Removing AccessController calls from the following directories:

PiperOrigin-RevId: 726767193
Change-Id: I8438d16bd2279d183da439f75c285bccfd575f71

Author: srinjoyray

api/src/main/java/com/google/appengine/spi/ServiceFactoryFactory.java

@@ -17,8 +17,6 @@
 package com.google.appengine.spi;
 
 import com.google.common.base.Preconditions;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -137,44 +135,36 @@ private static final class RuntimeRegistry {
     }
   }
 
-  /**
-   * Retrieves the list of factory providers from the classpath
-   */
+  /** Retrieves the list of factory providers from the classpath */
   private static List<FactoryProvider<?>> getProvidersUsingServiceLoader() {
-    return AccessController.doPrivileged(
-        new PrivilegedAction<List<FactoryProvider<?>>>() {
-          @Override
-          public List<FactoryProvider<?>> run() {
-            List<FactoryProvider<?>> result = new ArrayList<FactoryProvider<?>>();
-
-            // Sandboxed applications use the classloader of this class (ServiceFactoryFactory).
-            // VM runtime applications use the thread context classloader (if not null) and fall
-            // back to
-            // the ServiceFactoryFactory classloader otherwise.
-            //
-            ClassLoader classLoader = null;
-            if (Boolean.getBoolean(USE_THREAD_CONTEXT_CLASSLOADER_PROPERTY)) {
-              classLoader = Thread.currentThread().getContextClassLoader();
-            }
-            if (classLoader == null) {
-              // If the classloader isn't set (or set to null). Use the classloader of this class.
-              classLoader = ServiceFactoryFactory.class.getClassLoader();
-            }
-
-            // Can't use parameterized types in ServiceLoader.load
-            //
-            @SuppressWarnings("rawtypes")
-            ServiceLoader<FactoryProvider> providers =
-                ServiceLoader.load(FactoryProvider.class, classLoader);
-
-            if (providers != null) {
-              for (FactoryProvider<?> provider : providers) {
-                result.add(provider);
-              }
-            }
-
-            return result;
-          }
-        });
+    List<FactoryProvider<?>> result = new ArrayList<FactoryProvider<?>>();
+
+    // Sandboxed applications use the classloader of this class (ServiceFactoryFactory).
+    // VM runtime applications use the thread context classloader (if not null) and fall
+    // back to
+    // the ServiceFactoryFactory classloader otherwise.
+    //
+    ClassLoader classLoader = null;
+    if (Boolean.getBoolean(USE_THREAD_CONTEXT_CLASSLOADER_PROPERTY)) {
+      classLoader = Thread.currentThread().getContextClassLoader();
+    }
+    if (classLoader == null) {
+      // If the classloader isn't set (or set to null). Use the classloader of this class.
+      classLoader = ServiceFactoryFactory.class.getClassLoader();
+    }
+
+    // Can't use parameterized types in ServiceLoader.load
+    //
+    @SuppressWarnings("rawtypes")
+    ServiceLoader<FactoryProvider> providers =
+        ServiceLoader.load(FactoryProvider.class, classLoader);
+
+    if (providers != null) {
+      for (FactoryProvider<?> provider : providers) {
+        result.add(provider);
+      }
+    }
+
+    return result;
   }
 }

local_runtime_shared_jetty12/src/main/java/com/google/apphosting/utils/servlet/ModulesServlet.java

@@ -23,8 +23,6 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import java.io.IOException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.logging.Logger;
 import javax.servlet.ServletException;
@@ -125,23 +123,15 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
     final String action = req.getParameter(ACTION_MODULE);
 
     if (action != null && moduleName != null && moduleVersion != null) {
-      AccessController.doPrivileged(
-          new PrivilegedAction<Object>() {
-            @Override
-            public Object run() {
-              try {
-                if (action.equals("Stop")) {
-                  getModulesController().stopModule(moduleName, moduleVersion);
-                } else if (action.equals("Start")) {
-                  getModulesController().startModule(moduleName, moduleVersion);
-                }
-              } catch (Exception e) {
-                logger.severe(
-                    "Got error when performing a " + action + " of module : " + moduleName);
-              }
-              return null;
-            }
-          });
+      try {
+        if (action.equals("Stop")) {
+          getModulesController().stopModule(moduleName, moduleVersion);
+        } else if (action.equals("Start")) {
+          getModulesController().startModule(moduleName, moduleVersion);
+        }
+      } catch (Exception e) {
+        logger.severe("Got error when performing a " + action + " of module : " + moduleName);
+      }
     } else {
       logger.severe("The post method against the modules servlet was called without all of the " +
           "expected post parameters, we got [moduleName = " + moduleName + ", moduleVersion = " +

local_runtime_shared_jetty12/src/main/java/com/google/apphosting/utils/servlet/ee10/ModulesServlet.java

