8344994: Remove most uses of RuntimePermission checks in java.desktop

Reviewed-by: azvegint
microsoft · Nov 26, 2024 · ca81ab5 · ca81ab5
1 parent 43603ac
commit ca81ab5
Show file tree

Hide file tree

Showing 15 changed files with 8 additions and 252 deletions.
diff --git a/src/java.desktop/macosx/classes/com/apple/eawt/Application.java b/src/java.desktop/macosx/classes/com/apple/eawt/Application.java
@@ -79,7 +79,6 @@ public class Application {
     static Application sApplication = null;
 
     static {
-        checkSecurity();
         Toolkit.getDefaultToolkit(); // Start AppKit
         if (!Beans.isDesignTime()) {
             nativeInitializeApplicationDelegate();
@@ -88,20 +87,12 @@ public class Application {
         sApplication = new Application();
     }
 
-    private static void checkSecurity() {
-        @SuppressWarnings("removal")
-        final SecurityManager security = System.getSecurityManager();
-        if (security == null) return;
-        security.checkPermission(new RuntimePermission("canProcessApplicationEvents"));
-    }
-
     /**
      * @return the singleton representing this Mac OS X Application
      *
      * @since 1.4
      */
     public static Application getApplication() {
-        checkSecurity();
         return sApplication;
     }
 
@@ -118,7 +109,6 @@ public static Application getApplication() {
      */
     @Deprecated
     public Application() {
-        checkSecurity();
     }
 
     /**

diff --git a/src/java.desktop/macosx/classes/com/apple/eio/FileManager.java b/src/java.desktop/macosx/classes/com/apple/eio/FileManager.java
@@ -254,11 +254,6 @@ public static String findFolder(short domain, int folderType) throws FileNotFoun
          * @since 1.4
          */
     public static String findFolder(short domain, int folderType, boolean createIfNeeded) throws FileNotFoundException {
-        @SuppressWarnings("removal")
-        final SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkPermission(new RuntimePermission("canExamineFileSystem"));
-        }
 
         final String foundFolder = _findFolder(domain, folderType, createIfNeeded);
         if (foundFolder == null) throw new FileNotFoundException("Can't find folder: " + Integer.toHexString(folderType));
@@ -282,11 +277,6 @@ public static String findFolder(short domain, int folderType, boolean createIfNe
          */
     @Deprecated
     public static void openURL(String url) throws IOException {
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkPermission(new RuntimePermission("canOpenURLs"));
-        }
         _openURL(url);
     }
     private static native void _openURL(String url) throws IOException;
@@ -334,10 +324,6 @@ public static String getResource(String resourceName, String subDirName, String
 
         private static native String getNativeResourceFromBundle(String resourceName, String subDirName, String type) throws FileNotFoundException;
         private static String getResourceFromBundle(String resourceName, String subDirName, String type) throws FileNotFoundException {
-                @SuppressWarnings("removal")
-                final SecurityManager security = System.getSecurityManager();
-                if (security != null) security.checkPermission(new RuntimePermission("canReadBundle"));
-
                 final String resourceFromBundle = getNativeResourceFromBundle(resourceName, subDirName, type);
                 if (resourceFromBundle == null) throw new FileNotFoundException(resourceName);
                 return resourceFromBundle;
@@ -353,9 +339,6 @@ private static String getResourceFromBundle(String resourceName, String subDirNa
          * @since Java for Mac OS X 10.5 Update 2 - 1.5
          */
         public static String getPathToApplicationBundle() {
-                @SuppressWarnings("removal")
-                SecurityManager security = System.getSecurityManager();
-                if (security != null) security.checkPermission(new RuntimePermission("canReadBundle"));
                 return getNativePathToApplicationBundle();
         }
 

diff --git a/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPrinterJob.java b/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPrinterJob.java
@@ -123,7 +123,7 @@ public boolean printDialog() throws HeadlessException {
             return super.printDialog(attributes);
         }
 
