JDK-7199674 : (props) user.home property does not return an accessible location in sandboxed environment [macosx]
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.lang
  • Affected Version: 7u8
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: os_x
  • CPU: x86
  • Submitted: 2012-09-19
  • Updated: 2014-10-15
  • Resolved: 2013-09-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u60Fixed 8 b108Fixed
Related Reports
Relates :  
On Mac OS X we obtain the path for user.home with getpwuid(). Normally this will return /Users/<username>. However, if an application is signed and running in an OS X sandboxed environment this path is not accessible to the application, which must run in a container. In that case user.home should return the application's sandbox directory.

The easy way to fix this is use NSHomeDirectory(), which does the right thing in a sandboxed or non-sandboxed environment. Likewise, NSUserName() is a better choice for getting the current user name.

SQE is ok to take the fix in 7u60.

noreg-hard: Testing requires signing of the .app so it will run in the Mac Sandbox. This would require keychain pre-setup for any Mac to successfully run the test.

Attached my notes on how to setup testing.

Webrev is at http://cr.openjdk.java.net/~bchristi/7199674/ I have confirmed that this works as expected under the Mac App Sandbox. I created test case, bundled it as a Mac .app, and signed it with the "com.apple.security.app-sandbox" entitlement. When the signed app is run, my usual home directory is reported as !File.canRead(), and the user.home property returns a path under ~/Library/Containers/, which is readable.

Moved the NSUserName() change into its own bug, JDK-8024357.