Removing use of Java security manager from appengine_standard/runtime

PiperOrigin-RevId: 725059265
Change-Id: Ia65414b28aed4054ba3ceff820340fb0a66b0ef5

Author: srinjoyray

runtime/impl/src/main/java/com/google/apphosting/runtime/ApiProxyImpl.java

@@ -49,9 +49,6 @@
 import com.google.protobuf.ByteString;
 import com.google.protobuf.ExtensionRegistry;
 import com.google.protobuf.InvalidProtocolBufferException;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.time.Duration;
 import java.util.Collections;
 import java.util.HashMap;
@@ -289,8 +286,7 @@ public byte[] makeSyncCall(
       final String packageName,
       final String methodName,
       final byte[] request) {
-    return AccessController.doPrivileged(
-        (PrivilegedAction<byte[]>) () -> doSyncCall(environment, packageName, methodName, request));
+    return doSyncCall(environment, packageName, methodName, request);
   }
 
   @Override
@@ -300,9 +296,8 @@ public Future<byte[]> makeAsyncCall(
       final String methodName,
       final byte[] request,
       final ApiProxy.ApiConfig apiConfig) {
-    return AccessController.doPrivileged(
-        (PrivilegedAction<Future<byte[]>>) () -> doAsyncCall(
-            environment, packageName, methodName, request, apiConfig.getDeadlineInSeconds()));
+    return doAsyncCall(
+        environment, packageName, methodName, request, apiConfig.getDeadlineInSeconds());
   }
 
   private byte[] doSyncCall(
@@ -1350,7 +1345,7 @@ public void run() {
     }
   }
 
-  private static PrivilegedAction<Void> runWithThreadContext(
+  private static Runnable runWithThreadContext(
       Runnable runnable, Environment environment, CloudTraceContext parentThreadContext) {
     return () -> {
       CloudTrace.setCurrentContext(environment, parentThreadContext);
@@ -1359,7 +1354,6 @@ private static PrivilegedAction<Void> runWithThreadContext(
       } finally {
         CloudTrace.setCurrentContext(environment, null);
       }
-      return null;
     };
   }
 
@@ -1376,16 +1370,10 @@ public Thread newThread(final Runnable runnable) {
       ThreadGroup requestThreadGroup = environment.getRequestThreadGroup();
       RequestState requestState = environment.getRequestState();
 
-      CloudTraceContext parentThreadContext =
-          CloudTrace.getCurrentContext(environment);
-      AccessControlContext context = AccessController.getContext();
-      Runnable contextRunnable =
-          () ->
-              AccessController.doPrivileged(
-                  runWithThreadContext(runnable, environment, parentThreadContext), context);
-      return AccessController.doPrivileged(
-          (PrivilegedAction<Thread>) () -> new CurrentRequestThread(
-              requestThreadGroup, contextRunnable, runnable, requestState, environment));
+      CloudTraceContext parentThreadContext = CloudTrace.getCurrentContext(environment);
+      Runnable contextRunnable = runWithThreadContext(runnable, environment, parentThreadContext);
+      return new CurrentRequestThread(
+          requestThreadGroup, contextRunnable, runnable, requestState, environment);
     }
   }
 
@@ -1408,11 +1396,7 @@ public Thread newThread(final Runnable runnable) {
 
       CloudTraceContext parentThreadContext =
           CloudTrace.getCurrentContext(environment);
-      AccessControlContext context = AccessController.getContext();
-      Runnable contextRunnable =
-          () ->
-              AccessController.doPrivileged(
-                  runWithThreadContext(runnable, environment, parentThreadContext), context);
+      Runnable contextRunnable = runWithThreadContext(runnable, environment, parentThreadContext);
 
       String requestId = systemService.startBackgroundRequest();
       Number deadline = MoreObjects.firstNonNull(

runtime/impl/src/main/java/com/google/apphosting/runtime/AppVersionFactory.java

@@ -35,7 +35,6 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.lang.Thread.UncaughtExceptionHandler;
-import java.lang.reflect.Field;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.file.FileSystems;
@@ -257,7 +256,6 @@ public AppVersion createAppVersion(
             .setUncaughtExceptionHandler(uncaughtExceptionHandler)
             .setIgnoreDaemonThreads(ignoreDaemonThreads)
             .build();
-    suppressJaxbWarningReflectionIsNotAllowed(classLoader);
     setApplicationDirectory(rootDirectory.getAbsolutePath());
     return AppVersion.builder()
         .setAppVersionKey(appVersionKey)
@@ -535,35 +533,6 @@ private URL[] getUrls(ClassPathBuilder classPathBuilder) {
     return urls;
   }
 
