8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default
Reviewed-by: mchung
--- a/jdk/src/java.base/share/classes/java/lang/SecurityManager.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/lang/SecurityManager.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,18 +25,30 @@
package java.lang;
-import java.security.*;
+import java.lang.RuntimePermission;
+import java.lang.module.ModuleDescriptor;
+import java.lang.module.ModuleDescriptor.Exports;
+import java.lang.module.ModuleDescriptor.Opens;
+import java.lang.reflect.Layer;
+import java.lang.reflect.Member;
+import java.lang.reflect.Module;
import java.io.FileDescriptor;
import java.io.File;
import java.io.FilePermission;
-import java.util.PropertyPermission;
-import java.lang.RuntimePermission;
+import java.net.InetAddress;
import java.net.SocketPermission;
-import java.net.NetPermission;
-import java.util.Hashtable;
-import java.net.InetAddress;
-import java.lang.reflect.*;
-import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.security.SecurityPermission;
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.PropertyPermission;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
import jdk.internal.reflect.CallerSensitive;
import sun.security.util.SecurityConstants;
@@ -1415,46 +1427,108 @@
}
}
- if (packages == null)
+ if (packages == null) {
packages = new String[0];
+ }
return packages;
}
+ // The non-exported packages of the modules in the boot layer that are
+ // loaded by the platform class loader or its ancestors. A non-exported
+ // package is a package that either is not exported at all by its containing
+ // module or is exported in a qualified fashion by its containing module.
+ private static final Set<String> nonExportedPkgs;
+
+ static {
+ // Get the modules in the boot layer
+ Stream<Module> bootLayerModules = Layer.boot().modules().stream();
+
+ // Filter out the modules loaded by the boot or platform loader
+ PrivilegedAction<Set<Module>> pa = () ->
+ bootLayerModules.filter(SecurityManager::isBootOrPlatformModule)
+ .collect(Collectors.toSet());
+ Set<Module> modules = AccessController.doPrivileged(pa);
+
+ // Filter out the non-exported packages
+ nonExportedPkgs = modules.stream()
+ .map(Module::getDescriptor)
+ .map(SecurityManager::nonExportedPkgs)
+ .flatMap(Set::stream)
+ .collect(Collectors.toSet());
+ }
+
+ /**
+ * Returns true if the module's loader is the boot or platform loader.
+ */
+ private static boolean isBootOrPlatformModule(Module m) {
+ return m.getClassLoader() == null ||
+ m.getClassLoader() == ClassLoader.getPlatformClassLoader();
+ }
+
/**
- * Throws a <code>SecurityException</code> if the
- * calling thread is not allowed to access the package specified by
- * the argument.
- * <p>
- * This method is used by the <code>loadClass</code> method of class
- * loaders.
+ * Returns the non-exported packages of the specified module.
+ */
+ private static Set<String> nonExportedPkgs(ModuleDescriptor md) {
+ // start with all packages in the module
+ Set<String> pkgs = new HashSet<>(md.packages());
+
+ // remove the non-qualified exported packages
+ md.exports().stream()
+ .filter(p -> !p.isQualified())
+ .map(Exports::source)
+ .forEach(pkgs::remove);
+
+ // remove the non-qualified open packages
+ md.opens().stream()
+ .filter(p -> !p.isQualified())
+ .map(Opens::source)
+ .forEach(pkgs::remove);
+
+ return pkgs;
+ }
+
+ /**
+ * Throws a {@code SecurityException} if the calling thread is not allowed
+ * to access the specified package.
* <p>
- * This method first gets a list of
- * restricted packages by obtaining a comma-separated list from
- * a call to
- * <code>java.security.Security.getProperty("package.access")</code>,
- * and checks to see if <code>pkg</code> starts with or equals
- * any of the restricted packages. If it does, then
- * <code>checkPermission</code> gets called with the
- * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
- * permission.
+ * This method is called by the {@code loadClass} method of class loaders.
+ * <p>
+ * This method checks if the specified package starts with or equals
+ * any of the packages in the {@code package.access} Security Property.
+ * An implementation may also check the package against an additional
+ * list of restricted packages as noted below. If the package is restricted,
+ * {@link #checkPermission(Permission)} is called with a
+ * {@code RuntimePermission("accessClassInPackage."+pkg)} permission.
