RFR: 8155775: Re-examine naming of privileged methods to access System properties

Sean Mullan sean.mullan at oracle.com
Tue May 10 14:57:46 UTC 2016



On 5/9/16 11:44 PM, Wang Weijun wrote:
> I have a question related.
>
> There are some places in JDK that use doPrivileged to read "os.name" etc. This system property is in the default java.policy file
>> On May 2, 2016, at 10:15 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> This is not an issue in your changes, but the current javadoc for Version.current() says:
>>
>> 266      * @throws  SecurityException
>> 267      *          If a security manager exists and its {@link
>> 268      *          SecurityManager#checkPropertyAccess(String)
>> 269      *          checkPropertyAccess} method does not allow access to the
>> 270      *          system property "java.version"
>>
>> but this can never occur since the code is wrapping the call to System.getProperty("java.version") in doPrivileged, so the caller's permissions are never checked.
>>
>> I think that this is a bug in the javadoc of this method and that it should not be specified to throw SecurityException. All code already has permission to read "java.version" in the default java.policy file.
>
> Can you clarify?
>
> If a system property is listed in the default java.policy file, shall we use or not use doPrivileged() to read it inside JDK? I thought the answer is yes because the policy file could be modified.

Yes, you should use doPrivileged in that case, since the policy can be 
modified so you don't necessarily know that the caller has permission to 
read that property. System.getProperty will still perform a security check.

--Sean



More information about the security-dev mailing list