open Udiff src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java

src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java

rev 56007 : 8229773: Resolve permissions for code source URLs lazily
Reviewed-by: alanb, mullan, rriggs, dfuchs

@@ -23,12 +23,10 @@
  * questions.
  */
 
 package jdk.internal.loader;
 
-import java.io.File;
-import java.io.FilePermission;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.module.ModuleDescriptor;
 import java.lang.module.ModuleReference;
 import java.lang.module.ModuleReader;

@@ -38,11 +36,10 @@
 import java.net.URL;
 import java.nio.ByteBuffer;
 import java.security.AccessController;
 import java.security.CodeSigner;
 import java.security.CodeSource;
-import java.security.Permission;
 import java.security.PermissionCollection;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.SecureClassLoader;

@@ -63,10 +60,11 @@
 import jdk.internal.access.SharedSecrets;
 import jdk.internal.misc.VM;
 import jdk.internal.module.ModulePatcher.PatchedModuleReader;
 import jdk.internal.module.Resources;
 import jdk.internal.vm.annotation.Stable;
+import sun.security.util.LazyCodeSourcePermissionCollection;
 
 
 /**
  * The platform or application class loader. Resources loaded from modules
  * defined to the boot class loader are also loaded via an instance of this

@@ -964,42 +962,12 @@
     /**
      * Returns the permissions for the given CodeSource.
      */
     @Override
     protected PermissionCollection getPermissions(CodeSource cs) {
-        PermissionCollection perms = super.getPermissions(cs);
-
-        // add the permission to access the resource
-        URL url = cs.getLocation();
-        if (url == null)
-            return perms;
-
-        // avoid opening connection when URL is to resource in run-time image
-        if (url.getProtocol().equals("jrt")) {
-            perms.add(new RuntimePermission("accessSystemModules"));
-            return perms;
-        }
-
-        // open connection to determine the permission needed
-        try {
-            Permission p = url.openConnection().getPermission();
-            if (p != null) {
-                // for directories then need recursive access
-                if (p instanceof FilePermission) {
-                    String path = p.getName();
-                    if (path.endsWith(File.separator)) {
-                        path += "-";
-                        p = new FilePermission(path, "read");
+        return new LazyCodeSourcePermissionCollection(super.getPermissions(cs), cs);
                     }
-                }
-                perms.add(p);
-            }
-        } catch (IOException ioe) { }
-
-        return perms;
-    }
-
 
     // -- miscellaneous supporting methods
 
     /**
      * Returns the ModuleReader for the given module, creating it if needed.

< prev index next >