--- old/src/java.base/share/classes/com/sun/java/util/jar/pack/PropMap.java 2017-05-04 13:29:49.000000000 -0700 +++ new/src/java.base/share/classes/com/sun/java/util/jar/pack/PropMap.java 2017-05-04 13:29:49.000000000 -0700 @@ -29,6 +29,8 @@ import java.io.InputStream; import java.io.PrintStream; import java.io.PrintWriter; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collection; import java.util.Comparator; @@ -62,12 +64,17 @@ Properties props = new Properties(); // Allow implementation selected via -Dpack.disable.native=true + String propValue = getPropertyValue(Utils.DEBUG_DISABLE_NATIVE, "false"); props.put(Utils.DEBUG_DISABLE_NATIVE, - String.valueOf(Boolean.getBoolean(Utils.DEBUG_DISABLE_NATIVE))); + String.valueOf(Boolean.parseBoolean(propValue))); // Set the DEBUG_VERBOSE from system - props.put(Utils.DEBUG_VERBOSE, - String.valueOf(Integer.getInteger(Utils.DEBUG_VERBOSE,0))); + int verbose = 0; + try { + verbose = Integer.decode(getPropertyValue(Utils.DEBUG_VERBOSE, "0")); + } catch (NumberFormatException e) { + } + props.put(Utils.DEBUG_VERBOSE, String.valueOf(verbose)); // The segment size is unlimited props.put(Pack200.Packer.SEGMENT_LIMIT, "-1"); @@ -87,7 +94,7 @@ // Pass through files with unrecognized format by default, also // allow system property to be set props.put(Utils.CLASS_FORMAT_ERROR, - System.getProperty(Utils.CLASS_FORMAT_ERROR, Pack200.Packer.PASS)); + getPropertyValue(Utils.CLASS_FORMAT_ERROR, Pack200.Packer.PASS)); // Default effort is 5, midway between 1 and 9. props.put(Pack200.Packer.EFFORT, "5"); @@ -97,7 +104,9 @@ // to allow override if necessary. String propFile = "intrinsic.properties"; - try (InputStream propStr = PackerImpl.class.getResourceAsStream(propFile)) { + PrivilegedAction pa = + () -> PackerImpl.class.getResourceAsStream(propFile); + try (InputStream propStr = AccessController.doPrivileged(pa)) { if (propStr == null) { throw new RuntimeException(propFile + " cannot be loaded"); } @@ -119,6 +128,12 @@ defaultProps = temp; } + private static String getPropertyValue(String key, String defaultValue) { + PrivilegedAction pa = () -> System.getProperty(key); + String s = AccessController.doPrivileged(pa); + return s != null ? s : defaultValue; + } + PropMap() { theMap.putAll(defaultProps); } --- /dev/null 2017-05-04 13:29:50.000000000 -0700 +++ new/test/java/util/jar/Pack200/SecurityTest.java 2017-05-04 13:29:50.000000000 -0700 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8179645 + * @run main/othervm SecurityTest + * @summary Verify Pack200 initialization with security manager + */ + +import java.util.jar.Pack200; + +public class SecurityTest { + public static void main(String... args) { + System.setSecurityManager(new SecurityManager()); + Pack200.newPacker(); + Pack200.newUnpacker(); + } +}