Mercurial > hg > release > icedtea6-1.11

# HG changeset patch
# User coffeys
# Date 1373625375 -3600
#      Fri Jul 12 11:36:15 2013 +0100
# Node ID 3b6f55f02122398ba662fb581352c9c9b102c2e3
# Parent  f7a7c7d70e4968eb99e42f812c59900f545d7fa7
8019979: Replace CheckPackageAccess test with better one from closed repo
Reviewed-by: mullan, robilad

diff -r f7a7c7d70e49 -r 3b6f55f02122 test/java/lang/SecurityManager/CheckPackageAccess.java
--- openjdk/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java	Fri Oct 25 22:18:57 2013 +0100
+++ openjdk/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java	Fri Jul 12 11:36:15 2013 +0100
@@ -22,31 +22,128 @@
  */

 /*
- * @test
- * @bug 7146431 8000450
- * @summary Test that internal packages cannot be accessed
+ *  @test
+ *  @bug 6741606 7146431 8000450
+ *  @summary Make sure all restricted packages listed in the package.access
+ *           property in the java.security file are blocked
+ *  @run main/othervm CheckPackageAccess
  */

+import java.security.Security;
+import java.util.Collections;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+
+/*
+ * The main benefit of this test is to catch merge errors or other types
+ * of issues where one or more of the packages are accidentally
+ * removed. This is why the packages that are known to be restricted have to
+ * be explicitly listed below.
+ */
 public class CheckPackageAccess {

+    /*
+     * This array should be updated whenever new packages are added to the
+     * package.access property in the java.security file
+     */
+    private static final String[] packages = {
+        "sun.",
+        "com.sun.corba.se.impl.",
+        "com.sun.xml.internal.",
+        "com.sun.imageio.",
+        "com.sun.istack.internal.",
+        "com.sun.jmx.",
+        "com.sun.proxy.",
+        "com.sun.org.apache.bcel.internal.",
+        "com.sun.org.apache.regexp.internal.",
+        "com.sun.org.apache.xerces.internal.",
+        "com.sun.org.apache.xpath.internal.",
+        "com.sun.org.apache.xalan.internal.extensions.",
+        "com.sun.org.apache.xalan.internal.lib.",
+        "com.sun.org.apache.xalan.internal.res.",
+        "com.sun.org.apache.xalan.internal.templates.",
+        "com.sun.org.apache.xalan.internal.utils.",
+        "com.sun.org.apache.xalan.internal.xslt.",
+        "com.sun.org.apache.xalan.internal.xsltc.cmdline.",
+        "com.sun.org.apache.xalan.internal.xsltc.compiler.",
+        "com.sun.org.apache.xalan.internal.xsltc.trax.",
+        "com.sun.org.apache.xalan.internal.xsltc.util.",
+        "com.sun.org.apache.xml.internal.res.",
+        "com.sun.org.apache.xml.internal.security.",
+        "com.sun.org.apache.xml.internal.serializer.utils.",
+        "com.sun.org.apache.xml.internal.utils.",
+        "com.sun.org.glassfish.",
+        "oracle.jrockit.jfr.",
+        "org.jcp.xml.dsig.internal.",
+    };
+
     public static void main(String[] args) throws Exception {
+        List<String> pkgs = new ArrayList<>(Arrays.asList(packages));
+        String osName = System.getProperty("os.name");
+        if (osName.contains("OS X")) {
+            pkgs.add("apple.");  // add apple package for OS X
+        } else if (osName.startsWith("Windows")) {
+            pkgs.add("com.sun.java.accessibility.");
+        }

-        String[] pkgs = new String[] {
-            "com.sun.corba.se.impl.",
-            "com.sun.org.apache.xerces.internal.utils.",
-            "com.sun.org.apache.xalan.internal.utils." };
-        SecurityManager sm = new SecurityManager();
-        System.setSecurityManager(sm);
-        for (String pkg : pkgs) {
-            System.out.println("Checking package access for " + pkg);
+        List<String> jspkgs =
+            getPackages(Security.getProperty("package.access"));
+
+        // Sort to ensure lists are comparable
+        Collections.sort(pkgs);
+        Collections.sort(jspkgs);
+
+        if (!pkgs.equals(jspkgs)) {
+            for (String p : pkgs)
+                if (!jspkgs.contains(p))
+                    System.out.println("In golden set, but not in j.s file: " + p);
+            for (String p : jspkgs)
+                if (!pkgs.contains(p))
+                    System.out.println("In j.s file, but not in golden set: " + p);
+
+
+            throw new RuntimeException("restricted packages are not " +
+                                       "consistent with java.security file");
+        }
+        System.setSecurityManager(new SecurityManager());
+        SecurityManager sm = System.getSecurityManager();
+        for (String pkg : packages) {
+            String subpkg = pkg + "foo";
             try {
                 sm.checkPackageAccess(pkg);
-                throw new Exception("Expected PackageAccess SecurityException not thrown");
+                throw new RuntimeException("Able to access " + pkg +
+                                           " package");
+            } catch (SecurityException se) { }
+            try {
+                sm.checkPackageAccess(subpkg);
+                throw new RuntimeException("Able to access " + subpkg +
+                                           " package");
             } catch (SecurityException se) { }
             try {
                 sm.checkPackageDefinition(pkg);
-                throw new Exception("Expected PackageDefinition SecurityException not thrown");
+                throw new RuntimeException("Able to define class in " + pkg +
+                                           " package");
+            } catch (SecurityException se) { }
+            try {
+                sm.checkPackageDefinition(subpkg);
+                throw new RuntimeException("Able to define class in " + subpkg +
+                                           " package");
             } catch (SecurityException se) { }
         }
+        System.out.println("Test passed");
+    }
+
+    private static List<String> getPackages(String p) {
+        List<String> packages = new ArrayList<>();
+        if (p != null && !p.equals("")) {
+            StringTokenizer tok = new StringTokenizer(p, ",");
+            while (tok.hasMoreElements()) {
+                String s = tok.nextToken().trim();
+                packages.add(s);
+            }
+        }
+        return packages;
     }
 }
author	Andrew John Hughes <gnu.andrew@redhat.com>
date	Thu, 31 Oct 2013 00:22:07 +0000
parents
children