* <p>
- * If this method is overridden, then
- * <code>super.checkPackageAccess</code> should be called
- * as the first line in the overridden method.
+ * If this method is overridden, then {@code super.checkPackageAccess}
+ * should be called as the first line in the overridden method.
+ *
+ * @implNote
+ * This implementation also restricts all non-exported packages of modules
+ * loaded by {@linkplain ClassLoader#getPlatformClassLoader
+ * the platform class loader} or its ancestors. A "non-exported package"
+ * refers to a package that is not exported to all modules. Specifically,
+ * it refers to a package that either is not exported at all by its
+ * containing module or is exported in a qualified fashion by its
+ * containing module.
*
* @param pkg the package name.
- * @exception SecurityException if the calling thread does not have
+ * @throws SecurityException if the calling thread does not have
* permission to access the specified package.
- * @exception NullPointerException if the package name argument is
- * <code>null</code>.
- * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
- * loadClass
+ * @throws NullPointerException if the package name argument is
+ * {@code null}.
+ * @see java.lang.ClassLoader#loadClass(String, boolean) loadClass
* @see java.security.Security#getProperty getProperty
- * @see #checkPermission(java.security.Permission) checkPermission
+ * @see #checkPermission(Permission) checkPermission
*/
public void checkPackageAccess(String pkg) {
- if (pkg == null) {
- throw new NullPointerException("package name can't be null");
+ Objects.requireNonNull(pkg, "package name can't be null");
+
+ // check if pkg is not exported to all modules
+ if (nonExportedPkgs.contains(pkg)) {
+ checkPermission(
+ new RuntimePermission("accessClassInPackage." + pkg));
+ return;
}
String[] restrictedPkgs;
@@ -1512,36 +1586,48 @@
}
/**
- * Throws a <code>SecurityException</code> if the
- * calling thread is not allowed to define classes in the package
- * specified by the argument.
+ * Throws a {@code SecurityException} if the calling thread is not
+ * allowed to define classes in the specified package.
* <p>
- * This method is used by the <code>loadClass</code> method of some
+ * This method is called by the {@code loadClass} method of some
* class loaders.
* <p>
- * This method first gets a list of restricted packages by
- * obtaining a comma-separated list from a call to
- * <code>java.security.Security.getProperty("package.definition")</code>,
- * and checks to see if <code>pkg</code> starts with or equals
- * any of the restricted packages. If it does, then
- * <code>checkPermission</code> gets called with the
- * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
- * permission.
+ * This method checks if the specified package starts with or equals
+ * any of the packages in the {@code package.definition} Security
+ * Property. An implementation may also check the package against an
+ * additional list of restricted packages as noted below. If the package
+ * is restricted, {@link #checkPermission(Permission)} is called with a
+ * {@code RuntimePermission("defineClassInPackage."+pkg)} permission.
* <p>
- * If this method is overridden, then
- * <code>super.checkPackageDefinition</code> should be called
- * as the first line in the overridden method.
+ * If this method is overridden, then {@code super.checkPackageDefinition}
+ * should be called as the first line in the overridden method.
+ *
+ * @implNote
+ * This implementation also restricts all non-exported packages of modules
+ * loaded by {@linkplain ClassLoader#getPlatformClassLoader
+ * the platform class loader} or its ancestors. A "non-exported package"
+ * refers to a package that is not exported to all modules. Specifically,
+ * it refers to a package that either is not exported at all by its
+ * containing module or is exported in a qualified fashion by its
+ * containing module.
*
* @param pkg the package name.
- * @exception SecurityException if the calling thread does not have
+ * @throws SecurityException if the calling thread does not have
* permission to define classes in the specified package.
- * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
+ * @throws NullPointerException if the package name argument is
+ * {@code null}.
