8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission
Reviewed-by: mchung, martin, chegar
--- a/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/src/solaris/classes/sun/nio/fs/UnixFileSystemProvider.java Wed Nov 13 16:52:18 2013 +0000
@@ -484,7 +484,7 @@
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
- AccessController.checkPermission(perm);
+ sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
--- a/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/src/windows/classes/sun/nio/fs/WindowsFileSystemProvider.java Wed Nov 13 16:52:18 2013 +0000
@@ -614,7 +614,7 @@
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
- AccessController.checkPermission(perm);
+ sm.checkPermission(perm);
}
String target = WindowsLinkSupport.readLink(link);
--- a/jdk/test/java/nio/file/Files/CheckPermissions.java Wed Nov 13 16:44:12 2013 +0000
+++ b/jdk/test/java/nio/file/Files/CheckPermissions.java Wed Nov 13 16:52:18 2013 +0000
@@ -22,7 +22,7 @@
*/
/* @test
- * @bug 6866804 7006126
+ * @bug 6866804 7006126 8028270
* @summary Unit test for java.nio.file.Files
* @library ..
* @build CheckPermissions
@@ -73,14 +73,9 @@
myChecks.set(new Checks());
}
- static void assertCheckPermission(Class<? extends Permission> type,
- String name)
- {
- for (Permission perm: myChecks.get().permissionsChecked()) {
- if (type.isInstance(perm) && perm.getName().equals(name))
- return;
- }
- throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
+ static void assertCheckPermission(Permission expected) {
+ if (!myChecks.get().permissionsChecked().contains(expected))
+ throw new RuntimeException(expected + " not checked");
}
static void assertCheckPropertyAccess(String key) {
@@ -191,22 +186,22 @@
prepare();
PosixFileAttributes attrs = view.readAttributes();
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
prepare();
view.setPermissions(attrs.permissions());
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
prepare();
view.setOwner(attrs.owner());
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
prepare();
view.setOwner(attrs.owner());
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
}
public static void main(String[] args) throws IOException {
@@ -256,10 +251,14 @@
try {
assertCheckRead(link);
assertCheckWrite(target);
- assertCheckPermission(LinkPermission.class, "symbolic");
+ assertCheckPermission(new LinkPermission("symbolic"));
} finally {
delete(target);
}
+
+ prepare();
+ readSymbolicLink(link);
+ assertCheckPermission(new FilePermission(link.toString(), "readlink"));
} finally {
delete(link);
}
@@ -295,7 +294,7 @@
createSymbolicLink(link, file);
try {
assertCheckWrite(link);
- assertCheckPermission(LinkPermission.class, "symbolic");
+ assertCheckPermission(new LinkPermission("symbolic"));
} finally {
delete(link);
}
@@ -309,7 +308,7 @@
createLink(link, file);
try {
assertCheckWrite(link);
- assertCheckPermission(LinkPermission.class, "hard");
+ assertCheckPermission(new LinkPermission("hard"));
} finally {
delete(link);
}
@@ -382,7 +381,7 @@
prepare();
getFileStore(file);
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class, "getFileStoreAttributes");
+ assertCheckPermission(new RuntimePermission("getFileStoreAttributes"));
// -- isSameFile --
@@ -620,12 +619,12 @@
prepare();
UserPrincipal owner = view.getOwner();
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
prepare();
view.setOwner(owner);
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
} else {
System.out.println("FileOwnerAttributeView not tested");
@@ -643,32 +642,27 @@
prepare();
view.write("test", ByteBuffer.wrap(new byte[100]));
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class,
- "accessUserDefinedAttributes");
+ assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
prepare();
view.read("test", ByteBuffer.allocate(100));
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class,
- "accessUserDefinedAttributes");
+ assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
prepare();
view.size("test");
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class,
- "accessUserDefinedAttributes");
+ assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
prepare();
view.list();
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class,
- "accessUserDefinedAttributes");
+ assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
prepare();
view.delete("test");
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class,
- "accessUserDefinedAttributes");
+ assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));
} else {
System.out.println("UserDefinedFileAttributeView not tested");
}
@@ -684,11 +678,11 @@
prepare();
List<AclEntry> acl = view.getAcl();
assertCheckRead(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
prepare();
view.setAcl(acl);
assertCheckWrite(file);
- assertCheckPermission(RuntimePermission.class, "accessUserInformation");
+ assertCheckPermission(new RuntimePermission("accessUserInformation"));
} else {
System.out.println("AclFileAttributeView not tested");
}
@@ -702,15 +696,13 @@
prepare();
lookupService.lookupPrincipalByName(owner.getName());
- assertCheckPermission(RuntimePermission.class,
- "lookupUserInformation");
+ assertCheckPermission(new RuntimePermission("lookupUserInformation"));
try {
UserPrincipal group = readAttributes(file, PosixFileAttributes.class).group();
prepare();
lookupService.lookupPrincipalByGroupName(group.getName());
- assertCheckPermission(RuntimePermission.class,
- "lookupUserInformation");
+ assertCheckPermission(new RuntimePermission("lookupUserInformation"));
} catch (UnsupportedOperationException ignore) {
System.out.println("lookupPrincipalByGroupName not tested");
}