8229773: Resolve permissions for code source URLs lazily

Reviewed-by: alanb, mullan, rriggs, dfuchs
2019-08-19 06:13:52 +02:00 · 2019-08-19 06:13:52 +02:00 · 2c245bd2b9
commit 2c245bd2b9
parent 742e9f26c8
5 changed files with 135 additions and 35 deletions
--- a/make/jdk/src/classes/build/tools/classlist/HelloClasslist.java
+++ b/make/jdk/src/classes/build/tools/classlist/HelloClasslist.java
@ -32,6 +32,7 @@
 package build.tools.classlist;

 import java.net.InetAddress;
+import java.nio.file.FileSystems;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
@ -56,6 +57,8 @@ public class HelloClasslist {

    public static void main(String ... args) {

+        FileSystems.getDefault();
+
        List<String> strings = Arrays.asList("Hello", "World!", "From: ",
              InetAddress.getLoopbackAddress().toString());

--- a/src/java.base/share/classes/java/lang/System.java
+++ b/src/java.base/share/classes/java/lang/System.java
@ -74,6 +74,7 @@ import jdk.internal.logger.LazyLoggers;
 import jdk.internal.logger.LocalizedLoggerWrapper;
 import jdk.internal.util.SystemProps;
 import jdk.internal.vm.annotation.Stable;
+import sun.nio.fs.DefaultFileSystemProvider;
 import sun.reflect.annotation.AnnotationType;
 import sun.nio.ch.Interruptible;
 import sun.security.util.SecurityConstants;
@ -339,6 +340,8 @@ public final class System {
            if (security == null) {
                // ensure image reader is initialized
                Object.class.getResource("java/lang/ANY");
+                // ensure the default file system is initialized
+                DefaultFileSystemProvider.theFileSystem();
            }
            if (sm != null) {
                try {
--- a/src/java.base/share/classes/java/security/CodeSource.java
+++ b/src/java.base/share/classes/java/security/CodeSource.java
@ -57,7 +57,7 @@ public class CodeSource implements java.io.Serializable {
     *
     * @serial
     */
-    private URL location;
+    private final URL location;

    /*
     * The code signers.
--- a/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java
+++ b/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java
@ -25,8 +25,6 @@

 package jdk.internal.loader;

-import java.io.File;
-import java.io.FilePermission;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.module.ModuleDescriptor;
@ -40,7 +38,6 @@ import java.nio.ByteBuffer;
 import java.security.AccessController;
 import java.security.CodeSigner;
 import java.security.CodeSource;
-import java.security.Permission;
 import java.security.PermissionCollection;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
@ -65,6 +62,7 @@ import jdk.internal.misc.VM;
 import jdk.internal.module.ModulePatcher.PatchedModuleReader;
 import jdk.internal.module.Resources;
 import jdk.internal.vm.annotation.Stable;
+import sun.security.util.LazyCodeSourcePermissionCollection;


 /**
@ -966,39 +964,9 @@ public class BuiltinClassLoader
     */
    @Override
    protected PermissionCollection getPermissions(CodeSource cs) {
-        PermissionCollection perms = super.getPermissions(cs);
-
-        // add the permission to access the resource
-        URL url = cs.getLocation();
-        if (url == null)
-            return perms;
-
-        // avoid opening connection when URL is to resource in run-time image
-        if (url.getProtocol().equals("jrt")) {
-            perms.add(new RuntimePermission("accessSystemModules"));
-            return perms;
-        }
-
-        // open connection to determine the permission needed
-        try {
-            Permission p = url.openConnection().getPermission();
-            if (p != null) {
-                // for directories then need recursive access
-                if (p instanceof FilePermission) {
-                    String path = p.getName();
-                    if (path.endsWith(File.separator)) {
-                        path += "-";
-                        p = new FilePermission(path, "read");
-                    }
-                }
-                perms.add(p);
-            }
-        } catch (IOException ioe) { }
-
-        return perms;
+        return new LazyCodeSourcePermissionCollection(super.getPermissions(cs), cs);
    }

-
    // -- miscellaneous supporting methods

    /**
--- a/src/java.base/share/classes/sun/security/util/LazyCodeSourcePermissionCollection.java
+++ b/src/java.base/share/classes/sun/security/util/LazyCodeSourcePermissionCollection.java
@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.File;
+import java.io.FilePermission;
+import java.io.IOException;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+
+/**
+ * This {@code PermissionCollection} implementation delegates to another
+ * {@code PermissionCollection}, taking care to lazily add the permission needed
+ * to read from the given {@code CodeSource} at first use, i.e., when either of
+ * {@link #elements}, {@link #implies} or {@link #toString} is called, or when
+ * the collection is serialized.
+ */
+public final class LazyCodeSourcePermissionCollection
+        extends PermissionCollection
+{
+    private static final long serialVersionUID = -6727011328946861783L;
+    private final PermissionCollection perms;
+    private final CodeSource cs;
+    private volatile boolean permissionAdded;
+
+    public LazyCodeSourcePermissionCollection(PermissionCollection perms,
+                                              CodeSource cs) {
+        this.perms = perms;
+        this.cs = cs;
+    }
+
+    private void ensureAdded() {
+        if (!permissionAdded) {
+            synchronized(perms) {
+                if (permissionAdded)
+                    return;
+
+                // open connection to determine the permission needed
+                URL location = cs.getLocation();
+                if (location != null) {
+                    try {
+                        Permission p = location.openConnection().getPermission();
+                        if (p != null) {
+                            // for directories then need recursive access
+                            if (p instanceof FilePermission) {
+                                String path = p.getName();
+                                if (path.endsWith(File.separator)) {
+                                    path += "-";
+                                    p = new FilePermission(path,
+                                            SecurityConstants.FILE_READ_ACTION);
+                                }
+                            }
+                            perms.add(p);
+                        }
+                    } catch (IOException ioe) {
+                    }
+                }
+                if (isReadOnly()) {
+                    perms.setReadOnly();
+                }
+                permissionAdded = true;
+            }
+        }
+    }
+
+    @Override
+    public void add(Permission permission) {
+        if (isReadOnly())
+            throw new SecurityException(
+                    "attempt to add a Permission to a readonly PermissionCollection");
+        perms.add(permission);
+    }
+
+    @Override
+    public boolean implies(Permission permission) {
+        ensureAdded();
+        return perms.implies(permission);
+    }
+
+    @Override
+    public Enumeration<Permission> elements() {
+        ensureAdded();
+        return perms.elements();
+    }
+
+    @Override
+    public String toString() {
+        ensureAdded();
+        return perms.toString();
+    }
+
+    /**
+     * On serialization, initialize and replace with the underlying
+     * permissions. This removes the laziness on deserialization.
+     */
+    private Object writeReplace() {
+        ensureAdded();
+        return perms;
+    }
+}