|
1 /* |
|
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 /* |
|
25 * @test |
|
26 * @bug 8014097 |
|
27 * @summary Test the limited privilege scope version of doPrivileged |
|
28 */ |
|
29 |
|
30 import java.security.*; |
|
31 import java.util.*; |
|
32 |
|
33 public class LimitedDoPrivileged { |
|
34 /* |
|
35 * Test variations of doPrivileged() and doPrivileged() with a limited privilege scope |
|
36 * in a sandbox with the usual default permission to read the system properties for the |
|
37 * file and path separators. |
|
38 * |
|
39 * By passing in an "assigned" AccessControlContext that has |
|
40 * no default permissions we can test how code privileges are being scoped. |
|
41 */ |
|
42 |
|
43 private static final ProtectionDomain domain = |
|
44 new ProtectionDomain(null, null, null, null); |
|
45 private static final AccessControlContext acc = |
|
46 new AccessControlContext(new ProtectionDomain[] { domain }); |
|
47 private static final PropertyPermission pathPerm = |
|
48 new PropertyPermission("path.separator", "read"); |
|
49 private static final PropertyPermission filePerm = |
|
50 new PropertyPermission("file.separator", "read"); |
|
51 |
|
52 public static void main(String[] args) throws Exception { |
|
53 /* |
|
54 * Verify that we have the usual default property read permission. |
|
55 */ |
|
56 AccessController.getContext().checkPermission(filePerm); |
|
57 AccessController.getContext().checkPermission(pathPerm); |
|
58 System.out.println("test 1 passed"); |
|
59 |
|
60 /* |
|
61 * Inject the "no permission" AccessControlContext. |
|
62 */ |
|
63 AccessController.doPrivileged(new PrivilegedAction() { |
|
64 public Object run() { |
|
65 |
|
66 /* |
|
67 * Verify that we no longer have the "file.separator" permission. |
|
68 */ |
|
69 try { |
|
70 AccessController.getContext().checkPermission(pathPerm); |
|
71 } catch (AccessControlException ace) { |
|
72 System.out.println("test 2 passed"); |
|
73 } |
|
74 |
|
75 /* |
|
76 * Verify that we can give ourselves limited privilege to read |
|
77 * any system property starting with "path.". |
|
78 */ |
|
79 AccessController.doPrivileged |
|
80 (new PrivilegedAction() { |
|
81 public Object run() { |
|
82 AccessController.getContext().checkPermission(pathPerm); |
|
83 return null; |
|
84 } |
|
85 }, null, new PropertyPermission("path.*", "read")); |
|
86 System.out.println("test 3 passed"); |
|
87 |
|
88 /* |
|
89 * Verify that if we give ourselves limited privilege to read |
|
90 * any system property starting with "path." it won't give us the |
|
91 * the ability to read "file.separator". |
|
92 */ |
|
93 try { |
|
94 AccessController.doPrivileged |
|
95 (new PrivilegedAction() { |
|
96 public Object run() { |
|
97 AccessController.getContext().checkPermission(filePerm); |
|
98 return null; |
|
99 } |
|
100 }, null, new PropertyPermission("path.*", "read")); |
|
101 } catch (AccessControlException ace) { |
|
102 System.out.println("test 4 passed"); |
|
103 } |
|
104 |
|
105 /* |
|
106 * Verify that capturing and passing in the context with no default |
|
107 * system property permission grants will prevent access that succeeded |
|
108 * earlier without the context assignment. |
|
109 */ |
|
110 final AccessControlContext context = AccessController.getContext(); |
|
111 try { |
|
112 AccessController.doPrivileged |
|
113 (new PrivilegedAction() { |
|
114 public Object run() { |
|
115 AccessController.getContext().checkPermission(pathPerm); |
|
116 return null; |
|
117 } |
|
118 }, context, new PropertyPermission("path.*", "read")); |
|
119 } catch (AccessControlException ace) { |
|
120 System.out.println("test 5 passed"); |
|
121 } |
|
122 |
|
123 /* |
|
124 * Verify that we can give ourselves full privilege to read |
|
125 * any system property starting with "path.". |
|
126 */ |
|
127 AccessController.doPrivileged |
|
128 (new PrivilegedAction() { |
|
129 public Object run() { |
|
130 AccessController.getContext().checkPermission(pathPerm); |
|
131 return null; |
|
132 } |
|
133 }); |
|
134 System.out.println("test 6 passed"); |
|
135 |
|
136 /* |
|
137 * Verify that capturing and passing in the context with no default |
|
138 * system property permission grants will prevent access that succeeded |
|
139 * earlier without the context assignment. |
|
140 */ |
|
141 try { |
|
142 AccessController.doPrivileged |
|
143 (new PrivilegedAction() { |
|
144 public Object run() { |
|
145 AccessController.getContext().checkPermission(pathPerm); |
|
146 return null; |
|
147 } |
|
148 }, context); |
|
149 } catch (AccessControlException ace) { |
|
150 System.out.println("test 7 passed"); |
|
151 } |
|
152 |
|
153 /* |
|
154 * Verify that we can give ourselves limited privilege to read |
|
155 * any system property starting with "path." when a limited |
|
156 * privilege scope context is captured and passed to a regular |
|
157 * doPrivileged() as an assigned context. |
|
158 */ |
|
159 AccessController.doPrivileged |
|
160 (new PrivilegedAction() { |
|
161 public Object run() { |
|
162 |
|
163 /* |
|
164 * Capture the limited privilege scope and inject it into the |
|
165 * regular doPrivileged(). |
|
166 */ |
|
167 final AccessControlContext limitedContext = AccessController.getContext(); |
|
168 AccessController.doPrivileged |
|
169 (new PrivilegedAction() { |
|
170 public Object run() { |
|
171 AccessController.getContext().checkPermission(pathPerm); |
|
172 return null; |
|
173 } |
|
174 }, limitedContext); |
|
175 return null; |
|
176 } |
|
177 }, null, new PropertyPermission("path.*", "read")); |
|
178 System.out.println("test 8 passed"); |
|
179 |
|
180 /* |
|
181 * Verify that we can give ourselves limited privilege to read |
|
182 * any system property starting with "path." it won't give us the |
|
183 * the ability to read "file.separator" when a limited |
|
184 * privilege scope context is captured and passed to a regular |
|
185 * doPrivileged() as an assigned context. |
|
186 */ |
|
187 AccessController.doPrivileged |
|
188 (new PrivilegedAction() { |
|
189 public Object run() { |
|
190 |
|
191 /* |
|
192 * Capture the limited privilege scope and inject it into the |
|
193 * regular doPrivileged(). |
|
194 */ |
|
195 final AccessControlContext limitedContext = AccessController.getContext(); |
|
196 try { |
|
197 AccessController.doPrivileged |
|
198 (new PrivilegedAction() { |
|
199 public Object run() { |
|
200 AccessController.getContext().checkPermission(filePerm); |
|
201 return null; |
|
202 } |
|
203 }, limitedContext); |
|
204 } catch (AccessControlException ace) { |
|
205 System.out.println("test 9 passed"); |
|
206 } |
|
207 return null; |
|
208 } |
|
209 }, null, new PropertyPermission("path.*", "read")); |
|
210 |
|
211 return null; |
|
212 } |
|
213 }, acc); |
|
214 } |
|
215 } |