From 9eb755e85eac7b7ea4c4a8c769bef423ed16e580 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Mon, 22 Apr 2019 13:01:57 +0800 Subject: [PATCH] 8209901: Canonical file handling Reviewed-by: mullan, alanb, ahgross --- .../share/classes/java/io/FilePermission.java | 3 + .../sun/security/util/FilePermCompat.java | 9 ++- .../share/conf/security/java.security | 19 +++++ test/jdk/java/security/testlibrary/Proc.java | 28 ++++++- .../security/util/FilePermCompat/Flag.java | 80 ++++++++++++++++--- 5 files changed, 126 insertions(+), 13 deletions(-) diff --git a/src/java.base/share/classes/java/io/FilePermission.java b/src/java.base/share/classes/java/io/FilePermission.java index 614bfe1b855..7c785dd90fa 100644 --- a/src/java.base/share/classes/java/io/FilePermission.java +++ b/src/java.base/share/classes/java/io/FilePermission.java @@ -463,6 +463,9 @@ public final class FilePermission extends Permission implements Serializable { *

* The default value of the {@code jdk.io.permissionsUseCanonicalPath} * system property is {@code false} in this implementation. + *

+ * The value can also be set with a security property using the same name, + * but setting a system property will override the security property value. * * @param path the pathname of the file/directory. * @param actions the action string. diff --git a/src/java.base/share/classes/sun/security/util/FilePermCompat.java b/src/java.base/share/classes/sun/security/util/FilePermCompat.java index 3c0bf487c22..e10cd88e724 100644 --- a/src/java.base/share/classes/sun/security/util/FilePermCompat.java +++ b/src/java.base/share/classes/sun/security/util/FilePermCompat.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,8 +42,11 @@ public class FilePermCompat { public static final boolean compat; static { - String flag = GetPropertyAction.privilegedGetProperty( - "jdk.io.permissionsUseCanonicalPath", "false"); + String flag = SecurityProperties.privilegedGetOverridable( + "jdk.io.permissionsUseCanonicalPath"); + if (flag == null) { + flag = "false"; + } switch (flag) { case "true": nb = false; diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index 422ba515c6a..cee1b01c13b 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -1214,6 +1214,25 @@ jdk.sasl.disabledMechanisms= # jdk.security.caDistrustPolicies=SYMANTEC_TLS +# +# FilePermission path canonicalization +# +# This security property dictates how the path argument is processed and stored +# while constructing a FilePermission object. If the value is set to true, the +# path argument is canonicalized and FilePermission methods (such as implies, +# equals, and hashCode) are implemented based on this canonicalized result. +# Otherwise, the path argument is not canonicalized and FilePermission methods are +# implemented based on the original input. See the implementation note of the +# FilePermission class for more details. +# +# If a system property of the same name is also specified, it supersedes the +# security property value defined here. +# +# The default value for this property is false. +# +jdk.io.permissionsUseCanonicalPath=false + + # # Policies for the proxy_impersonator Kerberos ccache configuration entry # diff --git a/test/jdk/java/security/testlibrary/Proc.java b/test/jdk/java/security/testlibrary/Proc.java index abbc86a33be..cff7e790e7e 100644 --- a/test/jdk/java/security/testlibrary/Proc.java +++ b/test/jdk/java/security/testlibrary/Proc.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ import java.io.BufferedReader; import java.io.File; import java.io.IOException; import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintStream; +import java.io.UncheckedIOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -110,6 +113,7 @@ public class Proc { private List args = new ArrayList<>(); private Map env = new HashMap<>(); private Map prop = new HashMap(); + private Map secprop = new HashMap(); private boolean inheritIO = false; private boolean noDump = false; @@ -176,6 +180,11 @@ public class Proc { prop.put(a, b); return this; } + // Specifies a security property. Can be called multiple times. + public Proc secprop(String a, String b) { + secprop.put(a, b); + return this; + } // Inherit the value of a system property public Proc inheritProp(String k) { String v = System.getProperty(k); @@ -282,6 +291,17 @@ public class Proc { cmd.add(cp.stream().collect(Collectors.joining(File.pathSeparator))); } + if (!secprop.isEmpty()) { + Path p = Path.of(getId("security")); + try (OutputStream fos = Files.newOutputStream(p); + PrintStream ps = new PrintStream(fos)) { + secprop.forEach((k,v) -> ps.println(k + "=" + v)); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + prop.put("java.security.properties", p.toString()); + } + for (Entry e: prop.entrySet()) { cmd.add("-D" + e.getKey() + "=" + e.getValue()); } @@ -380,6 +400,12 @@ public class Proc { } return p.waitFor(); } + // Wait for process end with expected exit code + public void waitFor(int expected) throws Exception { + if (p.waitFor() != expected) { + throw new RuntimeException("Exit code not " + expected); + } + } // The following methods are used inside a proc diff --git a/test/jdk/sun/security/util/FilePermCompat/Flag.java b/test/jdk/sun/security/util/FilePermCompat/Flag.java index dab4cff5b14..00c7fbc2677 100644 --- a/test/jdk/sun/security/util/FilePermCompat/Flag.java +++ b/test/jdk/sun/security/util/FilePermCompat/Flag.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,22 +23,84 @@ /* * @test - * @bug 8164705 + * @bug 8164705 8209901 + * @library /test/jdk/java/security/testlibrary + * @modules java.base/jdk.internal.misc * @summary check jdk.filepermission.canonicalize - * @run main/othervm/policy=flag.policy - * -Djdk.io.permissionsUseCanonicalPath=true Flag true true - * @run main/othervm/policy=flag.policy - * -Djdk.io.permissionsUseCanonicalPath=false Flag false true - * @run main/othervm/policy=flag.policy Flag false true */ import java.io.File; import java.io.FilePermission; import java.lang.*; +import java.nio.file.Path; public class Flag { public static void main(String[] args) throws Exception { + if (args.length == 0) { + String policy = Path.of( + System.getProperty("test.src"), "flag.policy").toString(); + + // effectively true + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .prop("jdk.io.permissionsUseCanonicalPath", "true") + .args("run", "true", "true") + .start() + .waitFor(0); + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .secprop("jdk.io.permissionsUseCanonicalPath", "true") + .args("run", "true", "true") + .start() + .waitFor(0); + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .secprop("jdk.io.permissionsUseCanonicalPath", "false") + .prop("jdk.io.permissionsUseCanonicalPath", "true") + .args("run", "true", "true") + .start() + .waitFor(0); + + // effectively false + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .prop("jdk.io.permissionsUseCanonicalPath", "false") + .args("run", "false", "true") + .start() + .waitFor(0); + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .secprop("jdk.io.permissionsUseCanonicalPath", "false") + .args("run", "false", "true") + .start() + .waitFor(0); + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .secprop("jdk.io.permissionsUseCanonicalPath", "true") + .prop("jdk.io.permissionsUseCanonicalPath", "false") + .args("run", "false", "true") + .start() + .waitFor(0); + Proc.create("Flag") + .prop("java.security.manager", "") + .prop("java.security.policy", policy) + .args("run", "false", "true") + .start() + .waitFor(0); + } else { + run(args); + } + } + + static void run(String[] args) throws Exception { + boolean test1; boolean test2; @@ -55,8 +117,8 @@ public class Flag { test2 = false; } - if (test1 != Boolean.parseBoolean(args[0]) || - test2 != Boolean.parseBoolean(args[1])) { + if (test1 != Boolean.parseBoolean(args[1]) || + test2 != Boolean.parseBoolean(args[2])) { throw new Exception("Test failed: " + test1 + " " + test2); } }