archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344078: Remove security manager dependency in java.nio

Browse source 
Reviewed-by: alanb, rriggs
This commit is contained in:
Brian Burkhalter 2024-11-18 19:17:14 +00:00
parent 2649406323
commit 922b12f30c
67 changed files with 285 additions and 1480 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/java.base/unix/classes/sun/nio/ch/InheritedChannel.java
View file

@ -149,18 +149,6 @@ class InheritedChannel {
}
}
/*
* If there's a SecurityManager then check for the appropriate
* RuntimePermission.
*/
private static void checkAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("inheritedChannel"));
}
}
/*
* If standard inherited channel is connected to a socket then return a Channel
* of the appropriate type based standard input.
@ -252,11 +240,6 @@ class InheritedChannel {
haveChannel = true;
}
// if there is a channel then do the security check before
// returning it.
if (channel != null) {
checkAccess();
}
return channel;
}

58
src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,9 +31,6 @@ import java.io.IOException;
import java.io.FileDescriptor;
import java.net.InetSocketAddress;
import java.util.concurrent.atomic.AtomicBoolean;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Unix implementation of AsynchronousServerSocketChannel
@ -64,11 +61,6 @@ class UnixAsynchronousServerSocketChannelImpl
private Object acceptAttachment;
private PendingFuture<AsynchronousSocketChannel,Object> acceptFuture;
// context for permission check when security manager set
@SuppressWarnings("removal")
private AccessControlContext acceptAcc;
UnixAsynchronousServerSocketChannelImpl(Port port)
throws IOException
{
@ -165,9 +157,9 @@ class UnixAsynchronousServerSocketChannelImpl
AsynchronousSocketChannel child = null;
if (exc == null) {
try {
child = finishAccept(newfd, isaa[0], acceptAcc);
child = finishAccept(newfd, isaa[0]);
} catch (Throwable x) {
if (!(x instanceof IOException) && !(x instanceof SecurityException))
if (!(x instanceof IOException))
x = new IOException(x);
exc = x;
}
@ -198,14 +190,12 @@ class UnixAsynchronousServerSocketChannelImpl
/**
* Completes the accept by creating the AsynchronousSocketChannel for
* the given file descriptor and remote address. If this method completes
* with an IOException or SecurityException then the channel/file descriptor
* with an IOException then the channel/file descriptor
* will be closed.
*/
@SuppressWarnings("removal")
private AsynchronousSocketChannel finishAccept(FileDescriptor newfd,
final InetSocketAddress remote,
AccessControlContext acc)
throws IOException, SecurityException
final InetSocketAddress remote)
throws IOException
{
AsynchronousSocketChannel ch = null;
try {
@ -215,38 +205,9 @@ class UnixAsynchronousServerSocketChannelImpl
throw x;
}
// permission check must always be in initiator's context
try {
if (acc != null) {
AccessController.doPrivileged(new PrivilegedAction<>() {
public Void run() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkAccept(remote.getAddress().getHostAddress(),
remote.getPort());
}
return null;
}
}, acc);
} else {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkAccept(remote.getAddress().getHostAddress(),
remote.getPort());
}
}
} catch (SecurityException x) {
try {
ch.close();
} catch (Throwable suppressed) {
x.addSuppressed(suppressed);
}
throw x;
}
return ch;
}
@SuppressWarnings("removal")
@Override
Future<AsynchronousSocketChannel> implAccept(Object att,
CompletionHandler<AsynchronousSocketChannel,Object> handler)
@ -283,9 +244,6 @@ class UnixAsynchronousServerSocketChannelImpl
int n = Net.accept(this.fd, newfd, isaa);
if (n == IOStatus.UNAVAILABLE) {
// need calling context when there is security manager as
// permission check may be done in a different thread without
// any application call frames on the stack
PendingFuture<AsynchronousSocketChannel,Object> result = null;
synchronized (updateLock) {
if (handler == null) {
@ -296,8 +254,6 @@ class UnixAsynchronousServerSocketChannelImpl
this.acceptHandler = handler;
this.acceptAttachment = att;
}
this.acceptAcc = (System.getSecurityManager() == null) ?
null : AccessController.getContext();
this.acceptPending = true;
}
@ -318,7 +274,7 @@ class UnixAsynchronousServerSocketChannelImpl
if (exc == null) {
// connection accepted immediately
try {
child = finishAccept(newfd, isaa[0], null);
child = finishAccept(newfd, isaa[0]);
} catch (Throwable x) {
exc = x;
}

11
src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import java.io.FileDescriptor;
import sun.net.ConnectionResetException;
import sun.net.NetHooks;
import sun.net.util.SocketExceptions;
import sun.security.action.GetPropertyAction;
/**
* Unix implementation of AsynchronousSocketChannel
@ -49,7 +48,7 @@ class UnixAsynchronousSocketChannelImpl
private static final boolean disableSynchronousRead;
static {
String propValue = GetPropertyAction.privilegedGetProperty(
String propValue = System.getProperty(
"sun.nio.ch.disableSynchronousRead", "false");
disableSynchronousRead = propValue.isEmpty() ?
true : Boolean.parseBoolean(propValue);
@ -309,12 +308,6 @@ class UnixAsynchronousSocketChannelImpl
InetSocketAddress isa = Net.checkAddress(remote);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkConnect(isa.getAddress().getHostAddress(), isa.getPort());
// check and set state
boolean notifyBeforeTcpConnect;
synchronized (stateLock) {

18
src/java.base/unix/classes/sun/nio/ch/UnixDomainSocketsUtil.java
View file

@ -26,8 +26,6 @@
package sun.nio.ch;
import java.nio.charset.Charset;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.net.NetProperties;
import jdk.internal.util.StaticProperty;
@ -51,16 +49,12 @@ class UnixDomainSocketsUtil {
* 2. ${jdk.net.unixdomain.tmpdir} if set as net property
* 3. ${java.io.tmpdir} system property
*/
@SuppressWarnings("removal")
static String getTempDir() {
PrivilegedAction<String> action = () -> {
String s = NetProperties.get("jdk.net.unixdomain.tmpdir");
if (s != null && s.length() > 0) {
return s;
} else {
return StaticProperty.javaIoTmpDir();
}
};
return AccessController.doPrivileged(action);
String s = NetProperties.get("jdk.net.unixdomain.tmpdir");
if (s != null && s.length() > 0) {
return s;
} else {
return StaticProperty.javaIoTmpDir();
}
}
}

24
src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,8 +29,6 @@ import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@ -93,19 +91,13 @@ class MimeTypesFileTypeDetector extends AbstractFileTypeDetector {
if (!loaded) {
synchronized (this) {
if (!loaded) {
@SuppressWarnings("removal")
List<String> lines = AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override
public List<String> run() {
try {
return Files.readAllLines(mimeTypesFile,
Charset.defaultCharset());
} catch (IOException ignore) {
return Collections.emptyList();
}
}
});
List<String> lines;
try {
lines = Files.readAllLines(mimeTypesFile,
Charset.defaultCharset());
} catch (IOException ignore) {
lines = Collections.emptyList();
}
mimeTypeMap = HashMap.newHashMap(lines.size());
String entry = "";

24
src/java.base/unix/classes/sun/nio/fs/UnixChannelFactory.java
View file

@ -25,9 +25,9 @@
package sun.nio.fs;
import java.io.FileDescriptor;
import java.nio.file.*;
import java.nio.channels.*;
import java.io.FileDescriptor;
import java.util.Set;
import jdk.internal.access.SharedSecrets;
@ -108,7 +108,6 @@ class UnixChannelFactory {
*/
static FileChannel newFileChannel(int dfd,
UnixPath path,
String pathForPermissionCheck,
Set<? extends OpenOption> options,
int mode)
throws UnixException
@ -130,7 +129,7 @@ class UnixChannelFactory {
if (flags.append && flags.truncateExisting)
throw new IllegalArgumentException("APPEND + TRUNCATE_EXISTING not allowed");
FileDescriptor fdObj = open(dfd, path, pathForPermissionCheck, flags, mode);
FileDescriptor fdObj = open(dfd, path, flags, mode);
return FileChannelImpl.open(fdObj, path.toString(), flags.read, flags.write,
(flags.sync || flags.dsync), flags.direct, null);
}
@ -143,7 +142,7 @@ class UnixChannelFactory {
int mode)
throws UnixException
{
return newFileChannel(-1, path, null, options, mode);
return newFileChannel(-1, path, options, mode);
}
/**
@ -167,7 +166,7 @@ class UnixChannelFactory {
throw new UnsupportedOperationException("APPEND not allowed");
// for now use simple implementation
FileDescriptor fdObj = open(-1, path, null, flags, mode);
FileDescriptor fdObj = open(-1, path, flags, mode);
return SimpleAsynchronousFileChannelImpl.open(fdObj, path.toString(), flags.read, flags.write, pool);
}
@ -177,7 +176,6 @@ class UnixChannelFactory {
*/
protected static FileDescriptor open(int dfd,
UnixPath path,
String pathForPermissionCheck,
Flags flags,
int mode)
throws UnixException
@ -236,20 +234,6 @@ class UnixChannelFactory {
if (flags.direct)
oflags |= O_DIRECT;
// permission check before we open the file
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (pathForPermissionCheck == null)
pathForPermissionCheck = path.getPathForPermissionCheck();
if (flags.read)
sm.checkRead(pathForPermissionCheck);
if (flags.write)
sm.checkWrite(pathForPermissionCheck);
if (flags.deleteOnClose)
sm.checkDelete(pathForPermissionCheck);
}
int fd;
try {
if (dfd >= 0) {

28
src/java.base/unix/classes/sun/nio/fs/UnixFileAttributeViews.java
View file

@ -25,11 +25,11 @@
package sun.nio.fs;
import java.io.IOException;
import java.nio.file.*;
import java.nio.file.attribute.*;
import java.util.*;
import java.util.concurrent.TimeUnit;
import java.io.IOException;
import static sun.nio.fs.UnixConstants.*;
import static sun.nio.fs.UnixNativeDispatcher.*;
@ -47,7 +47,6 @@ class UnixFileAttributeViews {
@Override
public BasicFileAttributes readAttributes() throws IOException {
file.checkRead();
try {
UnixFileAttributes attrs =
UnixFileAttributes.get(file, followLinks);
@ -69,9 +68,6 @@ class UnixFileAttributeViews {
return;
}
// permission check
file.checkWrite();
// use a file descriptor if possible to avoid a race due to
// accessing a path more than once as the file at that path could
// change.
@ -156,24 +152,6 @@ class UnixFileAttributeViews {
super(file, followLinks);
}
final void checkReadExtended() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
file.checkRead();
sm.checkPermission(new RuntimePermission("accessUserInformation"));
}
}
final void checkWriteExtended() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
file.checkWrite();
sm.checkPermission(new RuntimePermission("accessUserInformation"));
}
}
@Override
public String name() {
return "posix";
@ -228,7 +206,6 @@ class UnixFileAttributeViews {
@Override
public UnixFileAttributes readAttributes() throws IOException {
checkReadExtended();
try {
return UnixFileAttributes.get(file, followLinks);
} catch (UnixException x) {
@ -239,8 +216,6 @@ class UnixFileAttributeViews {
// chmod
final void setMode(int mode) throws IOException {
checkWriteExtended();
if (followLinks) {
try {
chmod(file, mode);
@ -283,7 +258,6 @@ class UnixFileAttributeViews {
// chown
final void setOwners(int uid, int gid) throws IOException {
checkWriteExtended();
try {
if (followLinks) {
chown(file, uid, gid);

12
src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,8 +34,6 @@ import java.nio.file.attribute.*;
import java.nio.channels.*;
import java.util.*;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Base implementation of FileStore for Unix/like implementations.
@ -269,17 +267,11 @@ abstract class UnixFileStore
/**
* Returns status to indicate if file system supports a given feature
*/
@SuppressWarnings("removal")
FeatureStatus checkIfFeaturePresent(String feature) {
if (props == null) {
synchronized (loadLock) {
if (props == null) {
props = AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override
public Properties run() {
return loadProperties();
}});
props = loadProperties();
}
}
}

66
src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java
View file

@ -34,7 +34,6 @@ import java.nio.file.FileStore;
import java.nio.file.FileSystem;
import java.nio.file.FileSystemException;
import java.nio.file.LinkOption;
import java.nio.file.LinkPermission;
import java.nio.file.Path;
import java.nio.file.PathMatcher;
import java.nio.file.StandardCopyOption;
@ -54,7 +53,6 @@ import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import sun.nio.ch.DirectBuffer;
import sun.nio.ch.IOStatus;
import sun.security.action.GetPropertyAction;
import static sun.nio.fs.UnixConstants.*;
import static sun.nio.fs.UnixNativeDispatcher.*;
@ -87,8 +85,7 @@ abstract class UnixFileSystem
// if process-wide chdir is allowed or default directory is not the
// process working directory then paths must be resolved against the
// default directory.
String propValue = GetPropertyAction
.privilegedGetProperty("sun.nio.fs.chdirAllowed", "false");
String propValue = System.getProperty("sun.nio.fs.chdirAllowed", "false");
boolean chdirAllowed = propValue.isEmpty() ? true : Boolean.parseBoolean(propValue);
if (chdirAllowed) {
this.needToResolveAgainstDefaultDirectory = true;
@ -179,20 +176,7 @@ abstract class UnixFileSystem
*/
@Override
public final Iterable<Path> getRootDirectories() {
final List<Path> allowedList = List.of(rootDirectory);
return new Iterable<>() {
public Iterator<Path> iterator() {
try {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkRead(rootDirectory.toString());
return allowedList.iterator();
} catch (SecurityException x) {
return Collections.emptyIterator(); //disallowed
}
}
};
return List.of(rootDirectory);
}
/**
@ -228,16 +212,6 @@ abstract class UnixFileSystem
if (entry.isIgnored())
continue;
// check permission to read mount point
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkRead(Util.toString(entry.dir()));
} catch (SecurityException x) {
continue;
}
}
try {
return getFileStore(entry);
} catch (IOException ignore) {
@ -275,20 +249,7 @@ abstract class UnixFileSystem
@Override
public final Iterable<FileStore> getFileStores() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new RuntimePermission("getFileStoreAttributes"));
} catch (SecurityException se) {
return Collections.emptyList();
}
}
return new Iterable<>() {
public Iterator<FileStore> iterator() {
return new FileStoreIterator();
}
};
return FileStoreIterator::new;
}
@Override
@ -845,14 +806,6 @@ abstract class UnixFileSystem
void move(UnixPath source, UnixPath target, CopyOption... options)
throws IOException
{
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
source.checkWrite();
target.checkWrite();
}
// translate options into flags
Flags flags = Flags.fromMoveOptions(options);
@ -988,14 +941,6 @@ abstract class UnixFileSystem
final UnixPath target,
CopyOption... options) throws IOException
{
// permission checks
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
source.checkRead();
target.checkWrite();
}
// translate options into flags
final Flags flags = Flags.fromCopyOptions(options);
@ -1009,11 +954,6 @@ abstract class UnixFileSystem
x.rethrowAsIOException(source);
}
// if source file is symbolic link then we must check LinkPermission
if (sm != null && sourceAttrs.isSymbolicLink()) {
sm.checkPermission(new LinkPermission("symbolic"));
}
// ensure source can be copied
if (!sourceAttrs.isSymbolicLink() || flags.followLinks) {
// the access(2) system call always follows links so it

58
src/java.base/unix/classes/sun/nio/fs/UnixFileSystemProvider.java
View file

@ -40,7 +40,6 @@ import java.nio.file.FileStore;
import java.nio.file.FileSystem;
import java.nio.file.FileSystemAlreadyExistsException;
import java.nio.file.LinkOption;
import java.nio.file.LinkPermission;
import java.nio.file.NotDirectoryException;
import java.nio.file.NotLinkException;
import java.nio.file.OpenOption;
@ -59,7 +58,6 @@ import java.util.concurrent.ExecutorService;
import jdk.internal.util.StaticProperty;
import sun.nio.ch.ThreadPool;
import sun.security.util.SecurityConstants;
import static sun.nio.fs.UnixNativeDispatcher.*;
import static sun.nio.fs.UnixConstants.*;
@ -171,7 +169,6 @@ public abstract class UnixFileSystemProvider
{
if (type == BasicFileAttributes.class && Util.followLinks(options)) {
UnixPath file = UnixPath.toUnixPath(path);
file.checkRead();
try {
@SuppressWarnings("unchecked")
A attrs = (A) UnixFileAttributes.getIfExists(file);
@ -250,7 +247,6 @@ public abstract class UnixFileSystemProvider
@Override
boolean implDelete(Path obj, boolean failIfNotExists) throws IOException {
UnixPath file = UnixPath.toUnixPath(obj);
file.checkDelete();
// need file attributes to know if file is directory
UnixFileAttributes attrs = null;
@ -317,20 +313,12 @@ public abstract class UnixFileSystemProvider
int mode = 0;
if (e || r) {
file.checkRead();
mode |= (r) ? R_OK : F_OK;
}
if (w) {
file.checkWrite();
mode |= W_OK;
}
if (x) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// not cached
sm.checkExec(file.getPathForPermissionCheck());
}
mode |= X_OK;
}
int errno = access(file, mode);
@ -341,26 +329,18 @@ public abstract class UnixFileSystemProvider
@Override
public boolean isReadable(Path path) {
UnixPath file = UnixPath.toUnixPath(path);
file.checkRead();
return access(file, R_OK) == 0;
}
@Override
public boolean isWritable(Path path) {
UnixPath file = UnixPath.toUnixPath(path);
file.checkWrite();
return access(file, W_OK) == 0;
}
@Override
public boolean isExecutable(Path path) {
UnixPath file = UnixPath.toUnixPath(path);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// not cached
sm.checkExec(file.getPathForPermissionCheck());
}
return access(file, X_OK) == 0;
}
@ -374,10 +354,6 @@ public abstract class UnixFileSystemProvider
if (!(obj2 instanceof UnixPath file2))
return false;
// check security manager access to both files
file1.checkRead();
file2.checkRead();
UnixFileAttributes attrs1;
UnixFileAttributes attrs2;
try {
@ -398,7 +374,6 @@ public abstract class UnixFileSystemProvider
@Override
public boolean isHidden(Path obj) {
UnixPath file = UnixPath.toUnixPath(obj);
file.checkRead();
UnixPath name = file.getFileName();
if (name == null)
return false;
@ -421,12 +396,6 @@ public abstract class UnixFileSystemProvider
@Override
public FileStore getFileStore(Path obj) throws IOException {
UnixPath file = UnixPath.toUnixPath(obj);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getFileStoreAttributes"));
file.checkRead();
}
return getFileStore(file);
}
@ -435,7 +404,6 @@ public abstract class UnixFileSystemProvider
throws IOException
{
UnixPath dir = UnixPath.toUnixPath(obj);
dir.checkWrite();
int mode = UnixFileModeAttribute.toUnixMode(UnixFileModeAttribute.ALL_PERMISSIONS, attrs);
try {
@ -453,7 +421,6 @@ public abstract class UnixFileSystemProvider
throws IOException
{
UnixPath dir = UnixPath.toUnixPath(obj);
dir.checkRead();
if (filter == null)
throw new NullPointerException();
@ -506,14 +473,6 @@ public abstract class UnixFileSystemProvider
" not supported when creating symbolic link");
}
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new LinkPermission("symbolic"));
link.checkWrite();
}
// create link
try {
symlink(target.asByteArray(), link);
@ -527,14 +486,6 @@ public abstract class UnixFileSystemProvider
UnixPath link = UnixPath.toUnixPath(obj1);
UnixPath existing = UnixPath.toUnixPath(obj2);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new LinkPermission("hard"));
link.checkWrite();
existing.checkWrite();
}
try {
link(existing, link);
} catch (UnixException x) {
@ -545,14 +496,6 @@ public abstract class UnixFileSystemProvider
@Override
public Path readSymbolicLink(Path obj1) throws IOException {
UnixPath link = UnixPath.toUnixPath(obj1);
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission perm = new FilePermission(link.getPathForPermissionCheck(),
SecurityConstants.FILE_READLINK_ACTION);
sm.checkPermission(perm);
}
try {
byte[] target = readlink(link);
return new UnixPath(link.getFileSystem(), target);
@ -568,7 +511,6 @@ public abstract class UnixFileSystemProvider
public boolean exists(Path path, LinkOption... options) {
if (Util.followLinks(options)) {
UnixPath file = UnixPath.toUnixPath(path);
file.checkRead();
return access(file, F_OK) == 0;
} else {
return super.exists(path, options);

