RFR 8213031: (zipfs) Add support for POSIX file permissions
Alan Bateman
Alan.Bateman at oracle.com
Fri Jan 18 14:35:54 UTC 2019
On 12/01/2019 13:02, Langer, Christoph wrote:
> Hi Alan,
>
> as I did not hear back from you I continued to work on the POSIX file permission support for zipfs and specified/implemented the value of 'null' for zip entries with no permission information associated (vs. UnsupportedOperationException).
>
> I updated the CSR: https://bugs.openjdk.java.net/browse/JDK-8213082
>
I don't think zipfs can support PosixFileAttributeView in this way
because zip entries can only support a subset of the attributes that the
view defines. Retrofitting optionality to allow it be used in a degraded
manner would be an incompatible change and of course creates usability
issues. The owner, group and permissions methods defined by
PosixFileAttributes cannot return null or throw exceptions.
I think the approach to explore are:
1. zipfs supports PosixFileAttributeView without subsetting. If
readAttribute(file, BasicFileAttributes.class) succeeds then
readAttribute(file, PosixFileAttributes.class) should also succeed, even
if there aren't permissions encoded in the zip entry's external file
attributes. It would mean that owner and group return default values,
and permissions may return a default value. It does mean you can't
distinguish the default value from "no permissions" but there is
precedence for that, e.g. mount a FAT32 file system on Linux or Unix
systems and `stat` a file to have the stat structure populated with
default uid, gid and mode bits.
2. zipfs defines a new FileAttributeView that defines read and write
access to permissions stored in a zip entry's external file attribute.
As it's a new view then it can define the behavior for the case that the
zip entry doesn't have permissions. Furthermore it does not need to
extend BasicFileAttributeView so doesn't need to be concerned with bulk
access, nor concerned with group/owner. As you know, the attributes API
allows for both type safe and dynamic access so you have a choice as to
whether to support both or just dynamic access. With the first then
jdk.zipfs would export a package with a public interface that defines
the view. If someone wants type safe access to the permissions attribute
then you need to import the class. The alternative is to not export any
packages but just define the view in the module-info. The view its name
and define the name/type of the permissions attribute, it will also
define how it behaves when the external attributes aren't populated. In
usage terms it means reading the permissions will be something like
Files.readAttribute(file, "zip:permissions") and casting the value to
Set<PosixFilePermission> - not pretty but it avoids depending on a
JDK-specific API.
I think it would be good to explore these options and maybe we can
converge on an approach in the coming weeks.
-Alan
More information about the security-dev
mailing list