infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-05-13 06:59:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default

Browse Source 
Reviewed-by: mchung
This commit is contained in:
Sean Mullan 2017-01-19 13:50:02 -05:00
parent 69369c305a
commit d9d9d8701a
15 changed files with 377 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
jdk/src/java.base/share/classes/java/lang/SecurityManager.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,18 +25,30 @@
package java.lang;
import java.security.*;
import java.lang.RuntimePermission;
import java.lang.module.ModuleDescriptor;
import java.lang.module.ModuleDescriptor.Exports;
import java.lang.module.ModuleDescriptor.Opens;
import java.lang.reflect.Layer;
import java.lang.reflect.Member;
import java.lang.reflect.Module;
import java.io.FileDescriptor;
import java.io.File;
import java.io.FilePermission;
import java.util.PropertyPermission;
import java.lang.RuntimePermission;
import java.net.SocketPermission;
import java.net.NetPermission;
import java.util.Hashtable;
import java.net.InetAddress;
import java.lang.reflect.*;
import java.net.URL;
import java.net.SocketPermission;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.HashSet;
import java.util.Objects;
import java.util.PropertyPermission;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jdk.internal.reflect.CallerSensitive;
import sun.security.util.SecurityConstants;
@ -1415,46 +1427,108 @@ class SecurityManager {
}
}
if (packages == null)
if (packages == null) {
packages = new String[0];
}
return packages;
}
// The non-exported packages of the modules in the boot layer that are
// loaded by the platform class loader or its ancestors. A non-exported
// package is a package that either is not exported at all by its containing
// module or is exported in a qualified fashion by its containing module.
private static final Set<String> nonExportedPkgs;
static {
// Get the modules in the boot layer
Stream<Module> bootLayerModules = Layer.boot().modules().stream();
// Filter out the modules loaded by the boot or platform loader
PrivilegedAction<Set<Module>> pa = () ->
bootLayerModules.filter(SecurityManager::isBootOrPlatformModule)
.collect(Collectors.toSet());
Set<Module> modules = AccessController.doPrivileged(pa);
// Filter out the non-exported packages
nonExportedPkgs = modules.stream()
.map(Module::getDescriptor)
.map(SecurityManager::nonExportedPkgs)
.flatMap(Set::stream)
.collect(Collectors.toSet());
}
/**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to access the package specified by
* the argument.
* Returns true if the module's loader is the boot or platform loader.
*/
private static boolean isBootOrPlatformModule(Module m) {
return m.getClassLoader() == null ||
m.getClassLoader() == ClassLoader.getPlatformClassLoader();
}
/**
* Returns the non-exported packages of the specified module.
*/
private static Set<String> nonExportedPkgs(ModuleDescriptor md) {
// start with all packages in the module
Set<String> pkgs = new HashSet<>(md.packages());
// remove the non-qualified exported packages
md.exports().stream()
.filter(p -> !p.isQualified())
.map(Exports::source)
.forEach(pkgs::remove);
// remove the non-qualified open packages
md.opens().stream()
.filter(p -> !p.isQualified())
.map(Opens::source)
.forEach(pkgs::remove);
return pkgs;
}
/**
* Throws a {@code SecurityException} if the calling thread is not allowed
* to access the specified package.
* <p>
* This method is used by the <code>loadClass</code> method of class
* loaders.
* This method is called by the {@code loadClass} method of class loaders.
* <p>
* This method first gets a list of
* restricted packages by obtaining a comma-separated list from
* a call to
* <code>java.security.Security.getProperty("package.access")</code>,
* and checks to see if <code>pkg</code> starts with or equals
* any of the restricted packages. If it does, then
* <code>checkPermission</code> gets called with the
* <code>RuntimePermission("accessClassInPackage."+pkg)</code>
* permission.
* This method checks if the specified package starts with or equals
* any of the packages in the {@code package.access} Security Property.
* An implementation may also check the package against an additional
* list of restricted packages as noted below. If the package is restricted,
* {@link #checkPermission(Permission)} is called with a
* {@code RuntimePermission("accessClassInPackage."+pkg)} permission.
* <p>
* If this method is overridden, then
* <code>super.checkPackageAccess</code> should be called
* as the first line in the overridden method.
* If this method is overridden, then {@code super.checkPackageAccess}
* should be called as the first line in the overridden method.
*
* @implNote
* This implementation also restricts all non-exported packages of modules
* loaded by {@linkplain ClassLoader#getPlatformClassLoader
* the platform class loader} or its ancestors. A "non-exported package"
* refers to a package that is not exported to all modules. Specifically,
* it refers to a package that either is not exported at all by its
* containing module or is exported in a qualified fashion by its
* containing module.
*
* @param pkg the package name.
* @exception SecurityException if the calling thread does not have
* @throws SecurityException if the calling thread does not have
* permission to access the specified package.
* @exception NullPointerException if the package name argument is
* <code>null</code>.
* @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
* loadClass
* @throws NullPointerException if the package name argument is
* {@code null}.
* @see java.lang.ClassLoader#loadClass(String, boolean) loadClass
* @see java.security.Security#getProperty getProperty
* @see #checkPermission(java.security.Permission) checkPermission
* @see #checkPermission(Permission) checkPermission
*/
public void checkPackageAccess(String pkg) {
if (pkg == null) {
throw new NullPointerException("package name can't be null");
Objects.requireNonNull(pkg, "package name can't be null");
// check if pkg is not exported to all modules
if (nonExportedPkgs.contains(pkg)) {
checkPermission(
new RuntimePermission("accessClassInPackage." + pkg));
return;
}
String[] restrictedPkgs;
@ -1512,36 +1586,48 @@ class SecurityManager {
}
/**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to define classes in the package
* specified by the argument.
* Throws a {@code SecurityException} if the calling thread is not
* allowed to define classes in the specified package.
* <p>
* This method is used by the <code>loadClass</code> method of some
* This method is called by the {@code loadClass} method of some
* class loaders.
* <p>
* This method first gets a list of restricted packages by
* obtaining a comma-separated list from a call to
* <code>java.security.Security.getProperty("package.definition")</code>,
* and checks to see if <code>pkg</code> starts with or equals
* any of the restricted packages. If it does, then
* <code>checkPermission</code> gets called with the
* <code>RuntimePermission("defineClassInPackage."+pkg)</code>
* permission.
* This method checks if the specified package starts with or equals
* any of the packages in the {@code package.definition} Security
* Property. An implementation may also check the package against an
* additional list of restricted packages as noted below. If the package
* is restricted, {@link #checkPermission(Permission)} is called with a
* {@code RuntimePermission("defineClassInPackage."+pkg)} permission.
* <p>
* If this method is overridden, then
* <code>super.checkPackageDefinition</code> should be called
* as the first line in the overridden method.
* If this method is overridden, then {@code super.checkPackageDefinition}
* should be called as the first line in the overridden method.
*
* @implNote
* This implementation also restricts all non-exported packages of modules
* loaded by {@linkplain ClassLoader#getPlatformClassLoader
* the platform class loader} or its ancestors. A "non-exported package"
* refers to a package that is not exported to all modules. Specifically,
* it refers to a package that either is not exported at all by its
* containing module or is exported in a qualified fashion by its
* containing module.
*
* @param pkg the package name.
* @exception SecurityException if the calling thread does not have
* @throws SecurityException if the calling thread does not have
* permission to define classes in the specified package.
* @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
* @throws NullPointerException if the package name argument is
* {@code null}.
* @see java.lang.ClassLoader#loadClass(String, boolean)
* @see java.security.Security#getProperty getProperty
* @see #checkPermission(java.security.Permission) checkPermission
* @see #checkPermission(Permission) checkPermission
*/
public void checkPackageDefinition(String pkg) {
if (pkg == null) {
throw new NullPointerException("package name can't be null");
Objects.requireNonNull(pkg, "package name can't be null");
// check if pkg is not exported to all modules
if (nonExportedPkgs.contains(pkg)) {
checkPermission(
new RuntimePermission("defineClassInPackage." + pkg));
return;
}
String[] pkgs;

