Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8230415

Avoid redundant permission checking in FilePermissionCollection and SocketPermissionCollection

    Details

      Description

      In the two implementations of PermissionCollection.implies(Permission), all the permissions are traversed, and their corresponding bit mask are checked:

      For example, here's a snippet from FilePermission.java:

              int desired = fperm.getMask();
              int effective = 0;
              int needed = desired;

              for (Permission perm : perms.values()) {
                  FilePermission fp = (FilePermission)perm;
                  if (((needed & fp.getMask()) != 0) && fp.impliesIgnoreMask(fperm)) {
                      effective |= fp.getMask();
                      if ((effective & desired) == desired) {
                          return true;
                      }
                      needed = (desired ^ effective);
                  }
              }

      Here, if a permission's mask `fp.getMask()` intersects with `needed`, but does not fully cover all the needed bits, the variable `needed` is updated as XOR of desired and effective. This can raise a not-really-needed bits in the mask, so that for all subsequent permissions from the collection with that unneeded bit in the mask an expensive fp.impliesIgnoreMask(fperm) will be executed.

      In fact, the `needed` mask needs to be updated as
                      needed = (desired & ~effective);
      to exclude all already obtained bits.

        Attachments

          Activity

            People

            • Assignee:
              igerasim Ivan Gerasimov
              Reporter:
              igerasim Ivan Gerasimov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: