Move SecurityManager relevant parts to SecurityBridge

src/org/mozilla/javascript/JavaMembers.java

@@ -15,9 +15,6 @@
 import java.lang.reflect.Member;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.security.AccessControlContext;
-import java.security.AllPermission;
-import java.security.Permission;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -36,8 +33,6 @@ class JavaMembers {
     private static final boolean STRICT_REFLECTIVE_ACCESS =
             SourceVersion.latestSupported().ordinal() > 8;
 
-    private static final Permission allPermission = new AllPermission();
-
     JavaMembers(Scriptable scope, Class<?> cl) {
         this(scope, cl, false);
     }
@@ -770,7 +765,7 @@ static JavaMembers lookupClass(
         Map<ClassCache.CacheKey, JavaMembers> ct = cache.getClassCacheMap();
 
         Class<?> cl = dynamicType;
-        Object secCtx = getSecurityContext();
+        Object secCtx = SecurityUtilities.getSecurityContext();
         for (; ; ) {
             members = ct.get(new ClassCache.CacheKey(cl, secCtx));
             if (members != null) {
@@ -827,24 +822,6 @@ private static JavaMembers createJavaMembers(
         }
     }
 
-    private static Object getSecurityContext() {
-        Object sec = null;
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sec = sm.getSecurityContext();
-            if (sec instanceof AccessControlContext) {
-                try {
-                    ((AccessControlContext) sec).checkPermission(allPermission);
-                    // if we have allPermission, we do not need to store the
-                    // security object in the cache key
-                    return null;
-                } catch (SecurityException e) {
-                }
-            }
-        }
-        return sec;
-    }
-
     RuntimeException reportMemberNotFound(String memberName) {
         return Context.reportRuntimeErrorById(
                 "msg.java.member.not.found", cl.getName(), memberName);

src/org/mozilla/javascript/NativeJavaClass.java

@@ -157,7 +157,8 @@ public Scriptable construct(Context cx, Scriptable scope, Object[] args) {
         try {
             // When running on Android create an InterfaceAdapter since our
             // bytecode generation won't work on Dalvik VM.
-            if ("Dalvik".equals(System.getProperty("java.vm.name")) && classObject.isInterface()) {
+            if ("Dalvik".equals(SecurityUtilities.getSystemProperty("java.vm.name"))
+                    && classObject.isInterface()) {
                 Object obj =
                         createInterfaceAdapter(
                                 classObject, ScriptableObject.ensureScriptableObject(args[0]));

src/org/mozilla/javascript/PolicySecurityController.java

@@ -27,7 +27,10 @@
  * source files are signed in whatever implementation-specific way you're using.
  *
  * @author Attila Szegedi
+ * @deprecated This class is only useful in conjunction with {@link SecurityManager}, which is
+ *     deprecated since JDK17 and subject to removal in a future release
  */
+@Deprecated
 public class PolicySecurityController extends SecurityController {
     private static final byte[] secureCallerImplBytecode = loadBytecode();
 

src/org/mozilla/javascript/RhinoException.java

@@ -386,7 +386,7 @@ public static StackStyle getStackStyle() {
 
     // Allow us to override default stack style for debugging.
     static {
-        String style = System.getProperty("rhino.stack.style");
+        String style = SecurityUtilities.getSystemProperty("rhino.stack.style");
         if (style != null) {
             if ("Rhino".equalsIgnoreCase(style)) {
                 stackStyle = StackStyle.RHINO;

src/org/mozilla/javascript/RhinoSecurityManager.java

@@ -10,7 +10,11 @@
  * domain of the script that triggered the current action. It is required for JavaAdapters to have
  * the same <code>ProtectionDomain</code> as the script code that created them. Embeddings that
  * implement their own SecurityManager can use this as base class.
+ *
+ * @deprecated This class is only useful in conjunction with {@link SecurityManager}, which is
+ *     deprecated since JDK17 and subject to removal in a future release
  */
+@Deprecated
 public class RhinoSecurityManager extends SecurityManager {
 
     /**

src/org/mozilla/javascript/ScriptRuntime.java

@@ -317,7 +317,7 @@ public static ScriptableObject initStandardObjects(
 
     static String[] getTopPackageNames() {
         // Include "android" top package if running on Android
-        return "Dalvik".equals(System.getProperty("java.vm.name"))
+        return "Dalvik".equals(SecurityUtilities.getSystemProperty("java.vm.name"))
                 ? new String[] {"java", "javax", "org", "com", "edu", "net", "android"}
                 : new String[] {"java", "javax", "org", "com", "edu", "net"};
     }

src/org/mozilla/javascript/SecureCaller.java

@@ -19,7 +19,12 @@
 import java.util.Map;
 import java.util.WeakHashMap;
 
