[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cp-patches] RFC: Rewritten java.net.SocketPermission
From: |
Gary Benson |
Subject: |
[cp-patches] RFC: Rewritten java.net.SocketPermission |
Date: |
Thu, 19 Jan 2006 12:37:50 +0000 |
Hi all,
I've been writing Mauve tests to try and figure out what the patch on
PR classpath/24708 is all about and I figured it made things a little
neater but didn't go nearly far enough. I gave up trying to rescue
bits of it after a while and just wrote chunks of it from scratch.
It's my first major patch so I thought I'd pass it for review before
committing.
The changes I made are as follows:
* The current implementation does all its parsing in the implies
method. This is inefficient for instances that are part of the
security policy, and it means that any parse exceptions are thrown
at the wrong time. My patch solves these two problems by moving
all parsing into methods called by the constructor.
* The parser for the constructor's hostport argument is completely
new. Improvements over the current implementation are that it can
handle IPv6 addresses and that it checks its arguments and throws
IllegalArgumentExceptions where appropriate. This mitigates the
risk of misconfigurations in security policy files becoming
exploitable.
* The actions handling stuff is also completely new, replacing the
current string-based one with one based on bitmasks. It too checks
its arguments.
The new patch does not check the host part of the hostport argument
very much, and the host checking in implies() has not been touched.
That's my next project :)
Questions I have:
* Should I make things transient?
* Is hashcode() ok?
* What should I put in the ChangeLog? There's so many changes it's
hard to see how I'd break them down per-method.
I'll be committing the Mauve tests shortly.
Cheers,
Gary
patch
Description: Text document
- [cp-patches] RFC: Rewritten java.net.SocketPermission,
Gary Benson <=