On Sat, 16 May 2026 00:19:02 GMT, Ashay Rane <[email protected]> wrote:
> Prior to this patch, when `userOnly` was true, the conflicting "allow" > entry (for the owner) and "deny" entry (for groups that the owner is a > member of) resulted in the owner being denied access since the "deny" > entry takes precedence. This resulted in RmiBootstrapTest and > RmiSslNoKeyStoreTest tests failing with an "Access Denied" error. > > In reality, the "deny" entry is not required, since Windows grants > access only when an explicit "allow" entry matches the requesting > principal. So this patch fixes the ACLs so that when `userOnly` is > true, only the owner has "allow" access. Principals without a matching > "allow" entry are denied access, thus restricting access without risking > a group "deny" entry overriding the owner's access. > > This patch also fixes the case when `userOnly` is false so that it > doesn't inadvertently deny access when a principal didn't already have > an ACL entry for the file. > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai). Thanks for taking a look! My impression is that these tests must have been failing for a while but that they didn't catch attention because they are part of the _tier3_ JDK tests. I'd be happy to relocate `grantFileAccess()` to be inside RmiTestBase.java if it makes more sense, since that function (still) isn't used outside of RmiTestBase and it's derived classes. ------------- PR Comment: https://git.openjdk.org/jdk/pull/31179#issuecomment-4478474589
