mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 14:54:52 +02:00
8231785: Improved socket permissions
Reviewed-by: ahgross, chegar, mullan, rhalade
This commit is contained in:
Ivan Gerasimov
parent
123febeb98
commit
6c16f55fde
2 changed files with 25 additions and 27 deletions
|
|
@ -37,12 +37,12 @@ import java.security.PermissionCollection;
|
||||||
import java.security.PrivilegedAction;
|
import java.security.PrivilegedAction;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Comparator;
|
|
||||||
import java.util.Enumeration;
|
import java.util.Enumeration;
|
||||||
import java.util.Vector;
|
import java.util.Map;
|
||||||
import java.util.StringJoiner;
|
import java.util.StringJoiner;
|
||||||
import java.util.StringTokenizer;
|
import java.util.StringTokenizer;
|
||||||
import java.util.concurrent.ConcurrentSkipListMap;
|
import java.util.Vector;
|
||||||
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
import sun.net.util.IPAddressUtil;
|
import sun.net.util.IPAddressUtil;
|
||||||
import sun.net.PortConfig;
|
import sun.net.PortConfig;
|
||||||
import sun.security.util.RegisteredDomain;
|
import sun.security.util.RegisteredDomain;
|
||||||
|
|
@ -1349,16 +1349,13 @@ final class SocketPermissionCollection extends PermissionCollection
|
||||||
implements Serializable
|
implements Serializable
|
||||||
{
|
{
|
||||||
// Not serialized; see serialization section at end of class
|
// Not serialized; see serialization section at end of class
|
||||||
// A ConcurrentSkipListMap is used to preserve order, so that most
|
private transient Map<String, SocketPermission> perms;
|
||||||
// recently added permissions are checked first (see JDK-4301064).
|
|
||||||
private transient ConcurrentSkipListMap<String, SocketPermission> perms;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create an empty SocketPermissions object.
|
* Create an empty SocketPermissionCollection object.
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
public SocketPermissionCollection() {
|
public SocketPermissionCollection() {
|
||||||
perms = new ConcurrentSkipListMap<>(new SPCComparator());
|
perms = new ConcurrentHashMap<>();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -1431,6 +1428,18 @@ final class SocketPermissionCollection extends PermissionCollection
|
||||||
int effective = 0;
|
int effective = 0;
|
||||||
int needed = desired;
|
int needed = desired;
|
||||||
|
|
||||||
|
var hit = perms.get(np.getName());
|
||||||
|
if (hit != null) {
|
||||||
|
// fastpath, if the host was explicitly listed
|
||||||
|
if (((needed & hit.getMask()) != 0) && hit.impliesIgnoreMask(np)) {
|
||||||
|
effective |= hit.getMask();
|
||||||
|
if ((effective & desired) == desired) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
needed = (desired & ~effective);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//System.out.println("implies "+np);
|
//System.out.println("implies "+np);
|
||||||
for (SocketPermission x : perms.values()) {
|
for (SocketPermission x : perms.values()) {
|
||||||
//System.out.println(" trying "+x);
|
//System.out.println(" trying "+x);
|
||||||
|
|
@ -1512,22 +1521,9 @@ final class SocketPermissionCollection extends PermissionCollection
|
||||||
// Get the one we want
|
// Get the one we want
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null);
|
Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null);
|
||||||
perms = new ConcurrentSkipListMap<>(new SPCComparator());
|
perms = new ConcurrentHashMap<>(permissions.size());
|
||||||
for (SocketPermission sp : permissions) {
|
for (SocketPermission sp : permissions) {
|
||||||
perms.put(sp.getName(), sp);
|
perms.put(sp.getName(), sp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* A simple comparator that orders new non-equal entries at the beginning.
|
|
||||||
*/
|
|
||||||
private static class SPCComparator implements Comparator<String> {
|
|
||||||
@Override
|
|
||||||
public int compare(String s1, String s2) {
|
|
||||||
if (s1.equals(s2)) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
|
@ -23,7 +23,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @test
|
* @test
|
||||||
* @bug 8056179
|
* @bug 8056179 8231785
|
||||||
* @summary Unit test for PermissionCollection subclasses
|
* @summary Unit test for PermissionCollection subclasses
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
@ -126,8 +126,10 @@ public class SocketPermissionCollection {
|
||||||
testFail++;
|
testFail++;
|
||||||
}
|
}
|
||||||
|
|
||||||
// test 13
|
|
||||||
System.out.println("test 13: elements returns correct number of perms");
|
// test 10
|
||||||
|
System.out.println("test 10: elements returns correct number of perms");
|
||||||
|
perms.add(new SocketPermission("www.example.us", "resolve"));
|
||||||
int numPerms = 0;
|
int numPerms = 0;
|
||||||
Enumeration<Permission> e = perms.elements();
|
Enumeration<Permission> e = perms.elements();
|
||||||
while (e.hasMoreElements()) {
|
while (e.hasMoreElements()) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue