8008793: SecurityManager.checkXXX behavior not specified for methods that check AWTPermission and AWT not present

Reviewed-by: hawtin, mullan, dsamersoff, mchung

jdk/src/share/classes/java/lang/SecurityManager.java

@@ -1320,6 +1320,9 @@ class SecurityManager {
      * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
      * and returns <code>true</code> if a SecurityException is not thrown,
      * otherwise it returns <code>false</code>.
+     * In the case of subset Profiles of Java SE that do not include the
+     * {@code java.awt} package, {@code checkPermission} is instead called
+     * to check the permission {@code java.security.AllPermission}.
      * <p>
      * If you override this method, then you should make a call to
      * <code>super.checkTopLevelWindow</code>
@@ -1340,8 +1343,12 @@ class SecurityManager {
         if (window == null) {
             throw new NullPointerException("window can't be null");
         }
+        Permission perm = SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION;
+        if (perm == null) {
+            perm = SecurityConstants.ALL_PERMISSION;
+        }
         try {
-            checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
+            checkPermission(perm);
             return true;
         } catch (SecurityException se) {
             // just return false
@@ -1379,6 +1386,9 @@ class SecurityManager {
      * This method calls <code>checkPermission</code> with the
      * <code>AWTPermission("accessClipboard")</code>
      * permission.
+     * In the case of subset Profiles of Java SE that do not include the
+     * {@code java.awt} package, {@code checkPermission} is instead called
+     * to check the permission {@code java.security.AllPermission}.
      * <p>
      * If you override this method, then you should make a call to
      * <code>super.checkSystemClipboardAccess</code>
@@ -1391,7 +1401,11 @@ class SecurityManager {
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
     public void checkSystemClipboardAccess() {
-        checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
+        Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
+        if (perm == null) {
+            perm = SecurityConstants.ALL_PERMISSION;
+        }
+        checkPermission(perm);
     }
 
     /**
@@ -1400,6 +1414,10 @@ class SecurityManager {
      * <p>
      * This method calls <code>checkPermission</code> with the
      * <code>AWTPermission("accessEventQueue")</code> permission.
+     * In the case of subset Profiles of Java SE that do not include the
+     * {@code java.awt} package, {@code checkPermission} is instead called
+     * to check the permission {@code java.security.AllPermission}.
+     *
      * <p>
      * If you override this method, then you should make a call to
      * <code>super.checkAwtEventQueueAccess</code>
@@ -1412,7 +1430,11 @@ class SecurityManager {
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
     public void checkAwtEventQueueAccess() {
-        checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
+        Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
+        if (perm == null) {
+            perm = SecurityConstants.ALL_PERMISSION;
+        }
+        checkPermission(perm);
     }
 
     /*

jdk/src/share/classes/sun/security/util/SecurityConstants.java

@@ -70,31 +70,6 @@ public final class SecurityConstants {
     // sun.security.provider.PolicyFile
     public static final AllPermission ALL_PERMISSION = new AllPermission();
 
-    /**
-     * Permission type used when AWT is not present.
-     */
-    private static class FakeAWTPermission extends BasicPermission {
-        private static final long serialVersionUID = -1L;
-        public FakeAWTPermission(String name) {
-            super(name);
-        }
-        public String toString() {
-            return "(\"java.awt.AWTPermission\" \"" + getName() + "\")";
-        }
-    }
-
-    /**
-     * Permission factory used when AWT is not present.
-     */
-    private static class FakeAWTPermissionFactory
-        implements PermissionFactory<FakeAWTPermission>
-    {
-        @Override
-        public FakeAWTPermission newPermission(String name) {
-            return new FakeAWTPermission(name);
-        }
-    }
-
     /**
      * AWT Permissions used in the JDK.
      */
@@ -107,37 +82,29 @@ public final class SecurityConstants {
         private static final String AWTFactory = "sun.awt.AWTPermissionFactory";
 
         /**
-         * The PermissionFactory to create AWT permissions (or fake permissions
-         * if AWT is not present).
+         * The PermissionFactory to create AWT permissions (or null if AWT is
+         * not present)
          */
         private static final PermissionFactory<?> factory = permissionFactory();
 
         private static PermissionFactory<?> permissionFactory() {
-            Class<?> c = AccessController
-                .doPrivileged(new PrivilegedAction<Class<?>>() {
-                    public Class<?> run() {
-                        try {
-                           return Class.forName(AWTFactory, true, null);
-                        } catch (ClassNotFoundException e) {
-                            // not available
-                            return null;
-                        }
-                    }});
-            if (c != null) {
-                // AWT present
-                try {
-                    return (PermissionFactory<?>)c.newInstance();
-                } catch (ReflectiveOperationException x) {
-                    throw new InternalError(x.getMessage(), x);
-                }
-            } else {
-                // AWT not present
-                return new FakeAWTPermissionFactory();
+            Class<?> c;
+            try {
+                c = Class.forName(AWTFactory, false, AWT.class.getClassLoader());
+            } catch (ClassNotFoundException e) {
+                // not available
+                return null;
+            }
+            // AWT present
+            try {
+                return (PermissionFactory<?>)c.newInstance();
+            } catch (ReflectiveOperationException x) {
+                throw new InternalError(x);
             }
         }
 
         private static Permission newAWTPermission(String name) {
-            return factory.newPermission(name);
+            return (factory == null) ? null : factory.newPermission(name);
         }
 
         // java.lang.SecurityManager

jdk/test/java/lang/SecurityManager/NoAWT.java

@@ -22,14 +22,43 @@
  */
 
 /* @test
- * @bug 8004502
+ * @bug 8004502 8008793
  * @summary Sanity check that SecurityManager methods that check AWTPermission
  *   behave as expected when AWT is not present
  */
 
+import java.security.AllPermission;
+import java.security.Permission;
+
 public class NoAWT {
+
+    static class MySecurityManager extends SecurityManager {
+        Class<?> expectedClass;
+
+        void setExpectedPermissionClass(Class<?> c) {
+            expectedClass = c;
+        }
+
+        @Override
+        public void checkPermission(Permission perm) {
+            if (perm.getClass() != expectedClass)
+                throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
+            super.checkPermission(perm);
+        }
+    }
+
     public static void main(String[] args) {
-        SecurityManager sm = new SecurityManager();
+        Class<?> awtPermissionClass = null;
+        try {
+            awtPermissionClass = Class.forName("java.awt.AWTPermission");
+        } catch (ClassNotFoundException ignore) { }
+
+        MySecurityManager sm = new MySecurityManager();
+        if (awtPermissionClass != null) {
+            sm.setExpectedPermissionClass(awtPermissionClass);
+        } else {
+            sm.setExpectedPermissionClass(AllPermission.class);
+        }
 
         try {
             sm.checkAwtEventQueueAccess();