+ * @see java.lang.ClassLoader#loadClass(String, boolean)
* @see java.security.Security#getProperty getProperty
- * @see #checkPermission(java.security.Permission) checkPermission
+ * @see #checkPermission(Permission) checkPermission
*/
public void checkPackageDefinition(String pkg) {
- if (pkg == null) {
- throw new NullPointerException("package name can't be null");
+ Objects.requireNonNull(pkg, "package name can't be null");
+
+ // check if pkg is not exported to all modules
+ if (nonExportedPkgs.contains(pkg)) {
+ checkPermission(
+ new RuntimePermission("defineClassInPackage." + pkg));
+ return;
}
String[] pkgs;
--- a/jdk/src/java.base/share/classes/java/lang/System.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/lang/System.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -310,12 +310,13 @@
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*/
- public static
- void setSecurityManager(final SecurityManager s) {
- try {
- s.checkPackageAccess("java.lang");
- } catch (Exception e) {
- // no-op
+ public static void setSecurityManager(final SecurityManager s) {
+ if (s != null) {
+ try {
+ s.checkPackageAccess("java.lang");
+ } catch (Exception e) {
+ // no-op
+ }
}
setSecurityManager0(s);
}
--- a/jdk/src/java.base/share/classes/module-info.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.base/share/classes/module-info.java Thu Jan 19 13:50:02 2017 -0500
@@ -249,7 +249,6 @@
jdk.crypto.token;
exports sun.security.jca to
java.smartcardio,
- java.xml.crypto,
jdk.crypto.ec,
jdk.crypto.token,
jdk.naming.dns;
--- a/jdk/src/java.base/share/conf/security/java.security Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.base/share/conf/security/java.security Thu Jan 19 13:50:02 2017 -0500
@@ -298,111 +298,24 @@
#
# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,\
- com.sun.xml.internal.,\
- com.sun.imageio.,\
- com.sun.istack.internal.,\
- com.sun.jmx.,\
- com.sun.media.sound.,\
- com.sun.naming.internal.,\
- com.sun.proxy.,\
- com.sun.corba.se.,\
- com.sun.org.apache.bcel.internal.,\
- com.sun.org.apache.regexp.internal.,\
- com.sun.org.apache.xerces.internal.,\
- com.sun.org.apache.xpath.internal.,\
- com.sun.org.apache.xalan.internal.extensions.,\
- com.sun.org.apache.xalan.internal.lib.,\
- com.sun.org.apache.xalan.internal.res.,\
- com.sun.org.apache.xalan.internal.templates.,\
- com.sun.org.apache.xalan.internal.utils.,\
- com.sun.org.apache.xalan.internal.xslt.,\
- com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
- com.sun.org.apache.xalan.internal.xsltc.compiler.,\
- com.sun.org.apache.xalan.internal.xsltc.trax.,\
- com.sun.org.apache.xalan.internal.xsltc.util.,\
- com.sun.org.apache.xml.internal.res.,\
- com.sun.org.apache.xml.internal.security.,\
- com.sun.org.apache.xml.internal.serializer.dom3.,\
- com.sun.org.apache.xml.internal.serializer.utils.,\
- com.sun.org.apache.xml.internal.utils.,\
- com.sun.org.glassfish.,\
- com.sun.tools.script.,\
- com.oracle.xmlns.internal.,\
- com.oracle.webservices.internal.,\
- org.jcp.xml.dsig.internal.,\
- jdk.internal.,\
- jdk.nashorn.internal.,\
- jdk.nashorn.tools.,\
- jdk.tools.jimage.,\
- com.sun.activation.registries.,\
- com.sun.java.accessibility.util.internal.,\
-#ifdef windows
- com.sun.java.accessibility.internal.,\
-#endif
-#ifdef macosx
- apple.,\
-#endif
+# will cause a security exception to be thrown when passed to the
+# SecurityManager::checkPackageAccess method unless the corresponding
+# RuntimePermission("accessClassInPackage."+package) has been granted.
+#
+package.access=sun.misc.,\
+ sun.reflect.,\
#
# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
+# will cause a security exception to be thrown when passed to the
+# SecurityManager::checkPackageDefinition method unless the corresponding
+# RuntimePermission("defineClassInPackage."+package) has been granted.
#
-# by default, none of the class loaders supplied with the JDK call
+# By default, none of the class loaders supplied with the JDK call
# checkPackageDefinition.
#
-package.definition=sun.,\
- com.sun.xml.internal.,\
- com.sun.imageio.,\
- com.sun.istack.internal.,\
- com.sun.jmx.,\
- com.sun.media.sound.,\
- com.sun.naming.internal.,\
- com.sun.proxy.,\
- com.sun.corba.se.,\
- com.sun.org.apache.bcel.internal.,\
- com.sun.org.apache.regexp.internal.,\
- com.sun.org.apache.xerces.internal.,\
- com.sun.org.apache.xpath.internal.,\
- com.sun.org.apache.xalan.internal.extensions.,\
- com.sun.org.apache.xalan.internal.lib.,\
- com.sun.org.apache.xalan.internal.res.,\
- com.sun.org.apache.xalan.internal.templates.,\
- com.sun.org.apache.xalan.internal.utils.,\
- com.sun.org.apache.xalan.internal.xslt.,\
- com.sun.org.apache.xalan.internal.xsltc.cmdline.,\
- com.sun.org.apache.xalan.internal.xsltc.compiler.,\
- com.sun.org.apache.xalan.internal.xsltc.trax.,\
- com.sun.org.apache.xalan.internal.xsltc.util.,\
- com.sun.org.apache.xml.internal.res.,\
- com.sun.org.apache.xml.internal.security.,\
- com.sun.org.apache.xml.internal.serializer.dom3.,\
- com.sun.org.apache.xml.internal.serializer.utils.,\
- com.sun.org.apache.xml.internal.utils.,\
- com.sun.org.glassfish.,\
- com.sun.tools.script.,\
- com.oracle.xmlns.internal.,\
- com.oracle.webservices.internal.,\
- org.jcp.xml.dsig.internal.,\
- jdk.internal.,\
- jdk.nashorn.internal.,\
- jdk.nashorn.tools.,\
- jdk.tools.jimage.,\
- com.sun.activation.registries.,\
- com.sun.java.accessibility.util.internal.,\
-#ifdef windows
- com.sun.java.accessibility.internal.,\
-#endif
-#ifdef macosx
- apple.,\
-#endif
+package.definition=sun.misc.,\
+ sun.reflect.,\
#
# Determines whether this properties file can be appended to
--- a/jdk/src/java.base/share/lib/security/default.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.base/share/lib/security/default.policy Thu Jan 19 13:50:02 2017 -0500
@@ -93,10 +93,20 @@
"com.sun.org.apache.xml.internal.security.register";
permission java.security.SecurityPermission
"getProperty.jdk.xml.dsig.secureValidationPolicy";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.org.apache.xml.internal.*";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.org.apache.xpath.internal";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
};
grant codeBase "jrt:/java.xml.ws" {
permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.org.apache.xml.internal.resolver";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.org.apache.xml.internal.resolver.tools";
+ permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.xml.internal.*";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.istack.internal";
@@ -188,3 +198,10 @@
permission java.util.PropertyPermission "os.name", "read";
};
+grant codeBase "jrt:/jdk.accessibility" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
+};
+
+grant codeBase "jrt:/jdk.desktop" {
+ permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
+};
--- a/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/CachedRowSetImpl.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/src/java.sql.rowset/share/classes/com/sun/rowset/CachedRowSetImpl.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,9 @@
import java.math.*;
import java.util.*;
import java.text.*;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.sql.rowset.*;
import javax.sql.rowset.spi.*;
@@ -357,8 +360,16 @@
}
// set the Reader, this maybe overridden latter
- provider =
- SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
+ try {
+ provider = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
+ @Override
+ public SyncProvider run() throws SyncFactoryException {
+ return SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
+ }
+ }, null, new RuntimePermission("accessClassInPackage.com.sun.rowset.providers"));
+ } catch (PrivilegedActionException pae) {
+ throw (SyncFactoryException) pae.getException();
+ }
