FYI: Test if Policy.implies(Permission) is called for domains with AllPermission

public inbox for mauve-patches@sourceware.org
 help / color / mirror / Atom feed

* FYI: Test if Policy.implies(Permission) is called for domains with AllPermission
@ 2010-12-25  1:15 Dr Andrew John Hughes
  0 siblings, 0 replies; only message in thread
From: Dr Andrew John Hughes @ 2010-12-25  1:15 UTC (permalink / raw)
  To: mauve-patches

[-- Attachment #1: Type: text/plain, Size: 1067 bytes --]

I found the following issue when trying to work out why OpenJDK
would only pass some permission checks to the Policy object and Classpath
VMs would pass them all, causing tests using gnu.testlet.TestSecurityManager
to fail.

It turns out OpenJDK doesn't bother to check the policy if the domain already
has AllPermission (as it obviously already has permission regardless of what
the policy says).  This adds a Mauve test to check for this behaviour.  I'm
also committing a patch to Classpath to implement this behaviour.

2010-12-24  Andrew John Hughes  <ahughes@redhat.com>

	* gnu/testlet/java/security/ProtectionDomain/Implies.java:
	Check if Policy.implies(Permission) is called if the
	protection domain is already known to have AllPermission.

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 2821 bytes --]

Index: gnu/testlet/java/security/ProtectionDomain/Implies.java
===================================================================
RCS file: gnu/testlet/java/security/ProtectionDomain/Implies.java
diff -N gnu/testlet/java/security/ProtectionDomain/Implies.java
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ gnu/testlet/java/security/ProtectionDomain/Implies.java	25 Dec 2010 01:08:41 -0000
@@ -0,0 +1,73 @@
+// Copyright (C) 2010 Red Hat, Inc.
+// Written by Andrew John Hughes <ahughes@redhat.com>
+
+// This file is part of Mauve.
+
+// Mauve is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2, or (at your option)
+// any later version.
+
+// Mauve is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Mauve; see the file COPYING.  If not, write to
+// the Free Software Foundation, 59 Temple Place - Suite 330,
+// Boston, MA 02111-1307, USA.
+
+// Tags: JDK1.4
+
+package gnu.testlet.java.security.ProtectionDomain;
+
+import gnu.testlet.Testlet;
+import gnu.testlet.TestHarness;
+
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.security.SecurityPermission;
+
+/**
+ * Tests whether Policy.implies(Permission) is called
+ * when the domain has AllPermission as one of its permissions.
+ */
+public class Implies implements Testlet
+{
+
+  private boolean called = false;
+
+  public void test(TestHarness harness)
+  {
+    Policy.setPolicy(new Policy()
+      {
+        public boolean implies(ProtectionDomain domain,
+                               Permission perm)
+        {
+          if (perm.getName().equals("TestPermission"))
+            called = true;
+          return true;
+        }
+        public void refresh() {}
+        public PermissionCollection getPermissions(CodeSource codesource)
+        {
+          return null;
+        }
+      });
+
+    System.setSecurityManager(new SecurityManager());
+    PermissionCollection coll = new Permissions();
+    coll.add(new AllPermission());
+    ProtectionDomain pd = new ProtectionDomain(null, coll,
+                                               Implies.class.getClassLoader(), null);
+    pd.implies(new SecurityPermission("TestPermission"));
+    harness.check(!called, "Policy was not checked due to AllPermission");
+  }
+
+}

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2010-12-25  1:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-12-25  1:15 FYI: Test if Policy.implies(Permission) is called for domains with AllPermission Dr Andrew John Hughes

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).