when perm is not granted.
  * @exception   NullPointerException
  *                  if perm is null
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
  */
 public void checkPermission(Permission perm) throws AccessControlException {
 /*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -940,6 +948,7 @@ ProtectionDomain[] getContext() {
 	return context;
 }
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
 /*
  * Added to resolve: S6907662, CVE-2010-4465: System clipboard should ensure access restrictions
  * Called internally from java.security.ProtectionDomain
@@ -953,6 +962,7 @@ ProtectionDomain[] getContext() {
 		this.domainCombiner = acc.domainCombiner;
 	}
 }
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /*
  * Added to resolve: S6907662, CVE-2010-4465: System clipboard should ensure access restrictions

diff --git a/jcl/src/java.base/share/classes/java/security/AccessController.java b/jcl/src/java.base/share/classes/java/security/AccessController.java
@@ -23,7 +23,9 @@
 package java.security;
 
 import com.ibm.oti.util.Msg;
+/*[IF JAVA_SPEC_VERSION < 24]*/
 import sun.security.util.SecurityConstants;
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /*[IF JAVA_SPEC_VERSION >= 9]
 import jdk.internal.reflect.CallerSensitive;
@@ -44,30 +46,30 @@
 @SuppressWarnings("removal")
 /*[ENDIF] JAVA_SPEC_VERSION >= 17 */
 public final class AccessController {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+	private static AccessControlContext ACC_NO_PERM = new AccessControlContext(
+			new ProtectionDomain[] { new ProtectionDomain(null, null) });
+/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 	static {
 		// Initialize vm-internal caches
 		initializeInternal();
 	}
 
-/*[IF JAVA_SPEC_VERSION >= 24]*/
-	private static AccessControlContext ACC_NO_PERM = new AccessControlContext(
-			new ProtectionDomain[] { new ProtectionDomain(null, null) });
-/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
-
 	static final int OBJS_INDEX_ACC = 0;
 	static final int OBJS_INDEX_PDS = 1;
 	static final int OBJS_ARRAY_SIZE = 3;
 	static final int OBJS_INDEX_PERMS_OR_CACHECHECKED = 2;
 
-private static native void initializeInternal();
+	private static native void initializeInternal();
 
-/* [PR CMVC 188787] Enabling -Djava.security.debug option within WAS keeps JVM busy */
-static final class DebugRecursionDetection {
-	private static ThreadLocal<String> tlDebug = new ThreadLocal<>();
-	static ThreadLocal<String> getTlDebug() {
-		return tlDebug;
+	/* [PR CMVC 188787] Enabling -Djava.security.debug option within WAS keeps JVM busy */
+	static final class DebugRecursionDetection {
+		private static ThreadLocal<String> tlDebug = new ThreadLocal<>();
+		static ThreadLocal<String> getTlDebug() {
+			return tlDebug;
+		}
 	}
-}
+/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 
 /*[PR 1FDIC6B] J9JCL:WIN95 - AccessController missing private no-arg constructor */
 /**
@@ -77,6 +79,7 @@ private AccessController() {
 	super();
 }
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
 /**
  * The object array returned has following format:
  *
@@ -192,7 +195,6 @@ private static void throwACE(boolean debug, Permission perm, ProtectionDomain pD
 	}
 }
 
-/*[IF JAVA_SPEC_VERSION < 24]*/
 /**
  * Helper method to check whether the running program is allowed to access the resource
  * being guarded by the given Permission argument
@@ -275,7 +277,6 @@ private static boolean checkPermissionHelper(Permission perm, AccessControlConte
 	}
 	return limitedPermImplied;
 }
-/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /**
  * Helper to print debug stack information for checkPermission().
@@ -365,15 +366,23 @@ private static boolean debugHelperJEP140(Object[] objects, Permission perm) {
 	debugPrintStack(debug, perm);
 	return debug;
 }
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * Throws AccessControlException
+ *
+ * @param       perm                    is ignored
+ * @exception   AccessControlException  is always thrown
+/*[ELSE] JAVA_SPEC_VERSION >= 24
  * Checks whether the running program is allowed to
  * access the resource being guarded by the given
  * Permission argument.
  *
  * @param       perm                    the permission to check
  * @exception   AccessControlException  if access is not allowed.
  *              NullPointerException if perm is null
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
  */
 public static void checkPermission(Permission perm) throws AccessControlException {
 /*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -437,24 +446,9 @@ public static void checkPermission(Permission perm) throws AccessControlExceptio
 }
 
