# HG changeset patch # User alanb # Date 1384361538 0 # Node ID 18a9cae3b4d5aeddf8e8b31f6c99c0449d8302ab # Parent 81740736e62f839f68e60c7116c8ee51342cf03f 8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission Reviewed-by: mchung, martin, chegar diff -r 81740736e62f -r 18a9cae3b4d5 jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java --- a/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java Wed Nov 13 16:44:12 2013 +0000 +++ b/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java Wed Nov 13 16:52:18 2013 +0000 @@ -484,7 +484,7 @@ if (sm != null) { FilePermission perm = new FilePermission(link.getPathForPermissionCheck(), SecurityConstants.FILE_READLINK_ACTION); - AccessController.checkPermission(perm); + sm.checkPermission(perm); } try { byte[] target = readlink(link); diff -r 81740736e62f -r 18a9cae3b4d5 jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java --- a/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java Wed Nov 13 16:44:12 2013 +0000 +++ b/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java Wed Nov 13 16:52:18 2013 +0000 @@ -614,7 +614,7 @@ if (sm != null) { FilePermission perm = new FilePermission(link.getPathForPermissionCheck(), SecurityConstants.FILE_READLINK_ACTION); - AccessController.checkPermission(perm); + sm.checkPermission(perm); } String target = WindowsLinkSupport.readLink(link); diff -r 81740736e62f -r 18a9cae3b4d5 jdk/test/java/nio/file/Files/CheckPermissions.java --- a/jdk/test/java/nio/file/Files/CheckPermissions.java Wed Nov 13 16:44:12 2013 +0000 +++ b/jdk/test/java/nio/file/Files/CheckPermissions.java Wed Nov 13 16:52:18 2013 +0000 @@ -22,7 +22,7 @@ */ /* @test - * @bug 6866804 7006126 + * @bug 6866804 7006126 8028270 * @summary Unit test for java.nio.file.Files * @library .. * @build CheckPermissions @@ -73,14 +73,9 @@ myChecks.set(new Checks()); } - static void assertCheckPermission(Class type, - String name) - { - for (Permission perm: myChecks.get().permissionsChecked()) { - if (type.isInstance(perm) && perm.getName().equals(name)) - return; - } - throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked"); + static void assertCheckPermission(Permission expected) { + if (!myChecks.get().permissionsChecked().contains(expected)) + throw new RuntimeException(expected + " not checked"); } static void assertCheckPropertyAccess(String key) { @@ -191,22 +186,22 @@ prepare(); PosixFileAttributes attrs = view.readAttributes(); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); prepare(); view.setPermissions(attrs.permissions()); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); prepare(); view.setOwner(attrs.owner()); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); prepare(); view.setOwner(attrs.owner()); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); } public static void main(String[] args) throws IOException { @@ -256,10 +251,14 @@ try { assertCheckRead(link); assertCheckWrite(target); - assertCheckPermission(LinkPermission.class, "symbolic"); + assertCheckPermission(new LinkPermission("symbolic")); } finally { delete(target); } + + prepare(); + readSymbolicLink(link); + assertCheckPermission(new FilePermission(link.toString(), "readlink")); } finally { delete(link); } @@ -295,7 +294,7 @@ createSymbolicLink(link, file); try { assertCheckWrite(link); - assertCheckPermission(LinkPermission.class, "symbolic"); + assertCheckPermission(new LinkPermission("symbolic")); } finally { delete(link); } @@ -309,7 +308,7 @@ createLink(link, file); try { assertCheckWrite(link); - assertCheckPermission(LinkPermission.class, "hard"); + assertCheckPermission(new LinkPermission("hard")); } finally { delete(link); } @@ -382,7 +381,7 @@ prepare(); getFileStore(file); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, "getFileStoreAttributes"); + assertCheckPermission(new RuntimePermission("getFileStoreAttributes")); // -- isSameFile -- @@ -620,12 +619,12 @@ prepare(); UserPrincipal owner = view.getOwner(); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); prepare(); view.setOwner(owner); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); } else { System.out.println("FileOwnerAttributeView not tested"); @@ -643,32 +642,27 @@ prepare(); view.write("test", ByteBuffer.wrap(new byte[100])); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, - "accessUserDefinedAttributes"); + assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes")); prepare(); view.read("test", ByteBuffer.allocate(100)); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, - "accessUserDefinedAttributes"); + assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes")); prepare(); view.size("test"); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, - "accessUserDefinedAttributes"); + assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes")); prepare(); view.list(); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, - "accessUserDefinedAttributes"); + assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes")); prepare(); view.delete("test"); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, - "accessUserDefinedAttributes"); + assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes")); } else { System.out.println("UserDefinedFileAttributeView not tested"); } @@ -684,11 +678,11 @@ prepare(); List acl = view.getAcl(); assertCheckRead(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); prepare(); view.setAcl(acl); assertCheckWrite(file); - assertCheckPermission(RuntimePermission.class, "accessUserInformation"); + assertCheckPermission(new RuntimePermission("accessUserInformation")); } else { System.out.println("AclFileAttributeView not tested"); } @@ -702,15 +696,13 @@ prepare(); lookupService.lookupPrincipalByName(owner.getName()); - assertCheckPermission(RuntimePermission.class, - "lookupUserInformation"); + assertCheckPermission(new RuntimePermission("lookupUserInformation")); try { UserPrincipal group = readAttributes(file, PosixFileAttributes.class).group(); prepare(); lookupService.lookupPrincipalByGroupName(group.getName()); - assertCheckPermission(RuntimePermission.class, - "lookupUserInformation"); + assertCheckPermission(new RuntimePermission("lookupUserInformation")); } catch (UnsupportedOperationException ignore) { System.out.println("lookupPrincipalByGroupName not tested"); }