1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
# HG changeset patch
# User coffeys
# Date 1373625375 -3600
# Fri Jul 12 11:36:15 2013 +0100
# Node ID 3b6f55f02122398ba662fb581352c9c9b102c2e3
# Parent f7a7c7d70e4968eb99e42f812c59900f545d7fa7
8019979: Replace CheckPackageAccess test with better one from closed repo
Reviewed-by: mullan, robilad
diff -r f7a7c7d70e49 -r 3b6f55f02122 test/java/lang/SecurityManager/CheckPackageAccess.java
--- jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Oct 25 22:18:57 2013 +0100
+++ jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Jul 12 11:36:15 2013 +0100
@@ -22,31 +22,128 @@
*/
/*
- * @test
- * @bug 7146431 8000450
- * @summary Test that internal packages cannot be accessed
+ * @test
+ * @bug 6741606 7146431 8000450
+ * @summary Make sure all restricted packages listed in the package.access
+ * property in the java.security file are blocked
+ * @run main/othervm CheckPackageAccess
*/
+import java.security.Security;
+import java.util.Collections;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+
+/*
+ * The main benefit of this test is to catch merge errors or other types
+ * of issues where one or more of the packages are accidentally
+ * removed. This is why the packages that are known to be restricted have to
+ * be explicitly listed below.
+ */
public class CheckPackageAccess {
+ /*
+ * This array should be updated whenever new packages are added to the
+ * package.access property in the java.security file
+ */
+ private static final String[] packages = {
+ "sun.",
+ "com.sun.corba.se.impl.",
+ "com.sun.xml.internal.",
+ "com.sun.imageio.",
+ "com.sun.istack.internal.",
+ "com.sun.jmx.",
+ "com.sun.proxy.",
+ "com.sun.org.apache.bcel.internal.",
+ "com.sun.org.apache.regexp.internal.",
+ "com.sun.org.apache.xerces.internal.",
+ "com.sun.org.apache.xpath.internal.",
+ "com.sun.org.apache.xalan.internal.extensions.",
+ "com.sun.org.apache.xalan.internal.lib.",
+ "com.sun.org.apache.xalan.internal.res.",
+ "com.sun.org.apache.xalan.internal.templates.",
+ "com.sun.org.apache.xalan.internal.utils.",
+ "com.sun.org.apache.xalan.internal.xslt.",
+ "com.sun.org.apache.xalan.internal.xsltc.cmdline.",
+ "com.sun.org.apache.xalan.internal.xsltc.compiler.",
+ "com.sun.org.apache.xalan.internal.xsltc.trax.",
+ "com.sun.org.apache.xalan.internal.xsltc.util.",
+ "com.sun.org.apache.xml.internal.res.",
+ "com.sun.org.apache.xml.internal.security.",
+ "com.sun.org.apache.xml.internal.serializer.utils.",
+ "com.sun.org.apache.xml.internal.utils.",
+ "com.sun.org.glassfish.",
+ "oracle.jrockit.jfr.",
+ "org.jcp.xml.dsig.internal.",
+ };
+
public static void main(String[] args) throws Exception {
+ List<String> pkgs = new ArrayList<>(Arrays.asList(packages));
+ String osName = System.getProperty("os.name");
+ if (osName.contains("OS X")) {
+ pkgs.add("apple."); // add apple package for OS X
+ } else if (osName.startsWith("Windows")) {
+ pkgs.add("com.sun.java.accessibility.");
+ }
- String[] pkgs = new String[] {
- "com.sun.corba.se.impl.",
- "com.sun.org.apache.xerces.internal.utils.",
- "com.sun.org.apache.xalan.internal.utils." };
- SecurityManager sm = new SecurityManager();
- System.setSecurityManager(sm);
- for (String pkg : pkgs) {
- System.out.println("Checking package access for " + pkg);
+ List<String> jspkgs =
+ getPackages(Security.getProperty("package.access"));
+
+ // Sort to ensure lists are comparable
+ Collections.sort(pkgs);
+ Collections.sort(jspkgs);
+
+ if (!pkgs.equals(jspkgs)) {
+ for (String p : pkgs)
+ if (!jspkgs.contains(p))
+ System.out.println("In golden set, but not in j.s file: " + p);
+ for (String p : jspkgs)
+ if (!pkgs.contains(p))
+ System.out.println("In j.s file, but not in golden set: " + p);
+
+
+ throw new RuntimeException("restricted packages are not " +
+ "consistent with java.security file");
+ }
+ System.setSecurityManager(new SecurityManager());
+ SecurityManager sm = System.getSecurityManager();
+ for (String pkg : packages) {
+ String subpkg = pkg + "foo";
try {
sm.checkPackageAccess(pkg);
- throw new Exception("Expected PackageAccess SecurityException not thrown");
+ throw new RuntimeException("Able to access " + pkg +
+ " package");
+ } catch (SecurityException se) { }
+ try {
+ sm.checkPackageAccess(subpkg);
+ throw new RuntimeException("Able to access " + subpkg +
+ " package");
} catch (SecurityException se) { }
try {
sm.checkPackageDefinition(pkg);
- throw new Exception("Expected PackageDefinition SecurityException not thrown");
+ throw new RuntimeException("Able to define class in " + pkg +
+ " package");
+ } catch (SecurityException se) { }
+ try {
+ sm.checkPackageDefinition(subpkg);
+ throw new RuntimeException("Able to define class in " + subpkg +
+ " package");
} catch (SecurityException se) { }
}
+ System.out.println("Test passed");
+ }
+
+ private static List<String> getPackages(String p) {
+ List<String> packages = new ArrayList<>();
+ if (p != null && !p.equals("")) {
+ StringTokenizer tok = new StringTokenizer(p, ",");
+ while (tok.hasMoreElements()) {
+ String s = tok.nextToken().trim();
+ packages.add(s);
+ }
+ }
+ return packages;
}
}
|