 /**
- * Used to keep the context live during doPrivileged().
- *
- * @param context  the context to retain
- *
- * @see         #doPrivileged(PrivilegedAction, AccessControlContext)
- */
-private static void keepalive(AccessControlContext context) {
-	return;
-}
-
-/**
- * @param perms  the permissions to retain
- */
-private static void keepalive(Permission... perms) {
-	return;
-}
-
-/**
+/*[IF JAVA_SPEC_VERSION >= 24]
+ * @return an AccessControlContext with no permissions
+/*[ELSE] JAVA_SPEC_VERSION >= 24
  * Answers the access controller context of the current thread,
  * including the inherited ones. It basically retrieves all the
  * protection domains from the calling stack and creates an
@@ -463,6 +457,7 @@ private static void keepalive(Permission... perms) {
  * @return an AccessControlContext which captures the current state
  *
  * @see         AccessControlContext
+/*[ENDIF] JAVA_SPEC_VERSION >= 24
  */
 public static AccessControlContext getContext() {
 /*[IF JAVA_SPEC_VERSION >= 24]*/
@@ -472,6 +467,25 @@ public static AccessControlContext getContext() {
 /*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 }
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
+/**
+ * Used to keep the context live during doPrivileged().
+ *
+ * @param context  the context to retain
+ *
+ * @see         #doPrivileged(PrivilegedAction, AccessControlContext)
+ */
+private static void keepalive(AccessControlContext context) {
+	return;
+}
+
+/**
+ * @param perms  the permissions to retain
+ */
+private static void keepalive(Permission... perms) {
+	return;
+}
+
 /**
  * This is a helper method for getContext() and doPrivilegedWithCombiner methods.
  * Answers the access controller context of the current thread including the inherited ones.
@@ -637,6 +651,7 @@ private static int getNewAuthorizedState(AccessControlContext acc, ProtectionDom
 	}
 	return newAuthorizedState;
  }
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /**
  * Helper method to combine the ProtectionDomain objects
@@ -753,8 +768,10 @@ public static <T> T doPrivileged(PrivilegedAction<T> action) {
 @CallerSensitive
 public static <T> T doPrivileged(PrivilegedAction<T> action, AccessControlContext context) {
 	T result = action.run();
+	/*[IF JAVA_SPEC_VERSION < 24]*/
 	/*[PR 108112] context is not kept alive*/
 	keepalive(context);
+	/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return result;
 }
 
@@ -820,8 +837,10 @@ public static <T> T doPrivileged (PrivilegedExceptionAction<T> action, AccessCon
 {
 	try {
 		T result = action.run();
+		/*[IF JAVA_SPEC_VERSION < 24]*/
 		/*[PR 108112] context is not kept alive*/
 		keepalive(context);
+		/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 		return result;
 	} catch (RuntimeException ex) {
 		throw ex;
@@ -849,7 +868,11 @@ public static <T> T doPrivileged (PrivilegedExceptionAction<T> action, AccessCon
  */
 @CallerSensitive
 public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+	return doPrivileged(action, null);
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
 	return doPrivileged(action, doPrivilegedWithCombinerHelper(null));
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
 }
 