if (!(provider instanceof RIOptimisticProvider)) {
throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString());
--- a/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/testAES.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/testAES.policy Thu Jan 19 13:50:02 2017 -0500
@@ -1,6 +1,6 @@
-grant
-{
+grant codeBase "file:${test.classes}/*" {
permission java.security.SecurityPermission "removeProvider.SunJCE";
permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.crypto.provider";
};
--- a/jdk/test/com/sun/security/auth/module/LdapLoginModule/CheckConfigs.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/com/sun/security/auth/module/LdapLoginModule/CheckConfigs.policy Thu Jan 19 13:50:02 2017 -0500
@@ -1,9 +1,9 @@
-
-grant {
+grant codeBase "file:${test.classes}/*" {
// The following permissions are not required because the test is
// not expected to connect to an LDAP server
//
//permission java.net.SocketPermission "*:389", "connect";
//permission java.net.SocketPermission "*:636", "connect";
//permission javax.security.auth.AuthPermission "modifyPrincipals";
+ permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.ldap";
};
--- a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,87 +23,174 @@
/*
* @test
- * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427
- * @summary Make sure all restricted packages listed in the package.access
+ * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 8055206
+ * @summary Check that various restricted packages that are supposed to be
+ * restricted by default or are listed in the package.access
* property in the java.security file are blocked
+ * @modules java.xml.ws java.corba
* @run main/othervm CheckPackageAccess
*/
-import java.util.Collections;
-import java.util.ArrayList;
+import java.lang.module.ModuleFinder;
+import java.lang.module.ModuleReference;
+import java.util.Arrays;
import java.util.List;
+import java.util.Optional;
+
+public class CheckPackageAccess {
+
+ private static final SecurityManager sm = new SecurityManager();
+ private static final ModuleFinder mf = ModuleFinder.ofSystem();
+
+ /*
+ * The expected list of restricted packages of the package.access property.
+ *
+ * This array should be updated whenever new packages are added to the
+ * package.access property in the java.security file
+ * NOTE: it should be in the same order as the java.security file
+ */
+ private static final String[] EXPECTED = {
+ "sun.misc.",
+ "sun.reflect.",
+ };
+
+ /**
+ * Tests access to various packages of a module.
+ */
+ private static class Test {
+ String moduleName; // name of module
+ ModuleReference moduleRef; // module reference
+ String exports; // exported pkg
+ Optional<String> opens; // opened pkg
+ String conceals; // concealed pkg
+ Optional<String> qualExports; // qualified export pkg
+ Optional<String> qualOpens; // qualified open pkg
+ // qual open and non-qualified export pkg
+ Optional<String> qualOpensAndExports;
+ Test(String module, String exports, String opens, String conceals,
+ String qualExports, String qualOpens, String qualOpensAndExports) {
+ this.moduleName = module;
+ this.moduleRef = mf.find(moduleName).get();
+ this.exports = exports;
+ this.opens = Optional.ofNullable(opens);
+ this.conceals = conceals;
+ this.qualExports = Optional.ofNullable(qualExports);
+ this.qualOpens = Optional.ofNullable(qualOpens);
+ this.qualOpensAndExports = Optional.ofNullable(qualOpensAndExports);
+ }
+
+ void test() {
+ System.out.println("Testing module " + moduleName);
+
+ // access to exported pkg should pass
+ testNonRestricted(exports);
+
+ // access to opened pkg should pass
+ opens.ifPresent(Test::testNonRestricted);
+
+ // access to concealed pkg should fail
+ testRestricted(conceals);
-/*
- * The main benefit of this test is to catch merge errors or other types
- * of issues where one or more of the packages are accidentally
- * removed. This is why the packages that are known to be restricted have to
- * be explicitly listed below.
