8007292: Add JavaFX internal packages to package.access
Summary: build hooks to allow closed restricted packages to be added to java.security file
Reviewed-by: erikj, dholmes, tbell
--- a/jdk/make/java/security/Makefile Thu Oct 03 11:26:53 2013 -0700
+++ b/jdk/make/java/security/Makefile Fri Oct 11 08:43:07 2013 -0400
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,9 @@
BLACKLISTED_CERTS_SRC += $(wildcard $(CLOSED_SHARE_SRC)/lib/security/blacklisted.certs)
TRUSTEDLIBS_SRC = $(CLOSED_SHARE_SRC)/lib/security/trusted.libraries
TRUSTEDLIBS_BUILD = $(LIBDIR)/security/trusted.libraries
+ RESTRICTED_PKGS_SRC = $(CLOSED_SHARE_SRC)/lib/security/restricted.pkgs
+ RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ")
+ ADDTORESTRICTEDPKGS_JARFILE = $(BUILDTOOLJARDIR)/addtorestrictedpkgs.jar
endif
FILES_class = $(FILES_java:%.java=$(CLASSBINDIR)/%.class)
@@ -108,8 +111,15 @@
trustedlibs: classes $(TRUSTEDLIBS_BUILD)
+ifdef OPENJDK
$(PROPS_BUILD): $(PROPS_SRC)
$(install-file)
+else
+$(PROPS_BUILD): $(PROPS_SRC)
+ $(MKDIR) -p $(@D)
+ $(BOOT_JAVA_CMD) -jar $(ADDTORESTRICTEDPKGS_JARFILE) $^ $@.tmp $(RESTRICTED_PKGS)
+ $(MV) $@.tmp $@
+endif
$(POLICY_BUILD): $(POLICY_SRC)
$(install-file)
--- a/jdk/make/tools/Makefile Thu Oct 03 11:26:53 2013 -0700
+++ b/jdk/make/tools/Makefile Fri Oct 11 08:43:07 2013 -0400
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@
# Note: freetypecheck is built by Sanity.gmk if needed
SUBDIRS = \
addjsum \
+ addtorestrictedpkgs \
buildmetaindex \
cldrconverter \
commentchecker \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/tools/addtorestrictedpkgs/Makefile Fri Oct 11 08:43:07 2013 -0400
@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation. Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+#
+# Makefile for building the addtorestrictedpkgs tool
+#
+
+BUILDDIR = ../..
+PACKAGE = build.tools.addtorestrictedpkgs
+PRODUCT = tools
+PROGRAM = addtorestrictedpkgs
+include $(BUILDDIR)/common/Defs.gmk
+
+BUILDTOOL_SOURCE_ROOT = $(BUILDDIR)/tools/src
+BUILDTOOL_MAIN = $(PKGDIR)/AddToRestrictedPkgs.java
+
+#
+# Build tool jar rules.
+#
+include $(BUILDDIR)/common/BuildToolJar.gmk
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/tools/src/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java Fri Oct 11 08:43:07 2013 -0400
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package build.tools.addtorestrictedpkgs;
+
+import java.io.*;
+
+/**
+ * Adds additional packages to the package.access and package.definition
+ * security properties.
+ */
+public class AddToRestrictedPkgs {
+
+ private static final String PKG_ACC = "package.access";
+ private static final String PKG_DEF = "package.definition";
+ private static final int PKG_ACC_INDENT = 15;
+ private static final int PKG_DEF_INDENT = 19;
+
+ public static void main(String[] args) throws Exception {
+
+ if (args.length < 3) {
+ System.err.println("Usage: java AddToRestrictedPkgs " +
+ "[input java.security file name] " +
+ "[output java.security file name] " +
+ "[packages ...]");
+ System.exit(1);
+ }
+
+ try (FileReader fr = new FileReader(args[0]);
+ BufferedReader br = new BufferedReader(fr);
+ FileWriter fw = new FileWriter(args[1]);
+ BufferedWriter bw = new BufferedWriter(fw))
+ {
+ // parse the file line-by-line, looking for pkg access properties
+ String line = br.readLine();
+ while (line != null) {
+ if (line.startsWith(PKG_ACC)) {
+ writePackages(br, bw, line, PKG_ACC_INDENT, args);
+ } else if (line.startsWith(PKG_DEF)) {
+ writePackages(br, bw, line, PKG_DEF_INDENT, args);
+ } else {
+ writeLine(bw, line);
+ }
+ line = br.readLine();
+ }
+ bw.flush();
+ }
+ }
+
+ private static void writePackages(BufferedReader br, BufferedWriter bw,
+ String line, int numSpaces,
+ String[] args) throws IOException {
+ // parse property until EOL, not including line breaks
+ while (line.endsWith("\\")) {
+ writeLine(bw, line);
+ line = br.readLine();
+ }
+ // append comma and line-break to last package
+ writeLine(bw, line + ",\\");
+ // add new packages, one per line
+ for (int i = 2; i < args.length - 1; i++) {
+ indent(bw, numSpaces);
+ writeLine(bw, args[i] + ",\\");
+ }
+ indent(bw, numSpaces);
+ writeLine(bw, args[args.length - 1]);
+ }
+
+ private static void writeLine(BufferedWriter bw, String line)
+ throws IOException
+ {
+ bw.write(line);
+ bw.newLine();
+ }
+
+ private static void indent(BufferedWriter bw, int numSpaces)
+ throws IOException
+ {
+ for (int i = 0; i < numSpaces; i++) {
+ bw.append(' ');
+ }
+ }
+}
--- a/jdk/makefiles/CopyFiles.gmk Thu Oct 03 11:26:53 2013 -0700
+++ b/jdk/makefiles/CopyFiles.gmk Fri Oct 11 08:43:07 2013 -0400
@@ -355,9 +355,23 @@
PROPS_SRC := $(JDK_TOPDIR)/src/share/lib/security/java.security-$(OPENJDK_TARGET_OS)
PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security
+ifndef OPENJDK
+
+RESTRICTED_PKGS_SRC := $(JDK_TOPDIR)/src/closed/share/lib/security/restricted.pkgs
+RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ")
+
+$(PROPS_DST): $(PROPS_SRC)
+ $(MKDIR) -p $(@D)
+ $(TOOL_ADDTORESTRICTEDPKGS) $^ $@.tmp $(RESTRICTED_PKGS)
+ $(MV) $@.tmp $@
+
+else
+
$(PROPS_DST): $(PROPS_SRC)
$(call install-file)
+endif
+
COPY_FILES += $(PROPS_DST)
##########################################################################################
--- a/jdk/makefiles/Tools.gmk Thu Oct 03 11:26:53 2013 -0700
+++ b/jdk/makefiles/Tools.gmk Fri Oct 11 08:43:07 2013 -0400
@@ -151,6 +151,9 @@
-cp $(JDK_OUTPUTDIR)/btclasses:$(JDK_OUTPUTDIR) \
build.tools.deps.CheckDeps
+TOOL_ADDTORESTRICTEDPKGS=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \
+ build.tools.addtorestrictedpkgs.AddToRestrictedPkgs
+
##########################################################################################
# Tools needed on solaris because OBJCOPY is broken.
--- a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Thu Oct 03 11:26:53 2013 -0700
+++ b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Oct 11 08:43:07 2013 -0400
@@ -29,6 +29,9 @@
* @run main/othervm CheckPackageAccess
*/
+import java.io.File;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
import java.security.Security;
import java.util.Collections;
import java.util.Arrays;
@@ -96,6 +99,16 @@
List<String> jspkgs =
getPackages(Security.getProperty("package.access"));
+ // get closed restricted packages
+ File f = new File(System.getProperty("test.src"),
+ "../../../../src/closed/share/lib/security/restricted.pkgs");
+ if (f.exists()) {
+ List<String> ipkgs = Files.readAllLines(f.toPath(),
+ StandardCharsets.UTF_8);
+ // Remove any closed packages from list before comparing
+ jspkgs.removeAll(ipkgs);
+ }
+
// Sort to ensure lists are comparable
Collections.sort(pkgs);
Collections.sort(jspkgs);