From 72847de545f5b2b66fa71f0f87449090118e3cbb Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Tue, 11 Feb 2020 10:20:45 +0100 Subject: [PATCH] java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/os-release" "read") Motivation: Modifications: - Wrap the code and execute with an AccessController - Ignore SecurityException (by just logging it) - Add some more debug logging Result: Fixes https://github.com/netty/netty/issues/10017 --- .../util/internal/PlatformDependent.java | 91 +++++++++++-------- 1 file changed, 52 insertions(+), 39 deletions(-) diff --git a/common/src/main/java/io/netty/util/internal/PlatformDependent.java b/common/src/main/java/io/netty/util/internal/PlatformDependent.java index e12bf0064f4..951f84fa8ab 100644 --- a/common/src/main/java/io/netty/util/internal/PlatformDependent.java +++ b/common/src/main/java/io/netty/util/internal/PlatformDependent.java @@ -118,7 +118,10 @@ public final class PlatformDependent { private static final ThreadLocalRandomProvider RANDOM_PROVIDER; private static final Cleaner CLEANER; private static final int UNINITIALIZED_ARRAY_ALLOCATION_THRESHOLD; - + // For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html + private static final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"}; + private static final String LINUX_ID_PREFIX = "ID="; + private static final String LINUX_ID_LIKE_PREFIX = "ID_LIKE="; public static final boolean BIG_ENDIAN_NATIVE_ORDER = ByteOrder.nativeOrder() == ByteOrder.BIG_ENDIAN; private static final Cleaner NOOP = new Cleaner() { @@ -212,48 +215,58 @@ public Random current() { "instability."); } - // For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html - final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"}; - final String LINUX_ID_PREFIX = "ID="; - final String LINUX_ID_LIKE_PREFIX = "ID_LIKE="; - Set allowedClassifiers = new HashSet(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS)); - allowedClassifiers = Collections.unmodifiableSet(allowedClassifiers); - Set availableClassifiers = new LinkedHashSet(); - - for (String osReleaseFileName : OS_RELEASE_FILES) { - final File file = new File(osReleaseFileName); - if (file.exists()) { - BufferedReader reader = null; - try { - reader = new BufferedReader( - new InputStreamReader( - new FileInputStream(file), CharsetUtil.UTF_8)); - - String line; - while ((line = reader.readLine()) != null) { - if (line.startsWith(LINUX_ID_PREFIX)) { - String id = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_PREFIX.length())); - addClassifier(allowedClassifiers, availableClassifiers, id); - } else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) { - line = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_LIKE_PREFIX.length())); - addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+")); - } - } - } catch (IOException ignored) { - // Ignore - } finally { - if (reader != null) { - try { - reader.close(); - } catch (IOException ignored) { - // Ignore + Set availableClassifiers = AccessController.doPrivileged(new PrivilegedAction>() { + @Override + public Set run() { + Set allowedClassifiers = Collections.unmodifiableSet( + new HashSet(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS))); + Set availableClassifiers = new LinkedHashSet(); + for (String osReleaseFileName : OS_RELEASE_FILES) { + final File file = new File(osReleaseFileName); + try { + if (file.exists()) { + BufferedReader reader = null; + try { + reader = new BufferedReader( + new InputStreamReader( + new FileInputStream(file), CharsetUtil.UTF_8)); + + String line; + while ((line = reader.readLine()) != null) { + if (line.startsWith(LINUX_ID_PREFIX)) { + String id = normalizeOsReleaseVariableValue( + line.substring(LINUX_ID_PREFIX.length())); + addClassifier(allowedClassifiers, availableClassifiers, id); + } else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) { + line = normalizeOsReleaseVariableValue( + line.substring(LINUX_ID_LIKE_PREFIX.length())); + addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+")); + } + } + } catch (SecurityException e) { + logger.debug("Unable to read {}", osReleaseFileName, e); + } catch (IOException e) { + logger.debug("Error while read content of{}", osReleaseFileName, e); + } finally { + if (reader != null) { + try { + reader.close(); + } catch (IOException ignored) { + // Ignore + } + } + } + // specification states we should only fall back if /etc/os-release does not exist + break; } + } catch (SecurityException e) { + logger.debug("Unable to check if {} exists", osReleaseFileName, e); } } - // specification states we should only fall back if /etc/os-release does not exist - break; + return availableClassifiers; } - } + }); + LINUX_OS_CLASSIFIERS = Collections.unmodifiableSet(availableClassifiers); }