From d5fdd433f8463402c718c23c90291a96347aeea4 Mon Sep 17 00:00:00 2001
From: Ragnar Rova <ragnar.rova@gmail.com>
Date: Mon, 31 Oct 2022 22:34:54 +0100
Subject: [PATCH] Allow SDK to run in environments prohibiting use of
 sun.misc.Unsafe

Some applications run under strict java.security permissions
which do not allow access to sun.misc.Unsafe.

BatchSpanProcessor uses Unsafe via jctools, but has a fallback to
ArrayBlockingQueue. Extending that fallback rule to cover
java security exceptions as well.

Since the entire java security manager is marked for deprecation
in future java versions, I went with string-matching on the
root cause message, which removes deprecation warnings when building
with newer java but still does the job in those versions which use
java.security policies.
---
 .../sdk/trace/internal/JcTools.java           |  19 +++
 .../sdk/trace/internal/JcToolsTest.java       |  19 +++
 .../SunMiscProhibitedSecurityManager.java     | 111 ++++++++++++++++++
 3 files changed, 149 insertions(+)
 create mode 100644 sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/SunMiscProhibitedSecurityManager.java

diff --git a/sdk/trace-shaded-deps/src/main/java/io/opentelemetry/sdk/trace/internal/JcTools.java b/sdk/trace-shaded-deps/src/main/java/io/opentelemetry/sdk/trace/internal/JcTools.java
index a293c437aff..328e2a993f9 100644
--- a/sdk/trace-shaded-deps/src/main/java/io/opentelemetry/sdk/trace/internal/JcTools.java
+++ b/sdk/trace-shaded-deps/src/main/java/io/opentelemetry/sdk/trace/internal/JcTools.java
@@ -28,9 +28,28 @@ public static <T> Queue<T> newFixedSizeQueue(int capacity) {
     } catch (java.lang.NoClassDefFoundError e) {
       // Happens when modules such as jdk.unsupported are disabled in a custom JRE distribution
       return new ArrayBlockingQueue<>(capacity);
+    } catch (java.lang.ExceptionInInitializerError e) {
+      if (isSunMiscAccessProhibited(e)) {
+        return new ArrayBlockingQueue<>(capacity);
+      } else {
+        throw e;
+      }
     }
   }
 
+  private static boolean isSunMiscAccessProhibited(Throwable t) {
+    String rootCause = rootCause(t).getMessage();
+    return rootCause != null && rootCause.contains("accessClassInPackage.sun.misc");
+  }
+
+  private static Throwable rootCause(Throwable throwable) {
+    Throwable c = throwable;
+    while (c.getCause() != null && c.getCause() != c) {
+      c = c.getCause();
+    }
+    return c;
+  }
+
   /**
    * Returns the capacity of the {@link Queue}. We cast to the implementation so callers do not need
    * to use the shaded classes.
diff --git a/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java
index edb0168d2ce..138249eb90b 100644
--- a/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java
+++ b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java
@@ -7,10 +7,13 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Queue;
 import java.util.concurrent.ArrayBlockingQueue;
 import org.jctools.queues.MpscArrayQueue;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.junit.jupiter.MockitoExtension;
@@ -106,4 +109,20 @@ void capacity_ArrayBlockingQueue() {
     // Assert
     assertThat(queueSize).isEqualTo(10);
   }
+
+  @Test
+  void newFixedSizeQueue_works_with_sunMisc_prohibited() {
+    Assertions.assertNull(System.getSecurityManager());
+    SunMiscProhibitedSecurityManager testingSecurityManager =
+        new SunMiscProhibitedSecurityManager();
+    try {
+      System.setSecurityManager(testingSecurityManager);
+      Queue<Object> queue =
+          AccessController.doPrivileged(
+              (PrivilegedAction<Queue<Object>>) () -> JcTools.newFixedSizeQueue(10));
+      Assertions.assertNotNull(queue);
+    } finally {
+      System.setSecurityManager(null);
+    }
+  }
 }
diff --git a/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/SunMiscProhibitedSecurityManager.java b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/SunMiscProhibitedSecurityManager.java
new file mode 100644
index 00000000000..98cee8f972a
--- /dev/null
+++ b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/SunMiscProhibitedSecurityManager.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.sdk.trace.internal;
+
+import java.io.FileDescriptor;
+import java.net.InetAddress;
+import java.security.AccessControlException;
+import java.security.Permission;
+
+/**
+ * A security manager which disallows access to classes in sun.misc Running the tests with a
+ * standard security manager is too invasive
+ */
+public class SunMiscProhibitedSecurityManager extends SecurityManager {
+
+  public SunMiscProhibitedSecurityManager() {}
+
+  @Override
+  protected Class<?>[] getClassContext() {
+    return super.getClassContext();
+  }
+
+  @Override
+  public void checkPermission(Permission perm) {
+    if (perm.getName().equals("accessClassInPackage.sun.misc")) {
+      throw new AccessControlException("access denied " + perm, perm);
+    }
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {}
+
+  @Override
+  public void checkCreateClassLoader() {}
+
+  @Override
+  public void checkAccess(Thread t) {}
+
+  @Override
+  public void checkAccess(ThreadGroup g) {}
+
+  @Override
+  public void checkExit(int status) {}
+
+  @Override
+  public void checkExec(String cmd) {}
+
+  @Override
+  public void checkLink(String lib) {}
+
+  @Override
+  public void checkRead(FileDescriptor fd) {}
+
+  @Override
+  public void checkRead(String file) {}
+
+  @Override
+  public void checkRead(String file, Object context) {}
+
+  @Override
+  public void checkWrite(FileDescriptor fd) {}
+
+  @Override
+  public void checkWrite(String file) {}
+
+  @Override
+  public void checkDelete(String file) {}
+
+  @Override
+  public void checkConnect(String host, int port) {}
+
+  @Override
+  public void checkConnect(String host, int port, Object context) {}
+
+  @Override
+  public void checkListen(int port) {}
+
+  @Override
+  public void checkAccept(String host, int port) {}
+
+  @Override
+  public void checkMulticast(InetAddress maddr) {}
+
+  @Override
+  public void checkPropertiesAccess() {}
+
+  @Override
+  public void checkPropertyAccess(String key) {}
+
+  @Override
+  public void checkPrintJobAccess() {}
+
+  @Override
+  public void checkPackageAccess(String pkg) {
+    if (pkg.equals("sun.misc")) {
+      super.checkPackageAccess(pkg);
+    }
+  }
+
+  @Override
+  public void checkPackageDefinition(String pkg) {}
+
+  @Override
+  public void checkSetFactory() {}
+
+  @Override
+  public void checkSecurityAccess(String target) {}
+}