-        return jobSetup(getPageable(), checkAllowedToPrintToFile());
+        return jobSetup(getPageable());
     }
 
     /**
@@ -580,8 +580,8 @@ public boolean pageSetup(PageFormat page, Printable painter) {
      * dialog.
      * If the dialog is to use a set of attributes, useAttributes is true.
      */
-    private boolean jobSetup(Pageable doc, boolean allowPrintToFile) {
-        CPrinterDialog printerDialog = new CPrinterJobDialog(null, this, doc, allowPrintToFile);
+    private boolean jobSetup(Pageable doc) {
+        CPrinterDialog printerDialog = new CPrinterJobDialog(null, this, doc);
         printerDialog.setVisible(true);
         boolean result = printerDialog.getRetVal();
         printerDialog.dispose();

diff --git a/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPrinterJobDialog.java b/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPrinterJobDialog.java
@@ -32,12 +32,10 @@
 @SuppressWarnings("serial") // JDK implementation class
 final class CPrinterJobDialog extends CPrinterDialog {
     private Pageable fPageable;
-    private boolean fAllowPrintToFile;
 
-    CPrinterJobDialog(Frame parent, CPrinterJob printerJob, Pageable doc, boolean allowPrintToFile) {
+    CPrinterJobDialog(Frame parent, CPrinterJob printerJob, Pageable doc) {
         super(parent, printerJob);
         fPageable = doc;
-        fAllowPrintToFile = allowPrintToFile;
     }
 
     @Override

diff --git a/src/java.desktop/share/classes/java/awt/Font.java b/src/java.desktop/share/classes/java/awt/Font.java
@@ -36,7 +36,6 @@
 import java.awt.peer.FontPeer;
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.FilePermission;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.ObjectOutputStream;
@@ -1231,13 +1230,6 @@ private static File checkFontFile(int fontFormat, File fontFile)
             fontFormat != Font.TYPE1_FONT) {
             throw new IllegalArgumentException ("font format not recognized");
         }
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            FilePermission filePermission =
-                new FilePermission(fontFile.getPath(), "read");
-            sm.checkPermission(filePermission);
-        }
         if (!fontFile.canRead()) {
             throw new IOException("Can't read " + fontFile);
         }

diff --git a/src/java.desktop/share/classes/java/awt/Taskbar.java b/src/java.desktop/share/classes/java/awt/Taskbar.java
@@ -177,19 +177,6 @@ private void checkFeatureSupport(Feature featureType){
         }
     }
 