15
jdk/src/java.base/share/classes/java/lang/System.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1994, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -310,12 +310,13 @@ public final class System {
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*/
public static
void setSecurityManager(final SecurityManager s) {
try {
s.checkPackageAccess("java.lang");
} catch (Exception e) {
// no-op
public static void setSecurityManager(final SecurityManager s) {
if (s != null) {
try {
s.checkPackageAccess("java.lang");
} catch (Exception e) {
// no-op
}
}
setSecurityManager0(s);
}

1
jdk/src/java.base/share/classes/module-info.java
View File

@ -249,7 +249,6 @@ module java.base {
jdk.crypto.token;
exports sun.security.jca to
java.smartcardio,
java.xml.crypto,
jdk.crypto.ec,
jdk.crypto.token,
jdk.naming.dns;

111
jdk/src/java.base/share/conf/security/java.security
View File

@ -298,111 +298,24 @@ keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.,\
com.sun.xml.internal.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
com.sun.media.sound.,\
com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.corba.se.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
com.sun.org.apache.xerces.internal.,\
com.sun.org.apache.xpath.internal.,\
com.sun.org.apache.xalan.internal.extensions.,\
com.sun.org.apache.xalan.internal.lib.,\
com.sun.org.apache.xalan.internal.res.,\
com.sun.org.apache.xalan.internal.templates.,\
com.sun.org.apache.xalan.internal.utils.,\
com.sun.org.apache.xalan.internal.xslt.,\
com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
com.sun.org.apache.xalan.internal.xsltc.compiler.,\
com.sun.org.apache.xalan.internal.xsltc.trax.,\
com.sun.org.apache.xalan.internal.xsltc.util.,\
com.sun.org.apache.xml.internal.res.,\
com.sun.org.apache.xml.internal.security.,\
com.sun.org.apache.xml.internal.serializer.dom3.,\
com.sun.org.apache.xml.internal.serializer.utils.,\
com.sun.org.apache.xml.internal.utils.,\
com.sun.org.glassfish.,\
com.sun.tools.script.,\
com.oracle.xmlns.internal.,\
com.oracle.webservices.internal.,\
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
jdk.tools.jimage.,\
com.sun.activation.registries.,\
com.sun.java.accessibility.util.internal.,\
#ifdef windows
com.sun.java.accessibility.internal.,\
#endif
#ifdef macosx
apple.,\
#endif
# will cause a security exception to be thrown when passed to the
# SecurityManager::checkPackageAccess method unless the corresponding
# RuntimePermission("accessClassInPackage."+package) has been granted.
#
package.access=sun.misc.,\
sun.reflect.,\
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
# will cause a security exception to be thrown when passed to the
# SecurityManager::checkPackageDefinition method unless the corresponding
# RuntimePermission("defineClassInPackage."+package) has been granted.
#
# by default, none of the class loaders supplied with the JDK call
# By default, none of the class loaders supplied with the JDK call
# checkPackageDefinition.
#
package.definition=sun.,\
com.sun.xml.internal.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
com.sun.media.sound.,\
com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.corba.se.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
com.sun.org.apache.xerces.internal.,\
com.sun.org.apache.xpath.internal.,\
com.sun.org.apache.xalan.internal.extensions.,\
com.sun.org.apache.xalan.internal.lib.,\
com.sun.org.apache.xalan.internal.res.,\
com.sun.org.apache.xalan.internal.templates.,\
com.sun.org.apache.xalan.internal.utils.,\
com.sun.org.apache.xalan.internal.xslt.,\
com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
com.sun.org.apache.xalan.internal.xsltc.compiler.,\
com.sun.org.apache.xalan.internal.xsltc.trax.,\
com.sun.org.apache.xalan.internal.xsltc.util.,\
com.sun.org.apache.xml.internal.res.,\
com.sun.org.apache.xml.internal.security.,\
com.sun.org.apache.xml.internal.serializer.dom3.,\
com.sun.org.apache.xml.internal.serializer.utils.,\
com.sun.org.apache.xml.internal.utils.,\
com.sun.org.glassfish.,\
com.sun.tools.script.,\
com.oracle.xmlns.internal.,\
com.oracle.webservices.internal.,\
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
jdk.tools.jimage.,\
com.sun.activation.registries.,\
com.sun.java.accessibility.util.internal.,\
#ifdef windows
com.sun.java.accessibility.internal.,\
#endif
#ifdef macosx
apple.,\
#endif
package.definition=sun.misc.,\
sun.reflect.,\
#
# Determines whether this properties file can be appended to

17
jdk/src/java.base/share/lib/security/default.policy
View File

@ -93,9 +93,19 @@ grant codeBase "jrt:/java.xml.crypto" {
"com.sun.org.apache.xml.internal.security.register";
permission java.security.SecurityPermission
"getProperty.jdk.xml.dsig.secureValidationPolicy";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.org.apache.xml.internal.*";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.org.apache.xpath.internal";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.org.apache.xpath.internal.*";
};
grant codeBase "jrt:/java.xml.ws" {
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.org.apache.xml.internal.resolver";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.org.apache.xml.internal.resolver.tools";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.xml.internal.*";
permission java.lang.RuntimePermission
@ -188,3 +198,10 @@ grant codeBase "jrt:/jdk.zipfs" {
permission java.util.PropertyPermission "os.name", "read";
};
grant codeBase "jrt:/jdk.accessibility" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
};
grant codeBase "jrt:/jdk.desktop" {
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
};

17
jdk/src/java.sql.rowset/share/classes/com/sun/rowset/CachedRowSetImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,9 @@ import java.io.*;
import java.math.*;
import java.util.*;
import java.text.*;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.sql.rowset.*;
import javax.sql.rowset.spi.*;
@ -357,8 +360,16 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
}
// set the Reader, this maybe overridden latter
provider =
SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
try {
provider = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
@Override
public SyncProvider run() throws SyncFactoryException {
return SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
}
}, null, new RuntimePermission("accessClassInPackage.com.sun.rowset.providers"));
} catch (PrivilegedActionException pae) {
throw (SyncFactoryException) pae.getException();
}
if (!(provider instanceof RIOptimisticProvider)) {
throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString());

6
jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/testAES.policy
View File

@ -1,6 +1,6 @@
grant
{
grant codeBase "file:${test.classes}/*" {
permission java.security.SecurityPermission "removeProvider.SunJCE";
permission java.security.SecurityPermission "insertProvider.SunJCE";
permission java.security.SecurityPermission "putProviderProperty.SunJCE";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.crypto.provider";
};

4
jdk/test/com/sun/security/auth/module/LdapLoginModule/CheckConfigs.policy
View File

@ -1,9 +1,9 @@
grant {
grant codeBase "file:${test.classes}/*" {
// The following permissions are not required because the test is
// not expected to connect to an LDAP server
//
//permission java.net.SocketPermission "*:389", "connect";
//permission java.net.SocketPermission "*:636", "connect";
//permission javax.security.auth.AuthPermission "modifyPrincipals";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.ldap";
};

