svm: more "JDK-8338411: Implement JEP 486: Permanently Disable the Security Manager" adoption

Author: zapster

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/AccessControllerUtil.java

@@ -29,9 +29,10 @@
 import java.util.ArrayDeque;
 import java.util.Objects;
 
-import com.oracle.svm.core.util.VMError;
 import com.oracle.svm.util.ReflectionUtil;
 
+import jdk.graal.compiler.serviceprovider.JavaVersionUtil;
+
 /**
  * Stack for storing AccessControlContexts. Used in conjunction with
  * {@code StackAccessControlContextVisitor}.
@@ -104,10 +105,7 @@ public class AccessControllerUtil {
     public static final AccessControlContext DISALLOWED_CONTEXT_MARKER;
 
     static {
-        try {
-            DISALLOWED_CONTEXT_MARKER = ReflectionUtil.lookupConstructor(AccessControlContext.class, ProtectionDomain[].class, boolean.class).newInstance(new ProtectionDomain[0], true);
-        } catch (ReflectiveOperationException ex) {
-            throw VMError.shouldNotReachHere(ex);
-        }
+        DISALLOWED_CONTEXT_MARKER = JavaVersionUtil.JAVA_SPEC > 21 ? null
+                        : ReflectionUtil.newInstance(ReflectionUtil.lookupConstructor(AccessControlContext.class, ProtectionDomain[].class, boolean.class), new ProtectionDomain[0], true);
     }
 }

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java

@@ -166,8 +166,12 @@ public static class Options {
                         CertPathBuilder.class, CertPathValidator.class, CertStore.class, CertificateFactory.class,
                         Cipher.class, Configuration.class, KeyAgreement.class, KeyFactory.class,
                         KeyGenerator.class, KeyManagerFactory.class, KeyPairGenerator.class,
-                        KeyStore.class, Mac.class, MessageDigest.class, Policy.class, SSLContext.class,
+                        KeyStore.class, Mac.class, MessageDigest.class, SSLContext.class,
                         SecretKeyFactory.class, SecureRandom.class, Signature.class, TrustManagerFactory.class));
+        if (JavaVersionUtil.JAVA_SPEC <= 21) {
+            // JDK-8338411: Implement JEP 486: Permanently Disable the Security Manager
+            classList.add(Policy.class);
+        }
 
         if (ModuleLayer.boot().findModule("java.security.sasl").isPresent()) {
             classList.add(ReflectionUtil.lookupClass(false, "javax.security.sasl.SaslClientFactory"));
@@ -634,6 +638,7 @@ private void registerServices(DuringAnalysisAccess access, Object trigger, Strin
     private void doRegisterServices(DuringAnalysisAccess access, Object trigger, String serviceType) {
         try (TracingAutoCloseable ignored = trace(access, trigger, serviceType)) {
             Set<Service> services = availableServices.get(serviceType);
+            VMError.guarantee(services != null);
             for (Service service : services) {
                 registerService(access, service);
             }