Mercurial > hg > openjdk > jigsaw > jdk
changeset 7058:13013dedcdfd
8008793: SecurityManager.checkXXX behavior not specified for methods that check AWTPermission and AWT not present
Reviewed-by: hawtin, mullan, dsamersoff, mchung
author | alanb |
---|---|
date | Wed, 27 Feb 2013 14:24:45 +0000 |
parents | f5416026cdf5 |
children | 1b3173c326e6 |
files | src/share/classes/java/lang/SecurityManager.java src/share/classes/sun/security/util/SecurityConstants.java test/java/lang/SecurityManager/NoAWT.java |
diffstat | 3 files changed, 71 insertions(+), 53 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/lang/SecurityManager.java Wed Feb 27 17:22:44 2013 +0530 +++ b/src/share/classes/java/lang/SecurityManager.java Wed Feb 27 14:24:45 2013 +0000 @@ -1320,6 +1320,9 @@ * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission, * and returns <code>true</code> if a SecurityException is not thrown, * otherwise it returns <code>false</code>. + * In the case of subset Profiles of Java SE that do not include the + * {@code java.awt} package, {@code checkPermission} is instead called + * to check the permission {@code java.security.AllPermission}. * <p> * If you override this method, then you should make a call to * <code>super.checkTopLevelWindow</code> @@ -1340,8 +1343,12 @@ if (window == null) { throw new NullPointerException("window can't be null"); } + Permission perm = SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION; + if (perm == null) { + perm = SecurityConstants.ALL_PERMISSION; + } try { - checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION); + checkPermission(perm); return true; } catch (SecurityException se) { // just return false @@ -1379,6 +1386,9 @@ * This method calls <code>checkPermission</code> with the * <code>AWTPermission("accessClipboard")</code> * permission. + * In the case of subset Profiles of Java SE that do not include the + * {@code java.awt} package, {@code checkPermission} is instead called + * to check the permission {@code java.security.AllPermission}. * <p> * If you override this method, then you should make a call to * <code>super.checkSystemClipboardAccess</code> @@ -1391,7 +1401,11 @@ * @see #checkPermission(java.security.Permission) checkPermission */ public void checkSystemClipboardAccess() { - checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); + Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION; + if (perm == null) { + perm = SecurityConstants.ALL_PERMISSION; + } + checkPermission(perm); } /** @@ -1400,6 +1414,10 @@ * <p> * This method calls <code>checkPermission</code> with the * <code>AWTPermission("accessEventQueue")</code> permission. + * In the case of subset Profiles of Java SE that do not include the + * {@code java.awt} package, {@code checkPermission} is instead called + * to check the permission {@code java.security.AllPermission}. + * * <p> * If you override this method, then you should make a call to * <code>super.checkAwtEventQueueAccess</code> @@ -1412,7 +1430,11 @@ * @see #checkPermission(java.security.Permission) checkPermission */ public void checkAwtEventQueueAccess() { - checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION); + Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION; + if (perm == null) { + perm = SecurityConstants.ALL_PERMISSION; + } + checkPermission(perm); } /*
--- a/src/share/classes/sun/security/util/SecurityConstants.java Wed Feb 27 17:22:44 2013 +0530 +++ b/src/share/classes/sun/security/util/SecurityConstants.java Wed Feb 27 14:24:45 2013 +0000 @@ -71,31 +71,6 @@ public static final AllPermission ALL_PERMISSION = new AllPermission(); /** - * Permission type used when AWT is not present. - */ - private static class FakeAWTPermission extends BasicPermission { - private static final long serialVersionUID = -1L; - public FakeAWTPermission(String name) { - super(name); - } - public String toString() { - return "(\"java.awt.AWTPermission\" \"" + getName() + "\")"; - } - } - - /** - * Permission factory used when AWT is not present. - */ - private static class FakeAWTPermissionFactory - implements PermissionFactory<FakeAWTPermission> - { - @Override - public FakeAWTPermission newPermission(String name) { - return new FakeAWTPermission(name); - } - } - - /** * AWT Permissions used in the JDK. */ public static class AWT { @@ -107,37 +82,29 @@ private static final String AWTFactory = "sun.awt.AWTPermissionFactory"; /** - * The PermissionFactory to create AWT permissions (or fake permissions - * if AWT is not present). + * The PermissionFactory to create AWT permissions (or null if AWT is + * not present) */ private static final PermissionFactory<?> factory = permissionFactory(); private static PermissionFactory<?> permissionFactory() { - Class<?> c = AccessController - .doPrivileged(new PrivilegedAction<Class<?>>() { - public Class<?> run() { - try { - return Class.forName(AWTFactory, true, null); - } catch (ClassNotFoundException e) { - // not available - return null; - } - }}); - if (c != null) { - // AWT present - try { - return (PermissionFactory<?>)c.newInstance(); - } catch (ReflectiveOperationException x) { - throw new InternalError(x.getMessage(), x); - } - } else { - // AWT not present - return new FakeAWTPermissionFactory(); + Class<?> c; + try { + c = Class.forName(AWTFactory, false, AWT.class.getClassLoader()); + } catch (ClassNotFoundException e) { + // not available + return null; + } + // AWT present + try { + return (PermissionFactory<?>)c.newInstance(); + } catch (ReflectiveOperationException x) { + throw new InternalError(x); } } private static Permission newAWTPermission(String name) { - return factory.newPermission(name); + return (factory == null) ? null : factory.newPermission(name); } // java.lang.SecurityManager
--- a/test/java/lang/SecurityManager/NoAWT.java Wed Feb 27 17:22:44 2013 +0530 +++ b/test/java/lang/SecurityManager/NoAWT.java Wed Feb 27 14:24:45 2013 +0000 @@ -22,14 +22,43 @@ */ /* @test - * @bug 8004502 + * @bug 8004502 8008793 * @summary Sanity check that SecurityManager methods that check AWTPermission * behave as expected when AWT is not present */ +import java.security.AllPermission; +import java.security.Permission; + public class NoAWT { + + static class MySecurityManager extends SecurityManager { + Class<?> expectedClass; + + void setExpectedPermissionClass(Class<?> c) { + expectedClass = c; + } + + @Override + public void checkPermission(Permission perm) { + if (perm.getClass() != expectedClass) + throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass); + super.checkPermission(perm); + } + } + public static void main(String[] args) { - SecurityManager sm = new SecurityManager(); + Class<?> awtPermissionClass = null; + try { + awtPermissionClass = Class.forName("java.awt.AWTPermission"); + } catch (ClassNotFoundException ignore) { } + + MySecurityManager sm = new MySecurityManager(); + if (awtPermissionClass != null) { + sm.setExpectedPermissionClass(awtPermissionClass); + } else { + sm.setExpectedPermissionClass(AllPermission.class); + } try { sm.checkAwtEventQueueAccess();