Skip to content
Permalink
Browse files
8231785: Improved socket permissions
Reviewed-by: ahgross, chegar, mullan, rhalade
  • Loading branch information
Ivan Gerasimov committed Oct 24, 2019
1 parent 123febe commit 6c16f55fde1d9680e3d649fff7f7035779ef28c3
Showing 2 changed files with 25 additions and 27 deletions.
@@ -37,12 +37,12 @@
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.Vector;
import java.util.Map;
import java.util.StringJoiner;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentSkipListMap;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import sun.net.util.IPAddressUtil;
import sun.net.PortConfig;
import sun.security.util.RegisteredDomain;
@@ -1349,16 +1349,13 @@ final class SocketPermissionCollection extends PermissionCollection
implements Serializable
{
// Not serialized; see serialization section at end of class
// A ConcurrentSkipListMap is used to preserve order, so that most
// recently added permissions are checked first (see JDK-4301064).
private transient ConcurrentSkipListMap<String, SocketPermission> perms;
private transient Map<String, SocketPermission> perms;

/**
* Create an empty SocketPermissions object.
*
* Create an empty SocketPermissionCollection object.
*/
public SocketPermissionCollection() {
perms = new ConcurrentSkipListMap<>(new SPCComparator());
perms = new ConcurrentHashMap<>();
}

/**
@@ -1431,6 +1428,18 @@ public boolean implies(Permission permission)
int effective = 0;
int needed = desired;

var hit = perms.get(np.getName());
if (hit != null) {
// fastpath, if the host was explicitly listed
if (((needed & hit.getMask()) != 0) && hit.impliesIgnoreMask(np)) {
effective |= hit.getMask();
if ((effective & desired) == desired) {
return true;
}
needed = (desired & ~effective);
}
}

//System.out.println("implies "+np);
for (SocketPermission x : perms.values()) {
//System.out.println(" trying "+x);
@@ -1512,22 +1521,9 @@ private void readObject(ObjectInputStream in)
// Get the one we want
@SuppressWarnings("unchecked")
Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null);
perms = new ConcurrentSkipListMap<>(new SPCComparator());
perms = new ConcurrentHashMap<>(permissions.size());
for (SocketPermission sp : permissions) {
perms.put(sp.getName(), sp);
}
}

/**
* A simple comparator that orders new non-equal entries at the beginning.
*/
private static class SPCComparator implements Comparator<String> {
@Override
public int compare(String s1, String s2) {
if (s1.equals(s2)) {
return 0;
}
return -1;
}
}
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@

/*
* @test
* @bug 8056179
* @bug 8056179 8231785
* @summary Unit test for PermissionCollection subclasses
*/

@@ -126,8 +126,10 @@ public static void main(String[] args) throws Exception {
testFail++;
}

// test 13
System.out.println("test 13: elements returns correct number of perms");

// test 10
System.out.println("test 10: elements returns correct number of perms");
perms.add(new SocketPermission("www.example.us", "resolve"));
int numPerms = 0;
Enumeration<Permission> e = perms.elements();
while (e.hasMoreElements()) {

0 comments on commit 6c16f55

Please sign in to comment.