187
jdk/test/java/lang/SecurityManager/CheckPackageAccess.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,87 +23,174 @@
/*
* @test
* @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427
* @summary Make sure all restricted packages listed in the package.access
* @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 8055206
* @summary Check that various restricted packages that are supposed to be
* restricted by default or are listed in the package.access
* property in the java.security file are blocked
* @modules java.xml.ws java.corba
* @run main/othervm CheckPackageAccess
*/
import java.util.Collections;
import java.util.ArrayList;
import java.lang.module.ModuleFinder;
import java.lang.module.ModuleReference;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
/*
* The main benefit of this test is to catch merge errors or other types
* of issues where one or more of the packages are accidentally
* removed. This is why the packages that are known to be restricted have to
* be explicitly listed below.
*/
public class CheckPackageAccess {
public static void main(String[] args) throws Exception {
// get expected list of restricted packages
List<String> pkgs = RestrictedPackages.expected();
private static final SecurityManager sm = new SecurityManager();
private static final ModuleFinder mf = ModuleFinder.ofSystem();
// get actual list of restricted packages
List<String> jspkgs = RestrictedPackages.actual();
/*
* The expected list of restricted packages of the package.access property.
*
* This array should be updated whenever new packages are added to the
* package.access property in the java.security file
* NOTE: it should be in the same order as the java.security file
*/
private static final String[] EXPECTED = {
"sun.misc.",
"sun.reflect.",
};
if (!isOpenJDKOnly()) {
String lastPkg = pkgs.get(pkgs.size() - 1);
/**
* Tests access to various packages of a module.
*/
private static class Test {
String moduleName; // name of module
ModuleReference moduleRef; // module reference
String exports; // exported pkg
Optional<String> opens; // opened pkg
String conceals; // concealed pkg
Optional<String> qualExports; // qualified export pkg
Optional<String> qualOpens; // qualified open pkg
// qual open and non-qualified export pkg
Optional<String> qualOpensAndExports;
Test(String module, String exports, String opens, String conceals,
String qualExports, String qualOpens, String qualOpensAndExports) {
this.moduleName = module;
this.moduleRef = mf.find(moduleName).get();
this.exports = exports;
this.opens = Optional.ofNullable(opens);
this.conceals = conceals;
this.qualExports = Optional.ofNullable(qualExports);
this.qualOpens = Optional.ofNullable(qualOpens);
this.qualOpensAndExports = Optional.ofNullable(qualOpensAndExports);
}
// Remove any closed packages from list before comparing
int index = jspkgs.indexOf(lastPkg);
if (index != -1 && index != jspkgs.size() - 1) {
jspkgs.subList(index + 1, jspkgs.size()).clear();
void test() {
System.out.println("Testing module " + moduleName);
// access to exported pkg should pass
testNonRestricted(exports);
// access to opened pkg should pass
opens.ifPresent(Test::testNonRestricted);
// access to concealed pkg should fail
testRestricted(conceals);
// access to qualified export pkg should fail
qualExports.ifPresent(Test::testRestricted);
// access to qualified open pkg should fail
qualOpens.ifPresent(Test::testRestricted);
// access to qualified opened pkg that is also exported should pass
qualOpensAndExports.ifPresent(Test::testNonRestricted);
}
private static void testRestricted(String pkg) {
try {
sm.checkPackageAccess(pkg);
throw new RuntimeException("Able to access restricted package: "
+ pkg);
} catch (SecurityException se) {}
try {
sm.checkPackageDefinition(pkg);
throw new RuntimeException("Able to access restricted package: "
+ pkg);
} catch (SecurityException se) {}
}
private static void testNonRestricted(String pkg) {
try {
sm.checkPackageAccess(pkg);
} catch (SecurityException se) {
throw new RuntimeException("Unable to access exported package: "
+ pkg, se);
}
try {
sm.checkPackageDefinition(pkg);
} catch (SecurityException se) {
throw new RuntimeException("Unable to access exported package: "
+ pkg, se);
}
}
}
// Sort to ensure lists are comparable
Collections.sort(pkgs);
Collections.sort(jspkgs);
private static final Test[] tests = new Test[] {
// java.base module loaded by boot loader
new Test("java.base", "java.security", null, "jdk.internal.jrtfs",
"jdk.internal.loader", null, null),
// java.desktop module loaded by boot loader and has an openQual pkg
// that is exported
new Test("java.desktop", "java.applet", null, "sun.applet",
"sun.awt", "com.sun.java.swing.plaf.windows",
"javax.swing.plaf.basic"),
// java.security.jgss module loaded by platform loader
new Test("java.security.jgss", "org.ietf.jgss", null,
"sun.security.krb5.internal.crypto", "sun.security.krb5",
null, null),
// java.xml.ws module loaded by platform loader but needs to be added
// and has an openQual pkg that is exported
new Test("java.xml.ws", "javax.xml.soap", null,
"com.sun.xml.internal.stream.buffer",
"com.sun.xml.internal.ws.api", null,
"javax.xml.ws.wsaddressing"),
// java.xml.ws module loaded by platform loader but needs to be added
// and has an openQual pkg
new Test("java.corba", "javax.rmi", null, "sun.corba",
"com.sun.corba.se.impl.util", "com.sun.jndi.cosnaming", null),
};
if (!pkgs.equals(jspkgs)) {
for (String p : pkgs)
if (!jspkgs.contains(p))
System.out.println("In golden set, but not in j.s file: " + p);
for (String p : jspkgs)
if (!pkgs.contains(p))
System.out.println("In j.s file, but not in golden set: " + p);
public static void main(String[] args) throws Exception {
// check expected list of restricted packages in java.security file
checkPackages(Arrays.asList(EXPECTED));
throw new RuntimeException("restricted packages are not " +
"consistent with java.security file");
// check access to each module's packages
for (Test test : tests) {
test.test();
}
System.setSecurityManager(new SecurityManager());
SecurityManager sm = System.getSecurityManager();
System.out.println("Test passed");
}
private static void checkPackages(List<String> pkgs) {
for (String pkg : pkgs) {
String subpkg = pkg + "foo";
try {
sm.checkPackageAccess(pkg);
throw new RuntimeException("Able to access " + pkg +
" package");
} catch (SecurityException se) { }
try {
sm.checkPackageAccess(subpkg);
throw new RuntimeException("Able to access " + subpkg +
" package");
} catch (SecurityException se) { }
try {
sm.checkPackageDefinition(pkg);
throw new RuntimeException("Able to define class in " + pkg +
" package");
} catch (SecurityException se) { }
String subpkg = pkg + "foo";
try {
sm.checkPackageDefinition(subpkg);
throw new RuntimeException("Able to define class in " + subpkg +
sm.checkPackageAccess(subpkg);
throw new RuntimeException("Able to access " + subpkg +
" package");
} catch (SecurityException se) { }
try {
sm.checkPackageDefinition(subpkg);
throw new RuntimeException("Able to define class in " +
subpkg + " package");
} catch (SecurityException se) { }
}
System.out.println("Test passed");
}
private static boolean isOpenJDKOnly() {
String prop = System.getProperty("java.runtime.name");
return prop != null && prop.startsWith("OpenJDK");
}
}

51
jdk/test/java/lang/SecurityManager/CheckPackageMatching.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,11 +28,13 @@
* @run main/othervm CheckPackageMatching
*/
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.StringTokenizer;
/*
* The purpose of this test is not to verify the content of the package
@ -46,10 +48,23 @@ public class CheckPackageMatching {
* The restricted packages listed in the package.access property of the
* java.security file.
*/
private static final String[] packages =
RestrictedPackages.actual().toArray(new String[0]);
private static final String[] packages = actual().toArray(new String[0]);
private static final boolean OPEN_JDK = isOpenJDKOnly();
/**
* Returns the list of restricted packages in the package.access property.
*/
private static List<String> actual() {
String prop = Security.getProperty("package.access");
List<String> packages = new ArrayList<>();
if (prop != null && !prop.equals("")) {
StringTokenizer tok = new StringTokenizer(prop, ",");
while (tok.hasMoreElements()) {
String s = tok.nextToken().trim();
packages.add(s);
}
}
return packages;
}
/**
* PackageMatcher implements a state machine that matches package
@ -326,13 +341,8 @@ public class CheckPackageMatching {
System.getSecurityManager().checkPackageAccess("com.sun.jmxa");
System.getSecurityManager().checkPackageAccess("jmx");
List<String> actual = Arrays.asList(packages);
for (String p : actual) {
if (!actual.contains(p)) {
System.err.println("Warning: '" + p + " not in package.access");
}
}
if (!actual.contains("sun.")) {
throw new Error("package.access does not contain 'sun.'");
if (!actual.contains("sun.misc.")) {
throw new Error("package.access does not contain 'sun.misc.'");
}
}
@ -447,17 +457,15 @@ public class CheckPackageMatching {
// These should not match.
for (String pkg : new String[] {"gloups.machin", "su",
"org.jcp.xml.dsig.interna",
"org.jcp.xml.dsig.inter",
"com.sun.jm", "com.sun.jmxa"}) {
testMatch(matcher, pkg, false, true);
}
// These should match.
for (String pkg : Arrays.asList(
new String[] {"sun.gloups.machin", "sun", "sun.com",
"com.sun.jmx", "com.sun.jmx.a",
"org.jcp.xml.dsig.internal",
"org.jcp.xml.dsig.internal.foo"})) {
new String[] {"sun.misc.gloups.machin", "sun.misc",
"sun.reflect"})) {
testMatch(matcher, pkg, true, true);
}
@ -486,12 +494,6 @@ public class CheckPackageMatching {
}
for (String pkg : pkgs) {
if (!OPEN_JDK && pkg.equals("com.sun.media.sound.")) {
// don't test com.sun.media.sound since there is an entry
// for com.sun.media in non OpenJDK builds. Otherwise,
// the test for this package will fail unexpectedly.
continue;
}
String candidate = pkg.substring(0, pkg.length() - 2);
boolean expected = pkglist.contains(candidate + ".");
testMatch(matcher, candidate, expected,
@ -537,9 +539,4 @@ public class CheckPackageMatching {
}
}
}
private static boolean isOpenJDKOnly() {
String prop = System.getProperty("java.runtime.name");
return prop != null && prop.startsWith("OpenJDK");
}
}

