8008793: SecurityManager.checkXXX behavior not specified for methods that check AWTPermission and AWT not present
Reviewed-by: hawtin, mullan, dsamersoff, mchung
--- a/jdk/src/share/classes/java/lang/SecurityManager.java Wed Feb 27 17:22:44 2013 +0530
+++ b/jdk/src/share/classes/java/lang/SecurityManager.java Wed Feb 27 14:24:45 2013 +0000
@@ -1320,6 +1320,9 @@
* <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
* and returns <code>true</code> if a SecurityException is not thrown,
* otherwise it returns <code>false</code>.
+ * In the case of subset Profiles of Java SE that do not include the
+ * {@code java.awt} package, {@code checkPermission} is instead called
+ * to check the permission {@code java.security.AllPermission}.
* <p>
* If you override this method, then you should make a call to
* <code>super.checkTopLevelWindow</code>
@@ -1340,8 +1343,12 @@
if (window == null) {
throw new NullPointerException("window can't be null");
}
+ Permission perm = SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION;
+ if (perm == null) {
+ perm = SecurityConstants.ALL_PERMISSION;
+ }
try {
- checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
+ checkPermission(perm);
return true;
} catch (SecurityException se) {
// just return false
@@ -1379,6 +1386,9 @@
* This method calls <code>checkPermission</code> with the
* <code>AWTPermission("accessClipboard")</code>
* permission.
+ * In the case of subset Profiles of Java SE that do not include the
+ * {@code java.awt} package, {@code checkPermission} is instead called
+ * to check the permission {@code java.security.AllPermission}.
* <p>
* If you override this method, then you should make a call to
* <code>super.checkSystemClipboardAccess</code>
@@ -1391,7 +1401,11 @@
* @see #checkPermission(java.security.Permission) checkPermission
*/
public void checkSystemClipboardAccess() {
- checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
+ Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
+ if (perm == null) {
+ perm = SecurityConstants.ALL_PERMISSION;
+ }
+ checkPermission(perm);
}
/**
@@ -1400,6 +1414,10 @@
* <p>
* This method calls <code>checkPermission</code> with the
* <code>AWTPermission("accessEventQueue")</code> permission.
+ * In the case of subset Profiles of Java SE that do not include the
+ * {@code java.awt} package, {@code checkPermission} is instead called
+ * to check the permission {@code java.security.AllPermission}.
+ *
* <p>
* If you override this method, then you should make a call to
* <code>super.checkAwtEventQueueAccess</code>
@@ -1412,7 +1430,11 @@
* @see #checkPermission(java.security.Permission) checkPermission
*/
public void checkAwtEventQueueAccess() {
- checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
+ Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
+ if (perm == null) {
+ perm = SecurityConstants.ALL_PERMISSION;
+ }
+ checkPermission(perm);
}
/*
--- a/jdk/src/share/classes/sun/security/util/SecurityConstants.java Wed Feb 27 17:22:44 2013 +0530
+++ b/jdk/src/share/classes/sun/security/util/SecurityConstants.java Wed Feb 27 14:24:45 2013 +0000
@@ -71,31 +71,6 @@
public static final AllPermission ALL_PERMISSION = new AllPermission();
/**
- * Permission type used when AWT is not present.
- */
- private static class FakeAWTPermission extends BasicPermission {
- private static final long serialVersionUID = -1L;
- public FakeAWTPermission(String name) {
- super(name);
- }
- public String toString() {
- return "(\"java.awt.AWTPermission\" \"" + getName() + "\")";
- }
- }
-
- /**
- * Permission factory used when AWT is not present.
- */
- private static class FakeAWTPermissionFactory
- implements PermissionFactory<FakeAWTPermission>
- {
- @Override
- public FakeAWTPermission newPermission(String name) {
- return new FakeAWTPermission(name);
- }
- }
-
- /**
* AWT Permissions used in the JDK.
*/
public static class AWT {
@@ -107,37 +82,29 @@
private static final String AWTFactory = "sun.awt.AWTPermissionFactory";
/**
- * The PermissionFactory to create AWT permissions (or fake permissions
- * if AWT is not present).
+ * The PermissionFactory to create AWT permissions (or null if AWT is
+ * not present)
*/
private static final PermissionFactory<?> factory = permissionFactory();
private static PermissionFactory<?> permissionFactory() {
- Class<?> c = AccessController
- .doPrivileged(new PrivilegedAction<Class<?>>() {
- public Class<?> run() {
- try {
- return Class.forName(AWTFactory, true, null);
- } catch (ClassNotFoundException e) {
- // not available
- return null;
- }
- }});
- if (c != null) {
- // AWT present
- try {
- return (PermissionFactory<?>)c.newInstance();
- } catch (ReflectiveOperationException x) {
- throw new InternalError(x.getMessage(), x);
- }
- } else {
- // AWT not present
- return new FakeAWTPermissionFactory();
+ Class<?> c;
+ try {
+ c = Class.forName(AWTFactory, false, AWT.class.getClassLoader());
+ } catch (ClassNotFoundException e) {
+ // not available
+ return null;
+ }
+ // AWT present
+ try {
+ return (PermissionFactory<?>)c.newInstance();
+ } catch (ReflectiveOperationException x) {
+ throw new InternalError(x);
}
}
private static Permission newAWTPermission(String name) {
- return factory.newPermission(name);
+ return (factory == null) ? null : factory.newPermission(name);
}
// java.lang.SecurityManager
--- a/jdk/test/java/lang/SecurityManager/NoAWT.java Wed Feb 27 17:22:44 2013 +0530
+++ b/jdk/test/java/lang/SecurityManager/NoAWT.java Wed Feb 27 14:24:45 2013 +0000
@@ -22,14 +22,43 @@
*/
/* @test
- * @bug 8004502
+ * @bug 8004502 8008793
* @summary Sanity check that SecurityManager methods that check AWTPermission
* behave as expected when AWT is not present
*/
+import java.security.AllPermission;
+import java.security.Permission;
+
public class NoAWT {
+
+ static class MySecurityManager extends SecurityManager {
+ Class<?> expectedClass;
+
+ void setExpectedPermissionClass(Class<?> c) {
+ expectedClass = c;
+ }
+
+ @Override
+ public void checkPermission(Permission perm) {
+ if (perm.getClass() != expectedClass)
+ throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
+ super.checkPermission(perm);
+ }
+ }
+
public static void main(String[] args) {
- SecurityManager sm = new SecurityManager();
+ Class<?> awtPermissionClass = null;
+ try {
+ awtPermissionClass = Class.forName("java.awt.AWTPermission");
+ } catch (ClassNotFoundException ignore) { }
+
+ MySecurityManager sm = new MySecurityManager();
+ if (awtPermissionClass != null) {
+ sm.setExpectedPermissionClass(awtPermissionClass);
+ } else {
+ sm.setExpectedPermissionClass(AllPermission.class);
+ }
try {
sm.checkAwtEventQueueAccess();