8338411: Implement JEP 486: Permanently Disable the Security Manager

[seanjmullan]

This is the implementation of JEP 486: Permanently Disable the Security Manager. See JEP 486 for more details. The CSR describes in detail the main changes in the JEP and also includes an apidiff of the specification changes.

NOTE: the majority (~95%) of the changes in this PR are test updates (removal/modifications) and API specification changes, the latter mostly to remove @throws SecurityException. The remaining changes are primarily the removal of the SecurityManager, Policy, AccessController and other Security Manager API implementations. There is very little new code.

The code changes can be broken down into roughly the following categories:

1. Degrading the behavior of Security Manager APIs to either throw Exceptions by default or provide an execution environment that disallows access to all resources by default.
2. Changing hundreds of methods and constructors to no longer throw a SecurityException if a Security Manager was enabled. They will operate as they did in JDK 23 with no Security Manager enabled.
3. Changing the java command to exit with a fatal error if a Security Manager is enabled.
4. Removing the hotspot native code for the privileged stack walk and the inherited access control context. The remaining hotspot code and tests related to the Security Manager will be removed immediately after integration - see JDK-8341916.
5. Removing or modifying hundreds of tests. Many tests that tested Security Manager behavior are no longer relevant and thus have been removed or modified.

There are a handful of Security Manager related tests that are failing and are at the end of the test/jdk/ProblemList.txt, test/langtools/ProblemList.txt and test/hotspot/jtreg/ProblemList.txt files - these will be removed or separate bugs will be filed before integrating this PR.

Inside the JDK, we have retained calls to SecurityManager::getSecurityManager and AccessController::doPrivileged for now, as these methods have been degraded to behave the same as they did in JDK 23 with no Security Manager enabled. After we integrate this JEP, those calls will be removed in each area (client-libs, core-libs, security, etc).

I don't expect each reviewer to review all the code changes in this JEP. Rather, I advise that you only focus on the changes for the area (client-libs, core-libs, net, security, etc) that you are most familiar with.

---

Progress

• Change must not contain extraneous whitespace
• Change requires CSR request JDK-8338412 to be approved
• Commit message must refer to an issue
• Change requires a JEP request to be targeted
• Change must be properly reviewed (2 reviews required, with at least 1 Reviewer, 1 Author)

Issues

• JDK-8338411: Implement JEP 486: Permanently Disable the Security Manager (Enhancement - P3)
• JDK-8338625: JEP 486: Permanently Disable the Security Manager (JEP)
• JDK-8338412: Implement JEP 486: Permanently Disable the Security Manager (CSR)

Reviewers

• Daniel Fuchs (@dfuch - Reviewer) Review applies to f89d9d09
• Magnus Ihse Bursie (@magicus - Reviewer) Review applies to d05122fb
• Erik Joelsson (@erikj79 - Reviewer) Review applies to d05122fb
• Chris Plummer (@plummercj - Reviewer) Review applies to d05122fb
• Coleen Phillimore (@coleenp - Reviewer) Review applies to d05122fb
• Naoto Sato (@naotoj - Reviewer) Review applies to d05122fb
• Mandy Chung (@mlchung - Reviewer) Review applies to 7958ee2b
• Phil Race (@prrace - Reviewer) Review applies to b7b95a40
• Weijun Wang (@wangweij - Reviewer) Review applies to b7b95a40
• Joe Wang (@JoeWang-Java - Reviewer) Review applies to d05122fb
• Kevin Walls (@kevinjwalls - Reviewer)
• Alexander Zvegintsev (@azvegint - Reviewer) Review applies to f89d9d09
• Alexey Ivanov (@aivanov-jdk - Reviewer) Review applies to 7958ee2b
• Roger Riggs (@RogerRiggs - Reviewer)
• Prasanta Sadhukhan (@prsadhuk - Reviewer) Review applies to cb50dfde
• Brent Christian (@bchristi-git - Reviewer) Review applies to 2f90c839
• Athijegannathan Sundararajan (@sundararajana - Reviewer) Review applies to 2f90c839
• Attila Szegedi (@szegedi - Reviewer) Review applies to 7958ee2b

Reviewers without OpenJDK IDs

• @dmlloyd (no known openjdk.org user name / role) Review applies to f89d9d09

Contributors

• Sean Mullan <[email protected]>
• Alan Bateman <[email protected]>
• Weijun Wang <[email protected]>
• Aleksei Efimov <[email protected]>
• Brian Burkhalter <[email protected]>
• Daniel Fuchs <[email protected]>
• Harshitha Onkar <[email protected]>
• Joe Wang <[email protected]>
• Jorn Vernee <[email protected]>
• Justin Lu <[email protected]>
• Kevin Walls <[email protected]>
• Lance Andersen <[email protected]>
• Naoto Sato <[email protected]>
• Roger Riggs <[email protected]>
• Brent Christian <[email protected]>
• Stuart Marks <[email protected]>
• Ian Graves <[email protected]>
• Phil Race <[email protected]>
• Erik Gahlin <[email protected]>
• Jaikiran Pai <[email protected]>

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21498/head:pull/21498
$ git checkout pull/21498

Update a local copy of the PR:
$ git checkout pull/21498
$ git pull https://git.openjdk.org/jdk.git pull/21498/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 21498

View PR using the GUI difftool:
$ git pr show -t 21498

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21498.diff

Using Webrev

Link to Webrev Comment

[RogerRiggs]

Good to go!

[seanjmullan]

/integrate

[seanjmullan]

/reviewers 2

[openjdk]

@seanjmullan This pull request has not yet been marked as ready for integration.

[openjdk]

@seanjmullan
The total number of required reviews for this PR (including the jcheck configuration and the last /reviewers command) is now set to 2 (with at least 1 Reviewer, 1 Author).

[LanceAndersen]

Thank you for all of your hard work on this JEP Sean.

[seanjmullan]

/integrate

[seanjmullan]

/integrate

[seanjmullan]

/integrate

[openjdk]

Going to push as commit db85090.
Since your change was applied there have been 5 commits pushed to the master branch:

• c12b386: 8338007: [JVMCI] ResolvedJavaMethod.reprofile can crash ciMethodData
• 81752c4: 8338565: Test crashed: assert(is_path_empty()) failed: invariant
• e5eaa7f: 8343946: JFR: Wildcard should only work with COUNT for 'jfr view'
• 2989d87: 8343805: RISC-V: JVM crashes on startup when disabling compressed instructions
• 78b8015: 8338383: Implement JEP 491: Synchronize Virtual Threads without Pinning

Your commit was automatically rebased without conflicts.

[openjdk]

@seanjmullan Pushed as commit db85090.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

[openjdk]

@seanjmullan The command integrate can only be used in open pull requests.

[openjdk]

@seanjmullan The command integrate can only be used in open pull requests.