155
jdk/test/java/lang/SecurityManager/RestrictedPackages.java
View File

@ -1,155 +0,0 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.StringTokenizer;
/**
* A collection of utility methods and constants for testing the package
* access and package definition security checks.
*/
final class RestrictedPackages {
/*
* The expected list of restricted packages.
*
* This array should be updated whenever new packages are added to the
* package.access property in the java.security file
* NOTE: it should be in the same order as the java.security file
*/
static final String[] EXPECTED = {
"sun.",
"com.sun.xml.internal.",
"com.sun.imageio.",
"com.sun.istack.internal.",
"com.sun.jmx.",
"com.sun.media.sound.",
"com.sun.naming.internal.",
"com.sun.proxy.",
"com.sun.corba.se.",
"com.sun.org.apache.bcel.internal.",
"com.sun.org.apache.regexp.internal.",
"com.sun.org.apache.xerces.internal.",
"com.sun.org.apache.xpath.internal.",
"com.sun.org.apache.xalan.internal.extensions.",
"com.sun.org.apache.xalan.internal.lib.",
"com.sun.org.apache.xalan.internal.res.",
"com.sun.org.apache.xalan.internal.templates.",
"com.sun.org.apache.xalan.internal.utils.",
"com.sun.org.apache.xalan.internal.xslt.",
"com.sun.org.apache.xalan.internal.xsltc.cmdline.",
"com.sun.org.apache.xalan.internal.xsltc.compiler.",
"com.sun.org.apache.xalan.internal.xsltc.trax.",
"com.sun.org.apache.xalan.internal.xsltc.util.",
"com.sun.org.apache.xml.internal.res.",
"com.sun.org.apache.xml.internal.security.",
"com.sun.org.apache.xml.internal.serializer.dom3.",
"com.sun.org.apache.xml.internal.serializer.utils.",
"com.sun.org.apache.xml.internal.utils.",
"com.sun.org.glassfish.",
"com.sun.tools.script.",
"com.oracle.xmlns.internal.",
"com.oracle.webservices.internal.",
"org.jcp.xml.dsig.internal.",
"jdk.internal.",
"jdk.nashorn.internal.",
"jdk.nashorn.tools.",
"jdk.tools.jimage.",
"com.sun.activation.registries.",
"com.sun.java.accessibility.util.internal."
};
/*
* A non-exhaustive list of restricted packages.
*
* Contrary to what is in the EXPECTED list, this list does not need
* to be exhaustive.
*/
static final String[] EXPECTED_NONEXHAUSTIVE = {
"sun.",
"com.sun.xml.internal.",
"com.sun.imageio.",
"com.sun.istack.internal.",
"com.sun.jmx.",
"com.sun.proxy.",
"com.sun.org.apache.bcel.internal.",
"com.sun.org.apache.regexp.internal.",
"com.sun.org.apache.xerces.internal.",
"com.sun.org.apache.xpath.internal.",
"com.sun.org.apache.xalan.internal.extensions.",
"com.sun.org.apache.xalan.internal.lib.",
"com.sun.org.apache.xalan.internal.res.",
"com.sun.org.apache.xalan.internal.templates.",
"com.sun.org.apache.xalan.internal.utils.",
"com.sun.org.apache.xalan.internal.xslt.",
"com.sun.org.apache.xalan.internal.xsltc.cmdline.",
"com.sun.org.apache.xalan.internal.xsltc.compiler.",
"com.sun.org.apache.xalan.internal.xsltc.trax.",
"com.sun.org.apache.xalan.internal.xsltc.util.",
"com.sun.org.apache.xml.internal.res.",
"com.sun.org.apache.xml.internal.serializer.utils.",
"com.sun.org.apache.xml.internal.utils.",
"com.sun.org.apache.xml.internal.security.",
"com.sun.org.glassfish.",
"org.jcp.xml.dsig.internal."
};
private static final String OS_NAME = System.getProperty("os.name");
/**
* Returns a list of expected restricted packages, including any
* OS specific packages. The returned list is mutable.
*/
static List<String> expected() {
List<String> pkgs = new ArrayList<>(Arrays.asList(EXPECTED));
if (OS_NAME.contains("OS X")) {
pkgs.add("apple."); // add apple package for OS X
}
if (OS_NAME.contains("Win")) {
pkgs.add("com.sun.java.accessibility.internal."); // add Win only package
}
return pkgs;
}
/**
* Returns a list of actual restricted packages. The returned list
* is mutable.
*/
static List<String> actual() {
String prop = Security.getProperty("package.access");
List<String> packages = new ArrayList<>();
if (prop != null && !prop.equals("")) {
StringTokenizer tok = new StringTokenizer(prop, ",");
while (tok.hasMoreElements()) {
String s = tok.nextToken().trim();
packages.add(s);
}
}
return packages;
}
private RestrictedPackages() { }
}

