Mercurial > hg > release > icedtea6-1.12
view patches/openjdk/8019979-better_access_test.patch @ 3029:dfef77966f7c
Add 2013/10/15 security fixes.
2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(SECURITY_PATCHES): Add security update.
* NEWS: Updated.
* patches/jtreg-LastErrorString.patch,
* patches/use-idx_t.patch,
* patches/openjdk/7162902-corba_fixes.patch,
* patches/openjdk/7196533-timezone_bottleneck.patch,
* patches/openjdk/8010727-empty_logger_name.patch,
* patches/openjdk/8010939-logmanager_deadlock.patch,
* patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
* patches/openjdk/8014718-remove_logging_suntoolkit.patch:
Regenerated.
* patches/nss-config.patch: Fix path to java.security.
* patches/openjdk/4075303-javap_update.patch,
* patches/openjdk/4111861-static_fields.patch,
* patches/openjdk/4501661-disallow_mixing.patch,
* patches/openjdk/4884240-javap_additional_option.patch,
* patches/openjdk/6708729-javap_makefile_update.patch,
* patches/openjdk/6715767-javap_crash.patch,
* patches/openjdk/6819246-javap_instruction_decoding.patch,
* patches/openjdk/6824493-experimental.patch,
* patches/openjdk/6841419-classfile_iterator.patch,
* patches/openjdk/6841420-classfile_methods.patch,
* patches/openjdk/6843013-missing_experimental.patch,
* patches/openjdk/6852856-javap_subclasses.patch,
* patches/openjdk/6867671-javap_whitespace.patch,
* patches/openjdk/6868539-constant_pool_tags.patch,
* patches/openjdk/6902264-fix_indentation.patch,
* patches/openjdk/6954275-big_xml_signatures.patch,
* patches/openjdk/7146431-java.security_files.patch,
* patches/openjdk/8000450-restrict_access.patch,
* patches/openjdk/8002070-remove_logger_stack_search.patch,
* patches/openjdk/8003992-embedded_nulls.patch,
* patches/openjdk/8004188-rename_java.security.patch,
* patches/openjdk/8006882-jmockit.patch,
* patches/openjdk/8006900-new_date_time.patch,
* patches/openjdk/8008589-better_mbean_permission_validation.patch,
* patches/openjdk/8010118-caller_sensitive.patch,
* patches/openjdk/8011071-better_crypto_provider_handling.patch,
* patches/openjdk/8011081-improve_jhat.patch,
* patches/openjdk/8011139-revise_checking_getenclosingclass.patch,
* patches/openjdk/8011157-improve_corba_portability-jdk.patch,
* patches/openjdk/8011157-improve_corba_portability.patch,
* patches/openjdk/8011990-logger_test_urls.patch,
* patches/openjdk/8012071-better_bean_building.patch,
* patches/openjdk/8012147-improve_tool.patch,
* patches/openjdk/8012243-serial_regression.patch,
* patches/openjdk/8012277-improve_dataflavour.patch,
* patches/openjdk/8012425-transform_transformfactory.patch,
* patches/openjdk/8012453-runtime.exec.patch,
* patches/openjdk/8013380-logger_stack_walk_glassfish.patch,
* patches/openjdk/8013503-improve_stream_factories.patch,
* patches/openjdk/8013506-better_pack200.patch,
* patches/openjdk/8013510-augment_image_writing.patch,
* patches/openjdk/8013514-improve_cmap_stability.patch,
* patches/openjdk/8013739-better_ldap_resource_management.patch,
* patches/openjdk/8013744-better_tabling.patch,
* patches/openjdk/8013827-createtempfile_hang.patch,
* patches/openjdk/8014085-better_serialization.patch,
* patches/openjdk/8014093-improve_image_parsing.patch,
* patches/openjdk/8014102-improve_image_conversion.patch,
* patches/openjdk/8014341-better_kerberos_service.patch,
* patches/openjdk/8014349-getdeclaredclass_fix.patch,
* patches/openjdk/8014530-better_dsp.patch,
* patches/openjdk/8014534-better_profiling.patch,
* patches/openjdk/8014745-logger_stack_walk_switch.patch,
* patches/openjdk/8014987-augment_serialization.patch,
* patches/openjdk/8015144-performance_regression.patch,
