From: Dr Andrew John Hughes <ahughes@redhat.com>
To: mauve-patches@sourceware.org
Subject: FYI: Test if Policy.implies(Permission) is called for domains with AllPermission
Date: Sat, 25 Dec 2010 01:15:00 -0000 [thread overview]
Message-ID: <20101225011449.GA28846@rivendell.middle-earth.co.uk> (raw)
[-- Attachment #1: Type: text/plain, Size: 1067 bytes --]
I found the following issue when trying to work out why OpenJDK
would only pass some permission checks to the Policy object and Classpath
VMs would pass them all, causing tests using gnu.testlet.TestSecurityManager
to fail.
It turns out OpenJDK doesn't bother to check the policy if the domain already
has AllPermission (as it obviously already has permission regardless of what
the policy says). This adds a Mauve test to check for this behaviour. I'm
also committing a patch to Classpath to implement this behaviour.
2010-12-24 Andrew John Hughes <ahughes@redhat.com>
* gnu/testlet/java/security/ProtectionDomain/Implies.java:
Check if Policy.implies(Permission) is called if the
protection domain is already known to have AllPermission.
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 2821 bytes --]
Index: gnu/testlet/java/security/ProtectionDomain/Implies.java
===================================================================
RCS file: gnu/testlet/java/security/ProtectionDomain/Implies.java
diff -N gnu/testlet/java/security/ProtectionDomain/Implies.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ gnu/testlet/java/security/ProtectionDomain/Implies.java 25 Dec 2010 01:08:41 -0000
@@ -0,0 +1,73 @@
+// Copyright (C) 2010 Red Hat, Inc.
+// Written by Andrew John Hughes <ahughes@redhat.com>
+
+// This file is part of Mauve.
+
+// Mauve is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2, or (at your option)
+// any later version.
+
+// Mauve is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Mauve; see the file COPYING. If not, write to
+// the Free Software Foundation, 59 Temple Place - Suite 330,
+// Boston, MA 02111-1307, USA.
+
+// Tags: JDK1.4
+
+package gnu.testlet.java.security.ProtectionDomain;
+
+import gnu.testlet.Testlet;
+import gnu.testlet.TestHarness;
+
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.security.SecurityPermission;
+
+/**
+ * Tests whether Policy.implies(Permission) is called
+ * when the domain has AllPermission as one of its permissions.
+ */
+public class Implies implements Testlet
+{
+
+ private boolean called = false;
+
+ public void test(TestHarness harness)
+ {
+ Policy.setPolicy(new Policy()
+ {
+ public boolean implies(ProtectionDomain domain,
+ Permission perm)
+ {
+ if (perm.getName().equals("TestPermission"))
+ called = true;
+ return true;
+ }
+ public void refresh() {}
+ public PermissionCollection getPermissions(CodeSource codesource)
+ {
+ return null;
+ }
+ });
+
+ System.setSecurityManager(new SecurityManager());
+ PermissionCollection coll = new Permissions();
+ coll.add(new AllPermission());
+ ProtectionDomain pd = new ProtectionDomain(null, coll,
+ Implies.class.getClassLoader(), null);
+ pd.implies(new SecurityPermission("TestPermission"));
+ harness.check(!called, "Policy was not checked due to AllPermission");
+ }
+
+}
reply other threads:[~2010-12-25 1:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101225011449.GA28846@rivendell.middle-earth.co.uk \
--to=ahughes@redhat.com \
--cc=mauve-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).