changeset 48224:ddbcfca4d51d

8186535: Remove deprecated pre-1.2 SecurityManager methods and fields Reviewed-by: alanb, coleenp, hseigel, mchung
author mullan
date Thu, 30 Nov 2017 07:54:28 -0500
parents 89deac44e515
children 9e022f580a9d
files make/hotspot/symbols/symbols-unix make/mapfiles/libjava/mapfile-vers src/hotspot/share/prims/jvm.cpp src/java.base/share/classes/java/lang/SecurityManager.java src/java.base/share/native/include/jvm.h src/java.base/share/native/libjava/SecurityManager.c src/java.desktop/share/classes/sun/applet/AppletSecurity.java test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java test/jdk/java/lang/SecurityManager/NoAWT.java
diffstat 9 files changed, 186 insertions(+), 532 deletions(-) [+]
line wrap: on
line diff
--- a/make/hotspot/symbols/symbols-unix	Thu Nov 30 13:31:30 2017 +0530
+++ b/make/hotspot/symbols/symbols-unix	Thu Nov 30 07:54:28 2017 -0500
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 JVM_ArrayCopy
 JVM_AssertionStatusDirectives
 JVM_CallStackWalk
-JVM_ClassDepth
-JVM_ClassLoaderDepth
 JVM_Clone
 JVM_ConstantPoolGetClassAt
 JVM_ConstantPoolGetClassAtIfLoaded
@@ -47,8 +45,6 @@
 JVM_ConstantPoolGetTagAt
 JVM_ConstantPoolGetUTF8At
 JVM_CountStackFrames
-JVM_CurrentClassLoader
-JVM_CurrentLoadedClass
 JVM_CurrentThread
 JVM_CurrentTimeMillis
 JVM_DefineClass
--- a/make/mapfiles/libjava/mapfile-vers	Thu Nov 30 13:31:30 2017 +0530
+++ b/make/mapfiles/libjava/mapfile-vers	Thu Nov 30 07:54:28 2017 -0500
@@ -205,10 +205,6 @@
 		Java_java_lang_Runtime_runFinalization0;
 		Java_java_lang_Runtime_totalMemory;
 		Java_java_lang_Runtime_availableProcessors;
-		Java_java_lang_SecurityManager_classDepth;
-		Java_java_lang_SecurityManager_classLoaderDepth0;
-		Java_java_lang_SecurityManager_currentClassLoader0;
-		Java_java_lang_SecurityManager_currentLoadedClass0;
 		Java_java_lang_SecurityManager_getClassContext;
 		Java_java_lang_Shutdown_halt0;
                 Java_java_lang_StackTraceElement_initStackTraceElement;
--- a/src/hotspot/share/prims/jvm.cpp	Thu Nov 30 13:31:30 2017 +0530
+++ b/src/hotspot/share/prims/jvm.cpp	Thu Nov 30 07:54:28 2017 -0500
@@ -3137,64 +3137,6 @@
 
 // java.lang.SecurityManager ///////////////////////////////////////////////////////////////////////
 
