Bug ID: JDK-8161101 Bootstrap error when a SecurityManager references a permission defined in a non-privileged module

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 11

Priority: P4
Status: Resolved
Resolution: Won't Fix

Submitted: 2016-07-11
Updated: 2022-01-27
Resolved: 2022-01-27

If a SecurityManager::checkPermission implementation references a permission type defined in a non-privileged module, the class loading might trigger another permission check and some unexpected error would happen.

No plans to fix this given the deprecation of the Security Manager. A workaround is to proactively load SQLPermission, for example, by declaring a static variable in the test: private static final SQLPermission DUMMY = new SQLPermission("dummy");

27-01-2022

I don't see an obvious way to fix this. When the test program tries to get the value of the "os.name" system property, this triggers a permission check, which ends up calling the overridden checkPermission method of the test. This method then triggers a class load of SQLPermission, which is in a module it has not loaded yet, so that triggers another permission check this time for a RuntimePermission "accessSystemModules", which causes checkPermission to be called again, and so on, which causes the classloading implementation to detect a recursive update of the map used to store ModuleReaders and throw an exception. A workaround is to proactively load SQLPermission, for example, by declaring a static variable in the test: private static final SQLPermission DUMMY = new SQLPermission("dummy"); I'm leaning towards closing this as "Won't Fix" as we have not seen it come up in any real use cases yet, and the workaround may be acceptable.

12-03-2019

An example. Please note the exception is different after -Djava.security.debug is set. $ cat NonPrivileged.java import java.security.Permission; import java.sql.SQLPermission; public class NonPrivileged extends SecurityManager { @Override public void checkPermission(Permission perm, Object context) { checkPermission(perm); } public void checkPermission(Permission perm) { if (!(perm instanceof SQLPermission)) { // Class loading line return; } } public static void main(String[] args) throws Exception { System.setSecurityManager(new NonPrivileged()); System.getProperty("os.name"); } } $ java -version java version "9-ea" Java(TM) SE Runtime Environment (build 9-ea+125) Java HotSpot(TM) 64-Bit Server VM (build 9-ea+125, mixed mode) $ java NonPrivileged Exception in thread "main" java.lang.BootstrapMethodError: call site initialization exception at NonPrivileged.checkPermission(NonPrivileged.java:12) at java.lang.SecurityManager.checkPropertyAccess(java.base@9-ea/SecurityManager.java:1285) at java.lang.System.getProperty(java.base@9-ea/System.java:762) at NonPrivileged.main(NonPrivileged.java:19) $ java -Djava.security.debug= NonPrivileged Exception in thread "main" java.lang.IllegalStateException: Recursive update at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(java.base@9-ea/ConcurrentHashMap.java:1767) at jdk.internal.loader.BuiltinClassLoader.moduleReaderFor(java.base@9-ea/BuiltinClassLoader.java:727) at jdk.internal.loader.BuiltinClassLoader.defineClass(java.base@9-ea/BuiltinClassLoader.java:484) at jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(java.base@9-ea/BuiltinClassLoader.java:449) at java.security.AccessController.doPrivileged(java.base@9-ea/Native Method) at jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(java.base@9-ea/BuiltinClassLoader.java:450) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:390) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:425) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:394) at jdk.internal.loader.BuiltinClassLoader.loadClass(java.base@9-ea/BuiltinClassLoader.java:364) at jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(java.base@9-ea/ClassLoaders.java:185) at java.lang.ClassLoader.loadClass(java.base@9-ea/ClassLoader.java:419) at NonPrivileged.checkPermission(NonPrivileged.java:12) at java.lang.SecurityManager.checkPropertyAccess(java.base@9-ea/SecurityManager.java:1285) at java.lang.System.getProperty(java.base@9-ea/System.java:762) at sun.security.action.GetPropertyAction.run(java.base@9-ea/GetPropertyAction.java:87) at sun.security.action.GetPropertyAction.run(java.base@9-ea/GetPropertyAction.java:53) at java.security.AccessController.doPrivileged(java.base@9-ea/Native Method) at sun.security.action.GetPropertyAction.privilegedGetProperty(java.base@9-ea/GetPropertyAction.java:107) at sun.net.www.protocol.jrt.JavaRuntimeURLConnection.getPermission(java.base@9-ea/JavaRuntimeURLConnection.java:164) at java.lang.module.SystemModuleFinder$ImageModuleReader.checkPermissionToConnect(java.base@9-ea/SystemModuleFinder.java:258) at java.lang.module.SystemModuleFinder$ImageModuleReader.<init>(java.base@9-ea/SystemModuleFinder.java:266) at java.lang.module.SystemModuleFinder$1.get(java.base@9-ea/SystemModuleFinder.java:174) at java.lang.module.SystemModuleFinder$1.get(java.base@9-ea/SystemModuleFinder.java:171) at java.lang.module.ModuleReference.open(java.base@9-ea/ModuleReference.java:163) at jdk.internal.loader.BuiltinClassLoader.createModuleReader(java.base@9-ea/BuiltinClassLoader.java:735) at jdk.internal.loader.BuiltinClassLoader.lambda$moduleReaderFor$3(java.base@9-ea/BuiltinClassLoader.java:727) at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(java.base@9-ea/ConcurrentHashMap.java:1716) at jdk.internal.loader.BuiltinClassLoader.moduleReaderFor(java.base@9-ea/BuiltinClassLoader.java:727) at jdk.internal.loader.BuiltinClassLoader.defineClass(java.base@9-ea/BuiltinClassLoader.java:484) at jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(java.base@9-ea/BuiltinClassLoader.java:449) at java.security.AccessController.doPrivileged(java.base@9-ea/Native Method) at jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(java.base@9-ea/BuiltinClassLoader.java:450) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:390) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:425) at jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(java.base@9-ea/BuiltinClassLoader.java:394) at jdk.internal.loader.BuiltinClassLoader.loadClass(java.base@9-ea/BuiltinClassLoader.java:364) at jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(java.base@9-ea/ClassLoaders.java:185) at java.lang.ClassLoader.loadClass(java.base@9-ea/ClassLoader.java:419) at NonPrivileged.checkPermission(NonPrivileged.java:12) at java.lang.SecurityManager.checkPropertyAccess(java.base@9-ea/SecurityManager.java:1285) at java.lang.System.getProperty(java.base@9-ea/System.java:762) at NonPrivileged.main(NonPrivileged.java:19)

11-07-2016