Prior to this patch, when `userOnly` was true, the conflicting "allow" entry (for the owner) and "deny" entry (for groups that the owner is a member of) resulted in the owner being denied access since the "deny" entry takes precedence. This resulted in RmiBootstrapTest and RmiSslNoKeyStoreTest tests failing with an "Access Denied" error.
In reality, the "deny" entry is not required, since Windows grants access only when an explicit "allow" entry matches the requesting principal. So this patch fixes the ACLs so that when `userOnly` is true, only the owner has "allow" access. Principals without a matching "allow" entry are denied access, thus restricting access without risking a group "deny" entry overriding the owner's access. This patch also fixes the case when `userOnly` is false so that it doesn't inadvertently deny access when a principal didn't already have an ACL entry for the file. --------- - [x] I confirm that I make this contribution in accordance with the [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). ------------- Commit messages: - Fix ACL permissions Changes: https://git.openjdk.org/jdk/pull/31179/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=31179&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8384804 Stats: 27 lines in 1 file changed: 9 ins; 13 del; 5 mod Patch: https://git.openjdk.org/jdk/pull/31179.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/31179/head:pull/31179 PR: https://git.openjdk.org/jdk/pull/31179