-  /**
-   * Suppresses the warning that JAXB logs when reflection is not allowed on
-   * a field.
-   * Most annoyingly, the warning is logged the first time that a JAX-WS service
-   * class is instantiated, due to the private fields in the
-   * {@code javax.xml.ws.wsaddressing.W3CEndpointReference} class.
-   * Since this warning is only logged once, irrespective of the number of class/field
-   * combinations for which reflection fails, there is little that is lost in
-   * suppressing it. See b/5609065 for more information.
-   *
-   * @param classLoader the application ClassLoader
-   */
-  private void suppressJaxbWarningReflectionIsNotAllowed(ClassLoader classLoader) {
-    // Suppressing the warning is only meaningful in runtimes that install a security manager.
-    if (System.getSecurityManager() != null) {
-      try {
-        // Must use reflection here because the JAXB implementation classes are
-        // on the application classpath.
-        Class<?> accessorClass =
-            classLoader.loadClass("com.sun.xml.bind.v2.runtime.reflect.Accessor");
-        Field accessWarned = accessorClass.getDeclaredField("accessWarned");
-        accessWarned.setAccessible(true);
-        accessWarned.setBoolean(null, true);
-      } catch (Exception e) {
-        logger.atWarning().withCause(e).log("failed to suppress JAXB warning reflectively");
-      }
-    }
-  }
-
   private static void setApplicationDirectory(String path) throws IOException {
     // Set the (real) "user.dir" system property to the application directory,
     // so that calls like File.getAbsolutePath() will return the expected path

runtime/impl/src/main/java/com/google/apphosting/runtime/RequestManager.java

@@ -45,8 +45,6 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.time.Duration;
@@ -588,18 +586,13 @@ public void sendDeadline(RequestToken token, boolean isUncatchable) {
         }
         logger.atInfo().log("Stopping request thread.");
         // Throw the exception in targetThread.
-        AccessController.doPrivileged(
-            (PrivilegedAction<Void>) () -> {
-              try {
-                ThreadStop0Holder.threadStop0.invoke(targetThread, throwable);
-              } catch (Exception e) {
-                logger.atWarning().withCause(e).log("Failed to stop thread");
-              }
-              return null;
-            });
+        try {
+          ThreadStop0Holder.threadStop0.invoke(targetThread, throwable);
+        } catch (Exception e) {
+          logger.atWarning().withCause(e).log("Failed to stop thread");
+        }
       }
     }
-
   }
 
   private String threadDump(Collection<Thread> threads, String prefix) {
@@ -900,30 +893,24 @@ public List<Thread> getRequestThreads(AppVersionKey appVersionKey) {
   }
 
   /**
-   * Consults {@link ThreadMXBean#findDeadlockedThreads()} to see if
-   * any deadlocks are currently present.  If so, it will
-   * immediately respond to the runtime and simulate a LOG(FATAL)
-   * containing the stack trace of the offending threads.
+   * Consults {@link ThreadMXBean#findDeadlockedThreads()} to see if any deadlocks are currently
+   * present. If so, it will immediately respond to the runtime and simulate a LOG(FATAL) containing
+   * the stack trace of the offending threads.
    */
   private void checkForDeadlocks(final RequestToken token) {
-    AccessController.doPrivileged(
-        (PrivilegedAction<Object>) () -> {
-          long[] deadlockedThreadsIds = THREAD_MX.findDeadlockedThreads();
-          if (deadlockedThreadsIds != null) {
-            StringBuilder builder = new StringBuilder();
-            builder.append(
-                "Detected a deadlock across " + deadlockedThreadsIds.length + " threads:");
-            for (ThreadInfo info :
-                THREAD_MX.getThreadInfo(deadlockedThreadsIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
-              builder.append(info);
-              builder.append("\n");
-            }
-            String message = builder.toString();
-            token.addAppLogMessage(Level.fatal, message);
-            token.logAndKillRuntime(message);
-          }
-          return null;
-        });
+    long[] deadlockedThreadsIds = THREAD_MX.findDeadlockedThreads();
+    if (deadlockedThreadsIds != null) {
+      StringBuilder builder = new StringBuilder();
+      builder.append("Detected a deadlock across " + deadlockedThreadsIds.length + " threads:");
+      for (ThreadInfo info :
+          THREAD_MX.getThreadInfo(deadlockedThreadsIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
+        builder.append(info);
+        builder.append("\n");
+      }
+      String message = builder.toString();
+      token.addAppLogMessage(Level.fatal, message);
+      token.logAndKillRuntime(message);
+    }
   }
 
   private void logMemoryStats() {
@@ -934,22 +921,15 @@ private void logMemoryStats() {
   }
 
   private void logAllStackTraces() {
-    AccessController.doPrivileged(
-        (PrivilegedAction<Object>)
-            () -> {
-              long[] allthreadIds = THREAD_MX.getAllThreadIds();
-              StringBuilder builder = new StringBuilder();
-              builder.append(
-                  "Dumping thread info for all " + allthreadIds.length + " runtime threads:");
-              for (ThreadInfo info :
-                  THREAD_MX.getThreadInfo(allthreadIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
-                builder.append(info);
-                builder.append("\n");
-              }
-              String message = builder.toString();
-              logger.atInfo().log("%s", message);
-              return null;
-            });
+    long[] allthreadIds = THREAD_MX.getAllThreadIds();
+    StringBuilder builder = new StringBuilder();
+    builder.append("Dumping thread info for all " + allthreadIds.length + " runtime threads:");
+    for (ThreadInfo info : THREAD_MX.getThreadInfo(allthreadIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
+      builder.append(info);
+      builder.append("\n");
+    }
+    String message = builder.toString();
+    logger.atInfo().log("%s", message);
   }
 
   private Throwable createDeadlineThrowable(String message, boolean isUncatchable) {

runtime/lite/src/main/java/com/google/appengine/runtime/lite/RequestManager.java

@@ -54,8 +54,6 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.time.Duration;
@@ -774,27 +772,22 @@ public List<Thread> getRequestThreads(AppVersionKey appVersionKey) {
    * the stack trace of the offending threads.
    */
   private void checkForDeadlocks(final RequestToken token) {
-    AccessController.doPrivileged(
-        (PrivilegedAction<Object>)
-            () -> {
-              long[] deadlockedThreadsIds = THREAD_MX.findDeadlockedThreads();
-              if (deadlockedThreadsIds != null) {
-                StringBuilder builder = new StringBuilder();
-                builder.append(
-                    "Detected a deadlock across ")
-                    .append(deadlockedThreadsIds.length)
-                    .append(" threads:");
-                for (ThreadInfo info :
-                    THREAD_MX.getThreadInfo(deadlockedThreadsIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
-                  builder.append(info);
-                  builder.append("\n");
-                }
-                String message = builder.toString();
-                token.addAppLogMessage(Level.fatal, message);
-                token.logAndKillRuntime(message);
-              }
-              return null;
-            });
+    long[] deadlockedThreadsIds = THREAD_MX.findDeadlockedThreads();
+    if (deadlockedThreadsIds != null) {
+      StringBuilder builder = new StringBuilder();
+      builder
+          .append("Detected a deadlock across ")
+          .append(deadlockedThreadsIds.length)
+          .append(" threads:");
+      for (ThreadInfo info :
+          THREAD_MX.getThreadInfo(deadlockedThreadsIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
+        builder.append(info);
+        builder.append("\n");
+      }
+      String message = builder.toString();
+      token.addAppLogMessage(Level.fatal, message);
+      token.logAndKillRuntime(message);
+    }
   }
 
   private void logMemoryStats() {
@@ -805,24 +798,18 @@ private void logMemoryStats() {
   }
 
   private void logAllStackTraces() {
-    AccessController.doPrivileged(
-        (PrivilegedAction<Object>)
-            () -> {
-              long[] allthreadIds = THREAD_MX.getAllThreadIds();
-              StringBuilder builder = new StringBuilder();
-              builder
-                  .append("Dumping thread info for all ")
-                  .append(allthreadIds.length)
-                  .append(" runtime threads:");
-              for (ThreadInfo info :
-                  THREAD_MX.getThreadInfo(allthreadIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
-                builder.append(info);
-                builder.append("\n");
-              }
-              String message = builder.toString();
-              logger.atInfo().log("%s", message);
-              return null;
-            });
+    long[] allthreadIds = THREAD_MX.getAllThreadIds();
+    StringBuilder builder = new StringBuilder();
+    builder
+        .append("Dumping thread info for all ")
+        .append(allthreadIds.length)
+        .append(" runtime threads:");
+    for (ThreadInfo info : THREAD_MX.getThreadInfo(allthreadIds, MAXIMUM_DEADLOCK_STACK_LENGTH)) {
+      builder.append(info);
+      builder.append("\n");
+    }
+    String message = builder.toString();
+    logger.atInfo().log("%s", message);
   }
 
   private Throwable createDeadlineThrowable(String message, boolean isUncatchable) {