8344183: (zipfs) SecurityManager cleanup in the ZipFS area

Eirik Bjørsnøs · Eirik Bjørsnøs · commit bfee766f035f · 2024-11-15T07:48:15.000Z
Reviewed-by: mullan, lancea
diff --git a/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java b/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java
@@ -44,10 +44,6 @@
 import java.nio.file.*;
 import java.nio.file.attribute.*;
 import java.nio.file.spi.FileSystemProvider;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.*;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
@@ -82,10 +78,8 @@
  */
 class ZipFileSystem extends FileSystem {
     // statics
-    @SuppressWarnings("removal")
-    private static final boolean isWindows = AccessController.doPrivileged(
-        (PrivilegedAction<Boolean>)()->System.getProperty("os.name")
-                                             .startsWith("Windows"));
+    private static final boolean isWindows = System.getProperty("os.name")
+                                             .startsWith("Windows");
     private static final byte[] ROOTPATH = new byte[] { '/' };
     private static final String PROPERTY_POSIX = "enablePosixFileAttributes";
     private static final String PROPERTY_DEFAULT_OWNER = "defaultOwner";
@@ -168,9 +162,7 @@ class ZipFileSystem extends FileSystem {
         }
         // sm and existence check
         zfpath.getFileSystem().provider().checkAccess(zfpath, AccessMode.READ);
-        @SuppressWarnings("removal")
-        boolean writeable = AccessController.doPrivileged(
-            (PrivilegedAction<Boolean>)()->Files.isWritable(zfpath));
+        boolean writeable = Files.isWritable(zfpath);
         this.readOnly = !writeable;
         this.zc = ZipCoder.get(nameEncoding);
         this.rootdir = new ZipPath(this, new byte[]{'/'});
@@ -244,23 +236,14 @@ private static boolean isTrue(Map<String, ?> env, String name) {
     // If not specified in env, it is the owner of the archive. If no owner can
     // be determined, we try to go with system property "user.name". If that's not
     // accessible, we return "<zipfs_default>".
-    @SuppressWarnings("removal")
     private UserPrincipal initOwner(Path zfpath, Map<String, ?> env) throws IOException {
         Object o = env.get(PROPERTY_DEFAULT_OWNER);
         if (o == null) {
             try {
-                PrivilegedExceptionAction<UserPrincipal> pa = ()->Files.getOwner(zfpath);
-                return AccessController.doPrivileged(pa);
-            } catch (UnsupportedOperationException | PrivilegedActionException e) {
-                if (e instanceof UnsupportedOperationException ||
-                    e.getCause() instanceof NoSuchFileException)
-                {
-                    PrivilegedAction<String> pa = ()->System.getProperty("user.name");
-                    String userName = AccessController.doPrivileged(pa);
-                    return ()->userName;
-                } else {
-                    throw new IOException(e);
-                }
+                return Files.getOwner(zfpath);
+            } catch (UnsupportedOperationException | NoSuchFileException e) {
+                String userName = System.getProperty("user.name");
+                return ()->userName;
             }
         }
         if (o instanceof String) {
@@ -282,7 +265,6 @@ private UserPrincipal initOwner(Path zfpath, Map<String, ?> env) throws IOExcept
     // If not specified in env, we try to determine the group of the zip archive itself.
     // If this is not possible/unsupported, we will return a group principal going by
     // the same name as the default owner.
-    @SuppressWarnings("removal")
     private GroupPrincipal initGroup(Path zfpath, Map<String, ?> env) throws IOException {
         Object o = env.get(PROPERTY_DEFAULT_GROUP);
         if (o == null) {
@@ -291,16 +273,9 @@ private GroupPrincipal initGroup(Path zfpath, Map<String, ?> env) throws IOExcep
                 if (zfpv == null) {
                     return defaultOwner::getName;
                 }
-                PrivilegedExceptionAction<GroupPrincipal> pa = ()->zfpv.readAttributes().group();
-                return AccessController.doPrivileged(pa);
-            } catch (UnsupportedOperationException | PrivilegedActionException e) {
-                if (e instanceof UnsupportedOperationException ||
-                    e.getCause() instanceof NoSuchFileException)
-                {
-                    return defaultOwner::getName;
-                } else {
-                    throw new IOException(e);
-                }
+                return zfpv.readAttributes().group();
+            } catch (UnsupportedOperationException | NoSuchFileException e) {
+                return defaultOwner::getName;
             }
         }
         if (o instanceof String) {
@@ -462,7 +437,6 @@ public PathMatcher getPathMatcher(String syntaxAndInput) {
         return (path)->pattern.matcher(path.toString()).matches();
     }
 
