As mentioned in http://sourceware.org/ml/mauve-patches/2010/msg00003.html and checked in the referenced Mauve test, OpenJDK provides a shortcut for ProtectionDomain instances with AllPermission set which results in Policy.implies(Permission) not being called. This patch implements a like shortcut in GNU Classpath.
2010-12-24 Andrew John Hughes <ahug...@redhat.com> * java/security/ProtectionDomain.java, (hasAllPermissions): Add new field. (ProtectionDomain(CodeSource,PermissionCollection, ClassLoader,Principal,boolean)): Check if permission collection includes AllPermission and, if so, set hasAllPermissions. (implies(Permission)): Immediately return true if hasAllPermissions is set. -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and IcedTea http://www.gnu.org/software/classpath http://icedtea.classpath.org PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
Index: java/security/ProtectionDomain.java =================================================================== RCS file: /sources/classpath/classpath/java/security/ProtectionDomain.java,v retrieving revision 1.17 diff -u -u -r1.17 ProtectionDomain.java --- java/security/ProtectionDomain.java 3 Jun 2010 19:13:07 -0000 1.17 +++ java/security/ProtectionDomain.java 25 Dec 2010 01:15:32 -0000 @@ -41,6 +41,8 @@ import gnu.java.lang.CPStringBuilder; +import java.util.Enumeration; + /** * This class represents a group of classes, along with their granted * permissions. The classes are identified by a {...@link CodeSource}. Thus, any @@ -71,6 +73,9 @@ /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ private boolean staticBinding; + /** True if this protection domain has all permissions */ + private boolean hasAllPermissions; + /** * Initializes a new instance of <code>ProtectionDomain</code> representing * the specified {...@link CodeSource} and set of permissions. No permissions @@ -128,6 +133,13 @@ { perms = permissions; perms.setReadOnly(); + /* Check if this protection domain has all permissions */ + Enumeration<Permission> e = permissions.elements(); + while (e.hasMoreElements()) + { + if (e.nextElement() instanceof AllPermission) + hasAllPermissions = true; + } } this.classloader = classloader; @@ -190,6 +202,8 @@ */ public boolean implies(Permission permission) { + if (hasAllPermissions) + return true; if (staticBinding) return (perms == null ? false : perms.implies(permission)); // Else dynamically bound. Do we have it?