opensearch-project · andrross · Sep 15, 2025 · Sep 4, 2025
@@ -36,10 +36,9 @@
 import org.apache.logging.log4j.Logger;
 import org.opensearch.cli.Terminal;
 import org.opensearch.common.SuppressForbidden;
+import org.opensearch.secure_sm.AccessController;
 
 import java.io.IOError;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 /**
  * UncaughtException Handler used during bootstrapping
@@ -98,12 +97,11 @@ void onNonFatalUncaught(final String threadName, final Throwable t) {
         Terminal.DEFAULT.flush();
     }
 
-    @SuppressWarnings("removal")
     void halt(int status) {
         AccessController.doPrivileged(new PrivilegedHaltAction(status));
     }
 
-    static class PrivilegedHaltAction implements PrivilegedAction<Void> {
+    static class PrivilegedHaltAction implements Runnable {
 
         private final int status;
 
@@ -113,12 +111,9 @@ private PrivilegedHaltAction(final int status) {
 
         @SuppressForbidden(reason = "halt")
         @Override
-        public Void run() {
+        public void run() {
             // we halt to prevent shutdown hooks from running
             Runtime.getRuntime().halt(status);
-            return null;
         }
-
     }
-
 }
@@ -10,32 +10,28 @@
 
 import org.opensearch.SpecialPermission;
 import org.opensearch.common.annotation.InternalApi;
+import org.opensearch.secure_sm.AccessController;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.util.function.Supplier;
 
 /**
  * This class wraps the {@link ThreadContext} operations requiring access in
- * {@link AccessController#doPrivileged(PrivilegedAction)} blocks.
+ * {@link AccessController#doPrivileged} blocks.
  *
  * @opensearch.internal
  */
-@SuppressWarnings("removal")
 @InternalApi
 public final class ThreadContextAccess {
 
     private ThreadContextAccess() {}
 
-    public static <T> T doPrivileged(PrivilegedAction<T> operation) {
+    public static <T> T doPrivileged(Supplier<T> operation) {
         SpecialPermission.check();
         return AccessController.doPrivileged(operation);
     }
 
     public static void doPrivilegedVoid(Runnable action) {
         SpecialPermission.check();
-        AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-            action.run();
-            return null;
-        });
+        AccessController.doPrivileged(action);
     }
 }
@@ -16,6 +16,7 @@
 import org.opensearch.index.store.remote.filecache.CachedIndexInput;
 import org.opensearch.index.store.remote.filecache.FileCache;
 import org.opensearch.index.store.remote.filecache.FileCachedIndexInput;
+import org.opensearch.secure_sm.AccessController;
 import org.opensearch.threadpool.ThreadPool;
 
 import java.io.BufferedOutputStream;
@@ -25,9 +26,6 @@
 import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionException;
 import java.util.concurrent.Executor;
@@ -78,7 +76,7 @@ public IndexInput fetchBlob(BlobFetchRequest blobFetchRequest) throws IOExceptio
         logger.trace("fetchBlob called for {}", key.toString());
 
         try {
-            return AccessController.doPrivileged((PrivilegedExceptionAction<IndexInput>) () -> {
+            return AccessController.doPrivilegedChecked(() -> {
                 CachedIndexInput cacheEntry = fileCache.compute(key, (path, cachedIndexInput) -> {
                     if (cachedIndexInput == null || cachedIndexInput.isClosed()) {
                         logger.trace("Transfer Manager - IndexInput closed or not in cache");
@@ -100,14 +98,13 @@ public IndexInput fetchBlob(BlobFetchRequest blobFetchRequest) throws IOExceptio
                     fileCache.decRef(key);
                 }
             });
-        } catch (PrivilegedActionException e) {
-            final Exception cause = e.getException();
-            if (cause instanceof IOException) {
-                throw (IOException) cause;
-            } else if (cause instanceof RuntimeException) {
-                throw (RuntimeException) cause;
+        } catch (Exception e) {
+            if (e instanceof IOException) {
+                throw (IOException) e;
+            } else if (e instanceof RuntimeException) {
+                throw (RuntimeException) e;
             } else {
-                throw new IOException(cause);
+                throw new IOException(e);
             }
         }
     }

@@ -64,8 +64,6 @@
 import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -799,10 +797,7 @@ private Plugin loadBundle(Bundle bundle, Map<String, Plugin> loaded) {
             // Set context class loader to plugin's class loader so that plugins
             // that have dependencies with their own SPI endpoints have a chance to load
             // and initialize them appropriately.
-            AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-                Thread.currentThread().setContextClassLoader(loader);
-                return null;
-            });
+            Thread.currentThread().setContextClassLoader(loader);
 
             logger.debug("Loading plugin [" + name + "]...");
             Class<? extends Plugin> pluginClass = loadPluginClass(bundle.plugin.getClassname(), loader);
@@ -821,10 +816,7 @@ private Plugin loadBundle(Bundle bundle, Map<String, Plugin> loaded) {
             loaded.put(name, plugin);
             return plugin;
         } finally {
-            AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-                Thread.currentThread().setContextClassLoader(cl);
-                return null;
-            });
+            Thread.currentThread().setContextClassLoader(cl);
         }
     }
 

@@ -38,10 +38,9 @@
 import org.opensearch.index.fielddata.ScriptDocValues;
 import org.opensearch.index.mapper.MappedFieldType;
 import org.opensearch.index.mapper.MapperService;
+import org.opensearch.secure_sm.AccessController;
 
 import java.io.IOException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -91,12 +90,7 @@ public ScriptDocValues<?> get(Object key) {
             }
             // load fielddata on behalf of the script: otherwise it would need additional permissions
             // to deal with pagedbytes/ramusagestimator/etc
-            scriptValues = AccessController.doPrivileged(new PrivilegedAction<ScriptDocValues<?>>() {
-                @Override
-                public ScriptDocValues<?> run() {
-                    return fieldDataLookup.apply(fieldType).load(reader).getScriptValues();
-                }
-            });
+            scriptValues = AccessController.doPrivileged(() -> fieldDataLookup.apply(fieldType).load(reader).getScriptValues());
             localCacheFieldData.put(fieldName, scriptValues);
         }
         try {

@@ -39,8 +39,6 @@
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Map;
 
 public class SecurityTests extends OpenSearchTestCase {
@@ -76,17 +74,6 @@ public void testEnsureRegularFile() throws IOException {
         } catch (IOException expected) {}
     }
 
-    /** can't execute processes */
-    @SuppressWarnings("removal")
-    public void testProcessExecution() throws Exception {
-        assumeTrue("test requires security manager", System.getSecurityManager() != null);
-        try {
-            Runtime.getRuntime().exec(new String[] { "ls" });
-            fail("didn't get expected exception");
-        } catch (SecurityException expected) {}
-    }
-
-    @SuppressWarnings("removal")
     public void testReadPolicyWithCodebases() throws IOException {
         final Map<String, URL> codebases = Map.of(
             "test-netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jar",
@@ -101,8 +88,6 @@ public void testReadPolicyWithCodebases() throws IOException {
             URI.create("file://test-zstd-jni-1.5.6-1.jar").toURL()
         );
 
-        AccessController.doPrivileged(
-            (PrivilegedAction<?>) () -> Security.readPolicy(SecurityTests.class.getResource("test-codebases.policy"), codebases)
-        );
+        Security.readPolicy(SecurityTests.class.getResource("test-codebases.policy"), codebases);
     }
 }