8182041: File Chooser Shortcut Panel folders under on JDK 9 8062648: FileSystemView.getDefaultDirectory() should check read access on Unix systems
Reviewed-by: serb, prr, psadhukhan
--- a/src/java.desktop/share/classes/javax/swing/filechooser/FileSystemView.java Thu Oct 04 12:40:55 2018 -0700
+++ b/src/java.desktop/share/classes/javax/swing/filechooser/FileSystemView.java Fri Oct 05 14:35:24 2018 +0530
@@ -583,12 +583,11 @@
}
/**
- * Returns an array of files representing the values to show by default in
- * the file chooser selector.
+ * Returns an array of files representing the values which will be shown
+ * in the file chooser selector.
*
- * @return an array of {@code File} objects.
- * @throws SecurityException if the caller does not have necessary
- * permissions
+ * @return an array of {@code File} objects. The array returned may be
+ * possibly empty if there are no appropriate permissions.
* @since 9
*/
public File[] getChooserComboBoxFiles() {
@@ -596,6 +595,18 @@
}
/**
+ * Returns an array of files representing the values to show by default in
+ * the file chooser shortcuts panel.
+ *
+ * @return an array of {@code File} objects. The array returned may be
+ * possibly empty if there are no appropriate permissions.
+ * @since 12
+ */
+ final public File[] getChooserShortcutPanelFiles() {
+ return (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
+ }
+
+ /**
* Returns whether the specified file denotes a shell interpreted link which
* can be obtained by the {@link #getLinkLocation(File)}.
*
--- a/src/java.desktop/share/classes/sun/awt/shell/ShellFolderManager.java Thu Oct 04 12:40:55 2018 -0700
+++ b/src/java.desktop/share/classes/sun/awt/shell/ShellFolderManager.java Fri Oct 05 14:35:24 2018 +0530
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
import java.io.File;
import java.io.FileNotFoundException;
import java.util.concurrent.Callable;
+import java.util.stream.Stream;
+
/**
* @author Michael Martak
@@ -68,13 +70,13 @@
// Return the default shellfolder for a new filechooser
File homeDir = new File(System.getProperty("user.home"));
try {
- return createShellFolder(homeDir);
+ return checkFile(createShellFolder(homeDir));
} catch (FileNotFoundException e) {
- return homeDir;
+ return checkFile(homeDir);
}
} else if (key.equals("roots")) {
// The root(s) of the displayable hierarchy
- return File.listRoots();
+ return checkFiles(File.listRoots());
} else if (key.equals("fileChooserComboBoxFolders")) {
// Return an array of ShellFolders representing the list to
// show by default in the file chooser's combobox
@@ -84,11 +86,42 @@
// folders, such as Desktop, Documents, History, Network, Home, etc.
// This is used in the shortcut panel of the filechooser on Windows 2000
// and Windows Me
- return new File[] { (File)get("fileChooserDefaultFolder") };
+ return checkFiles(new File[] { (File)get("fileChooserDefaultFolder") });
}
+
return null;
}
+ private static File checkFile(File f) {
+ SecurityManager sm = System.getSecurityManager();
+ return (sm == null || f == null) ? f : checkFile(f, sm);
+ }
+
+ private static File checkFile(File f, SecurityManager sm) {
+ try {
+ sm.checkRead(f.getPath());
+ if (f instanceof ShellFolder) {
+ ShellFolder sf = (ShellFolder)f;
+ if (sf.isLink()) {
+ sm.checkRead(sf.getLinkLocation().getPath());
+ }
+ }
+ return f;
+ } catch (SecurityException | FileNotFoundException e) {
+ return null;
+ }
+ }
+
+ private static File[] checkFiles(File[] fs) {
+ SecurityManager sm = System.getSecurityManager();
+ return (sm == null || fs == null) ? fs : checkFiles(Stream.of(fs), sm);
+ }
+
+ private static File[] checkFiles(Stream<File> fs, SecurityManager sm) {
+ return fs.filter(f -> f != null && checkFile(f, sm) != null)
+ .toArray(File[]::new);
+ }
+
/**
* Does {@code dir} represent a "computer" such as a node on the network, or
* "My Computer" on the desktop.