-/** @author Attila Szegedi */
+/**
+ * @author Attila Szegedi
+ * @deprecated This class depends on {@link AccessController}, which is deprecated since JDK17 and
+ *     subject to removal in a future release
+ */
+@Deprecated
 public abstract class SecureCaller {
     private static final byte[] secureCallerImplBytecode = loadBytecode();
 

src/org/mozilla/javascript/SecurityBridge.java

@@ -0,0 +1,32 @@
+/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.javascript;
+
+import java.security.ProtectionDomain;
+
+/**
+ * Bridge to security relevant operations, that have to be handled with SecurityManager up to JDK
+ * 17.
+ *
+ * <p>Notice: With JEP411, the SecurityManager is deprecated.
+ *
+ * @author Roland Praml
+ */
+interface SecurityBridge {
+
+    /** @see SecurityUtilities#getSystemProperty(String) */
+    public String getSystemProperty(final String name);
+
+    /** @see SecurityUtilities#getProtectionDomain(Class) */
+    public ProtectionDomain getProtectionDomain(final Class<?> clazz);
+
+    /** @see SecurityUtilities#getScriptProtectionDomain() */
+    public ProtectionDomain getScriptProtectionDomain();
+
+    /** @see SecurityUtilities#getSecurityContext() */
+    Object getSecurityContext();
+}

src/org/mozilla/javascript/SecurityBridge_NoOp.java

@@ -0,0 +1,33 @@
+/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.javascript;
+
+import java.security.ProtectionDomain;
+
+/** This is a "no-op" implementation of SecurityBridge and should work for JDK17 and beyond. */
+public class SecurityBridge_NoOp implements SecurityBridge {
+
+    @Override
+    public String getSystemProperty(final String name) {
+        return System.getProperty(name);
+    }
+
+    @Override
+    public ProtectionDomain getProtectionDomain(final Class<?> clazz) {
+        return clazz.getProtectionDomain();
+    }
+
+    @Override
+    public ProtectionDomain getScriptProtectionDomain() {
+        return null;
+    }
+
+    @Override
+    public Object getSecurityContext() {
+        return null;
+    }
+}

src/org/mozilla/javascript/SecurityBridge_SecurityManager.java

@@ -0,0 +1,103 @@
+/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.javascript;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.AllPermission;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+
+/**
+ * Code moved from {@link SecurityUtilities}. This implementation makes use of {@link
+ * SecurityManager} and {@link AccessController} and so on, which is deprecated with JDK17 (see <a
+ * href='https://openjdk.java.net/jeps/411'>JEP411</a>) - so all related 'java.security' stuff
+ * should be routed over this class, so that it could be easily replaced by an other implementation
+ * like {@link SecurityBridge_NoOp}.
+ *
+ * <p>This implementation should be work up to JDK17
+ *
+ * @author Attila Szegedi
+ * @author Roland Praml, FOCONIS AG
+ */
+@Deprecated
+public class SecurityBridge_SecurityManager implements SecurityBridge {
+    private static final Permission allPermission = new AllPermission();
+    /**
+     * Retrieves a system property within a privileged block. Use it only when the property is used
+     * from within Rhino code and is not passed out of it.
+     *
+     * @param name the name of the system property
+     * @return the value of the system property
+     */
+    @Override
+    public String getSystemProperty(final String name) {
+        return AccessController.doPrivileged(
+                new PrivilegedAction<String>() {
+                    @Override
+                    public String run() {
+                        return System.getProperty(name);
+                    }
+                });
+    }
+
+    @Override
+    public ProtectionDomain getProtectionDomain(final Class<?> clazz) {
+        return AccessController.doPrivileged(
+                new PrivilegedAction<ProtectionDomain>() {
+                    @Override
+                    public ProtectionDomain run() {
+                        return clazz.getProtectionDomain();
+                    }
+                });
+    }
+
+    /**
+     * Look up the top-most element in the current stack representing a script and return its
+     * protection domain. This relies on the system-wide SecurityManager being an instance of {@link
+     * RhinoSecurityManager}, otherwise it returns <code>null</code>.
+     *
+     * @return The protection of the top-most script in the current stack, or null
+     */
+    @Override
+    public ProtectionDomain getScriptProtectionDomain() {
+        final SecurityManager securityManager = System.getSecurityManager();
+        if (securityManager instanceof RhinoSecurityManager) {
+            return AccessController.doPrivileged(
+                    new PrivilegedAction<ProtectionDomain>() {
+                        @Override
+                        public ProtectionDomain run() {
+                            Class<?> c =
+                                    SecurityUtilities.getCurrentScriptClass(
+                                            (RhinoSecurityManager) securityManager);
+                            return c == null ? null : c.getProtectionDomain();
+                        }
+                    });
+        }
+        return null;
+    }
+
+    @Override
+    public Object getSecurityContext() {
+        Object sec = null;
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sec = sm.getSecurityContext();
+            if (sec instanceof AccessControlContext) {
+                try {
+                    ((AccessControlContext) sec).checkPermission(allPermission);
+                    // if we have allPermission, we do not need to store the
+                    // security object in the cache key
+                    return null;
+                } catch (SecurityException e) {
+                }
+            }
+        }
+        return sec;
+    }
+}