* FYI: TestSecurityManager fixlets
@ 2009-07-24 10:13 Mario Torre
0 siblings, 0 replies; only message in thread
From: Mario Torre @ 2009-07-24 10:13 UTC (permalink / raw)
To: mauve-patches
[-- Attachment #1: Type: text/plain, Size: 871 bytes --]
TestSecurityManager has to delegate some functionality to the Policy to
make sure privileged system code works.
2009-07-09 Mario Torre <neugens@aicas.com>
* gnu/testlet/TestSecurityManager:
TestSecurityManager has to delegate some functionality to the
Policy to make sure privileged system code works.
Cheers,
Mario
--
Mario Torre, Software Developer, http://www.jroller.com/neugens/
aicas Allerton Interworks Computer Automated Systems GmbH
Haid-und-Neu-Straße 18 * D-76131 Karlsruhe * Germany
http://www.aicas.com * Tel: +49-721-663 968-44
pgp key: http://subkeys.pgp.net/ PGP Key ID: 80F240CF
Fingerprint: BA39 9666 94EC 8B73 27FA FC7C 4086 63E3 80F2 40CF
USt-Id: DE216375633, Handelsregister HRB 109481, AG Mannheim
Geschäftsführer: Dr. James J. Hunt
Please, support open standards:
http://endsoftpatents.org/
[-- Attachment #2: 2009-07-24-security-manager.patch --]
[-- Type: text/x-patch, Size: 6459 bytes --]
# This patch file was generated by NetBeans IDE
# This patch can be applied using context Tools: Apply Diff Patch action on respective folder.
# It uses platform neutral UTF-8 encoding.
# Above lines and this line are ignored by the patching process.
Index: mauve/gnu/testlet/TestSecurityManager.java
--- mauve/gnu/testlet/TestSecurityManager.java Base (1.4)
+++ mauve/gnu/testlet/TestSecurityManager.java Locally Modified (Based On 1.4)
@@ -22,7 +22,12 @@
package gnu.testlet;
+import java.security.CodeSource;
import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
/**
* A security manager for testing that security checks are performed.
@@ -54,6 +59,11 @@
private SecurityManager oldManager;
/**
+ * The policy in force before we were installed
+ */
+ private Policy oldPolicy;
+
+ /**
* Permissions that must be checked for this test to pass.
*/
private Permission[] mustCheck;
@@ -134,6 +144,97 @@
oldManager = oldsm;
enabled = false;
+
+ oldPolicy = Policy.getPolicy();
+ Policy.setPolicy(new Policy()
+ {
+ public PermissionCollection getPermissions(CodeSource codesource)
+ {
+ return null;
+ }
+ /**
+ * Check that this permission is one that we should be checking.
+ * This code used to be in TestSecurityManager.checkPermission,
+ * but doing the same here allows us to easily skip doPrivileged
+ * actions like reading some properties in system code.
+ *
+ * @param perm the permission to be checked
+ * @throws SuccessException if all <code>mustCheck</code>
+ * permissions have been checked and <code>isHalting</code>
+ * is true.
+ * @return returns false if and only if none of the <code>mustCheck</code>
+ * or <code>mayCheck</code> permissions matches
+ * <code>perm</code>. else true
+ */
+ public boolean implies(ProtectionDomain domain,
+ Permission perm)
+ {
+ if (!enabled)
+ return true;
+
+ if (harness != null)
+ harness.debug("checkPermission(" + perm + ")");
+
+ boolean matched = false;
+
+ if (!matched) {
+ for (int i = 0; i < mustCheck.length; i++) {
+ if (permissionsMatch(mustCheck[i], perm)) {
+ checked[i] = true;
+ matched = true;
+ }
+ }
+ }
+
+ if (!matched) {
+ for (int i = 0; i < mayCheck.length; i++) {
+ if (permissionsMatch(mayCheck[i], perm)) {
+ matched = true;
+ }
+ }
+ }
+
+ if (!matched) {
+ enabled = false;
+
+ harness.debug("unexpected check: " + perm);
+
+ if (mustCheck.length != 0) {
+ StringBuffer expected = new StringBuffer();
+ for (int i = 0; i < mustCheck.length; i++)
+ expected.append(' ').append(mustCheck[i]);
+ harness.debug("expected: mustCheck:" + expected.toString());
+ }
+
+ if (mayCheck.length != 0) {
+ StringBuffer expected = new StringBuffer();
+ for (int i = 0; i < mayCheck.length; i++)
+ expected.append(' ').append(mayCheck[i]);
+ harness.debug("expected: mayCheck:" + expected.toString());
+ }
+
+ return false;
+ }
+
+ if (isHalting) {
+ boolean allChecked = true;
+ for (int i = 0; i < checked.length; i++) {
+ if (!checked[i])
+ allChecked = false;
+ }
+ if (allChecked) {
+ enabled = false;
+ throw successException;
+ }
+ }
+ return true;
+ }
+ public void refresh()
+ {
+ return;
+ }
+ });
+
System.setSecurityManager(this);
}
@@ -149,6 +250,7 @@
enabled = false;
System.setSecurityManager(oldManager);
+ Policy.setPolicy(oldPolicy);
}
/**
@@ -264,73 +366,6 @@
}
/**
- * Check that this permission is one that we should be checking.
- *
- * @param perm the permission to be checked
- * @throws SuccessException if all <code>mustCheck</code>
- * permissions have been checked and <code>isHalting</code>
- * is true.
- * @throws SecurityException if none of the <code>mustCheck</code>
- * or <code>mayCheck</code> permissions matches
- * <code>perm</code>.
- */
- public void checkPermission(Permission perm) throws SecurityException
- {
- if (!enabled)
- return;
-
- if (harness != null)
- harness.debug("checkPermission(" + perm + ")");
-
- boolean matched = false;
- for (int i = 0; i < mustCheck.length; i++) {
- if (permissionsMatch(mustCheck[i], perm))
- matched = checked[i] = true;
- }
-
- if (!matched) {
- for (int i = 0; i < mayCheck.length; i++) {
- if (permissionsMatch(mayCheck[i], perm))
- matched = true;
- }
- }
-
- if (!matched) {
- enabled = false;
-
- harness.debug("unexpected check: " + perm);
-
- if (mustCheck.length != 0) {
- StringBuffer expected = new StringBuffer();
- for (int i = 0; i < mustCheck.length; i++)
- expected.append(' ').append(mustCheck[i]);
- harness.debug("expected: mustCheck:" + expected.toString());
- }
-
- if (mayCheck.length != 0) {
- StringBuffer expected = new StringBuffer();
- for (int i = 0; i < mayCheck.length; i++)
- expected.append(' ').append(mayCheck[i]);
- harness.debug("expected: mayCheck:" + expected.toString());
- }
-
- throw new SecurityException("unexpected check: " + perm);
- }
-
- if (isHalting) {
- boolean allChecked = true;
- for (int i = 0; i < checked.length; i++) {
- if (!checked[i])
- allChecked = false;
- }
- if (allChecked) {
- enabled = false;
- throw successException;
- }
- }
- }
-
- /**
* Check that all <code>mustCheck</code> permissions were checked,
* calling <code>TestHarness.check()</code> with the result.
*/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-07-24 10:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-07-24 10:13 FYI: TestSecurityManager fixlets Mario Torre
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).