On Sat, 16 May 2026 00:19:02 GMT, Ashay Rane <[email protected]> wrote:
> Prior to this patch, when `userOnly` was true, the conflicting "allow" > entry (for the owner) and "deny" entry (for groups that the owner is a > member of) resulted in the owner being denied access since the "deny" > entry takes precedence. This resulted in RmiBootstrapTest and > RmiSslNoKeyStoreTest tests failing with an "Access Denied" error. > > In reality, the "deny" entry is not required, since Windows grants > access only when an explicit "allow" entry matches the requesting > principal. So this patch fixes the ACLs so that when `userOnly` is > true, only the owner has "allow" access. Principals without a matching > "allow" entry are denied access, thus restricting access without risking > a group "deny" entry overriding the owner's access. > > This patch also fixes the case when `userOnly` is false so that it > doesn't inadvertently deny access when a principal didn't already have > an ACL entry for the file. > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai). Marked as reviewed by alanb (Reviewer). I think the propose change is okay as sets an ACL with just one ALLOW entry. At some point I think lib/Utils.java should be re-visited to remove the other ACL related methods as they aren't generally useful. ------------- PR Review: https://git.openjdk.org/jdk/pull/31179#pullrequestreview-4338352096 PR Comment: https://git.openjdk.org/jdk/pull/31179#issuecomment-4509848310