-static bool is_trusted_frame(JavaThread* jthread, vframeStream* vfst) {
-  assert(jthread->is_Java_thread(), "must be a Java thread");
-  if (jthread->privileged_stack_top() == NULL) return false;
-  if (jthread->privileged_stack_top()->frame_id() == vfst->frame_id()) {
-    oop loader = jthread->privileged_stack_top()->class_loader();
-    if (loader == NULL) return true;
-    bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
-    if (trusted) return true;
-  }
-  return false;
-}
-
-JVM_ENTRY(jclass, JVM_CurrentLoadedClass(JNIEnv *env))
-  JVMWrapper("JVM_CurrentLoadedClass");
-  ResourceMark rm(THREAD);
-
-  for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
-    // if a method in a class in a trusted loader is in a doPrivileged, return NULL
-    bool trusted = is_trusted_frame(thread, &vfst);
-    if (trusted) return NULL;
-
-    Method* m = vfst.method();
-    if (!m->is_native()) {
-      InstanceKlass* holder = m->method_holder();
-      oop loader = holder->class_loader();
-      if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
-        return (jclass) JNIHandles::make_local(env, holder->java_mirror());
-      }
-    }
-  }
-  return NULL;
-JVM_END
-
-
-JVM_ENTRY(jobject, JVM_CurrentClassLoader(JNIEnv *env))
-  JVMWrapper("JVM_CurrentClassLoader");
-  ResourceMark rm(THREAD);
-
-  for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
-
-    // if a method in a class in a trusted loader is in a doPrivileged, return NULL
-    bool trusted = is_trusted_frame(thread, &vfst);
-    if (trusted) return NULL;
-
-    Method* m = vfst.method();
-    if (!m->is_native()) {
-      InstanceKlass* holder = m->method_holder();
-      assert(holder->is_klass(), "just checking");
-      oop loader = holder->class_loader();
-      if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
-        return JNIHandles::make_local(env, loader);
-      }
-    }
-  }
-  return NULL;
-JVM_END
-
-
 JVM_ENTRY(jobjectArray, JVM_GetClassContext(JNIEnv *env))
   JVMWrapper("JVM_GetClassContext");
   ResourceMark rm(THREAD);
@@ -3234,58 +3176,6 @@
 JVM_END
 
 
-JVM_ENTRY(jint, JVM_ClassDepth(JNIEnv *env, jstring name))
-  JVMWrapper("JVM_ClassDepth");
-  ResourceMark rm(THREAD);
-  Handle h_name (THREAD, JNIHandles::resolve_non_null(name));
-  Handle class_name_str = java_lang_String::internalize_classname(h_name, CHECK_0);
-
-  const char* str = java_lang_String::as_utf8_string(class_name_str());
-  TempNewSymbol class_name_sym = SymbolTable::probe(str, (int)strlen(str));
-  if (class_name_sym == NULL) {
-    return -1;
-  }
-
-  int depth = 0;
-
-  for(vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
-    if (!vfst.method()->is_native()) {
-      InstanceKlass* holder = vfst.method()->method_holder();
-      assert(holder->is_klass(), "just checking");
-      if (holder->name() == class_name_sym) {
-        return depth;
-      }
-      depth++;
-    }
-  }
-  return -1;
-JVM_END
-
-
-JVM_ENTRY(jint, JVM_ClassLoaderDepth(JNIEnv *env))
-  JVMWrapper("JVM_ClassLoaderDepth");
-  ResourceMark rm(THREAD);
-  int depth = 0;
-  for (vframeStream vfst(thread); !vfst.at_end(); vfst.next()) {
-    // if a method in a class in a trusted loader is in a doPrivileged, return -1
-    bool trusted = is_trusted_frame(thread, &vfst);
-    if (trusted) return -1;
-
-    Method* m = vfst.method();
-    if (!m->is_native()) {
-      InstanceKlass* holder = m->method_holder();
-      assert(holder->is_klass(), "just checking");
-      oop loader = holder->class_loader();
-      if (loader != NULL && !java_lang_ClassLoader::is_trusted_loader(loader)) {
-        return depth;
-      }
-      depth++;
-    }
-  }
-  return -1;
-JVM_END
-
-
 // java.lang.Package ////////////////////////////////////////////////////////////////
 
