8338411: Implement JEP 486: Permanently Disable the Security Manager

[seanjmullan]

This is the implementation of JEP 486: Permanently Disable the Security Manager. See JEP 486 for more details. The CSR describes in detail the main changes in the JEP and also includes an apidiff of the specification changes.

NOTE: the majority (~95%) of the changes in this PR are test updates (removal/modifications) and API specification changes, the latter mostly to remove @throws SecurityException. The remaining changes are primarily the removal of the SecurityManager, Policy, AccessController and other Security Manager API implementations. There is very little new code.

The code changes can be broken down into roughly the following categories:

1. Degrading the behavior of Security Manager APIs to either throw Exceptions by default or provide an execution environment that disallows access to all resources by default.
2. Changing hundreds of methods and constructors to no longer throw a SecurityException if a Security Manager was enabled. They will operate as they did in JDK 23 with no Security Manager enabled.
3. Changing the java command to exit with a fatal error if a Security Manager is enabled.
4. Removing the hotspot native code for the privileged stack walk and the inherited access control context. The remaining hotspot code and tests related to the Security Manager will be removed immediately after integration - see JDK-8341916.
5. Removing or modifying hundreds of tests. Many tests that tested Security Manager behavior are no longer relevant and thus have been removed or modified.

There are a handful of Security Manager related tests that are failing and are at the end of the test/jdk/ProblemList.txt, test/langtools/ProblemList.txt and test/hotspot/jtreg/ProblemList.txt files - these will be removed or separate bugs will be filed before integrating this PR.

Inside the JDK, we have retained calls to SecurityManager::getSecurityManager and AccessController::doPrivileged for now, as these methods have been degraded to behave the same as they did in JDK 23 with no Security Manager enabled. After we integrate this JEP, those calls will be removed in each area (client-libs, core-libs, security, etc).

I don't expect each reviewer to review all the code changes in this JEP. Rather, I advise that you only focus on the changes for the area (client-libs, core-libs, net, security, etc) that you are most familiar with.

---

Progress

• [x] Change must not contain extraneous whitespace
• [ ] Change requires CSR request JDK-8338412 to be approved
• [x] Commit message must refer to an issue
• [ ] Change requires a JEP request to be targeted
• [ ] Change must be properly reviewed (3 reviews required, with at least 1 Reviewer, 2 Authors)

Error

 ⚠️ 8338411 is used in problem lists: [test/hotspot/jtreg/ProblemList.txt, test/jdk/ProblemList.txt, test/langtools/ProblemList.txt]

Issues

• JDK-8338411: Implement JEP 486: Permanently Disable the Security Manager (Enhancement - P3)
• JDK-8338625: JEP 486: Permanently Disable the Security Manager (JEP)
• JDK-8338412: Implement JEP 486: Permanently Disable the Security Manager (CSR)

Reviewers

• Daniel Fuchs (@dfuch - Reviewer)
• Magnus Ihse Bursie (@magicus - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• Erik Joelsson (@erikj79 - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• Chris Plummer (@plummercj - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• Coleen Phillimore (@coleenp - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• Naoto Sato (@naotoj - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• Joe Wang (@JoeWang-Java - Reviewer) 🔄 Re-review required (review applies to d05122fb)
• @dmlloyd (no known openjdk.org user name / role)
• Kevin Walls (@kevinjwalls - Reviewer)

Contributors

• Sean Mullan <[email protected]>
• Alan Bateman <[email protected]>
• Weijun Wang <[email protected]>
• Aleksei Efimov <[email protected]>
• Brian Burkhalter <[email protected]>
• Daniel Fuchs <[email protected]>
• Harshitha Onkar <[email protected]>
• Joe Wang <[email protected]>
• Jorn Vernee <[email protected]>
• Justin Lu <[email protected]>
• Kevin Walls <[email protected]>
• Lance Andersen <[email protected]>
• Naoto Sato <[email protected]>
• Roger Riggs <[email protected]>
• Brent Christian <[email protected]>
• Stuart Marks <[email protected]>
• Ian Graves <[email protected]>
• Phil Race <[email protected]>
• Erik Gahlin <[email protected]>

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21498/head:pull/21498
$ git checkout pull/21498

Update a local copy of the PR:
$ git checkout pull/21498
$ git pull https://git.openjdk.org/jdk.git pull/21498/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 21498

View PR using the GUI difftool:
$ git pr show -t 21498

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21498.diff

Webrev

Link to Webrev Comment

[bridgekeeper[bot]]

:wave: Welcome back mullan! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk[bot]]

@seanjmullan This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8338411: Implement JEP 486: Permanently Disable the Security Manager

Co-authored-by: Sean Mullan <[email protected]>
Co-authored-by: Alan Bateman <[email protected]>
Co-authored-by: Weijun Wang <[email protected]>
Co-authored-by: Aleksei Efimov <[email protected]>
Co-authored-by: Brian Burkhalter <[email protected]>
Co-authored-by: Daniel Fuchs <[email protected]>
Co-authored-by: Harshitha Onkar <[email protected]>
Co-authored-by: Joe Wang <[email protected]>
Co-authored-by: Jorn Vernee <[email protected]>
Co-authored-by: Justin Lu <[email protected]>
Co-authored-by: Kevin Walls <[email protected]>
Co-authored-by: Lance Andersen <[email protected]>
Co-authored-by: Naoto Sato <[email protected]>
Co-authored-by: Roger Riggs <[email protected]>
Co-authored-by: Brent Christian <[email protected]>
Co-authored-by: Stuart Marks <[email protected]>
Co-authored-by: Ian Graves <[email protected]>
Co-authored-by: Phil Race <[email protected]>
Co-authored-by: Erik Gahlin <[email protected]>
Co-authored-by: Jaikiran Pai <[email protected]>
Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 5 new commits pushed to the master branch:

