[JDK11 OJDK-MH] AccessControlException: Access denied

[babsingh]

The below failure(s) is(are) only seen when OJDK MHs are enabled in OpenJ9.

Errors

[2022-02-10T16:51:37.081Z] java.security.AccessControlException: Access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.util.logging")
[2022-02-10T16:51:37.081Z]      at java.base/java.security.AccessController.throwACE(AccessController.java:176)
[2022-02-10T16:51:37.081Z]      at java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:238)
[2022-02-10T16:51:37.081Z]      at java.base/java.security.AccessController.checkPermission(AccessController.java:385)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238)
[2022-02-10T16:51:37.081Z]      at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:1071)
[2022-02-10T16:51:37.081Z]      at java.base/sun.invoke.util.BytecodeDescriptor.parseSig(BytecodeDescriptor.java:95)
[2022-02-10T16:51:37.081Z]      at java.base/sun.invoke.util.BytecodeDescriptor.parseMethod(BytecodeDescriptor.java:60)
[2022-02-10T16:51:37.081Z]      at java.base/sun.invoke.util.BytecodeDescriptor.parseMethod(BytecodeDescriptor.java:45)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.invoke.MethodType.fromDescriptor(MethodType.java:1135)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.invoke.MethodType.fromMethodDescriptorString(MethodType.java:1114)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.invoke.MethodTypeHelper.vmResolveFromMethodDescriptorString(MethodTypeHelper.java:251)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.invoke.MethodHandleResolver.resolveInvokeDynamic(MethodHandleResolver.java:166)
[2022-02-10T16:51:37.081Z]      at app//BasePlatformLoggerTest.testLogger(BasePlatformLoggerTest.java:540)
[2022-02-10T16:51:37.081Z]      at app//BasePlatformLoggerTest.test(BasePlatformLoggerTest.java:471)
[2022-02-10T16:51:37.081Z]      at app//BasePlatformLoggerTest.lambda$main$0(BasePlatformLoggerTest.java:405)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:497)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:487)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:239)
[2022-02-10T16:51:37.081Z]      at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
[2022-02-10T16:51:37.081Z]      at app//BasePlatformLoggerTest.main(BasePlatformLoggerTest.java:378)
[2022-02-10T16:51:37.081Z]      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2022-02-10T16:51:37.081Z]      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[2022-02-10T16:51:37.081Z]      at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[2022-02-10T16:51:37.081Z]      at app//com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
[2022-02-10T16:51:37.081Z]      at java.base/java.lang.Thread.run(Thread.java:871)

Failing Test Targets

• BUILD_LIST=openjdk
  • java/lang/System/LoggerFinder/internal/BasePlatformLoggerTest/BasePlatformLoggerTest.java
  • java/lang/System/LoggerFinder/internal/PlatformLoggerBridgeTest/PlatformLoggerBridgeTest.java

How-to Run Tests?

https://github.com/eclipse/openj9/blob/master/test/docs/OpenJ9TestUserGuide.md

Steps to build an OpenJ9 JDK11 with OJDK MHs enabled

Refer to #14540.

[babsingh]

re #14555 (comment): RI doesn't throw the AccessControlException from ClassLoaders$AppClassLoader.loadClass with OJDK MHs. When we enable OJDK MHs in OpenJ9, our implementation of AccessController throws the AccessControlException. @JasonFengJ9 Does our AccessController implementation correctly throw the AccessControlException or do we need to match the RI?

[JasonFengJ9]

[2022-02-10T16:51:37.081Z] at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238)

https://github.com/ibmruntimes/openj9-openjdk-jdk11/blob/18084a9a1bbb4699a8cbc46ca0b91d5213f33839/src/java.base/share/classes/java/lang/SecurityManager.java#L1236-L1241

        // check if pkg is not exported to all modules
        if (nonExportedPkgs.containsKey(pkg)) { <-- This check seems wrong since "--add-exports java.base/sun.util.logging=ALL-UNNAMED" was specified in the test command line options
            checkPermission(
                new RuntimePermission("accessClassInPackage." + pkg)); <--- AccessControlException was thrown here
            return;
        }

It is not immediately clear why sun.util.logging was put into nonExportedPkgs.

[JasonFengJ9]

Run BasePlatformLoggerTest.java against JDK11 w/o MH enabled (default) w/ -Djava.security.debug=access:stack:permission=java/lang/RuntimePermission

access: access allowed ("java.lang.RuntimePermission" "accessClassInPackage.sun.util.logging")

The checkPackageAccess() was successful for sun.util.logging, it seems there are call stacks introduced w/o permission required.

[dipak-bagadiya]

In AccessController.java, access was denied for the "sun.util.logging" package, causing the test to fail.
The relevant values for pDomains and width are as follows:
pDomains = java.security instance SecurityDomain [2] (id: 1174) width = 2
Based on the analysis conducted so far, it appears that the issue may be related to the "permsMap" in the Permissions.java file. Even when both createEmpty and hasUnresolved are set to false in the case of the "sun.util.logging" package, the permsMap is empty.
There are two possible reasons for this:

1. The add method is not being called from the implies method.
2. The permsMap is not being populated correctly.

Further investigation is needed to identify and resolve the root cause of the issue. (edited) (edited)

[JasonFengJ9]

Update
I modified the testcase to remove the sub-tests unrelated to the failure in question, and compared OpenJ9 JDK11 default, OpenJ9 JDK11 w/ OJDK-MH enabled, and RI JDK11.
It seems only OpenJ9 JDK11 w/ OJDK-MH goes through the code path requiring SecurityManager.checkPackageAccess(sun.util.logging), the other two didn't perform the security check failed w/o accessClassInPackage.sun.util.logging hence the permission required is irrelevant.

In such case, we might introduce an AccessController.doPrivileged() within java.lang.ClassLoader to prevent further stack walking and permission check, and the testcases in this issue passed w/ the change.
Opened

• JDK 8/11 OPENJDK_METHODHANDLES require AccessController.doPrivileged() #18257

[babsingh]

Closing ... fixed by #18264.