32
src/java.base/unix/classes/sun/nio/fs/UnixPath.java
View file

@ -833,47 +833,18 @@ class UnixPath implements Path {
return open(this, flags, 0);
}
void checkRead() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkRead(getPathForPermissionCheck());
}
void checkWrite() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkWrite(getPathForPermissionCheck());
}
void checkDelete() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkDelete(getPathForPermissionCheck());
}
@Override
public UnixPath toAbsolutePath() {
if (isAbsolute()) {
return this;
}
// The path is relative so need to resolve against default directory,
// taking care not to reveal the user.dir
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPropertyAccess("user.dir");
}
// The path is relative so need to resolve against default directory
return new UnixPath(getFileSystem(),
resolve(getFileSystem().defaultDirectory(), path));
}
@Override
public Path toRealPath(LinkOption... options) throws IOException {
checkRead();
UnixPath absolute = toAbsolutePath();
// if resolving links then use realpath
@ -1022,7 +993,6 @@ class UnixPath implements Path {
throw new NullPointerException();
if (!(watcher instanceof AbstractWatchService))
throw new ProviderMismatchException();
checkRead();
return ((AbstractWatchService)watcher).register(this, events, modifiers);
}
}

79
src/java.base/unix/classes/sun/nio/fs/UnixSecureDirectoryStream.java
View file

@ -25,12 +25,12 @@
package sun.nio.fs;
import java.io.IOException;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.*;
import java.nio.file.attribute.*;
import java.nio.channels.SeekableByteChannel;
import java.util.*;
import java.util.concurrent.TimeUnit;
import java.io.IOException;
import static sun.nio.fs.UnixNativeDispatcher.*;
import static sun.nio.fs.UnixConstants.*;
@ -93,13 +93,6 @@ class UnixSecureDirectoryStream
UnixPath child = ds.directory().resolve(file);
boolean followLinks = Util.followLinks(options);
// permission check using name resolved against original path of directory
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
child.checkRead();
}
ds.readLock().lock();
try {
if (!ds.isOpen())
@ -146,15 +139,12 @@ class UnixSecureDirectoryStream
int mode = UnixFileModeAttribute
.toUnixMode(UnixFileModeAttribute.ALL_READWRITE, attrs);
// path for permission check
String pathToCheck = ds.directory().resolve(file).getPathForPermissionCheck();
ds.readLock().lock();
try {
if (!ds.isOpen())
throw new ClosedDirectoryStreamException();
try {
return UnixChannelFactory.newFileChannel(dfd, file, pathToCheck, options, mode);
return UnixChannelFactory.newFileChannel(dfd, file, options, mode);
} catch (UnixException x) {
x.rethrowAsIOException(file);
return null; // keep compiler happy
@ -173,13 +163,6 @@ class UnixSecureDirectoryStream
{
UnixPath file = getName(obj);
// permission check using name resolved against original path of directory
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
ds.directory().resolve(file).checkDelete();
}
ds.readLock().lock();
try {
if (!ds.isOpen())
@ -239,14 +222,6 @@ class UnixSecureDirectoryStream
throw new ProviderMismatchException();
UnixSecureDirectoryStream that = (UnixSecureDirectoryStream)dir;
// permission check
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
this.ds.directory().resolve(from).checkWrite();
that.ds.directory().resolve(to).checkWrite();
}
// lock ordering doesn't matter
this.ds.readLock().lock();
try {
@ -337,18 +312,6 @@ class UnixSecureDirectoryStream
}
}
private void checkWriteAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null) {
ds.directory().checkWrite();
} else {
ds.directory().resolve(file).checkWrite();
}
}
}
@Override
public String name() {
return "basic";
@ -361,15 +324,6 @@ class UnixSecureDirectoryStream
if (!ds.isOpen())
throw new ClosedDirectoryStreamException();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null) {
ds.directory().checkRead();
} else {
ds.directory().resolve(file).checkRead();
}
}
try {
UnixFileAttributes attrs = (file == null) ?
UnixFileAttributes.get(dfd) :
@ -392,8 +346,6 @@ class UnixSecureDirectoryStream
FileTime createTime) // ignore
throws IOException
{
checkWriteAccess();
ds.readLock().lock();
try {
if (!ds.isOpen())
@ -441,15 +393,6 @@ class UnixSecureDirectoryStream
super(file, followLinks);
}
private void checkWriteAndUserAccess() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
super.checkWriteAccess();
sm.checkPermission(new RuntimePermission("accessUserInformation"));
}
}
@Override
public String name() {
return "posix";
@ -457,16 +400,6 @@ class UnixSecureDirectoryStream
@Override
public PosixFileAttributes readAttributes() throws IOException {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (file == null)
ds.directory().checkRead();
else
ds.directory().resolve(file).checkRead();
sm.checkPermission(new RuntimePermission("accessUserInformation"));
}
ds.readLock().lock();
try {
if (!ds.isOpen())
@ -490,9 +423,6 @@ class UnixSecureDirectoryStream
public void setPermissions(Set<PosixFilePermission> perms)
throws IOException
{
// permission check
checkWriteAndUserAccess();
ds.readLock().lock();
try {
if (!ds.isOpen())
@ -513,9 +443,6 @@ class UnixSecureDirectoryStream
}
private void setOwners(int uid, int gid) throws IOException {
// permission check
checkWriteAndUserAccess();
ds.readLock().lock();
try {
if (!ds.isOpen())