-    @SuppressWarnings("removal")
     @Override
     public void close() throws IOException {
         beginWrite();
@@ -480,13 +454,9 @@ public void close() throws IOException {
         }
         beginWrite();                // lock and sync
         try {
-            AccessController.doPrivileged((PrivilegedExceptionAction<Void>)() -> {
-                sync(); return null;
-            });
+            sync();
             ch.close();              // close the ch just in case no update
                                      // and sync didn't close the ch
-        } catch (PrivilegedActionException e) {
-            throw (IOException)e.getException();
         } finally {
             endWrite();
         }
@@ -512,10 +482,8 @@ public void close() throws IOException {
         synchronized (tmppaths) {
             for (Path p : tmppaths) {
                 try {
-                    AccessController.doPrivileged(
-                        (PrivilegedExceptionAction<Boolean>)() -> Files.deleteIfExists(p));
-                } catch (PrivilegedActionException e) {
-                    IOException x = (IOException)e.getException();
+                    Files.deleteIfExists(p);
+                } catch (IOException x) {
                     if (ioe == null)
                         ioe = x;
                     else
diff --git a/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystemProvider.java b/src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystemProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,9 +39,6 @@
 import java.nio.file.attribute.FileAttribute;
 import java.nio.file.attribute.FileAttributeView;
 import java.nio.file.spi.FileSystemProvider;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -317,17 +314,9 @@ public void setAttribute(Path path, String attribute,
     }
 
     //////////////////////////////////////////////////////////////
-    @SuppressWarnings("removal")
     void removeFileSystem(Path zfpath, ZipFileSystem zfs) throws IOException {
         synchronized (filesystems) {
-            Path tempPath = zfpath;
-            PrivilegedExceptionAction<Path> action = tempPath::toRealPath;
-            try {
-                zfpath = AccessController.doPrivileged(action);
-            } catch (PrivilegedActionException e) {
-                throw (IOException) e.getException();
-            }
-            filesystems.remove(zfpath, zfs);
+            filesystems.remove(zfpath.toRealPath(), zfs);
         }
     }
 }
diff --git a/test/jdk/jdk/nio/zipfs/TestPosix.java b/test/jdk/jdk/nio/zipfs/TestPosix.java
@@ -29,10 +29,6 @@
 import java.nio.ByteOrder;
 import java.nio.file.*;
 import java.nio.file.attribute.*;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.time.Instant;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
@@ -219,35 +215,28 @@ static interface Executor {
 
     private static String expectedDefaultOwner(Path zf) {
         try {
-            try {
-                PrivilegedExceptionAction<String> pa = ()->Files.getOwner(zf).getName();
-                return AccessController.doPrivileged(pa);
-            } catch (UnsupportedOperationException e) {
-                // if we can't get the owner of the file, we fall back to system property user.name
-                PrivilegedAction<String> pa = ()->System.getProperty("user.name");
-                return AccessController.doPrivileged(pa);
-            }
-        } catch (PrivilegedActionException | SecurityException e) {
+            return Files.getOwner(zf).getName();
+        } catch (UnsupportedOperationException e) {
+            // if we can't get the owner of the file, we fall back to system property user.name
+            return System.getProperty("user.name");
+        } catch (IOException e) {
             System.out.println("Caught " + e.getClass().getName() + "(" + e.getMessage() +
-                ") when running a privileged operation to get the default owner.");
+                    ") when getting the default owner.");
             return null;
         }
     }
 
     private static String expectedDefaultGroup(Path zf, String defaultOwner) {
         try {
-            try {
-                PosixFileAttributeView zfpv = Files.getFileAttributeView(zf, PosixFileAttributeView.class);
-                if (zfpv == null) {
-                    return defaultOwner;
-                }
-                PrivilegedExceptionAction<String> pa = ()->zfpv.readAttributes().group().getName();
-                return AccessController.doPrivileged(pa);
-            } catch (UnsupportedOperationException e) {
+            PosixFileAttributeView zfpv = Files.getFileAttributeView(zf, PosixFileAttributeView.class);
+            if (zfpv == null) {
                 return defaultOwner;
             }
-        } catch (PrivilegedActionException | SecurityException e) {
-            System.out.println("Caught an exception when running a privileged operation to get the default group.");
+            return zfpv.readAttributes().group().getName();
+        } catch (UnsupportedOperationException e) {
+            return defaultOwner;
+        } catch (IOException e) {
+            System.out.println("Caught an exception when getting the default group.");
             e.printStackTrace();
             return null;
         }
