Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
Dragonwell11
提交
5e876581
D
Dragonwell11
项目概览
LinuxSuRen
/
Dragonwell11
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
Dragonwell11
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
5e876581
编写于
4月 22, 2019
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8209901: Canonical file handling
Reviewed-by: mullan, alanb, ahgross
上级
e971fae4
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
126 addition
and
13 deletion
+126
-13
src/java.base/share/classes/java/io/FilePermission.java
src/java.base/share/classes/java/io/FilePermission.java
+3
-0
src/java.base/share/classes/sun/security/util/FilePermCompat.java
....base/share/classes/sun/security/util/FilePermCompat.java
+6
-3
src/java.base/share/conf/security/java.security
src/java.base/share/conf/security/java.security
+19
-0
test/jdk/java/security/testlibrary/Proc.java
test/jdk/java/security/testlibrary/Proc.java
+27
-1
test/jdk/sun/security/util/FilePermCompat/Flag.java
test/jdk/sun/security/util/FilePermCompat/Flag.java
+71
-9
未找到文件。
src/java.base/share/classes/java/io/FilePermission.java
浏览文件 @
5e876581
...
...
@@ -472,6 +472,9 @@ public final class FilePermission extends Permission implements Serializable {
* <P>
* The default value of the {@code jdk.io.permissionsUseCanonicalPath}
* system property is {@code false} in this implementation.
* <p>
* The value can also be set with a security property using the same name,
* but setting a system property will override the security property value.
*
* @param path the pathname of the file/directory.
* @param actions the action string.
...
...
src/java.base/share/classes/sun/security/util/FilePermCompat.java
浏览文件 @
5e876581
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -42,8 +42,11 @@ public class FilePermCompat {
public
static
final
boolean
compat
;
static
{
String
flag
=
GetPropertyAction
.
privilegedGetProperty
(
"jdk.io.permissionsUseCanonicalPath"
,
"false"
);
String
flag
=
SecurityProperties
.
privilegedGetOverridable
(
"jdk.io.permissionsUseCanonicalPath"
);
if
(
flag
==
null
)
{
flag
=
"false"
;
}
switch
(
flag
)
{
case
"true"
:
nb
=
false
;
...
...
src/java.base/share/conf/security/java.security
浏览文件 @
5e876581
...
...
@@ -1134,6 +1134,25 @@ jdk.sasl.disabledMechanisms=
#
jdk.security.caDistrustPolicies=SYMANTEC_TLS
#
# FilePermission path canonicalization
#
# This security property dictates how the path argument is processed and stored
# while constructing a FilePermission object. If the value is set to true, the
# path argument is canonicalized and FilePermission methods (such as implies,
# equals, and hashCode) are implemented based on this canonicalized result.
# Otherwise, the path argument is not canonicalized and FilePermission methods are
# implemented based on the original input. See the implementation note of the
# FilePermission class for more details.
#
# If a system property of the same name is also specified, it supersedes the
# security property value defined here.
#
# The default value for this property is false.
#
jdk.io.permissionsUseCanonicalPath=false
#
# Policies for the proxy_impersonator Kerberos ccache configuration entry
#
...
...
test/jdk/java/security/testlibrary/Proc.java
浏览文件 @
5e876581
/*
* Copyright (c) 2013, 201
8
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 201
9
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -25,6 +25,9 @@ import java.io.BufferedReader;
import
java.io.File
;
import
java.io.IOException
;
import
java.io.InputStreamReader
;
import
java.io.OutputStream
;
import
java.io.PrintStream
;
import
java.io.UncheckedIOException
;
import
java.nio.file.Files
;
import
java.nio.file.Path
;
import
java.nio.file.Paths
;
...
...
@@ -110,6 +113,7 @@ public class Proc {
private
List
<
String
>
args
=
new
ArrayList
<>();
private
Map
<
String
,
String
>
env
=
new
HashMap
<>();
private
Map
<
String
,
String
>
prop
=
new
HashMap
();
private
Map
<
String
,
String
>
secprop
=
new
HashMap
();
private
boolean
inheritIO
=
false
;
private
boolean
noDump
=
false
;
...
...
@@ -176,6 +180,11 @@ public class Proc {
prop
.
put
(
a
,
b
);
return
this
;
}
// Specifies a security property. Can be called multiple times.
public
Proc
secprop
(
String
a
,
String
b
)
{
secprop
.
put
(
a
,
b
);
return
this
;
}
// Inherit the value of a system property
public
Proc
inheritProp
(
String
k
)
{
String
v
=
System
.
getProperty
(
k
);
...
...