5
src/java.base/unix/classes/sun/nio/fs/UnixUriUtils.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -121,12 +121,11 @@ class UnixUriUtils {
// trailing slash if directory
if (sb.charAt(sb.length()-1) != '/') {
try {
up.checkRead();
UnixFileAttributes attrs = UnixFileAttributes.getIfExists(up);
if (attrs != null
&& ((attrs.mode() & UnixConstants.S_IFMT) == UnixConstants.S_IFDIR))
sb.append('/');
} catch (UnixException | SecurityException ignore) { }
} catch (UnixException ignore) { }
}
try {

22
src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java
View file

@ -25,9 +25,9 @@
package sun.nio.fs;
import java.io.IOException;
import java.nio.file.*;
import java.nio.ByteBuffer;
import java.io.IOException;
import java.util.*;
import jdk.internal.access.JavaNioAccess;
@ -114,12 +114,8 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public List<String> list() throws IOException {
if (System.getSecurityManager() != null)
checkAccess(file.getPathForPermissionCheck(), true, false);
int fd = -1;
try {
fd = file.openForAttributeAccess(followLinks);
@ -141,12 +137,8 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int size(String name) throws IOException {
if (System.getSecurityManager() != null)
checkAccess(file.getPathForPermissionCheck(), true, false);
int fd = -1;
try {
fd = file.openForAttributeAccess(followLinks);
@ -165,12 +157,8 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int read(String name, ByteBuffer dst) throws IOException {
if (System.getSecurityManager() != null)
checkAccess(file.getPathForPermissionCheck(), true, false);
if (dst.isReadOnly())
throw new IllegalArgumentException("Read-only buffer");
int pos = dst.position();
@ -230,12 +218,8 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public int write(String name, ByteBuffer src) throws IOException {
if (System.getSecurityManager() != null)
checkAccess(file.getPathForPermissionCheck(), false, true);
int pos = src.position();
int lim = src.limit();
assert (pos <= lim);
@ -293,12 +277,8 @@ abstract class UnixUserDefinedFileAttributeView
}
}
@SuppressWarnings("removal")
@Override
public void delete(String name) throws IOException {
if (System.getSecurityManager() != null)
checkAccess(file.getPathForPermissionCheck(), false, true);
int fd = -1;
try {
fd = file.openForAttributeAccess(followLinks);

7
src/java.base/unix/classes/sun/nio/fs/UnixUserPrincipals.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -132,11 +132,6 @@ public class UnixUserPrincipals {
private static int lookupName(String name, boolean isGroup)
throws IOException
{
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("lookupUserInformation"));
}
int id;
try {
id = (isGroup) ? getgrnam(name) : getpwnam(name);