8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission
authoralanb
Wed, 13 Nov 2013 16:52:18 +0000
changeset 21665 18a9cae3b4d5
parent 21664 81740736e62f
child 21666 918ef08589ee
8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission Reviewed-by: mchung, martin, chegar
jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java
jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java
jdk/test/java/nio/file/Files/CheckPermissions.java
--- a/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java	Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java	Wed Nov 13 16:52:18 2013 +0000
@@ -484,7 +484,7 @@
         if (sm != null) {
             FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
                 SecurityConstants.FILE_READLINK_ACTION);
-            AccessController.checkPermission(perm);
+            sm.checkPermission(perm);
         }
         try {
             byte[] target = readlink(link);
--- a/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java	Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java	Wed Nov 13 16:52:18 2013 +0000
@@ -614,7 +614,7 @@
         if (sm != null) {
             FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
                 SecurityConstants.FILE_READLINK_ACTION);
-            AccessController.checkPermission(perm);
+            sm.checkPermission(perm);
         }
 
         String target = WindowsLinkSupport.readLink(link);
--- a/jdk/test/java/nio/file/Files/CheckPermissions.java	Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/test/java/nio/file/Files/CheckPermissions.java	Wed Nov 13 16:52:18 2013 +0000
@@ -22,7 +22,7 @@
  */
 
 /* @test
- * @bug 6866804 7006126
+ * @bug 6866804 7006126 8028270
  * @summary Unit test for java.nio.file.Files
  * @library ..
  * @build CheckPermissions
@@ -73,14 +73,9 @@
         myChecks.set(new Checks());
     }
 
-    static void assertCheckPermission(Class<? extends Permission> type,
-                                      String name)
-    {
-        for (Permission perm: myChecks.get().permissionsChecked()) {
-            if (type.isInstance(perm) && perm.getName().equals(name))
-                return;
-        }
-        throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
+    static void assertCheckPermission(Permission expected) {
+        if (!myChecks.get().permissionsChecked().contains(expected))
+          throw new RuntimeException(expected + " not checked");
     }
 
     static void assertCheckPropertyAccess(String key) {
@@ -191,22 +186,22 @@
         prepare();
         PosixFileAttributes attrs = view.readAttributes();
         assertCheckRead(file);
-        assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+        assertCheckPermission(new RuntimePermission("accessUserInformation"));
 
         prepare();
         view.setPermissions(attrs.permissions());
         assertCheckWrite(file);
-        assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+        assertCheckPermission(new RuntimePermission("accessUserInformation"));
 
         prepare();
         view.setOwner(attrs.owner());
         assertCheckWrite(file);
-        assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+        assertCheckPermission(new RuntimePermission("accessUserInformation"));
 
         prepare();
         view.setOwner(attrs.owner());
         assertCheckWrite(file);
-        assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+        assertCheckPermission(new RuntimePermission("accessUserInformation"));
     }
 
     public static void main(String[] args) throws IOException {
@@ -256,10 +251,14 @@
                     try {
                         assertCheckRead(link);
                         assertCheckWrite(target);
-                        assertCheckPermission(LinkPermission.class, "symbolic");
+                        assertCheckPermission(new LinkPermission("symbolic"));
                     } finally {
                         delete(target);
                     }
+
+                    prepare();
+                    readSymbolicLink(link);
+                    assertCheckPermission(new FilePermission(link.toString(), "readlink"));
                 } finally {
                     delete(link);
                 }
@@ -295,7 +294,7 @@
                 createSymbolicLink(link, file);
                 try {
                     assertCheckWrite(link);
-                    assertCheckPermission(LinkPermission.class, "symbolic");
+                    assertCheckPermission(new LinkPermission("symbolic"));
                 } finally {
                     delete(link);
                 }
@@ -309,7 +308,7 @@
                 createLink(link, file);
                 try {
                     assertCheckWrite(link);
-                    assertCheckPermission(LinkPermission.class, "hard");
+                    assertCheckPermission(new LinkPermission("hard"));
                 } finally {
                     delete(link);
                 }
@@ -382,7 +381,7 @@
             prepare();
             getFileStore(file);
             assertCheckRead(file);
-            assertCheckPermission(RuntimePermission.class, "getFileStoreAttributes");
+            assertCheckPermission(new RuntimePermission("getFileStoreAttributes"));
 
             // -- isSameFile --
 
@@ -620,12 +619,12 @@
                     prepare();
                     UserPrincipal owner = view.getOwner();
                     assertCheckRead(file);
-                    assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+                    assertCheckPermission(new RuntimePermission("accessUserInformation"));
 
                     prepare();
                     view.setOwner(owner);
                     assertCheckWrite(file);
-                    assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+                    assertCheckPermission(new RuntimePermission("accessUserInformation"));
 
                 } else {
                     System.out.println("FileOwnerAttributeView not tested");
@@ -643,32 +642,27 @@
                     prepare();
                     view.write("test", ByteBuffer.wrap(new byte[100]));
                     assertCheckWrite(file);
-                    assertCheckPermission(RuntimePermission.class,
-                                               "accessUserDefinedAttributes");
+                    assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
 
                     prepare();
                     view.read("test", ByteBuffer.allocate(100));
                     assertCheckRead(file);
-                    assertCheckPermission(RuntimePermission.class,
-                                               "accessUserDefinedAttributes");
+                    assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
 
                     prepare();
                     view.size("test");
                     assertCheckRead(file);
-                    assertCheckPermission(RuntimePermission.class,
-                                               "accessUserDefinedAttributes");
+                    assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
 
                     prepare();
                     view.list();
                     assertCheckRead(file);
-                    assertCheckPermission(RuntimePermission.class,
-                                               "accessUserDefinedAttributes");
+                    assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
 
                     prepare();
                     view.delete("test");
                     assertCheckWrite(file);
-                    assertCheckPermission(RuntimePermission.class,
-                                               "accessUserDefinedAttributes");
+                    assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
                 } else {
                     System.out.println("UserDefinedFileAttributeView not tested");
                 }
@@ -684,11 +678,11 @@
                     prepare();
                     List<AclEntry> acl = view.getAcl();
                     assertCheckRead(file);
-                    assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+                    assertCheckPermission(new RuntimePermission("accessUserInformation"));
                     prepare();
                     view.setAcl(acl);
                     assertCheckWrite(file);
-                    assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+                    assertCheckPermission(new RuntimePermission("accessUserInformation"));
                 } else {
                     System.out.println("AclFileAttributeView not tested");
                 }
@@ -702,15 +696,13 @@
 
             prepare();
             lookupService.lookupPrincipalByName(owner.getName());
-            assertCheckPermission(RuntimePermission.class,
-                                       "lookupUserInformation");
+            assertCheckPermission(new RuntimePermission("lookupUserInformation"));
 
             try {
                 UserPrincipal group = readAttributes(file, PosixFileAttributes.class).group();
                 prepare();
                 lookupService.lookupPrincipalByGroupName(group.getName());
-                assertCheckPermission(RuntimePermission.class,
-                                           "lookupUserInformation");
+                assertCheckPermission(new RuntimePermission("lookupUserInformation"));
             } catch (UnsupportedOperationException ignore) {
                 System.out.println("lookupPrincipalByGroupName not tested");
             }