--- a/src/java.desktop/share/classes/sun/swing/WindowsPlacesBar.java Thu Oct 04 12:40:55 2018 -0700
+++ b/src/java.desktop/share/classes/sun/swing/WindowsPlacesBar.java Fri Oct 05 14:35:24 2018 +0530
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,19 +24,36 @@
*/
package sun.swing;
-import java.awt.*;
-import java.awt.event.*;
+import java.awt.Dimension;
+import java.awt.Insets;
+import java.awt.Color;
+import java.awt.Image;
+
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
-import java.io.*;
+
+import java.io.File;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import javax.swing.*;
-import javax.swing.border.*;
-import javax.swing.filechooser.*;
+import javax.swing.JToolBar;
+import javax.swing.JFileChooser;
+import javax.swing.JToggleButton;
+import javax.swing.ButtonGroup;
+import javax.swing.UIManager;
+import javax.swing.Icon;
+import javax.swing.ImageIcon;
+import javax.swing.JComponent;
+import javax.swing.Box;
-import sun.awt.shell.*;
+import javax.swing.border.EmptyBorder;
+import javax.swing.border.BevelBorder;
+import javax.swing.filechooser.FileSystemView;
+
+import sun.awt.shell.ShellFolder;
import sun.awt.OSInfo;
/**
@@ -81,7 +98,7 @@
setBackground(bgColor);
FileSystemView fsv = fc.getFileSystemView();
- files = (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
+ files = fsv.getChooserShortcutPanelFiles();
buttons = new JToggleButton[files.length];
buttonGroup = new ButtonGroup();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/swing/JFileChooser/ShellFolderQueries/ShellFolderQueriesSecurityManagerTest.java Fri Oct 05 14:35:24 2018 +0530
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8182041
+ * @summary Tests if the files(Shortcut Panle files, FileChooser ComboBox files)
+ * are filtered out when run with SecurityManager enabled.
+ * @run main/othervm/policy=shellfolderqueries.policy ShellFolderQueriesSecurityManagerTest
+ */
+
+import javax.swing.filechooser.FileSystemView;
+import java.io.File;
+import java.util.Arrays;
+
+public class ShellFolderQueriesSecurityManagerTest {
+ static final FileSystemView fsv = FileSystemView.getFileSystemView();
+
+ public static void main(String[] args) throws Exception {
+ try {
+ File[] shortcuts = fsv.getChooserShortcutPanelFiles();
+ Arrays.asList(shortcuts).forEach(System.out::println);
+
+ if (shortcuts.length != 0) {
+ throw new RuntimeException("Shortcut panel files leaked from SecurityManager.");
+ }
+
+ File[] cbFiles = fsv.getChooserComboBoxFiles();
+ Arrays.asList(cbFiles).forEach(System.out::println);
+ if (cbFiles.length != 0) {
+ throw new RuntimeException("Combobox Files leaked from SecurityManager.");
+ }
+
+ System.out.println("ok");
+ } catch (SecurityException e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
--- a/test/jdk/javax/swing/JFileChooser/ShellFolderQueries/ShellFolderQueriesTest.java Thu Oct 04 12:40:55 2018 -0700
+++ b/test/jdk/javax/swing/JFileChooser/ShellFolderQueries/ShellFolderQueriesTest.java Fri Oct 05 14:35:24 2018 +0530
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2018 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 8081722
+ * @bug 8081722 8182041
* @summary Provide public API for file hierarchy provided by
* sun.awt.shell.ShellFolder
* @author Semyon Sadetsky
@@ -53,6 +53,7 @@
System.out.println("Windows detected: will run shortcut test");
testGet();
testLink();
+ testShortcutPanelFiles();
} else {
testGet();
}
@@ -119,4 +120,11 @@
}
}
}
+
+ private static void testShortcutPanelFiles() {
+ File[] shortcuts = fsv.getChooserShortcutPanelFiles();
+ if (shortcuts.length == 0) {
+ throw new RuntimeException("No shortcut panel files found.");
+ }
+ }
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/swing/JFileChooser/ShellFolderQueries/shellfolderqueries.policy Fri Oct 05 14:35:24 2018 +0530
@@ -0,0 +1,5 @@
+grant {
+ permission java.util.PropertyPermission "user.home", "read";
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+};