public inbox for java-patches@gcc.gnu.org
 help / color / mirror / Atom feed
* [PATCH] PR46774: Calling Policy.setPolicy with a new Policy object has no effect on the default SecurityManager
@ 2010-12-15  1:45 Dr Andrew John Hughes
  2010-12-15  9:39 ` Andrew Haley
  0 siblings, 1 reply; 3+ messages in thread
From: Dr Andrew John Hughes @ 2010-12-15  1:45 UTC (permalink / raw)
  To: java-patches

[-- Attachment #1: Type: text/plain, Size: 2202 bytes --]

Currently, with gcj, when a Policy object is set using Policy.setPolicy,
the policy is simply ignored by the default SecurityManager implementation.
This is shown by the Mauve test gnu.testlet.java.security.Policy.setPolicy
and is due to the PermissionDomain instances created by VMAccessController.

http://sources.redhat.com/cgi-bin/cvsweb.cgi/mauve/gnu/testlet/java/security/Policy/setPolicy.java?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=mauve

METABUG: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46773

The two-argument constructor is used which applies a static binding.  By
switching to the four argument constructor, the policy is consulted.
The attached patch does so, and has already been applied to the reference
implementation in GNU Classpath.  Sadly, it seems most VMs fork this class
so the patch has to be applied to CACAO, gcj and JamVM separately.

With the patch applied, the DEFAULT_CONTEXT instance is created as before
(the two nulls are implied in the two-argument constructor) but with the
policy instance being consulted.  The stack of ProtectionDomain instances
are supplied with the class loader via the four-argument constructor so
that the null (bootstrap) class loader is no longer always assumed.

A build of gcj with this patch passed the Mauve test, as does OpenJDK.
My system build of 4.5.1 without the patch failed.

Ok for trunk? Should this be backported to any older branches?

2010-12-13  Andrew John Hughes  <ahughes@redhat.com>

	PR libgcj/46774
	* libjava/java/security/VMAccessController.java:
	(DEFAULT_CONTEXT): Create ProtectionDomain with
	four argument constructor (arguments are the same
	as those implied by the two argument constructor).
	(getContext()): Create ProtectionDomain instances
	with four argument constructor using a null Principal
	array (as before) but including the classloader, which
	was always null before.

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

[-- Attachment #2: pr46774.diff --]
[-- Type: text/plain, Size: 1725 bytes --]

Index: libjava/classpath/lib/java/security/VMAccessController.class
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: libjava/java/security/VMAccessController.java
===================================================================
--- libjava/java/security/VMAccessController.java	(revision 167780)
+++ libjava/java/security/VMAccessController.java	(working copy)
@@ -56,7 +56,7 @@
     Permissions permissions = new Permissions();
     permissions.add(new AllPermission());
     ProtectionDomain[] domain = new ProtectionDomain[] {
-      new ProtectionDomain(source, permissions)
+      new ProtectionDomain(source, permissions, null, null)
     };
     DEFAULT_CONTEXT = new AccessControlContext(domain);
   }
@@ -178,12 +178,13 @@
     for (int i = 3; i < classes.length; i++)
       {
         Class clazz = classes[i];
+        ClassLoader loader = clazz.getClassLoader();
 
         if (DEBUG)
           {
             debug("checking " + clazz);
             // subject to getClassLoader RuntimePermission
-            debug("loader = " + clazz.getClassLoader());
+            debug("loader = " + loader);
           }
 
         if (privileged && i == classes.length - 2)
@@ -208,7 +209,8 @@
         // Create a static snapshot of this domain, which may change over time
         // if the current policy changes.
         domains.add(new ProtectionDomain(domain.getCodeSource(),
-                                         domain.getPermissions()));
+                                         domain.getPermissions(),
+                                         loader, null));
       }
 
     if (DEBUG)

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] PR46774: Calling Policy.setPolicy with a new Policy object has no effect on the default SecurityManager
  2010-12-15  1:45 [PATCH] PR46774: Calling Policy.setPolicy with a new Policy object has no effect on the default SecurityManager Dr Andrew John Hughes
@ 2010-12-15  9:39 ` Andrew Haley
  2010-12-20 18:31   ` Dr Andrew John Hughes
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Haley @ 2010-12-15  9:39 UTC (permalink / raw)
  To: java-patches

On 12/15/2010 01:45 AM, Dr Andrew John Hughes wrote:
>
> Ok for trunk? Should this be backported to any older branches?
>
> 2010-12-13  Andrew John Hughes<ahughes@redhat.com>
>
> 	PR libgcj/46774
> 	* libjava/java/security/VMAccessController.java:
> 	(DEFAULT_CONTEXT): Create ProtectionDomain with
> 	four argument constructor (arguments are the same
> 	as those implied by the two argument constructor).
> 	(getContext()): Create ProtectionDomain instances
> 	with four argument constructor using a null Principal
> 	array (as before) but including the classloader, which
> 	was always null before.

OK, thanks.  I don't have any strong opinion about whether this
should be back-ported to older branches, but 4.5 would be good.

Andrew.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] PR46774: Calling Policy.setPolicy with a new Policy object has no effect on the default SecurityManager
  2010-12-15  9:39 ` Andrew Haley
@ 2010-12-20 18:31   ` Dr Andrew John Hughes
  0 siblings, 0 replies; 3+ messages in thread
From: Dr Andrew John Hughes @ 2010-12-20 18:31 UTC (permalink / raw)
  To: Andrew Haley; +Cc: java-patches

On 09:39 Wed 15 Dec     , Andrew Haley wrote:
> On 12/15/2010 01:45 AM, Dr Andrew John Hughes wrote:
> >
> > Ok for trunk? Should this be backported to any older branches?
> >
> > 2010-12-13  Andrew John Hughes<ahughes@redhat.com>
> >
> > 	PR libgcj/46774
> > 	* libjava/java/security/VMAccessController.java:
> > 	(DEFAULT_CONTEXT): Create ProtectionDomain with
> > 	four argument constructor (arguments are the same
> > 	as those implied by the two argument constructor).
> > 	(getContext()): Create ProtectionDomain instances
> > 	with four argument constructor using a null Principal
> > 	array (as before) but including the classloader, which
> > 	was always null before.
> 
> OK, thanks.  I don't have any strong opinion about whether this
> should be back-ported to older branches, but 4.5 would be good.
> 

Thanks.
Committed to both trunk and 4.5.  The fix will be available in 4.5.3.

> Andrew.

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-12-20 18:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-12-15  1:45 [PATCH] PR46774: Calling Policy.setPolicy with a new Policy object has no effect on the default SecurityManager Dr Andrew John Hughes
2010-12-15  9:39 ` Andrew Haley
2010-12-20 18:31   ` Dr Andrew John Hughes

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).