Removing AccessController calls from appengine_standard/api_dev.

PiperOrigin-RevId: 726526586 Change-Id: I2c790f3d88387d2fabcec48adbf1b050f5174c11
GoogleCloudPlatform · Feb 13, 2025 · a9e6956 · a9e6956
1 parent 1ed7093
commit a9e6956
Show file tree

Hide file tree

Showing 18 changed files with 512 additions and 907 deletions.
diff --git a/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/FileBlobStorage.java b/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/FileBlobStorage.java
@@ -24,10 +24,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 
 /**
  * {@code FileBlobStorage} provides durable persistence of blobs by storing blob content directly to
@@ -46,45 +42,17 @@ class FileBlobStorage implements BlobStorage {
   @Override
   public boolean hasBlob(final BlobKey blobKey) {
 
-    return AccessController.doPrivileged(
-        new PrivilegedAction<Boolean>() {
-          @Override
-          public Boolean run() {
-            return getFileForBlob(blobKey).exists();
-          }
-        });
+    return getFileForBlob(blobKey).exists();
   }
 
   @Override
   public OutputStream storeBlob(final BlobKey blobKey) throws IOException {
-    try {
-      return AccessController.doPrivileged(
-          new PrivilegedExceptionAction<FileOutputStream>() {
-            @Override
-            public FileOutputStream run() throws IOException {
-              return new FileOutputStream(getFileForBlob(blobKey));
-            }
-          });
-    } catch (PrivilegedActionException ex) {
-      Throwable cause = ex.getCause();
-      throw (cause instanceof IOException) ? (IOException) cause : new IOException(cause);
-    }
+    return new FileOutputStream(getFileForBlob(blobKey));
   }
 
   @Override
   public InputStream fetchBlob(final BlobKey blobKey) throws IOException {
-    try {
-      return AccessController.doPrivileged(
-          new PrivilegedExceptionAction<FileInputStream>() {
-            @Override
-            public FileInputStream run() throws IOException {
-              return new FileInputStream(getFileForBlob(blobKey));
-            }
-          });
-    } catch (PrivilegedActionException ex) {
-      Throwable cause = ex.getCause();
-      throw (cause instanceof IOException) ? (IOException) cause : new IOException(cause);
-    }
+    return new FileInputStream(getFileForBlob(blobKey));
   }
 
   @Override
@@ -98,21 +66,9 @@ public void deleteBlob(final BlobKey blobKey) throws IOException {
         && blobInfoStorage.loadGsFileInfo(blobKey) == null) {
       throw new RuntimeException("Unknown blobkey: " + blobKey);
     }
-    try {
-      AccessController.doPrivileged(
-          new PrivilegedExceptionAction<Void>() {
-            @Override
-            public Void run() throws IOException {
-              File file = getFileForBlob(blobKey);
-              if (!file.delete()) {
-                throw new IOException("Could not delete: " + file);
-              }
-              return null;
-            }
-          });
-    } catch (PrivilegedActionException ex) {
-      Throwable cause = ex.getCause();
-      throw (cause instanceof IOException) ? (IOException) cause : new IOException(cause);
+    File file = getFileForBlob(blobKey);
+    if (!file.delete()) {
+      throw new IOException("Could not delete: " + file);
     }
     blobInfoStorage.deleteBlobInfo(blobKey);
   }

diff --git a/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/LocalBlobstoreService.java b/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/LocalBlobstoreService.java
@@ -43,8 +43,6 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -157,23 +155,18 @@ public CreateUploadURLResponse createUploadURL(Status status, CreateUploadURLReq
   }
 
   public VoidProto deleteBlob(Status status, final DeleteBlobRequest request) {
-    AccessController.doPrivileged(
-        (PrivilegedAction<Object>)
-            () -> {
-              for (String blobKeyString : request.getBlobKeyList()) {
-                BlobKey blobKey = new BlobKey(blobKeyString);
-                if (blobStorage.hasBlob(blobKey)) {
-                  try {
-                    blobStorage.deleteBlob(blobKey);
-                  } catch (IOException ex) {
-                    logger.log(Level.WARNING, "Could not delete blob: " + blobKey, ex);
-                    throw new ApiProxy.ApplicationException(
-                        BlobstoreServiceError.ErrorCode.INTERNAL_ERROR_VALUE, ex.toString());
-                  }
-                }
-              }
-              return null;
-            });
+    for (String blobKeyString : request.getBlobKeyList()) {
+      BlobKey blobKey = new BlobKey(blobKeyString);
+      if (blobStorage.hasBlob(blobKey)) {
+        try {
+          blobStorage.deleteBlob(blobKey);
+        } catch (IOException ex) {
+          logger.log(Level.WARNING, "Could not delete blob: " + blobKey, ex);
+          throw new ApiProxy.ApplicationException(
+              BlobstoreServiceError.ErrorCode.INTERNAL_ERROR_VALUE, ex.toString());
+        }
+      }
+    }
 
