RFR 8170900: Issue with FilePermission::implies for wildcard flag(-)

Wang Weijun weijun.wang at oracle.com
Thu Dec 22 00:14:28 UTC 2016 

> On Dec 22, 2016, at 8:12 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> I think the note is an example, may not need an additional CCC.

That's always my understanding.

> 
> For easier reading, I may use a contrast example.  For example, "Note that this means "/-" implies "/foo" but not "foo".".

Good advice.

Thanks
Max

> 
> Use the one you like, I'm OK with the either.
> 
> Xuelei
> 
> On 12/21/2016 3:58 PM, Wang Weijun wrote:
>> 
>>> On Dec 22, 2016, at 4:39 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>> 
>>> I'm trying to understand this update.  Does "/-" imply "/foo"?
>> 
>> Yes.
>> 
>>> 
>>> Does the following spec can be used to explain the new added note?
>>> 
>>>    *     <li>if the wildcard flag is "-", the simple pathname's path
>>>    *     must be recursively inside the wildcard pathname's path.
>> 
>> Yes.
>> 
>> But the precise meaning of "recursively inside" is different between the pre-jdk9 and jdk9 behaviors. The @implNote explains more.
>> 
>> --Max
>> 
>>> 
>>> Xuelei
>>> 
>>> On 12/19/2016 11:25 PM, Wang Weijun wrote:
>>>> Ping again.
>>>> 
>>>>> On Dec 14, 2016, at 1:53 PM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>>>> 
>>>>> An clarification is added to FilePermission::implies:
>>>>> 
>>>>>    * @implNote
>>>>>      ....
>>>>>    * a simple {@code npath} is recursively inside a wildcard {@code npath}
>>>>>    * if and only if {@code simple_npath.relativize(wildcard_npath)}
>>>>> -     * is a series of one or more "..". An invalid {@code FilePermission} does
>>>>> +     * is a series of one or more "..". Note that this means "/-" does not
>>>>> +     * imply "foo". An invalid {@code FilePermission} does
>>>>>    * not imply any object except for itself.
>>>>> 
>>>>> The newly added sentence is
>>>>> 
>>>>> Note that this means "/-" does not imply "foo".
>>>>> 
>>>>> JCK has agreed to update their test.
>>>>> 
>>>>> Since this is just a clarification inside an @implNote and no spec is updated, I suppose no CCC is needed. Please confirm.
>>>>> 
>>>>> Thanks
>>>>> Max
>>>>> 
>>>> 
>>

More information about the security-dev mailing list