--- old/src/java.base/share/classes/java/lang/module/ModuleFinder.java 2017-03-21 13:43:56.505974226 +0000
+++ new/src/java.base/share/classes/java/lang/module/ModuleFinder.java 2017-03-21 13:43:56.304960433 +0000
@@ -25,8 +25,6 @@
package java.lang.module;
-import java.io.File;
-import java.io.FilePermission;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -43,9 +41,9 @@
import java.util.Set;
import jdk.internal.module.ModuleBootstrap;
+import jdk.internal.module.ModulePatcher;
import jdk.internal.module.ModulePath;
import jdk.internal.module.SystemModuleFinder;
-import sun.security.action.GetPropertyAction;
/**
* A finder of modules. A {@code ModuleFinder} is used to find modules during
@@ -146,9 +144,9 @@
*
* If there is a security manager set then its {@link
* SecurityManager#checkPermission(Permission) checkPermission} method is
- * invoked to check that the caller has been granted {@link FilePermission}
- * to recursively read the directory that is the value of the system
- * property {@code java.home}.
+ * invoked to check that the caller has been granted
+ * {@link RuntimePermission RuntimePermission("accessSystemModules")}
+ * to access the system modules.
*
* @return A {@code ModuleFinder} that locates the system modules
*
@@ -156,26 +154,29 @@
* If denied by the security manager
*/
static ModuleFinder ofSystem() {
- String home;
-
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- PrivilegedAction pa = new GetPropertyAction("java.home");
- home = AccessController.doPrivileged(pa);
- Permission p = new FilePermission(home + File.separator + "-", "read");
- sm.checkPermission(p);
+ sm.checkPermission(new RuntimePermission("accessSystemModules"));
+ PrivilegedAction pa = ModuleFinder::privilegedOfSystem;
+ return AccessController.doPrivileged(pa);
} else {
- home = System.getProperty("java.home");
+ return privilegedOfSystem();
}
+ }
+ /**
+ * Returns a module finder that locates the system modules. This method
+ * assumes it has permissions to access the runtime image.
+ */
+ private static ModuleFinder privilegedOfSystem() {
+ String home = System.getProperty("java.home");
Path modules = Paths.get(home, "lib", "modules");
if (Files.isRegularFile(modules)) {
return SystemModuleFinder.getInstance();
} else {
- Path mlib = Paths.get(home, "modules");
- if (Files.isDirectory(mlib)) {
- // exploded build may be patched
- return ModulePath.of(ModuleBootstrap.patcher(), mlib);
+ Path dir = Paths.get(home, "modules");
+ if (Files.isDirectory(dir)) {
+ return privilegedOf(ModuleBootstrap.patcher(), dir);
} else {
throw new InternalError("Unable to detect the run-time image");
}
@@ -183,6 +184,26 @@
}
/**
+ * Returns a module finder that locates the system modules in an exploded
+ * image. The image may be patched.
+ */
+ private static ModuleFinder privilegedOf(ModulePatcher patcher, Path dir) {
+ ModuleFinder finder = ModulePath.of(patcher, dir);
+ return new ModuleFinder() {
+ @Override
+ public Optional find(String name) {
+ PrivilegedAction> pa = () -> finder.find(name);
+ return AccessController.doPrivileged(pa);
+ }
+ @Override
+ public Set findAll() {
+ PrivilegedAction> pa = finder::findAll;
+ return AccessController.doPrivileged(pa);
+ }
+ };
+ }
+
+ /**
* Returns a module finder that locates modules on the file system by
* searching a sequence of directories and/or packaged modules.
*
@@ -201,7 +222,7 @@
*
* If an element is a path to a directory of modules then each entry in
* the directory is a packaged module or the top-level directory of an
- * exploded module. It it an error if a directory contains more than one
+ * exploded module. It is an error if a directory contains more than one
* module with the same name. If an element is a path to a directory, and
* that directory contains a file named {@code module-info.class}, then the
* directory is treated as an exploded module rather than a directory of