From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26207 invoked by alias); 24 Jul 2009 10:13:32 -0000 Received: (qmail 26195 invoked by uid 22791); 24 Jul 2009 10:13:31 -0000 X-SWARE-Spam-Status: No, hits=-0.4 required=5.0 tests=AWL,BAYES_50,J_CHICKENPOX_21,SPF_HELO_PASS X-Spam-Check-By: sourceware.org Received: from moutng.kundenserver.de (HELO moutng.kundenserver.de) (212.227.17.10) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 24 Jul 2009 10:13:21 +0000 Received: from mail.aicas.de ([195.71.148.10]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MKt72-1MUHmA0EDD-000A6P; Fri, 24 Jul 2009 12:13:18 +0200 Received: from mail.aicas.burg (caribic.aicas.burg [192.168.1.3]) by mail.aicas.de (Postfix) with ESMTP id C4ACA6AB165 for ; Fri, 24 Jul 2009 12:13:17 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.aicas.burg (Postfix) with ESMTP id CD15856192A for ; Fri, 24 Jul 2009 12:13:06 +0200 (CEST) Received: from mail.aicas.burg ([127.0.0.1]) by localhost (www.aicas.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18833-04 for ; Fri, 24 Jul 2009 12:13:00 +0200 (CEST) Received: from [192.168.1.164] (unknown [192.168.1.164]) by mail.aicas.burg (Postfix) with ESMTP id C8BED561732 for ; Fri, 24 Jul 2009 12:13:00 +0200 (CEST) Message-ID: <4A698937.4010602@aicas.com> Date: Fri, 24 Jul 2009 10:13:00 -0000 From: Mario Torre User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090703 Fedora/3.0-2.3.beta2.fc11 Thunderbird/3.0b2 MIME-Version: 1.0 To: mauve-patches@sources.redhat.com Subject: FYI: TestSecurityManager fixlets Content-Type: multipart/mixed; boundary="------------080804080405030509090408" Mailing-List: contact mauve-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: mauve-patches-owner@sourceware.org X-SW-Source: 2009/txt/msg00016.txt.bz2 This is a multi-part message in MIME format. --------------080804080405030509090408 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: quoted-printable Content-length: 856 TestSecurityManager has to delegate some functionality to the Policy to=20 make sure privileged system code works. 2009-07-09 Mario Torre * gnu/testlet/TestSecurityManager: TestSecurityManager has to delegate some functionality to the Policy to make sure privileged system code works. Cheers, Mario --=20 Mario Torre, Software Developer, http://www.jroller.com/neugens/ aicas Allerton Interworks Computer Automated Systems GmbH Haid-und-Neu-Stra=DFe 18 * D-76131 Karlsruhe * Germany http://www.aicas.com * Tel: +49-721-663 968-44 pgp key: http://subkeys.pgp.net/ PGP Key ID: 80F240CF Fingerprint: BA39 9666 94EC 8B73 27FA FC7C 4086 63E3 80F2 40CF USt-Id: DE216375633, Handelsregister HRB 109481, AG Mannheim Gesch=E4ftsf=FChrer: Dr. James J. Hunt Please, support open standards: http://endsoftpatents.org/ --------------080804080405030509090408 Content-Type: text/x-patch; name="2009-07-24-security-manager.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="2009-07-24-security-manager.patch" Content-length: 6459 # This patch file was generated by NetBeans IDE # This patch can be applied using context Tools: Apply Diff Patch action on respective folder. # It uses platform neutral UTF-8 encoding. # Above lines and this line are ignored by the patching process. Index: mauve/gnu/testlet/TestSecurityManager.java --- mauve/gnu/testlet/TestSecurityManager.java Base (1.4) +++ mauve/gnu/testlet/TestSecurityManager.java Locally Modified (Based On 1.4) @@ -22,7 +22,12 @@ package gnu.testlet; +import java.security.CodeSource; import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Policy; +import java.security.ProtectionDomain; +import java.util.PropertyPermission; /** * A security manager for testing that security checks are performed. @@ -54,6 +59,11 @@ private SecurityManager oldManager; /** + * The policy in force before we were installed + */ + private Policy oldPolicy; + + /** * Permissions that must be checked for this test to pass. */ private Permission[] mustCheck; @@ -134,6 +144,97 @@ oldManager = oldsm; enabled = false; + + oldPolicy = Policy.getPolicy(); + Policy.setPolicy(new Policy() + { + public PermissionCollection getPermissions(CodeSource codesource) + { + return null; + } + /** + * Check that this permission is one that we should be checking. + * This code used to be in TestSecurityManager.checkPermission, + * but doing the same here allows us to easily skip doPrivileged + * actions like reading some properties in system code. + * + * @param perm the permission to be checked + * @throws SuccessException if all mustCheck + * permissions have been checked and isHalting + * is true. + * @return returns false if and only if none of the mustCheck + * or mayCheck permissions matches + * perm. else true + */ + public boolean implies(ProtectionDomain domain, + Permission perm) + { + if (!enabled) + return true; + + if (harness != null) + harness.debug("checkPermission(" + perm + ")"); + + boolean matched = false; + + if (!matched) { + for (int i = 0; i < mustCheck.length; i++) { + if (permissionsMatch(mustCheck[i], perm)) { + checked[i] = true; + matched = true; + } + } + } + + if (!matched) { + for (int i = 0; i < mayCheck.length; i++) { + if (permissionsMatch(mayCheck[i], perm)) { + matched = true; + } + } + } + + if (!matched) { + enabled = false; + + harness.debug("unexpected check: " + perm); + + if (mustCheck.length != 0) { + StringBuffer expected = new StringBuffer(); + for (int i = 0; i < mustCheck.length; i++) + expected.append(' ').append(mustCheck[i]); + harness.debug("expected: mustCheck:" + expected.toString()); + } + + if (mayCheck.length != 0) { + StringBuffer expected = new StringBuffer(); + for (int i = 0; i < mayCheck.length; i++) + expected.append(' ').append(mayCheck[i]); + harness.debug("expected: mayCheck:" + expected.toString()); + } + + return false; + } + + if (isHalting) { + boolean allChecked = true; + for (int i = 0; i < checked.length; i++) { + if (!checked[i]) + allChecked = false; + } + if (allChecked) { + enabled = false; + throw successException; + } + } + return true; + } + public void refresh() + { + return; + } + }); + System.setSecurityManager(this); } @@ -149,6 +250,7 @@ enabled = false; System.setSecurityManager(oldManager); + Policy.setPolicy(oldPolicy); } /** @@ -264,73 +366,6 @@ } /** - * Check that this permission is one that we should be checking. - * - * @param perm the permission to be checked - * @throws SuccessException if all mustCheck - * permissions have been checked and isHalting - * is true. - * @throws SecurityException if none of the mustCheck - * or mayCheck permissions matches - * perm. - */ - public void checkPermission(Permission perm) throws SecurityException - { - if (!enabled) - return; - - if (harness != null) - harness.debug("checkPermission(" + perm + ")"); - - boolean matched = false; - for (int i = 0; i < mustCheck.length; i++) { - if (permissionsMatch(mustCheck[i], perm)) - matched = checked[i] = true; - } - - if (!matched) { - for (int i = 0; i < mayCheck.length; i++) { - if (permissionsMatch(mayCheck[i], perm)) - matched = true; - } - } - - if (!matched) { - enabled = false; - - harness.debug("unexpected check: " + perm); - - if (mustCheck.length != 0) { - StringBuffer expected = new StringBuffer(); - for (int i = 0; i < mustCheck.length; i++) - expected.append(' ').append(mustCheck[i]); - harness.debug("expected: mustCheck:" + expected.toString()); - } - - if (mayCheck.length != 0) { - StringBuffer expected = new StringBuffer(); - for (int i = 0; i < mayCheck.length; i++) - expected.append(' ').append(mayCheck[i]); - harness.debug("expected: mayCheck:" + expected.toString()); - } - - throw new SecurityException("unexpected check: " + perm); - } - - if (isHalting) { - boolean allChecked = true; - for (int i = 0; i < checked.length; i++) { - if (!checked[i]) - allChecked = false; - } - if (allChecked) { - enabled = false; - throw successException; - } - } - } - - /** * Check that all mustCheck permissions were checked, * calling TestHarness.check() with the result. */ --------------080804080405030509090408--