8331011: [XWayland] TokenStorage fails under Security Manager

Reviewed-by: prr, honkar, serb
This commit is contained in:
Alexander Zvegintsev 2024-05-02 12:20:18 +00:00
parent 257a07d5ca
commit 9912abf586

@ -1,5 +1,5 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2023, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,8 @@ import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.nio.file.attribute.PosixFilePermission;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedHashSet;
@ -58,6 +60,7 @@ import static sun.awt.screencast.ScreencastHelper.SCREENCAST_DEBUG;
* The restore token allows the ScreenCast session to be restored
* with previously granted screen access permissions.
*/
@SuppressWarnings("removal")
final class TokenStorage {
private TokenStorage() {}
@ -69,8 +72,24 @@ final class TokenStorage {
private static final Path PROPS_PATH;
private static final Path PROP_FILENAME;
private static void doPrivilegedRunnable(Runnable runnable) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
runnable.run();
return null;
}
});
}
static {
PROPS_PATH = setupPath();
PROPS_PATH = AccessController.doPrivileged(new PrivilegedAction<Path>() {
@Override
public Path run() {
return setupPath();
}
});
if (PROPS_PATH != null) {
PROP_FILENAME = PROPS_PATH.getFileName();
if (SCREENCAST_DEBUG) {
@ -192,9 +211,9 @@ final class TokenStorage {
}
if (kind == ENTRY_CREATE) {
setFilePermission(PROPS_PATH);
doPrivilegedRunnable(() -> setFilePermission(PROPS_PATH));
} else if (kind == ENTRY_MODIFY) {
readTokens(PROPS_PATH);
doPrivilegedRunnable(() -> readTokens(PROPS_PATH));
} else if (kind == ENTRY_DELETE) {
synchronized (PROPS) {
PROPS.clear();
@ -207,24 +226,31 @@ final class TokenStorage {
}
}
private static WatchService watchService;
private static void setupWatch() {
try {
WatchService watchService =
FileSystems.getDefault().newWatchService();
doPrivilegedRunnable(() -> {
try {
watchService =
FileSystems.getDefault().newWatchService();
PROPS_PATH
.getParent()
.register(watchService,
ENTRY_CREATE,
ENTRY_DELETE,
ENTRY_MODIFY);
PROPS_PATH
.getParent()
.register(watchService,
ENTRY_CREATE,
ENTRY_DELETE,
ENTRY_MODIFY);
new WatcherThread(watchService).start();
} catch (Exception e) {
if (SCREENCAST_DEBUG) {
System.err.printf("Token storage: failed to setup " +
"file watch %s\n", e);
} catch (Exception e) {
if (SCREENCAST_DEBUG) {
System.err.printf("Token storage: failed to setup " +
"file watch %s\n", e);
}
}
});
if (watchService != null) {
new WatcherThread(watchService).start();
}
}
@ -276,7 +302,7 @@ final class TokenStorage {
}
if (changed) {
store("save tokens");
doPrivilegedRunnable(() -> store("save tokens"));
}
}
}
@ -331,7 +357,7 @@ final class TokenStorage {
.toList();
}
removeMalformedRecords(malformed);
doPrivilegedRunnable(() -> removeMalformedRecords(malformed));
// 1. Try to find exact matches
for (TokenItem tokenItem : allTokenItems) {