* patches/openjdk/8015614-update_build.patch,
* patches/openjdk/8015731-auth_improvements.patch,
* patches/openjdk/8015743-address_internet_addresses.patch,
* patches/openjdk/8015965-typo_in_property_name.patch,
* patches/openjdk/8015978-incorrect_transformation.patch,
* patches/openjdk/8016256-finalization_final.patch,
* patches/openjdk/8016357-update_hs_diagnostic_class.patch,
* patches/openjdk/8016653-ignoreable_characters.patch,
* patches/openjdk/8016675-robust_javadoc.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch,
* patches/openjdk/8017287-better_resource_disposal.patch,
* patches/openjdk/8017291-cast_proxies_aside.patch,
* patches/openjdk/8017298-better_xml_support.patch,
* patches/openjdk/8017300-improve_interface_implementation.patch,
* patches/openjdk/8017505-better_client_service.patch,
* patches/openjdk/8017566-backout_part_of_8000450.patch,
* patches/openjdk/8019292-better_attribute_value_exceptions.patch,
* patches/openjdk/8019584-invalid_notification_fix.patch,
* patches/openjdk/8019617-better_view_of_objects.patch,
* patches/openjdk/8019969-inet6_test_case_fix.patch,
* patches/openjdk/8019979-better_access_test.patch,
* patches/openjdk/8020293-jvm_crash.patch,
* patches/openjdk/8021290-signature_validation.patch,
* patches/openjdk/8021355-splashscreen_regression.patch,
* patches/openjdk/8021366-jaxp_test_fix-01.patch,
* patches/openjdk/8021577-bean_serialization_fix.patch,
* patches/openjdk/8021933-jaxp_test_fix-02.patch,
* patches/openjdk/8021969-jnlp_load_failure.patch,
* patches/openjdk/8022661-writeobject_flush.patch,
* patches/openjdk/8022682-supporting_xom.patch,
* patches/openjdk/8022940-enhance_corba_translations.patch,
* patches/openjdk/8023683-enhance_class_file_parsing.patch,
* patches/openjdk/8023964-ignore_test.patch,
* patches/openjdk/8024914-swapped_usage.patch,
* patches/openjdk/8025128-createtempfile_absolute_prefix.patch,
* patches/openjdk/oj6-19-fix_8010118_test_cases.patch,
* patches/openjdk/oj6-20-merge.patch,
* patches/openjdk/oj6-21-overrides.patch: Added.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 20 Nov 2013 22:56:43 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User coffeys # Date 1373625375 -3600 # Fri Jul 12 11:36:15 2013 +0100 # Node ID 3b6f55f02122398ba662fb581352c9c9b102c2e3 # Parent f7a7c7d70e4968eb99e42f812c59900f545d7fa7 8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan, robilad diff -r f7a7c7d70e49 -r 3b6f55f02122 test/java/lang/SecurityManager/CheckPackageAccess.java --- openjdk/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Oct 25 22:18:57 2013 +0100 +++ openjdk/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Jul 12 11:36:15 2013 +0100 @@ -22,31 +22,128 @@ */ /* - * @test - * @bug 7146431 8000450 - * @summary Test that internal packages cannot be accessed + * @test + * @bug 6741606 7146431 8000450 + * @summary Make sure all restricted packages listed in the package.access + * property in the java.security file are blocked + * @run main/othervm CheckPackageAccess */ +import java.security.Security; +import java.util.Collections; +import java.util.Arrays; +import java.util.ArrayList; +import java.util.List; +import java.util.StringTokenizer; + +/* + * The main benefit of this test is to catch merge errors or other types + * of issues where one or more of the packages are accidentally + * removed. This is why the packages that are known to be restricted have to + * be explicitly listed below. + */ public class CheckPackageAccess { + /* + * This array should be updated whenever new packages are added to the + * package.access property in the java.security file + */ + private