From 1d0481074a4a416a8295edd3aaa056140f39c554 Mon Sep 17 00:00:00 2001 From: mullan Date: Tue, 24 May 2011 14:15:14 -0700 Subject: [PATCH] 7044443: Permissions resolved incorrectly for jar protocol (Patch from bugs.openjdk.java.net) Reviewed-by: alanb, chegar Contributed-by: dbhole@redhat.com --- .../sun/security/provider/PolicyFile.java | 33 +++++++++---- .../Policy/GetPermissions/JarURL.java | 49 +++++++++++++++++++ 2 files changed, 73 insertions(+), 9 deletions(-) create mode 100644 jdk/test/java/security/Policy/GetPermissions/JarURL.java diff --git a/jdk/src/share/classes/sun/security/provider/PolicyFile.java b/jdk/src/share/classes/sun/security/provider/PolicyFile.java index 9fa33e1a7e..b9a8ec2eb4 100644 --- a/jdk/src/share/classes/sun/security/provider/PolicyFile.java +++ b/jdk/src/share/classes/sun/security/provider/PolicyFile.java @@ -1790,15 +1790,30 @@ public class PolicyFile extends java.security.Policy { CodeSource canonCs = cs; URL u = cs.getLocation(); - if (u != null && u.getProtocol().equals("file")) { - boolean isLocalFile = false; - String host = u.getHost(); - isLocalFile = (host == null || host.equals("") || - host.equals("~") || host.equalsIgnoreCase("localhost")); - - if (isLocalFile) { - path = u.getFile().replace('/', File.separatorChar); - path = ParseUtil.decode(path); + if (u != null) { + if (u.getProtocol().equals("jar")) { + // unwrap url embedded inside jar url + String spec = u.getFile(); + int separator = spec.indexOf("!/"); + if (separator != -1) { + try { + u = new URL(spec.substring(0, separator)); + } catch (MalformedURLException e) { + // Fail silently. In this case, url stays what + // it was above + } + } + } + if (u.getProtocol().equals("file")) { + boolean isLocalFile = false; + String host = u.getHost(); + isLocalFile = (host == null || host.equals("") || + host.equals("~") || host.equalsIgnoreCase("localhost")); + + if (isLocalFile) { + path = u.getFile().replace('/', File.separatorChar); + path = ParseUtil.decode(path); + } } } diff --git a/jdk/test/java/security/Policy/GetPermissions/JarURL.java b/jdk/test/java/security/Policy/GetPermissions/JarURL.java new file mode 100644 index 0000000000..d81c04454a --- /dev/null +++ b/jdk/test/java/security/Policy/GetPermissions/JarURL.java @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7044443 + * @summary Permissions resolved incorrectly for jar protocol + */ + +import java.net.URL; +import java.security.AllPermission; +import java.security.CodeSource; +import java.security.PermissionCollection; +import java.security.Policy; +import java.security.cert.Certificate; + +public class JarURL { + public static void main(String[] args) throws Exception { + URL codeSourceURL + = new URL("jar:file:" + + System.getProperty("java.ext.dirs").split(":")[0] + + "/foo.jar!/"); + CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]); + PermissionCollection perms = Policy.getPolicy().getPermissions(cs); + if (!perms.implies(new AllPermission())) + throw new Exception("FAILED: " + codeSourceURL + + " not granted AllPermission"); + } +} -- GitLab