 /**
@@ -876,9 +899,14 @@ public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action) {
 public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action)
 	throws PrivilegedActionException
 {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+	return doPrivileged(action, null);
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
 	return doPrivileged(action, doPrivilegedWithCombinerHelper(null));
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
 }
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
 /**
  * Helper method to check if any permission is null
  *
@@ -894,6 +922,7 @@ private static void checkPermsNPE(Permission... perms) {
 		}
 	}
 }
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 
 /**
  * Performs the privileged action specified by <code>action</code>.
@@ -922,10 +951,14 @@ private static void checkPermsNPE(Permission... perms) {
 public static <T> T doPrivileged(PrivilegedAction<T> action,
 		AccessControlContext context, Permission... perms)
 {
+/*[IF JAVA_SPEC_VERSION < 24]*/
 	checkPermsNPE(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	T result = action.run();
+/*[IF JAVA_SPEC_VERSION < 24]*/
 	keepalive(context);
 	keepalive(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 	return result;
 }
 
@@ -954,8 +987,13 @@ public static <T> T doPrivileged(PrivilegedAction<T> action,
 public static <T> T doPrivilegedWithCombiner(PrivilegedAction<T> action,
 		AccessControlContext context, Permission... perms)
 {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+	return doPrivileged(action, context, perms); // 24 - perms?
+/*[ELSE] JAVA_SPEC_VERSION >= 24*/
 	checkPermsNPE(perms);
 	return doPrivileged(action, doPrivilegedWithCombinerHelper(context), perms);
+/*[ENDIF] JAVA_SPEC_VERSION >= 24*/
+
 }
 
 /**
@@ -989,10 +1027,14 @@ public static <T> T doPrivileged(PrivilegedExceptionAction<T> action,
 	throws PrivilegedActionException
 {
 	try {
+/*[IF JAVA_SPEC_VERSION < 24]*/
 		checkPermsNPE(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 		T result = action.run();
+/*[IF JAVA_SPEC_VERSION < 24]*/
 		keepalive(context);
 		keepalive(perms);
+/*[ENDIF] JAVA_SPEC_VERSION < 24 */
 		return result;
 	} catch (RuntimeException ex) {
 		throw ex;
@@ -1029,10 +1071,15 @@ public static <T> T doPrivilegedWithCombiner(PrivilegedExceptionAction<T> action
 		AccessControlContext context, Permission... perms)
 	throws PrivilegedActionException
 {
+/*[IF JAVA_SPEC_VERSION >= 24]*/
+	return doPrivileged(action, context, perms);
+/*[ELSE] JAVA_SPEC_VERSION >= 24 */
 	checkPermsNPE(perms);
 	return doPrivileged(action, doPrivilegedWithCombinerHelper(context), perms);
+/*[ENDIF] JAVA_SPEC_VERSION >= 24 */
 }
 
+/*[IF JAVA_SPEC_VERSION < 24]*/
 /**
  * Helper method to construct an AccessControlContext for doPrivilegedWithCombiner methods.
  *
@@ -1052,5 +1099,6 @@ private static AccessControlContext doPrivilegedWithCombinerHelper(AccessControl
 	}
 	return fixedContext;
 }
+/*[ENDIF] JAVA_SPEC_VERSION < 24*/
 
 }
diff --git a/runtime/jcl/CMakeLists.txt b/runtime/jcl/CMakeLists.txt
@@ -106,7 +106,6 @@ target_link_libraries(jclse
 
 target_sources(jclse
 	PRIVATE
-		${CMAKE_CURRENT_SOURCE_DIR}/common/acccont.c
 		${CMAKE_CURRENT_SOURCE_DIR}/common/annparser.c
 		${CMAKE_CURRENT_SOURCE_DIR}/common/attach.c
 		${CMAKE_CURRENT_SOURCE_DIR}/common/bootstrp.c
@@ -165,6 +164,10 @@ target_sources(jclse
 		${CMAKE_CURRENT_SOURCE_DIR}/filesys/vmfilesys.c
 )
 
+if(JAVA_SPEC_VERSION LESS 24)
+	target_sources(jclse PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/common/acccont.c)
+endif()
+
 if(OMR_OS_WINDOWS)
 	target_sources(jclse PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/win32/syshelp.c)
 else()