 
--- a/src/java.base/share/classes/java/lang/SecurityManager.java	Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/classes/java/lang/SecurityManager.java	Thu Nov 30 07:54:28 2017 -0500
@@ -101,7 +101,7 @@
  * <code>checkPermission</code> returns quietly. If denied, a
  * <code>SecurityException</code> is thrown.
  * <p>
- * As of Java 2 SDK v1.2, the default implementation of each of the other
+ * The default implementation of each of the other
  * <code>check</code> methods in <code>SecurityManager</code> is to
  * call the <code>SecurityManager checkPermission</code> method
  * to determine if the calling thread has permission to perform the requested
@@ -197,10 +197,10 @@
  * See {@extLink security_guide_permissions
  * Permissions in the Java Development Kit (JDK)}
  * for permission-related information.
- * This document includes, for example, a table listing the various SecurityManager
+ * This document includes a table listing the various SecurityManager
  * <code>check</code> methods and the permission(s) the default
  * implementation of each such method requires.
- * It also contains a table of all the version 1.2 methods
+ * It also contains a table of the methods
  * that require permissions, and for each such method tells
  * which permission it requires.
  *
@@ -228,20 +228,7 @@
  *
  * @since   1.0
  */
-public
-class SecurityManager {
-
-    /**
-     * This field is <code>true</code> if there is a security check in
-     * progress; <code>false</code> otherwise.
-     *
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This field is subject to removal in a
-     *  future version of Java SE.
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected boolean inCheck;
+public class SecurityManager {
 
     /*
      * Have we been initialized. Effective against finalizer attacks.
@@ -262,24 +249,6 @@
     }
 
     /**
-     * Tests if there is a security check in progress.
-     *
-     * @return the value of the <code>inCheck</code> field. This field
-     *          should contain <code>true</code> if a security check is
-     *          in progress,
-     *          <code>false</code> otherwise.
-     * @see     java.lang.SecurityManager#inCheck
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    public boolean getInCheck() {
-        return inCheck;
-    }
-
-    /**
      * Constructs a new <code>SecurityManager</code>.
      *
      * <p> If there is a security manager already installed, this method first
@@ -322,198 +291,6 @@
     protected native Class<?>[] getClassContext();
 