- */
-public class CheckPackageAccess {
+ // access to qualified export pkg should fail
+ qualExports.ifPresent(Test::testRestricted);
+
+ // access to qualified open pkg should fail
+ qualOpens.ifPresent(Test::testRestricted);
+
+ // access to qualified opened pkg that is also exported should pass
+ qualOpensAndExports.ifPresent(Test::testNonRestricted);
+ }
+
+ private static void testRestricted(String pkg) {
+ try {
+ sm.checkPackageAccess(pkg);
+ throw new RuntimeException("Able to access restricted package: "
+ + pkg);
+ } catch (SecurityException se) {}
+ try {
+ sm.checkPackageDefinition(pkg);
+ throw new RuntimeException("Able to access restricted package: "
+ + pkg);
+ } catch (SecurityException se) {}
+ }
+
+ private static void testNonRestricted(String pkg) {
+ try {
+ sm.checkPackageAccess(pkg);
+ } catch (SecurityException se) {
+ throw new RuntimeException("Unable to access exported package: "
+ + pkg, se);
+ }
+ try {
+ sm.checkPackageDefinition(pkg);
+ } catch (SecurityException se) {
+ throw new RuntimeException("Unable to access exported package: "
+ + pkg, se);
+ }
+ }
+ }
+
+ private static final Test[] tests = new Test[] {
+ // java.base module loaded by boot loader
+ new Test("java.base", "java.security", null, "jdk.internal.jrtfs",
+ "jdk.internal.loader", null, null),
+ // java.desktop module loaded by boot loader and has an openQual pkg
+ // that is exported
+ new Test("java.desktop", "java.applet", null, "sun.applet",
+ "sun.awt", "com.sun.java.swing.plaf.windows",
+ "javax.swing.plaf.basic"),
+ // java.security.jgss module loaded by platform loader
+ new Test("java.security.jgss", "org.ietf.jgss", null,
+ "sun.security.krb5.internal.crypto", "sun.security.krb5",
+ null, null),
+ // java.xml.ws module loaded by platform loader but needs to be added
+ // and has an openQual pkg that is exported
+ new Test("java.xml.ws", "javax.xml.soap", null,
+ "com.sun.xml.internal.stream.buffer",
+ "com.sun.xml.internal.ws.api", null,
+ "javax.xml.ws.wsaddressing"),
+ // java.xml.ws module loaded by platform loader but needs to be added
+ // and has an openQual pkg
+ new Test("java.corba", "javax.rmi", null, "sun.corba",
+ "com.sun.corba.se.impl.util", "com.sun.jndi.cosnaming", null),
+ };
public static void main(String[] args) throws Exception {
- // get expected list of restricted packages
- List<String> pkgs = RestrictedPackages.expected();
- // get actual list of restricted packages
- List<String> jspkgs = RestrictedPackages.actual();
+ // check expected list of restricted packages in java.security file
+ checkPackages(Arrays.asList(EXPECTED));
- if (!isOpenJDKOnly()) {
- String lastPkg = pkgs.get(pkgs.size() - 1);
-
- // Remove any closed packages from list before comparing
- int index = jspkgs.indexOf(lastPkg);
- if (index != -1 && index != jspkgs.size() - 1) {
- jspkgs.subList(index + 1, jspkgs.size()).clear();
- }
+ // check access to each module's packages
+ for (Test test : tests) {
+ test.test();
}
- // Sort to ensure lists are comparable
- Collections.sort(pkgs);
- Collections.sort(jspkgs);
+ System.out.println("Test passed");
+ }
- if (!pkgs.equals(jspkgs)) {
- for (String p : pkgs)
- if (!jspkgs.contains(p))
- System.out.println("In golden set, but not in j.s file: " + p);
- for (String p : jspkgs)
- if (!pkgs.contains(p))
- System.out.println("In j.s file, but not in golden set: " + p);
-
-
- throw new RuntimeException("restricted packages are not " +
- "consistent with java.security file");
- }
- System.setSecurityManager(new SecurityManager());
- SecurityManager sm = System.getSecurityManager();
+ private static void checkPackages(List<String> pkgs) {
for (String pkg : pkgs) {
- String subpkg = pkg + "foo";
try {
sm.checkPackageAccess(pkg);
throw new RuntimeException("Able to access " + pkg +
" package");
} catch (SecurityException se) { }
try {
- sm.checkPackageAccess(subpkg);
- throw new RuntimeException("Able to access " + subpkg +
- " package");
- } catch (SecurityException se) { }
- try {
sm.checkPackageDefinition(pkg);
throw new RuntimeException("Able to define class in " + pkg +
" package");
} catch (SecurityException se) { }
+ String subpkg = pkg + "foo";
+ try {
+ sm.checkPackageAccess(subpkg);
+ throw new RuntimeException("Able to access " + subpkg +
+ " package");
+ } catch (SecurityException se) { }
try {
sm.checkPackageDefinition(subpkg);
- throw new RuntimeException("Able to define class in " + subpkg +
- " package");
+ throw new RuntimeException("Able to define class in " +
+ subpkg + " package");
} catch (SecurityException se) { }
}
- System.out.println("Test passed");
- }
-
- private static boolean isOpenJDKOnly() {
- String prop = System.getProperty("java.runtime.name");
- return prop != null && prop.startsWith("OpenJDK");
}
}
--- a/jdk/test/java/lang/SecurityManager/CheckPackageMatching.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/java/lang/SecurityManager/CheckPackageMatching.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,11 +28,13 @@
* @run main/othervm CheckPackageMatching
*/
+import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
+import java.util.StringTokenizer;
/*
* The purpose of this test is not to verify the content of the package
@@ -46,10 +48,23 @@
* The restricted packages listed in the package.access property of the
* java.security file.