@@ -27,8 +27,6 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.logging.Logger;
 
@@ -125,23 +123,15 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
     final String action = req.getParameter(ACTION_MODULE);
 
     if (action != null && moduleName != null && moduleVersion != null) {
-      AccessController.doPrivileged(
-          new PrivilegedAction<Object>() {
-            @Override
-            public Object run() {
-              try {
-                if (action.equals("Stop")) {
-                  getModulesController().stopModule(moduleName, moduleVersion);
-                } else if (action.equals("Start")) {
-                  getModulesController().startModule(moduleName, moduleVersion);
-                }
-              } catch (Exception e) {
-                logger.severe(
-                    "Got error when performing a " + action + " of module : " + moduleName);
-              }
-              return null;
-            }
-          });
+      try {
+        if (action.equals("Stop")) {
+          getModulesController().stopModule(moduleName, moduleVersion);
+        } else if (action.equals("Start")) {
+          getModulesController().startModule(moduleName, moduleVersion);
+        }
+      } catch (Exception e) {
+        logger.severe("Got error when performing a " + action + " of module : " + moduleName);
+      }
     } else {
       logger.severe("The post method against the modules servlet was called without all of the " +
           "expected post parameters, we got [moduleName = " + moduleName + ", moduleVersion = " +

local_runtime_shared_jetty9/src/main/java/com/google/apphosting/utils/servlet/ModulesServlet.java

@@ -23,8 +23,6 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import java.io.IOException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.logging.Logger;
 import javax.servlet.ServletException;
@@ -125,23 +123,16 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
     final String action = req.getParameter(ACTION_MODULE);
 
     if (action != null && moduleName != null && moduleVersion != null) {
-      AccessController.doPrivileged(
-          new PrivilegedAction<Object>() {
-            @Override
-            public Object run() {
-              try {
-                if (action.equals("Stop")) {
-                  getModulesController().stopModule(moduleName, moduleVersion);
-                } else if (action.equals("Start")) {
-                  getModulesController().startModule(moduleName, moduleVersion);
-                }
-              } catch (Exception e) {
-                logger.severe(
-                    "Got error when performing a " + action + " of module : " + moduleName);
-              }
-              return null;
-            }
-          });
+      try {
+        if (action.equals("Stop")) {
+          getModulesController().stopModule(moduleName, moduleVersion);
+        } else if (action.equals("Start")) {
+          getModulesController().startModule(moduleName, moduleVersion);
+        }
+      } catch (Exception e) {
+        logger.severe(
+            "Got error when performing a " + action + " of module : " + moduleName);
+      }
     } else {
       logger.severe("The post method against the modules servlet was called without all of the " +
           "expected post parameters, we got [moduleName = " + moduleName + ", moduleVersion = " +

runtime_shared/src/main/java/com/google/appengine/api/LifecycleManager.java

@@ -17,8 +17,6 @@
 package com.google.appengine.api;
 
 import com.google.apphosting.api.ApiProxy;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -55,23 +53,14 @@ public synchronized void setShutdownHook(ShutdownHook hook) {
     hooks.put(currentAppVersionId(), hook);
   }
 
-  /**
-   * Calls Thread.interrupt() on all threads running requests for this
-   * application.
-   */
+  /** Calls Thread.interrupt() on all threads running requests for this application. */
   public void interruptAllRequests() {
-    AccessController.doPrivileged(
-        new PrivilegedAction<Void>() {
-          @Override public Void run() {
-            List<Thread> threads = ApiProxy.getRequestThreads();
-            if (threads != null) {
-              for (Thread thread : threads) {
-                thread.interrupt();
-              }
-            }
-            return null;
-          }
-        });
+    List<Thread> threads = ApiProxy.getRequestThreads();
+    if (threads != null) {
+      for (Thread thread : threads) {
+        thread.interrupt();
+      }
+    }
   }
 
   /**

shared_sdk/src/main/java/com/google/apphosting/runtime/SessionManagerUtil.java

@@ -26,8 +26,6 @@
 import java.io.ObjectStreamClass;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.Proxy;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -52,12 +50,8 @@ public static Object deserialize(byte[] bytes) {
     // N.B.: There is most likely user code on the stack
     // here, but because the value we're returning is not related to
     // our ClassLoader we'll fail the
-    // RuntimePermission("getClassLoader") check.  We do have this
-    // permission though, so use a doPrivileged block to get user code
-    // off the stack.
-    ClassLoader classLoader =
-        AccessController.doPrivileged(
-            (PrivilegedAction<ClassLoader>) () -> Thread.currentThread().getContextClassLoader());
+    // RuntimePermission("getClassLoader") check.
+    ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
     // TODO: It seems strange that we need to do this.  It
     // would be safer and cleaner if we could find a way to have user
     // code initiate this serialization, rather than having