stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8231785: Improved socket permissions

Browse Source 
Reviewed-by: ahgross, chegar, mullan, rhalade
This commit is contained in:
Ivan Gerasimov 2019-10-23 17:03:07 -07:00
parent 123febeb98
commit 6c16f55fde
2 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/java.base/share/classes/java/net/SocketPermission.java
View File

@ -37,12 +37,12 @@ import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.Vector;
import java.util.Map;
import java.util.StringJoiner;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentSkipListMap;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import sun.net.util.IPAddressUtil;
import sun.net.PortConfig;
import sun.security.util.RegisteredDomain;
@ -1349,16 +1349,13 @@ final class SocketPermissionCollection extends PermissionCollection
implements Serializable
{
// Not serialized; see serialization section at end of class
// A ConcurrentSkipListMap is used to preserve order, so that most
// recently added permissions are checked first (see JDK-4301064).
private transient ConcurrentSkipListMap<String, SocketPermission> perms;
private transient Map<String, SocketPermission> perms;
/**
* Create an empty SocketPermissions object.
*
* Create an empty SocketPermissionCollection object.
*/
public SocketPermissionCollection() {
perms = new ConcurrentSkipListMap<>(new SPCComparator());
perms = new ConcurrentHashMap<>();
}
/**
@ -1431,6 +1428,18 @@ final class SocketPermissionCollection extends PermissionCollection
int effective = 0;
int needed = desired;
var hit = perms.get(np.getName());
if (hit != null) {
// fastpath, if the host was explicitly listed
if (((needed & hit.getMask()) != 0) && hit.impliesIgnoreMask(np)) {
effective |= hit.getMask();
if ((effective & desired) == desired) {
return true;
}
needed = (desired & ~effective);
}
}
//System.out.println("implies "+np);
for (SocketPermission x : perms.values()) {
//System.out.println(" trying "+x);
@ -1512,22 +1521,9 @@ final class SocketPermissionCollection extends PermissionCollection
// Get the one we want
@SuppressWarnings("unchecked")
Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null);
perms = new ConcurrentSkipListMap<>(new SPCComparator());
perms = new ConcurrentHashMap<>(permissions.size());
for (SocketPermission sp : permissions) {
perms.put(sp.getName(), sp);
}
}
/**
* A simple comparator that orders new non-equal entries at the beginning.
*/
private static class SPCComparator implements Comparator<String> {
@Override
public int compare(String s1, String s2) {
if (s1.equals(s2)) {
return 0;
}
return -1;
}
}
}

10
test/jdk/java/net/SocketPermission/SocketPermissionCollection.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/*
* @test
* @bug 8056179
* @bug 8056179 8231785
* @summary Unit test for PermissionCollection subclasses
*/
@ -126,8 +126,10 @@ public class SocketPermissionCollection {
testFail++;
}
// test 13
System.out.println("test 13: elements returns correct number of perms");
// test 10
System.out.println("test 10: elements returns correct number of perms");
perms.add(new SocketPermission("www.example.us", "resolve"));
int numPerms = 0;
Enumeration<Permission> e = perms.elements();
while (e.hasMoreElements()) {