Re: RFR: 8344667: Remove most uses of AWT Permissions from the desktop module

Mon, 25 Nov 2024 08:34:40 -0800 

On Sun, 24 Nov 2024 23:46:17 GMT, Phil Race <p...@openjdk.org> wrote:

> This removes most uses of AWTPermission in the desktop module.
> clipboard will be handled separately because it is less straightforward.

A few places that probably need some attention:

`./src/java.desktop/share/classes/java/awt/Composite.java:60: * to a screen 
device is governed by the {@code readDisplayPixels}`


 * Since this interface must expose the contents of pixels on the
 * target device or image to potentially arbitrary code, the use of
 * custom objects which implement this interface when rendering directly
 * to a screen device is governed by the {@code readDisplayPixels}
 * {@link AWTPermission}.  The permission check will occur when such
 * a custom object is passed to the {@code setComposite} method
 * of a {@code Graphics2D} retrieved from a {@link Component}.

------

doc update:


`./src/java.desktop/share/classes/java/awt/doc-files/Modality.html:338:      A 
special <code>AWTPermission</code>, <code>"toolkitModality"</code>,`

    <p>
      A special <code>AWTPermission</code>, <code>"toolkitModality"</code>,
      is required to show toolkit-modal
      dialogs. This would prevent, for example, blocking a browser or
      Java Web Start (JWS) by modal dialogs shown from applets.
    </p><p>
      The same permission is required to exclude a window from toolkit modality.
      This would prevent, for example, a dialog shown from an applet not to be
      blocked by a browser's or JWS's modal dialog.



---


./test/jdk/lib/client/ExtendedRobot.java:71:     * @throws  SecurityException 
if {@code createRobot} permission is not granted
./test/jdk/lib/client/ExtendedRobot.java:75:     * @see     
java.awt.AWTPermission
./test/jdk/lib/client/ExtendedRobot.java:102:     * @throws  SecurityException 
if {@code createRobot} permission is not granted
./test/jdk/lib/client/ExtendedRobot.java:107:     * @see     
java.awt.AWTPermission


-----

src/java.desktop/share/classes/javax/swing/SwingUtilities.java line 1973:

> 1971:             // This frame can never be shown
> 1972:         }
> 1973:         public void dispose() {

Not directly related, but there are two unused declarations that haven't been 
used in ages:


    // These states are system-wide, rather than AppContext wide.
    private static boolean canAccessEventQueue = false;
    private static boolean eventQueueTested = false;

`canAccessEventQueue` looks like it was somehow related to 
`CHECK_AWT_EVENTQUEUE_PERMISSION`

-------------

PR Review: https://git.openjdk.org/jdk/pull/22350#pullrequestreview-2458793918
PR Review Comment: https://git.openjdk.org/jdk/pull/22350#discussion_r1856827608

Reply via email to