     /**
-     * Returns the class loader of the most recently executing method from
-     * a class defined using a non-system class loader. A non-system
-     * class loader is defined as being a class loader that is not equal to
-     * the system class loader (as returned
-     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
-     * <p>
-     * This method will return
-     * <code>null</code> in the following three cases:
-     * <ol>
-     *   <li>All methods on the execution stack are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li>All methods on the execution stack up to the first
-     *   "privileged" caller
-     *   (see {@link java.security.AccessController#doPrivileged})
-     *   are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li> A call to <code>checkPermission</code> with
-     *   <code>java.security.AllPermission</code> does not
-     *   result in a SecurityException.
-     *
-     * </ol>
-     *
-     * @return  the class loader of the most recent occurrence on the stack
-     *          of a method from a class defined using a non-system class
-     *          loader.
-     *
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     *
-     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
-     * @see  #checkPermission(java.security.Permission) checkPermission
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected ClassLoader currentClassLoader() {
-        ClassLoader cl = currentClassLoader0();
-        if ((cl != null) && hasAllPermission())
-            cl = null;
-        return cl;
-    }
-
-    private native ClassLoader currentClassLoader0();
-
-    /**
-     * Returns the class of the most recently executing method from
-     * a class defined using a non-system class loader. A non-system
-     * class loader is defined as being a class loader that is not equal to
-     * the system class loader (as returned
-     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
-     * <p>
-     * This method will return
-     * <code>null</code> in the following three cases:
-     * <ol>
-     *   <li>All methods on the execution stack are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li>All methods on the execution stack up to the first
-     *   "privileged" caller
-     *   (see {@link java.security.AccessController#doPrivileged})
-     *   are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li> A call to <code>checkPermission</code> with
-     *   <code>java.security.AllPermission</code> does not
-     *   result in a SecurityException.
-     *
-     * </ol>
-     *
-     * @return  the class  of the most recent occurrence on the stack
-     *          of a method from a class defined using a non-system class
-     *          loader.
-     *
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     *
-     * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
-     * @see  #checkPermission(java.security.Permission) checkPermission
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected Class<?> currentLoadedClass() {
-        Class<?> c = currentLoadedClass0();
-        if ((c != null) && hasAllPermission())
-            c = null;
-        return c;
-    }
-
-    /**
-     * Returns the stack depth of the specified class.
-     *
-     * @param   name   the fully qualified name of the class to search for.
-     * @return  the depth on the stack frame of the first occurrence of a
-     *          method from a class with the specified name;
-     *          <code>-1</code> if such a frame cannot be found.
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected native int classDepth(String name);
-
-    /**
-     * Returns the stack depth of the most recently executing method
-     * from a class defined using a non-system class loader.  A non-system
-     * class loader is defined as being a class loader that is not equal to
-     * the system class loader (as returned
-     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
-     * <p>
-     * This method will return
-     * -1 in the following three cases:
-     * <ol>
-     *   <li>All methods on the execution stack are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li>All methods on the execution stack up to the first
-     *   "privileged" caller
-     *   (see {@link java.security.AccessController#doPrivileged})
-     *   are from classes
-     *   defined using the system class loader or one of its ancestors.
-     *
-     *   <li> A call to <code>checkPermission</code> with
-     *   <code>java.security.AllPermission</code> does not
-     *   result in a SecurityException.
-     *
-     * </ol>
-     *
-     * @return the depth on the stack frame of the most recent occurrence of
-     *          a method from a class defined using a non-system class loader.
-     *
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     *
-     * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
-     * @see   #checkPermission(java.security.Permission) checkPermission
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected int classLoaderDepth() {
-        int depth = classLoaderDepth0();
-        if (depth != -1) {
-            if (hasAllPermission())
-                depth = -1;
-            else
-                depth--; // make sure we don't include ourself
-        }
-        return depth;
-    }
-
-    private native int classLoaderDepth0();
-
-    /**
-     * Tests if a method from a class with the specified
-     *         name is on the execution stack.
-     *
-     * @param  name   the fully qualified name of the class.
-     * @return <code>true</code> if a method from a class with the specified
-     *         name is on the execution stack; <code>false</code> otherwise.
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected boolean inClass(String name) {
-        return classDepth(name) >= 0;
-    }
-
-    /**
-     * Basically, tests if a method from a class defined using a
-     *          class loader is on the execution stack.
-     *
-     * @return  <code>true</code> if a call to <code>currentClassLoader</code>
-     *          has a non-null return value.
-     *
-     * @deprecated This type of security checking is not recommended.
-     *  It is recommended that the <code>checkPermission</code>
-     *  call be used instead. This method is subject to removal in a
-     *  future version of Java SE.
-     * @see        #currentClassLoader() currentClassLoader
-     */
-    @Deprecated(since="1.2", forRemoval=true)
-    protected boolean inClassLoader() {
-        return currentClassLoader() != null;
-    }
-
-    /**
      * Creates an object that encapsulates the current execution
      * environment. The result of this method is used, for example, by the
      * three-argument <code>checkConnect</code> method and by the
@@ -1698,64 +1475,32 @@
     }
 