-    /**
-     *  Calls to the security manager's {@code checkPermission} method with
-     *  an {@code RuntimePermission("canProcessApplicationEvents")} permissions.
-     */
-    private void checkEventsProcessingPermission(){
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission(
-                    "canProcessApplicationEvents"));
-        }
-    }
-
     private Taskbar() {
         Toolkit defaultToolkit = Toolkit.getDefaultToolkit();
         if (defaultToolkit instanceof SunToolkit) {
@@ -265,7 +252,6 @@ public static boolean isTaskbarSupported(){
      * does not support the {@link Taskbar.Feature#USER_ATTENTION} feature
      */
     public void requestUserAttention(final boolean enabled, final boolean critical) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.USER_ATTENTION);
         peer.requestUserAttention(enabled, critical);
     }
@@ -282,7 +268,6 @@ public void requestUserAttention(final boolean enabled, final boolean critical)
      * does not support the {@link Taskbar.Feature#USER_ATTENTION_WINDOW} feature
      */
     public void requestWindowUserAttention(Window w) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.USER_ATTENTION_WINDOW);
         peer.requestWindowUserAttention(w);
     }
@@ -296,7 +281,6 @@ public void requestWindowUserAttention(Window w) {
      * does not support the {@link Taskbar.Feature#MENU} feature
      */
     public void setMenu(final PopupMenu menu) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.MENU);
         peer.setMenu(menu);
     }
@@ -309,7 +293,6 @@ public void setMenu(final PopupMenu menu) {
      * does not support the {@link Taskbar.Feature#MENU} feature
      */
     public PopupMenu getMenu() {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.MENU);
         return peer.getMenu();
     }
@@ -322,7 +305,6 @@ public PopupMenu getMenu() {
      * does not support the {@link Taskbar.Feature#ICON_IMAGE} feature
      */
     public void setIconImage(final Image image) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.ICON_IMAGE);
         peer.setIconImage(image);
     }
@@ -339,7 +321,6 @@ public void setIconImage(final Image image) {
      * does not support the {@link Taskbar.Feature#ICON_IMAGE} feature
      */
     public Image getIconImage() {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.ICON_IMAGE);
         return peer.getIconImage();
     }
@@ -360,7 +341,6 @@ public Image getIconImage() {
      * or {@link Taskbar.Feature#ICON_BADGE_TEXT} feature
      */
     public void setIconBadge(final String badge) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.ICON_BADGE_NUMBER);
         peer.setIconBadge(badge);
     }
@@ -380,7 +360,6 @@ public void setIconBadge(final String badge) {
      * does not support the {@link Taskbar.Feature#ICON_BADGE_IMAGE_WINDOW} feature
      */
     public void setWindowIconBadge(Window w, final Image badge) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.ICON_BADGE_IMAGE_WINDOW);
         if (w != null) {
             peer.setWindowIconBadge(w, badge);
@@ -396,7 +375,6 @@ public void setWindowIconBadge(Window w, final Image badge) {
      * does not support the {@link Taskbar.Feature#PROGRESS_VALUE} feature
      */
     public void setProgressValue(int value) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.PROGRESS_VALUE);
         peer.setProgressValue(value);
     }
@@ -426,7 +404,6 @@ public void setProgressValue(int value) {
      * does not support the {@link Taskbar.Feature#PROGRESS_VALUE_WINDOW} feature
      */
     public void setWindowProgressValue(Window w, int value) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.PROGRESS_VALUE_WINDOW);
         if (w != null) {
             peer.setWindowProgressValue(w, value);
@@ -458,7 +435,6 @@ public void setWindowProgressValue(Window w, int value) {
      * does not support the {@link Taskbar.Feature#PROGRESS_STATE_WINDOW} feature
      */
     public void setWindowProgressState(Window w, State state) {
-        checkEventsProcessingPermission();
         checkFeatureSupport(Feature.PROGRESS_STATE_WINDOW);
         if (w != null) {
             peer.setWindowProgressState(w, state);

diff --git a/src/java.desktop/share/classes/java/awt/color/ICC_Profile.java b/src/java.desktop/share/classes/java/awt/color/ICC_Profile.java
@@ -39,7 +39,6 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
-import java.io.FilePermission;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.ObjectInputStream;

diff --git a/src/java.desktop/share/classes/javax/accessibility/AccessibilityProvider.java b/src/java.desktop/share/classes/javax/accessibility/AccessibilityProvider.java
@@ -52,37 +52,6 @@ public abstract class AccessibilityProvider {
      * Initializes a new accessibility provider.
      */
     protected AccessibilityProvider() {
-        // Use a permission check when calling a private constructor to check
-        // that the proper security permission has been granted before the
-        // {@code Object} superclass is called. If an exception is thrown before
-        // the {@code Object} superclass is constructed a finalizer in a
-        // subclass of this class will not be run. This protects against a
-        // finalizer vulnerability.
-        this(checkPermission());
-    }
-
-    /**
-     * Allows to check a permission before the {@code Object} is called.
-     *
-     * @param  ignore unused stub to call a {@link #checkPermission()}}
-     */
-    private AccessibilityProvider(Void ignore) { }
-
-    /**
-     * If this code is running with a security manager and if the permission
-     * {@code "accessibilityProvider"} has not been granted
-     * {@code SecurityException} will be thrown.
-     *
-     * @return {@code null} if {@code SecurityException} was not thrown
-     * @throws SecurityException If a security manager has been installed and it
-     *         denies {@link RuntimePermission} {@code "accessibilityProvider"}
-     */
-    private static Void checkPermission() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null)
-            sm.checkPermission(new RuntimePermission("accessibilityProvider"));
-        return null;
     }
 