@@ -282,6 +291,17 @@ public class Proc {
cmd
.
add
(
cp
.
stream
().
collect
(
Collectors
.
joining
(
File
.
pathSeparator
)));
}
if
(!
secprop
.
isEmpty
())
{
Path
p
=
Path
.
of
(
getId
(
"security"
));
try
(
OutputStream
fos
=
Files
.
newOutputStream
(
p
);
PrintStream
ps
=
new
PrintStream
(
fos
))
{
secprop
.
forEach
((
k
,
v
)
->
ps
.
println
(
k
+
"="
+
v
));
}
catch
(
IOException
e
)
{
throw
new
UncheckedIOException
(
e
);
}
prop
.
put
(
"java.security.properties"
,
p
.
toString
());
}
for
(
Entry
<
String
,
String
>
e:
prop
.
entrySet
())
{
cmd
.
add
(
"-D"
+
e
.
getKey
()
+
"="
+
e
.
getValue
());
}
...
...
@@ -380,6 +400,12 @@ public class Proc {
}
return
p
.
waitFor
();
}
// Wait for process end with expected exit code
public
void
waitFor
(
int
expected
)
throws
Exception
{
if
(
p
.
waitFor
()
!=
expected
)
{
throw
new
RuntimeException
(
"Exit code not "
+
expected
);
}
}
// The following methods are used inside a proc
...
...
test/jdk/sun/security/util/FilePermCompat/Flag.java
浏览文件 @
5e876581
/*
* Copyright (c) 2016, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 201
9
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -23,22 +23,84 @@
/*
* @test
* @bug 8164705
* @bug 8164705 8209901
* @library /test/jdk/java/security/testlibrary
* @modules java.base/jdk.internal.misc
* @summary check jdk.filepermission.canonicalize
* @run main/othervm/policy=flag.policy
* -Djdk.io.permissionsUseCanonicalPath=true Flag true true
* @run main/othervm/policy=flag.policy
* -Djdk.io.permissionsUseCanonicalPath=false Flag false true
* @run main/othervm/policy=flag.policy Flag false true
*/
import
java.io.File
;
import
java.io.FilePermission
;
import
java.lang.*
;
import
java.nio.file.Path
;
public
class
Flag
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
if
(
args
.
length
==
0
)
{
String
policy
=
Path
.
of
(
System
.
getProperty
(
"test.src"
),
"flag.policy"
).
toString
();
// effectively true
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
prop
(
"jdk.io.permissionsUseCanonicalPath"
,
"true"
)
.
args
(
"run"
,
"true"
,
"true"
)
.
start
()
.
waitFor
(
0
);
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
secprop
(
"jdk.io.permissionsUseCanonicalPath"
,
"true"
)
.
args
(
"run"
,
"true"
,
"true"
)
.
start
()
.
waitFor
(
0
);
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
secprop
(
"jdk.io.permissionsUseCanonicalPath"
,
"false"
)
.
prop
(
"jdk.io.permissionsUseCanonicalPath"
,
"true"
)
.
args
(
"run"
,
"true"
,
"true"
)
.
start
()
.
waitFor
(
0
);
// effectively false
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
prop
(
"jdk.io.permissionsUseCanonicalPath"
,
"false"
)
.
args
(
"run"
,
"false"
,
"true"
)
.
start
()
.
waitFor
(
0
);
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
secprop
(
"jdk.io.permissionsUseCanonicalPath"
,
"false"
)
.
args
(
"run"
,
"false"
,
"true"
)
.
start
()
.
waitFor
(
0
);
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
secprop
(
"jdk.io.permissionsUseCanonicalPath"
,
"true"
)
.
prop
(
"jdk.io.permissionsUseCanonicalPath"
,
"false"
)
.
args
(
"run"
,
"false"
,
"true"
)
.
start
()
.
waitFor
(
0
);
Proc
.
create
(
"Flag"
)
.
prop
(
"java.security.manager"
,
""
)
.
prop
(
"java.security.policy"
,
policy
)
.
args
(
"run"
,
"false"
,
"true"
)
.
start
()
.
waitFor
(
0
);
}
else
{
run
(
args
);
}
}
static
void
run
(
String
[]
args
)
throws
Exception
{
boolean
test1
;
boolean
test2
;
...
...
@@ -55,8 +117,8 @@ public class Flag {
test2
=
false
;
}
if
(
test1
!=
Boolean
.
parseBoolean
(
args
[
0
])
||
test2
!=
Boolean
.
parseBoolean
(
args
[
1
]))
{
if
(
test1
!=
Boolean
.
parseBoolean
(
args
[
1
])
||
test2
!=
Boolean
.
parseBoolean
(
args
[
2
]))
{
throw
new
Exception
(
"Test failed: "
+
test1
+
" "
+
test2
);
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录