9
jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -63,6 +63,7 @@ public class LogGeneratedClassesTest extends LUtils {
scratch.add(" int foo();");
scratch.add(" }");
scratch.add(" public static void main(String[] args) {");
scratch.add(" System.setSecurityManager(new SecurityManager());");
scratch.add(" I lam = () -> 10;");
scratch.add(" Runnable r = () -> {");
scratch.add(" System.out.println(\"Runnable\");");
@ -114,7 +115,6 @@ public class LogGeneratedClassesTest extends LUtils {
public void testNotLogging() {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djava.security.manager",
"com.example.TestLambda");
tr.assertZero("Should still return 0");
}
@ -125,7 +125,6 @@ public class LogGeneratedClassesTest extends LUtils {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=dump",
"-Djava.security.manager",
"com.example.TestLambda");
// 2 our own class files. We don't care about the others
assertEquals(Files.find(
@ -143,7 +142,6 @@ public class LogGeneratedClassesTest extends LUtils {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=notExist",
"-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@ -159,7 +157,6 @@ public class LogGeneratedClassesTest extends LUtils {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=file",
"-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@ -218,7 +215,6 @@ public class LogGeneratedClassesTest extends LUtils {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=readOnly",
"-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@ -237,7 +233,6 @@ public class LogGeneratedClassesTest extends LUtils {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=dumpLong",
"-Djava.security.manager",
longFQCN);
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING: Exception"))

4
jdk/test/java/security/KeyRep/SerialOld.policy
View File

@ -1,4 +1,4 @@
grant {
grant codeBase "file:${test.classes}/*" {
permission java.io.FilePermission "${test.src}${file.separator}*", "read";
permission java.util.PropertyPermission "test.src", "read";
@ -11,4 +11,6 @@ grant {
"accessClassInPackage.sun.security.x509";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.rsa";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.crypto.provider";
};

29
jdk/test/javax/rmi/PortableRemoteObject/8146975/jtreg.test.policy
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,25 +21,12 @@
* questions.
*/
grant codeBase "jrt:/java.corba" {
permission java.security.AllPermission;
};
grant {
permission java.io.FilePermission "./-", "read,write,execute";
permission java.io.FilePermission "*", "read";
permission java.net.SocketPermission "*:*", "connect, accept, listen, resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.SerializablePermission "enableSubclassImplementation";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.corba";
permission java.lang.RuntimePermission "defineClassInPackage.sun.corba";
permission java.lang.RuntimePermission "reflectionFactoryAccess";
permission sun.corba.BridgePermission "getBridge";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
permission java.util.PropertyPermission "*", "read, write";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute";
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read, execute";
};
grant codeBase "file:${test.classes}/*" {
permission java.net.SocketPermission "*:*", "connect, accept, listen, resolve";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.cosnaming";
};

23
jdk/test/javax/rmi/PortableRemoteObject/jtreg.test.policy
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,23 +21,12 @@
* questions.
*/
grant codeBase "jrt:/java.corba" {
permission java.security.AllPermission;
grant {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read, execute";
};
grant {
permission java.io.FilePermission "./-", "read,write,execute";
permission java.io.FilePermission "*", "read";
grant codeBase "file:${test.classes}/*" {
permission java.net.SocketPermission "*:*", "connect, accept, listen, resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.SerializablePermission "enableSubclassImplementation";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.corba";
permission java.lang.RuntimePermission "defineClassInPackage.sun.corba";
permission java.lang.RuntimePermission "reflectionFactoryAccess";
permission sun.corba.BridgePermission "getBridge";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
permission java.util.PropertyPermission "*", "read, write";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.cosnaming";
};