     /**
-     * Throws a <code>SecurityException</code> if the
-     * calling thread is not allowed to access members.
-     * <p>
-     * The default policy is to allow access to PUBLIC members, as well
-     * as access to classes that have the same class loader as the caller.
-     * In all other cases, this method calls <code>checkPermission</code>
-     * with the <code>RuntimePermission("accessDeclaredMembers")
-     * </code> permission.
-     * <p>
-     * If this method is overridden, then a call to
-     * <code>super.checkMemberAccess</code> cannot be made,
-     * as the default implementation of <code>checkMemberAccess</code>
-     * relies on the code being checked being at a stack depth of
-     * 4.
+     * Throws a {@code SecurityException} if the calling thread does
+     * not have {@code AllPermission}.
      *
      * @param clazz the class that reflection is to be performed on.
-     *
      * @param which type of access, PUBLIC or DECLARED.
-     *
-     * @exception  SecurityException if the caller does not have
-     *             permission to access members.
-     * @exception  NullPointerException if the <code>clazz</code> argument is
-     *             <code>null</code>.
-     *
-     * @deprecated This method relies on the caller being at a stack depth
-     *             of 4 which is error-prone and cannot be enforced by the runtime.
-     *             Users of this method should instead invoke {@link #checkPermission}
-     *             directly.
-     *             This method is subject to removal in a future version of Java SE.
-     *
-     * @see java.lang.reflect.Member
+     * @throws  SecurityException if the caller does not have
+     *          {@code AllPermission}
+     * @throws  NullPointerException if the {@code clazz} argument is
+     *          {@code null}
+     * @deprecated This method was originally used to check if the calling
+     *             thread was allowed to access members. It relied on the
+     *             caller being at a stack depth of 4 which is error-prone and
+     *             cannot be enforced by the runtime. The method has been
+     *             obsoleted and code should instead use
+     *             {@link #checkPermission} to check
+     *             {@code RuntimePermission("accessDeclaredMembers")}. This
+     *             method is subject to removal in a future version of Java SE.
      * @since 1.1
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
     @Deprecated(since="1.8", forRemoval=true)
-    @CallerSensitive
     public void checkMemberAccess(Class<?> clazz, int which) {
         if (clazz == null) {
             throw new NullPointerException("class can't be null");
         }
-        if (which != Member.PUBLIC) {
-            Class<?> stack[] = getClassContext();
-            /*
-             * stack depth of 4 should be the caller of one of the
-             * methods in java.lang.Class that invoke checkMember
-             * access. The stack should look like:
-             *
-             * someCaller                        [3]
-             * java.lang.Class.someReflectionAPI [2]
-             * java.lang.Class.checkMemberAccess [1]
-             * SecurityManager.checkMemberAccess [0]
-             *
-             */
-            if ((stack.length<4) ||
-                (stack[3].getClassLoader() != clazz.getClassLoader())) {
-                checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
-            }
-        }
+        checkPermission(SecurityConstants.ALL_PERMISSION);
     }
 
     /**
@@ -1792,8 +1537,6 @@
         checkPermission(new SecurityPermission(target));
     }
 
-    private native Class<?> currentLoadedClass0();
-
     /**
      * Returns the thread group into which to instantiate any new
      * thread being created at the time this is being called.
--- a/src/java.base/share/native/include/jvm.h	Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/native/include/jvm.h	Thu Nov 30 07:54:28 2017 -0500
@@ -262,21 +262,9 @@
 /*
  * java.lang.SecurityManager
  */
-JNIEXPORT jclass JNICALL
-JVM_CurrentLoadedClass(JNIEnv *env);
-
-JNIEXPORT jobject JNICALL
-JVM_CurrentClassLoader(JNIEnv *env);
-
 JNIEXPORT jobjectArray JNICALL
 JVM_GetClassContext(JNIEnv *env);
 
-JNIEXPORT jint JNICALL
-JVM_ClassDepth(JNIEnv *env, jstring name);
-
-JNIEXPORT jint JNICALL
-JVM_ClassLoaderDepth(JNIEnv *env);
-
 /*
  * java.lang.Package
  */
--- a/src/java.base/share/native/libjava/SecurityManager.c	Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.base/share/native/libjava/SecurityManager.c	Thu Nov 30 07:54:28 2017 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -76,53 +76,3 @@
 