     return VoidProto.getDefaultInstance();
   }
@@ -222,27 +215,21 @@ public FetchDataResponse fetchData(Status status, final FetchDataRequest request
     } else {
       // Safe to cast because index will never be above MAX_BLOB_FETCH_SIZE.
       final byte[] data = new byte[(int) (endIndex - request.getStartIndex() + 1)];
-      AccessController.doPrivileged(
-          (PrivilegedAction<Object>)
-              () -> {
-                try {
-                  boolean swallowDueToThrow = true;
-                  InputStream stream = blobStorage.fetchBlob(blobKey);
-                  try {
-                    ByteStreams.skipFully(stream, request.getStartIndex());
-                    ByteStreams.readFully(stream, data);
-                    swallowDueToThrow = false;
-                  } finally {
-                    Closeables.close(stream, swallowDueToThrow);
-                  }
-                } catch (IOException ex) {
-                  logger.log(Level.WARNING, "Could not fetch data: " + blobKey, ex);
-                  throw new ApiProxy.ApplicationException(
-                      BlobstoreServiceError.ErrorCode.INTERNAL_ERROR_VALUE, ex.toString());
-                }
-
-                return null;
-              });
+      try {
+        boolean swallowDueToThrow = true;
+        InputStream stream = blobStorage.fetchBlob(blobKey);
+        try {
+          ByteStreams.skipFully(stream, request.getStartIndex());
+          ByteStreams.readFully(stream, data);
+          swallowDueToThrow = false;
+        } finally {
+          Closeables.close(stream, swallowDueToThrow);
+        }
+      } catch (IOException ex) {
+        logger.log(Level.WARNING, "Could not fetch data: " + blobKey, ex);
+        throw new ApiProxy.ApplicationException(
+            BlobstoreServiceError.ErrorCode.INTERNAL_ERROR_VALUE, ex.toString());
+      }
 
       response.setData(ByteString.copyFrom(data));
     }

diff --git a/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/UploadBlobServlet.java b/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/UploadBlobServlet.java
@@ -34,11 +34,8 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
-import java.security.AccessController;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.security.SecureRandom;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -126,24 +123,7 @@ public void init() throws ServletException {
   @Override
   public void doPost(final HttpServletRequest req, final HttpServletResponse resp)
       throws ServletException, IOException {
-    try {
-      AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
-          @Override
-          public Object run() throws ServletException, IOException {
-            handleUpload(req, resp);
-            return null;
-          }
-        });
-    } catch (PrivilegedActionException ex) {
-      Throwable cause = ex.getCause();
-      if (cause instanceof ServletException) {
-        throw (ServletException) cause;
-      } else if (cause instanceof IOException) {
-        throw (IOException) cause;
-      } else {
-        throw new ServletException(cause);
-      }
-    }
+    handleUpload(req, resp);
   }
 
   private String getSessionId(HttpServletRequest req) {

diff --git a/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/ee10/UploadBlobServlet.java b/api_dev/src/main/java/com/google/appengine/api/blobstore/dev/ee10/UploadBlobServlet.java
@@ -47,11 +47,8 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
-import java.security.AccessController;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.security.SecureRandom;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -132,24 +129,7 @@ public void init() throws ServletException {
   @Override
   public void doPost(final HttpServletRequest req, final HttpServletResponse resp)
       throws ServletException, IOException {
-    try {
-      AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
-          @Override
-          public Object run() throws ServletException, IOException {
-            handleUpload(req, resp);
-            return null;
-          }
-        });
-    } catch (PrivilegedActionException ex) {
-      Throwable cause = ex.getCause();
-      if (cause instanceof ServletException) {
-        throw (ServletException) cause;
-      } else if (cause instanceof IOException) {
-        throw (IOException) cause;
-      } else {
-        throw new ServletException(cause);
-      }
-    }
+    handleUpload(req, resp);
   }
 
   private String getSessionId(HttpServletRequest req) {

diff --git a/api_dev/src/main/java/com/google/appengine/api/datastore/dev/LocalCompositeIndexManager.java b/api_dev/src/main/java/com/google/appengine/api/datastore/dev/LocalCompositeIndexManager.java
@@ -52,8 +52,6 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Writer;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -339,20 +337,13 @@ private File getGeneratedIndexFile() {
     /**
      * Returns an input stream for the generated indexes file or {@code null} if it doesn't exist.
      */
-    // @Nullable
     // @VisibleForTesting
-    InputStream getGeneratedIndexFileInputStream() {
-      return AccessController.doPrivileged(
-          new PrivilegedAction<InputStream>() {
-            @Override
-            public InputStream run() {
-              try {
-                return new FileInputStream(getGeneratedIndexFile());
-              } catch (FileNotFoundException e) {
-                return null;
-              }
-            }
-          });
+    @Nullable InputStream getGeneratedIndexFileInputStream() {
+      try {
+        return new FileInputStream(getGeneratedIndexFile());
+      } catch (FileNotFoundException e) {
+        return null;
+      }
     }
 
     /** Returns a writer for the generated indexes file. */