*/
- private static final String[] packages =
- RestrictedPackages.actual().toArray(new String[0]);
+ private static final String[] packages = actual().toArray(new String[0]);
- private static final boolean OPEN_JDK = isOpenJDKOnly();
+ /**
+ * Returns the list of restricted packages in the package.access property.
+ */
+ private static List<String> actual() {
+ String prop = Security.getProperty("package.access");
+ List<String> packages = new ArrayList<>();
+ if (prop != null && !prop.equals("")) {
+ StringTokenizer tok = new StringTokenizer(prop, ",");
+ while (tok.hasMoreElements()) {
+ String s = tok.nextToken().trim();
+ packages.add(s);
+ }
+ }
+ return packages;
+ }
/**
* PackageMatcher implements a state machine that matches package
@@ -326,13 +341,8 @@
System.getSecurityManager().checkPackageAccess("com.sun.jmxa");
System.getSecurityManager().checkPackageAccess("jmx");
List<String> actual = Arrays.asList(packages);
- for (String p : actual) {
- if (!actual.contains(p)) {
- System.err.println("Warning: '" + p + " not in package.access");
- }
- }
- if (!actual.contains("sun.")) {
- throw new Error("package.access does not contain 'sun.'");
+ if (!actual.contains("sun.misc.")) {
+ throw new Error("package.access does not contain 'sun.misc.'");
}
}
@@ -447,17 +457,15 @@
// These should not match.
for (String pkg : new String[] {"gloups.machin", "su",
- "org.jcp.xml.dsig.interna",
+ "org.jcp.xml.dsig.inter",
"com.sun.jm", "com.sun.jmxa"}) {
testMatch(matcher, pkg, false, true);
}
// These should match.
for (String pkg : Arrays.asList(
- new String[] {"sun.gloups.machin", "sun", "sun.com",
- "com.sun.jmx", "com.sun.jmx.a",
- "org.jcp.xml.dsig.internal",
- "org.jcp.xml.dsig.internal.foo"})) {
+ new String[] {"sun.misc.gloups.machin", "sun.misc",
+ "sun.reflect"})) {
testMatch(matcher, pkg, true, true);
}
@@ -486,12 +494,6 @@
}
for (String pkg : pkgs) {
- if (!OPEN_JDK && pkg.equals("com.sun.media.sound.")) {
- // don't test com.sun.media.sound since there is an entry
- // for com.sun.media in non OpenJDK builds. Otherwise,
- // the test for this package will fail unexpectedly.
- continue;
- }
String candidate = pkg.substring(0, pkg.length() - 2);
boolean expected = pkglist.contains(candidate + ".");
testMatch(matcher, candidate, expected,
@@ -537,9 +539,4 @@
}
}
}
-
- private static boolean isOpenJDKOnly() {
- String prop = System.getProperty("java.runtime.name");
- return prop != null && prop.startsWith("OpenJDK");
- }
}
--- a/jdk/test/java/lang/SecurityManager/RestrictedPackages.java Thu Jan 19 18:03:24 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.StringTokenizer;
-
-/**
- * A collection of utility methods and constants for testing the package
- * access and package definition security checks.
- */
-final class RestrictedPackages {
-
- /*
- * The expected list of restricted packages.