• c12b386d1916af9a04b4c6698838c2b40c6cdd86: 8338007: [JVMCI] ResolvedJavaMethod.reprofile can crash ciMethodData
• 81752c4bcc384a8dd1e87b71a0de86877a0b661d: 8338565: Test crashed: assert(is_path_empty()) failed: invariant
• e5eaa7f1eb0cb072d02bc18e23b0daaee875b077: 8343946: JFR: Wildcard should only work with COUNT for 'jfr view'
• 2989d8734c70e1db87d2a708719fd2d966903a93: 8343805: RISC-V: JVM crashes on startup when disabling compressed instructions
• 78b80150e009745b8f28d36c3836f18ad0ca921f: 8338383: Implement JEP 491: Synchronize Virtual Threads without Pinning

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch. As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk[bot]]

@seanjmullan this pull request can not be integrated into master due to one or more merge conflicts. To resolve these merge conflicts and update this pull request you can run the following commands in the local repository for your personal fork:

git checkout JDK-8338411
git fetch https://git.openjdk.org/jdk.git master
git merge FETCH_HEAD
# resolve conflicts and follow the instructions given by git merge
git commit -m "Merge master"
git push

[openjdk[bot]]

⚠️ @seanjmullan This pull request contains merges that bring in commits not present in the target repository. Since this is not a "merge style" pull request, these changes will be squashed when this pull request in integrated. If this is your intention, then please ignore this message. If you want to preserve the commit structure, you must change the title of this pull request to Merge <project>:<branch> where <project> is the name of another project in the OpenJDK organization (for example Merge jdk:master).

[openjdk[bot]]

@seanjmullan The following labels will be automatically applied to this pull request:

• build
• client
• compiler
• core-libs
• hotspot
• i18n
• javadoc
• jmx
• net
• nio
• security
• serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[seanjmullan]

/label remove i18n

[seanjmullan]

/label remove jmx

[openjdk[bot]]

@seanjmullan The i18n label was successfully removed.

[openjdk[bot]]

@seanjmullan The jmx label was successfully removed.

[seanjmullan]

/help

[openjdk[bot]]

@seanjmullan Available commands:

• approval - request for maintainer's approval
• approve - null
• author - sets an overriding author to be used in the commit when the PR is integrated
• backport - create a backport
• cc - add or remove an additional classification label
• clean - Mark the backport pull request as a clean backport
• contributor - adds or removes additional contributors for a PR
• covered - used when employer has signed the OCA
• csr - require a compatibility and specification request (CSR) for this pull request
• help - shows this text
• integrate - performs integration of the changes in the PR
• issue - edit the list of issues that this PR solves
• jep - require a JDK Enhancement Proposal (JEP) for this pull request
• label - add or remove an additional classification label
• open - Set the pull request state to "open"
• reviewer - manage additional reviewers for a PR
• reviewers - set the number of additional required reviewers for this PR
• signed - used after signing the OCA
• solves - edit the list of issues that this PR solves
• sponsor - performs integration of a PR that is authored by a non-committer
• summary - updates the summary in the commit message
• test - used to run tests

[openjdk[bot]]

@seanjmullan @seanjmullan @AlanBateman @wangweij @AlekseiEfimov @dfuch @honkar-jdk @JoeWang-Java @JornVernee @justin-curtis-lu @kevinjwalls @LanceAndersen @naotoj @RogerRiggs is not a valid user in this repository.

Syntax: /contributor (add|remove) [@user | openjdk-user | Full Name <email@address>]. For example:

• /contributor add @openjdk-bot
• /contributor add duke
• /contributor add J. Duke <[email protected]>

User names can only be used for users in the census associated with this repository. For other contributors you need to supply the full name and email address.

[openjdk[bot]]

@seanjmullan bpb bchristi was not found in the census.

Syntax: /contributor (add|remove) [@user | openjdk-user | Full Name <email@address>]. For example:

• /contributor add @openjdk-bot
• /contributor add duke
• /contributor add J. Duke <[email protected]>

User names can only be used for users in the census associated with this repository. For other contributors you need to supply the full name and email address.

[liach]

/jep jep-486

@seanjmullan I think you can use many lines of command in one github comment, like

/contributor add @seanjmullan
/contributor add @AlanBateman
/contributor add @wangweij
/contributor add @AlekseiEfimov
/contributor add @dfuch
/contributor add @honkar-jdk
/contributor add @JoeWang-Java
/contributor add @JornVernee
/contributor add @justin-curtis-lu
/contributor add @kevinjwalls
/contributor add @LanceAndersen
/contributor add @naotoj
/contributor add @RogerRiggs

[openjdk[bot]]

@liach This pull request will not be integrated until the JEP-486 has been targeted.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[openjdk[bot]]

@liach Only the author (@seanjmullan) is allowed to issue the contributor command.

[seanjmullan]

/contributor add mullan /contributor add alanb /contributor add weijun /contributor add aefimov /contributor add bpb /contributor add dfuchs /contributor add honkar /contributor add joehw /contributor add jvernee /contributor add jlu /contributor add kevinw /contributor add lancea /contributor add naoto /contributor add rriggs /contributor add bchristi /contributor add smarks /contributor add igraves

[openjdk[bot]]

@seanjmullan Contributor Sean Mullan <[email protected]> successfully added.