     return JVM_GetClassContext(env);
 }
-
-JNIEXPORT jclass JNICALL
-Java_java_lang_SecurityManager_currentLoadedClass0(JNIEnv *env, jobject this)
-{
-    /* Make sure the security manager instance is initialized */
-    if (!check(env, this)) {
-        return NULL;            /* exception */
-    }
-
-    return JVM_CurrentLoadedClass(env);
-}
-
-JNIEXPORT jobject JNICALL
-Java_java_lang_SecurityManager_currentClassLoader0(JNIEnv *env, jobject this)
-{
-    /* Make sure the security manager instance is initialized */
-    if (!check(env, this)) {
-        return NULL;            /* exception */
-    }
-
-    return JVM_CurrentClassLoader(env);
-}
-
-JNIEXPORT jint JNICALL
-Java_java_lang_SecurityManager_classDepth(JNIEnv *env, jobject this,
-                                          jstring name)
-{
-    /* Make sure the security manager instance is initialized */
-    if (!check(env, this)) {
-        return -1;              /* exception */
-    }
-
-    if (name == NULL) {
-      JNU_ThrowNullPointerException(env, 0);
-      return -1;
-    }
-
-    return JVM_ClassDepth(env, name);
-}
-
-JNIEXPORT jint JNICALL
-Java_java_lang_SecurityManager_classLoaderDepth0(JNIEnv *env, jobject this)
-{
-    /* Make sure the security manager instance is initialized */
-    if (!check(env, this)) {
-        return -1;              /* exception */
-    }
-
-    return JVM_ClassLoaderDepth(env);
-}
--- a/src/java.desktop/share/classes/sun/applet/AppletSecurity.java	Thu Nov 30 13:31:30 2017 +0530
+++ b/src/java.desktop/share/classes/sun/applet/AppletSecurity.java	Thu Nov 30 07:54:28 2017 -0500
@@ -48,6 +48,8 @@
 import sun.awt.AWTPermissions;
 import sun.security.util.SecurityConstants;
 
+import static java.lang.StackWalker.*;
+import static java.lang.StackWalker.Option.*;
 