     /**

diff --git a/src/java.desktop/share/classes/javax/imageio/ImageIO.java b/src/java.desktop/share/classes/javax/imageio/ImageIO.java
@@ -28,7 +28,6 @@
 import java.awt.image.BufferedImage;
 import java.awt.image.RenderedImage;
 import java.io.File;
-import java.io.FilePermission;
 import java.io.InputStream;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -170,50 +169,13 @@ private static String getTempDir() {
     /**
      * Determines whether the caller has write access to the cache
      * directory, stores the result in the {@code CacheInfo} object,
-     * and returns the decision.  This method helps to prevent mysterious
-     * SecurityExceptions to be thrown when this convenience class is used
-     * in an applet, for example.
+     * and returns the decision.
      */
     private static boolean hasCachePermission() {
         Boolean hasPermission = getCacheInfo().getHasPermission();
-
         if (hasPermission != null) {
             return hasPermission.booleanValue();
         } else {
-            try {
-                @SuppressWarnings("removal")
-                SecurityManager security = System.getSecurityManager();
-                if (security != null) {
-                    File cachedir = getCacheDirectory();
-                    String cachepath;
-
-                    if (cachedir != null) {
-                        cachepath = cachedir.getPath();
-                    } else {
-                        cachepath = getTempDir();
-
-                        if (cachepath == null || cachepath.isEmpty()) {
-                            getCacheInfo().setHasPermission(Boolean.FALSE);
-                            return false;
-                        }
-                    }
-
-                    // we have to check whether we can read, write,
-                    // and delete cache files.
-                    // So, compose cache file path and check it.
-                    String filepath = cachepath;
-                    if (!filepath.endsWith(File.separator)) {
-                        filepath += File.separator;
-                    }
-                    filepath += "*";
-
-                    security.checkPermission(new FilePermission(filepath, "read, write, delete"));
-                }
-            } catch (SecurityException e) {
-                getCacheInfo().setHasPermission(Boolean.FALSE);
-                return false;
-            }
-
             getCacheInfo().setHasPermission(Boolean.TRUE);
             return true;
         }

diff --git a/src/java.desktop/share/classes/sun/print/PrintJob2D.java b/src/java.desktop/share/classes/sun/print/PrintJob2D.java
@@ -42,7 +42,6 @@
 import java.awt.print.PrinterJob;
 
 import java.io.File;
-import java.io.FilePermission;
 import java.io.IOException;
 
 import java.net.URI;
@@ -351,7 +350,6 @@ private void initPrintJob2D(Frame frame,  String doctitle,
         // Verify that the app has access to the file system
         DestinationType dest= this.jobAttributes.getDestination();
         if (dest == DestinationType.FILE) {
-            throwPrintToFile();
 
             // check if given filename is valid
             String destStr = jobAttributes.getFileName();
@@ -1264,17 +1262,4 @@ private void translateOutputProps() {
         props.setProperty(PAPERSIZE_PROP, str);
     }
 
-    private void throwPrintToFile() {
-        @SuppressWarnings("removal")
-        SecurityManager security = System.getSecurityManager();
-        FilePermission printToFilePermission = null;
-        if (security != null) {
-            if (printToFilePermission == null) {
-                printToFilePermission =
-                    new FilePermission("<<ALL FILES>>", "read,write");
-            }
-            security.checkPermission(printToFilePermission);
-        }
-    }
-
 }