RFR 8170900: Issue with FilePermission::implies for wildcard flag(-)
Wang Weijun
weijun.wang at oracle.com
Wed Dec 21 23:58:46 UTC 2016
> On Dec 22, 2016, at 4:39 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> I'm trying to understand this update. Does "/-" imply "/foo"?
Yes.
>
> Does the following spec can be used to explain the new added note?
>
> * <li>if the wildcard flag is "-", the simple pathname's path
> * must be recursively inside the wildcard pathname's path.
Yes.
But the precise meaning of "recursively inside" is different between the pre-jdk9 and jdk9 behaviors. The @implNote explains more.
--Max
>
> Xuelei
>
> On 12/19/2016 11:25 PM, Wang Weijun wrote:
>> Ping again.
>>
>>> On Dec 14, 2016, at 1:53 PM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>>
>>> An clarification is added to FilePermission::implies:
>>>
>>> * @implNote
>>> ....
>>> * a simple {@code npath} is recursively inside a wildcard {@code npath}
>>> * if and only if {@code simple_npath.relativize(wildcard_npath)}
>>> - * is a series of one or more "..". An invalid {@code FilePermission} does
>>> + * is a series of one or more "..". Note that this means "/-" does not
>>> + * imply "foo". An invalid {@code FilePermission} does
>>> * not imply any object except for itself.
>>>
>>> The newly added sentence is
>>>
>>> Note that this means "/-" does not imply "foo".
>>>
>>> JCK has agreed to update their test.
>>>
>>> Since this is just a clarification inside an @implNote and no spec is updated, I suppose no CCC is needed. Please confirm.
>>>
>>> Thanks
>>> Max
>>>
>>
More information about the security-dev
mailing list