-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
b17
In the two implementations of PermissionCollection.implies(Permission), all the permissions are traversed, and their corresponding bit mask are checked:
For example, here's a snippet from FilePermission.java:
int desired = fperm.getMask();
int effective = 0;
int needed = desired;
for (Permission perm : perms.values()) {
FilePermission fp = (FilePermission)perm;
if (((needed & fp.getMask()) != 0) && fp.impliesIgnoreMask(fperm)) {
effective |= fp.getMask();
if ((effective & desired) == desired) {
return true;
}
needed = (desired ^ effective);
}
}
Here, if a permission's mask `fp.getMask()` intersects with `needed`, but does not fully cover all the needed bits, the variable `needed` is updated as XOR of desired and effective. This can raise a not-really-needed bits in the mask, so that for all subsequent permissions from the collection with that unneeded bit in the mask an expensive fp.impliesIgnoreMask(fperm) will be executed.
In fact, the `needed` mask needs to be updated as
needed = (desired & ~effective);
to exclude all already obtained bits.
For example, here's a snippet from FilePermission.java:
int desired = fperm.getMask();
int effective = 0;
int needed = desired;
for (Permission perm : perms.values()) {
FilePermission fp = (FilePermission)perm;
if (((needed & fp.getMask()) != 0) && fp.impliesIgnoreMask(fperm)) {
effective |= fp.getMask();
if ((effective & desired) == desired) {
return true;
}
needed = (desired ^ effective);
}
}
Here, if a permission's mask `fp.getMask()` intersects with `needed`, but does not fully cover all the needed bits, the variable `needed` is updated as XOR of desired and effective. This can raise a not-really-needed bits in the mask, so that for all subsequent permissions from the collection with that unneeded bit in the mask an expensive fp.impliesIgnoreMask(fperm) will be executed.
In fact, the `needed` mask needs to be updated as
needed = (desired & ~effective);
to exclude all already obtained bits.