8209901: Canonical file handling

Reviewed-by: mullan, alanb, ahgross
2025-09-20 19:14:38 +02:00 · 2019-04-22 13:01:57 +08:00 · 2019-04-22 13:01:57 +08:00 · 9eb755e85e
commit 9eb755e85e
parent cb06712f5a
5 changed files with 126 additions and 13 deletions
--- a/src/java.base/share/classes/java/io/FilePermission.java
+++ b/src/java.base/share/classes/java/io/FilePermission.java
@ -463,6 +463,9 @@ public final class FilePermission extends Permission implements Serializable {
     * <P>
     * The default value of the {@code jdk.io.permissionsUseCanonicalPath}
     * system property is {@code false} in this implementation.
+     * <p>
+     * The value can also be set with a security property using the same name,
+     * but setting a system property will override the security property value.
     *
     * @param path the pathname of the file/directory.
     * @param actions the action string.
--- a/src/java.base/share/classes/sun/security/util/FilePermCompat.java
+++ b/src/java.base/share/classes/sun/security/util/FilePermCompat.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -42,8 +42,11 @@ public class FilePermCompat {
    public static final boolean compat;

    static {
-        String flag = GetPropertyAction.privilegedGetProperty(
-                "jdk.io.permissionsUseCanonicalPath", "false");
+        String flag = SecurityProperties.privilegedGetOverridable(
+                "jdk.io.permissionsUseCanonicalPath");
+        if (flag == null) {
+            flag = "false";
+        }
        switch (flag) {
            case "true":
                nb = false;
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@ -1214,6 +1214,25 @@ jdk.sasl.disabledMechanisms=
 #
 jdk.security.caDistrustPolicies=SYMANTEC_TLS

+#
+# FilePermission path canonicalization
+#
+# This security property dictates how the path argument is processed and stored
+# while constructing a FilePermission object. If the value is set to true, the
+# path argument is canonicalized and FilePermission methods (such as implies,
+# equals, and hashCode) are implemented based on this canonicalized result.
+# Otherwise, the path argument is not canonicalized and FilePermission methods are
+# implemented based on the original input. See the implementation note of the
+# FilePermission class for more details.
+#
+# If a system property of the same name is also specified, it supersedes the
+# security property value defined here.
+#
+# The default value for this property is false.
+#
+jdk.io.permissionsUseCanonicalPath=false
+
+
 #
 # Policies for the proxy_impersonator Kerberos ccache configuration entry
 #