infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-03-20 04:43:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

8168410: Multiple JCK tests are failing due to SecurityException is not thrown

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2017-02-15 21:46:50 +08:00
parent 46cd380010
commit 5ff0126d19
5 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
jdk/src/java.base/share/classes/java/security/ProtectionDomain.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,7 @@ import jdk.internal.misc.JavaSecurityAccess;
import jdk.internal.misc.JavaSecurityProtectionDomainAccess;
import static jdk.internal.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
import jdk.internal.misc.SharedSecrets;
import sun.security.action.GetPropertyAction;
import sun.security.provider.PolicyFile;
import sun.security.util.Debug;
import sun.security.util.FilePermCompat;
@ -62,6 +63,14 @@ import sun.security.util.SecurityConstants;
public class ProtectionDomain {
/**
* If true, {@link #impliesWithAltFilePerm} will try to be compatible on
* FilePermission checking even if a 3rd-party Policy implementation is set.
*/
private static final boolean filePermCompatInPD =
"true".equals(GetPropertyAction.privilegedGetProperty(
"jdk.security.filePermCompat"));
private static class JavaSecurityAccessImpl implements JavaSecurityAccess {
private JavaSecurityAccessImpl() {
@ -321,19 +330,27 @@ public class ProtectionDomain {
}
/**
* This method has the same logic flow as {@link #implies} except that
* when the {@link FilePermCompat#compat} flag is on it ensures
* FilePermission compatibility after JDK-8164705. {@code implies()}
* is called when compat flag is not on or user has extended
* {@code ProtectionDomain}.
* This method has almost the same logic flow as {@link #implies} but
* it ensures some level of FilePermission compatibility after JDK-8164705.
*
* This method is called by {@link AccessControlContext#checkPermission}
* and not intended to be called by an application.
*/
boolean impliesWithAltFilePerm(Permission perm) {
// If this is a subclass of ProtectionDomain. Call the old method.
if (!FilePermCompat.compat || getClass() != ProtectionDomain.class) {
// If FilePermCompat.compat is set (default value), FilePermission
// checking compatibility should be considered.
// If filePermCompatInPD is set, this method checks for alternative
// FilePermission to keep compatibility for any Policy implementation.
// When set to false (default value), implies() is called since
// the PolicyFile implementation already supports compatibility.
// If this is a subclass of ProtectionDomain, call implies()
// because most likely user has overridden it.
if (!filePermCompatInPD || !FilePermCompat.compat ||
getClass() != ProtectionDomain.class) {
return implies(perm);
}

10
jdk/test/java/security/testlibrary/Proc.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -176,6 +176,14 @@ public class Proc {
prop.put(a, b);
return this;
}
// Inherit the value of a system property
public Proc inheritProp(String k) {
String v = System.getProperty(k);
if (v != null) {
prop.put(k, v);
}
return this;
}
// Sets classpath. If not called, Proc will choose a classpath. If called
// with no arg, no classpath will be used. Can be called multiple times.
public Proc cp(String... s) {

13
jdk/test/sun/security/util/FilePermCompat/CompatImpact.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,13 +23,14 @@
/*
* @test
* @bug 8164705
* @bug 8164705 8168410
* @summary check compatibility after FilePermission change
* @library /java/security/testlibrary/
* @modules java.base/jdk.internal.misc
* @run main CompatImpact prepare
* @run main CompatImpact builtin
* @run main CompatImpact mine
* @run main/othervm -Djdk.security.filePermCompat=true CompatImpact mine
* @run main/fail CompatImpact mine
* @run main CompatImpact dopriv
*/
@ -72,7 +73,8 @@ public class CompatImpact {
Files.copy(Paths.get(cp, "CompatImpact$DoPrivInner.class"),
Paths.get("inner", "CompatImpact$DoPrivInner.class"));
break;
// run tests with different policy impls
// default policy always covered, user-defined depends on
// system property jdk.security.filePermCompact.
case "builtin":
case "mine":
cp = System.getProperty("test.classes");
@ -222,7 +224,8 @@ public class CompatImpact {
// Return a Proc object for different policy types
private static Proc p(String type, String f) throws Exception {
Proc p = Proc.create("CompatImpact")
.prop("java.security.manager", "");
.prop("java.security.manager", "")
.inheritProp("jdk.security.filePermCompat");
p.args("test", type);
switch (type) {
case "builtin":

29
jdk/test/sun/security/util/FilePermCompat/Flag.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,19 +25,16 @@
* @test
* @bug 8164705
* @summary check jdk.filepermission.canonicalize
* @library /java/security/testlibrary/
* @modules java.base/jdk.internal.misc
* @run main/othervm -Djdk.io.permissionsUseCanonicalPath=true Flag truetrue
* @run main/othervm -Djdk.io.permissionsUseCanonicalPath=false Flag falsetrue
* @run main/othervm Flag falsetrue
* @run main/othervm/policy=flag.policy
* -Djdk.io.permissionsUseCanonicalPath=true Flag true true
* @run main/othervm/policy=flag.policy
* -Djdk.io.permissionsUseCanonicalPath=false Flag false true
* @run main/othervm/policy=flag.policy Flag false true
*/
import java.io.File;
import java.io.FilePermission;
import java.lang.*;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
public class Flag {
public static void main(String[] args) throws Exception {
@ -51,15 +48,6 @@ public class Flag {
FilePermission fp2 = new FilePermission(abs.toString(), "read");
test1 = fp1.equals(fp2);
Policy pol = new Policy() {
@java.lang.Override
public boolean implies(ProtectionDomain domain, Permission permission) {
return fp1.implies(permission);
}
};
Policy.setPolicy(pol);
System.setSecurityManager(new SecurityManager());
try {
System.getSecurityManager().checkPermission(fp2);
test2 = true;
@ -67,8 +55,9 @@ public class Flag {
test2 = false;
}
if (!args[0].equals(test1 + "" + test2)) {
throw new Exception("Test failed: " + test1 + test2);
if (test1 != Boolean.parseBoolean(args[0]) ||
test2 != Boolean.parseBoolean(args[1])) {
throw new Exception("Test failed: " + test1 + " " + test2);
}
}
}

4
jdk/test/sun/security/util/FilePermCompat/flag.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
permission java.io.FilePermission "x", "read";
permission java.util.PropertyPermission "user.dir", "read";
};