 
 /**
@@ -106,11 +108,90 @@
         });
     }
 
+    private static final StackWalker walker =
+        AccessController.doPrivileged(
+            (PrivilegedAction<StackWalker>) () ->
+                StackWalker.getInstance(RETAIN_CLASS_REFERENCE));
+    /**
+     * Returns the class loader of the most recently executing method from
+     * a class defined using a non-system class loader. A non-system
+     * class loader is defined as being a class loader that is not equal to
+     * the system class loader (as returned
+     * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
+     * <p>
+     * This method will return
+     * <code>null</code> in the following three cases:
+     * <ol>
+     *   <li>All methods on the execution stack are from classes
+     *   defined using the system class loader or one of its ancestors.
+     *
+     *   <li>All methods on the execution stack up to the first
+     *   "privileged" caller
+     *   (see {@link java.security.AccessController#doPrivileged})
+     *   are from classes
+     *   defined using the system class loader or one of its ancestors.
+     *
+     *   <li> A call to <code>checkPermission</code> with
+     *   <code>java.security.AllPermission</code> does not
+     *   result in a SecurityException.
+     * </ol>
+     *
+     * NOTE: This is an implementation of the SecurityManager.currentClassLoader
+     * method that uses StackWalker. SecurityManager.currentClassLoader
+     * has been removed from SE. This is a temporary workaround which is
+     * only needed while applets are still supported.
+     *
+     * @return  the class loader of the most recent occurrence on the stack
+     *          of a method from a class defined using a non-system class
+     *          loader.
+     */
+    private static ClassLoader currentClassLoader() {
+        StackFrame f =
+            walker.walk(s -> s.takeWhile(AppletSecurity::isNonPrivileged)
+                              .filter(AppletSecurity::isNonSystemFrame)
+                              .findFirst())
+                  .orElse(null);
+
+        SecurityManager sm = System.getSecurityManager();
+        if (f != null && sm != null) {
+            try {
+                sm.checkPermission(new AllPermission());
+            } catch (SecurityException se) {
+                return f.getDeclaringClass().getClassLoader();
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Returns true if the StackFrame is not AccessController.doPrivileged.
+     */
+    private static boolean isNonPrivileged(StackFrame f) {
+        // possibly other doPrivileged variants
+        Class<?> c = f.getDeclaringClass();
+        return c == AccessController.class &&
+               f.getMethodName().equals("doPrivileged");
+    }
+
+    /**
+     * Returns true if the StackFrame is not from a class defined by the
+     * system class loader or one of its ancestors.
+     */
+    private static boolean isNonSystemFrame(StackFrame f) {
+        ClassLoader loader = ClassLoader.getSystemClassLoader();
+        ClassLoader ld = f.getDeclaringClass().getClassLoader();
+        if (ld == null || ld == loader) return false;
+
+        while ((loader = loader.getParent()) != null) {
+            if (ld == loader)
+                return false;
+        }
+        return true;
+    }
+
     /**
      * get the current (first) instance of an AppletClassLoader on the stack.
      */
-    @SuppressWarnings({"deprecation",
-                       "removal"}) // SecurityManager.currentClassLoader()
     private AppletClassLoader currentAppletClassLoader()
     {
         // try currentClassLoader first
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java	Thu Nov 30 07:54:28 2017 -0500
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8004502 8008793 8029886 8186535
+ * @summary Sanity check that the SecurityManager checkMemberAccess method and
+ *          methods that used to check AWTPermission now check for AllPermission
+ */
+
+import java.security.AllPermission;
+import java.security.Permission;
+
+public class DepMethodsRequireAllPerm {
+
+    static class MySecurityManager extends SecurityManager {
+        final Class<?> expectedClass;
+
+        MySecurityManager(Class<?> c) {
+            expectedClass = c;
+        }
+
+        @Override
+        public void checkPermission(Permission perm) {
+            if (perm.getClass() != expectedClass)
+                throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
+            super.checkPermission(perm);
+        }
+    }
+
+    public static void main(String[] args) {
+        MySecurityManager sm = new MySecurityManager(AllPermission.class);
+
+        try {
+            sm.checkAwtEventQueueAccess();
+            throw new RuntimeException("SecurityException expected");
+        } catch (SecurityException expected) { }
+
+        try {
+            sm.checkSystemClipboardAccess();
+            throw new RuntimeException("SecurityException expected");
+        } catch (SecurityException expected) { }
+
+        try {
+            sm.checkTopLevelWindow(null);
+            throw new RuntimeException("NullPointException expected");
+        } catch (NullPointerException expected) { }
+
+        if (sm.checkTopLevelWindow(new Object())) {
+            throw new RuntimeException("checkTopLevelWindow expected to return false");
+        }
+
+        try {
+            sm.checkMemberAccess(Object.class, java.lang.reflect.Member.DECLARED);
+            throw new RuntimeException("SecurityException expected");
+        } catch (SecurityException expected) { }
+
+        try {
+            sm.checkMemberAccess(null, java.lang.reflect.Member.DECLARED);
+            throw new RuntimeException("NullPointerException expected");
+        } catch (NullPointerException expected) { }
+    }
+}
--- a/test/jdk/java/lang/SecurityManager/NoAWT.java	Thu Nov 30 13:31:30 2017 +0530
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/* @test
- * @bug 8004502 8008793 8029886
- * @summary Sanity check that SecurityManager methods that used to check
- *          AWTPermission now check for AllPermission
- */
-
-import java.security.AllPermission;
-import java.security.Permission;
-
-public class NoAWT {
-
-    static class MySecurityManager extends SecurityManager {
-        final Class<?> expectedClass;
-
-        MySecurityManager(Class<?> c) {
-            expectedClass = c;
-        }
-
-        @Override
-        public void checkPermission(Permission perm) {
-            if (perm.getClass() != expectedClass)
-                throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
-            super.checkPermission(perm);
-        }
-    }
-
-    public static void main(String[] args) {
-        MySecurityManager sm = new MySecurityManager(AllPermission.class);
-
-        try {
-            sm.checkAwtEventQueueAccess();
-            throw new RuntimeException("SecurityException expected");
-        } catch (SecurityException expected) { }
-
-        try {
-            sm.checkSystemClipboardAccess();
-            throw new RuntimeException("SecurityException expected");
-        } catch (SecurityException expected) { }
-
-        try {
-            sm.checkTopLevelWindow(null);
-            throw new RuntimeException("NullPointException expected");
-        } catch (NullPointerException expected) { }
-
-        if (sm.checkTopLevelWindow(new Object())) {
-            throw new RuntimeException("checkTopLevelWindow expected to return false");
-        }
-    }
-}