static final String[] packages = { + "sun.", + "com.sun.corba.se.impl.", + "com.sun.xml.internal.", + "com.sun.imageio.", + "com.sun.istack.internal.", + "com.sun.jmx.", + "com.sun.proxy.", + "com.sun.org.apache.bcel.internal.", + "com.sun.org.apache.regexp.internal.", + "com.sun.org.apache.xerces.internal.", + "com.sun.org.apache.xpath.internal.", + "com.sun.org.apache.xalan.internal.extensions.", + "com.sun.org.apache.xalan.internal.lib.", + "com.sun.org.apache.xalan.internal.res.", + "com.sun.org.apache.xalan.internal.templates.", + "com.sun.org.apache.xalan.internal.utils.", + "com.sun.org.apache.xalan.internal.xslt.", + "com.sun.org.apache.xalan.internal.xsltc.cmdline.", + "com.sun.org.apache.xalan.internal.xsltc.compiler.", + "com.sun.org.apache.xalan.internal.xsltc.trax.", + "com.sun.org.apache.xalan.internal.xsltc.util.", + "com.sun.org.apache.xml.internal.res.", + "com.sun.org.apache.xml.internal.security.", + "com.sun.org.apache.xml.internal.serializer.utils.", + "com.sun.org.apache.xml.internal.utils.", + "com.sun.org.glassfish.", + "oracle.jrockit.jfr.", + "org.jcp.xml.dsig.internal.", + }; + public static void main(String[] args) throws Exception { + List<String> pkgs = new ArrayList<>(Arrays.asList(packages)); + String osName = System.getProperty("os.name"); + if (osName.contains("OS X")) { + pkgs.add("apple."); // add apple package for OS X + } else if (osName.startsWith("Windows")) { + pkgs.add("com.sun.java.accessibility."); + } - String[] pkgs = new String[] { - "com.sun.corba.se.impl.", - "com.sun.org.apache.xerces.internal.utils.", - "com.sun.org.apache.xalan.internal.utils." }; - SecurityManager sm = new SecurityManager(); - System.setSecurityManager(sm); - for (String pkg : pkgs) { - System.out.println("Checking package access for " + pkg); + List<String> jspkgs = + getPackages(Security.getProperty("package.access")); + + // Sort to ensure lists are comparable + Collections.sort(pkgs); + Collections.sort(jspkgs); + + if (!pkgs.equals(jspkgs)) { + for (String p : pkgs) + if (!jspkgs.contains(p)) + System.out.println("In golden set, but not in j.s file: " + p); + for (String p : jspkgs) + if (!pkgs.contains(p)) + System.out.println("In j.s file, but not in golden set: " + p); + + + throw new RuntimeException("restricted packages are not " + + "consistent with java.security file"); + } + System.setSecurityManager(new SecurityManager()); + SecurityManager sm = System.getSecurityManager(); + for (String pkg : packages) { + String subpkg = pkg + "foo"; try { sm.checkPackageAccess(pkg); - throw new Exception("Expected PackageAccess SecurityException not thrown"); + throw new RuntimeException("Able to access " + pkg + + " package"); + } catch (SecurityException se) { } + try { + sm.checkPackageAccess(subpkg); + throw new RuntimeException("Able to access " + subpkg + + " package"); } catch (SecurityException se) { } try { sm.checkPackageDefinition(pkg); - throw new Exception("Expected PackageDefinition SecurityException not thrown"); + throw new RuntimeException("Able to define class in " + pkg + + " package"); + } catch (SecurityException se) { } + try { + sm.checkPackageDefinition(subpkg); + throw new RuntimeException("Able to define class in " + subpkg + + " package"); } catch (SecurityException se) { } } + System.out.println("Test passed"); + } + + private static List<String> getPackages(String p) { + List<String> packages = new ArrayList<>(); + if (p != null && !p.equals("")) { + StringTokenizer tok = new StringTokenizer(p, ","); + while (tok.hasMoreElements()) { + String s = tok.nextToken().trim(); + packages.add(s); + } + } + return packages; } }