Skip to content

Commit

Permalink
java.security.AccessControlException: access denied ("java.io.FilePer…
Browse files Browse the repository at this point in the history 
…mission" "/etc/os-release" "read")

Motivation:

Modifications:

- Wrap the code and execute with an AccessController
- Ignore SecurityException (by just logging it)
- Add some more debug logging

Result:

Fixes #10017
  • Loading branch information
@normanmaurer
normanmaurer committed Feb 11, 2020
1 parent ef50cf5 commit 72847de
Showing 1 changed file with 52 additions and 39 deletions.
91 changes: 52 additions & 39 deletions common/src/main/java/io/netty/util/internal/PlatformDependent.java
View file
Expand Up @@ -118,7 +118,10 @@ public final class PlatformDependent {
private static final ThreadLocalRandomProvider RANDOM_PROVIDER;
private static final Cleaner CLEANER;
private static final int UNINITIALIZED_ARRAY_ALLOCATION_THRESHOLD;

// For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html
private static final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"};
private static final String LINUX_ID_PREFIX = "ID=";
private static final String LINUX_ID_LIKE_PREFIX = "ID_LIKE=";
public static final boolean BIG_ENDIAN_NATIVE_ORDER = ByteOrder.nativeOrder() == ByteOrder.BIG_ENDIAN;

private static final Cleaner NOOP = new Cleaner() {
Expand Down Expand Up @@ -212,48 +215,58 @@ public Random current() {
"instability.");
}

// For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html
final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"};
final String LINUX_ID_PREFIX = "ID=";
final String LINUX_ID_LIKE_PREFIX = "ID_LIKE=";
Set<String> allowedClassifiers = new HashSet<String>(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS));
allowedClassifiers = Collections.unmodifiableSet(allowedClassifiers);
Set<String> availableClassifiers = new LinkedHashSet<String>();

for (String osReleaseFileName : OS_RELEASE_FILES) {
final File file = new File(osReleaseFileName);
if (file.exists()) {
BufferedReader reader = null;
try {
reader = new BufferedReader(
new InputStreamReader(
new FileInputStream(file), CharsetUtil.UTF_8));

String line;
while ((line = reader.readLine()) != null) {
if (line.startsWith(LINUX_ID_PREFIX)) {
String id = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_PREFIX.length()));
addClassifier(allowedClassifiers, availableClassifiers, id);
} else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) {
line = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_LIKE_PREFIX.length()));
addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+"));
}
}
} catch (IOException ignored) {
// Ignore
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException ignored) {
// Ignore
Set<String> availableClassifiers = AccessController.doPrivileged(new PrivilegedAction<Set<String>>() {
@Override
public Set<String> run() {
Set<String> allowedClassifiers = Collections.unmodifiableSet(
new HashSet<String>(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS)));
Set<String> availableClassifiers = new LinkedHashSet<String>();
for (String osReleaseFileName : OS_RELEASE_FILES) {
final File file = new File(osReleaseFileName);
try {
if (file.exists()) {
BufferedReader reader = null;
try {
reader = new BufferedReader(
new InputStreamReader(
new FileInputStream(file), CharsetUtil.UTF_8));

String line;
while ((line = reader.readLine()) != null) {
if (line.startsWith(LINUX_ID_PREFIX)) {
String id = normalizeOsReleaseVariableValue(
line.substring(LINUX_ID_PREFIX.length()));
addClassifier(allowedClassifiers, availableClassifiers, id);
} else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) {
line = normalizeOsReleaseVariableValue(
line.substring(LINUX_ID_LIKE_PREFIX.length()));
addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+"));
}
}
} catch (SecurityException e) {
logger.debug("Unable to read {}", osReleaseFileName, e);
} catch (IOException e) {
logger.debug("Error while read content of{}", osReleaseFileName, e);
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException ignored) {
// Ignore
}
}
}
// specification states we should only fall back if /etc/os-release does not exist
break;
}
} catch (SecurityException e) {
logger.debug("Unable to check if {} exists", osReleaseFileName, e);
}
}
// specification states we should only fall back if /etc/os-release does not exist
break;
return availableClassifiers;
}
}
});

LINUX_OS_CLASSIFIERS = Collections.unmodifiableSet(availableClassifiers);
}

Expand Down

0 comments on commit 72847de

Please sign in to comment.