- *
- * This array should be updated whenever new packages are added to the
- * package.access property in the java.security file
- * NOTE: it should be in the same order as the java.security file
- */
- static final String[] EXPECTED = {
- "sun.",
- "com.sun.xml.internal.",
- "com.sun.imageio.",
- "com.sun.istack.internal.",
- "com.sun.jmx.",
- "com.sun.media.sound.",
- "com.sun.naming.internal.",
- "com.sun.proxy.",
- "com.sun.corba.se.",
- "com.sun.org.apache.bcel.internal.",
- "com.sun.org.apache.regexp.internal.",
- "com.sun.org.apache.xerces.internal.",
- "com.sun.org.apache.xpath.internal.",
- "com.sun.org.apache.xalan.internal.extensions.",
- "com.sun.org.apache.xalan.internal.lib.",
- "com.sun.org.apache.xalan.internal.res.",
- "com.sun.org.apache.xalan.internal.templates.",
- "com.sun.org.apache.xalan.internal.utils.",
- "com.sun.org.apache.xalan.internal.xslt.",
- "com.sun.org.apache.xalan.internal.xsltc.cmdline.",
- "com.sun.org.apache.xalan.internal.xsltc.compiler.",
- "com.sun.org.apache.xalan.internal.xsltc.trax.",
- "com.sun.org.apache.xalan.internal.xsltc.util.",
- "com.sun.org.apache.xml.internal.res.",
- "com.sun.org.apache.xml.internal.security.",
- "com.sun.org.apache.xml.internal.serializer.dom3.",
- "com.sun.org.apache.xml.internal.serializer.utils.",
- "com.sun.org.apache.xml.internal.utils.",
- "com.sun.org.glassfish.",
- "com.sun.tools.script.",
- "com.oracle.xmlns.internal.",
- "com.oracle.webservices.internal.",
- "org.jcp.xml.dsig.internal.",
- "jdk.internal.",
- "jdk.nashorn.internal.",
- "jdk.nashorn.tools.",
- "jdk.tools.jimage.",
- "com.sun.activation.registries.",
- "com.sun.java.accessibility.util.internal."
- };
-
- /*
- * A non-exhaustive list of restricted packages.
- *
- * Contrary to what is in the EXPECTED list, this list does not need
- * to be exhaustive.
- */
- static final String[] EXPECTED_NONEXHAUSTIVE = {
- "sun.",
- "com.sun.xml.internal.",
- "com.sun.imageio.",
- "com.sun.istack.internal.",
- "com.sun.jmx.",
- "com.sun.proxy.",
- "com.sun.org.apache.bcel.internal.",
- "com.sun.org.apache.regexp.internal.",
- "com.sun.org.apache.xerces.internal.",
- "com.sun.org.apache.xpath.internal.",
- "com.sun.org.apache.xalan.internal.extensions.",
- "com.sun.org.apache.xalan.internal.lib.",
- "com.sun.org.apache.xalan.internal.res.",
- "com.sun.org.apache.xalan.internal.templates.",
- "com.sun.org.apache.xalan.internal.utils.",
- "com.sun.org.apache.xalan.internal.xslt.",
- "com.sun.org.apache.xalan.internal.xsltc.cmdline.",
- "com.sun.org.apache.xalan.internal.xsltc.compiler.",
- "com.sun.org.apache.xalan.internal.xsltc.trax.",
- "com.sun.org.apache.xalan.internal.xsltc.util.",
- "com.sun.org.apache.xml.internal.res.",
- "com.sun.org.apache.xml.internal.serializer.utils.",
- "com.sun.org.apache.xml.internal.utils.",
- "com.sun.org.apache.xml.internal.security.",
- "com.sun.org.glassfish.",
- "org.jcp.xml.dsig.internal."
- };
-
- private static final String OS_NAME = System.getProperty("os.name");
-
- /**
- * Returns a list of expected restricted packages, including any
- * OS specific packages. The returned list is mutable.
- */
- static List<String> expected() {
- List<String> pkgs = new ArrayList<>(Arrays.asList(EXPECTED));
- if (OS_NAME.contains("OS X")) {
- pkgs.add("apple."); // add apple package for OS X
- }
- if (OS_NAME.contains("Win")) {
- pkgs.add("com.sun.java.accessibility.internal."); // add Win only package
- }
- return pkgs;
- }
-
- /**
- * Returns a list of actual restricted packages. The returned list
- * is mutable.
- */
- static List<String> actual() {
- String prop = Security.getProperty("package.access");
- List<String> packages = new ArrayList<>();
- if (prop != null && !prop.equals("")) {
- StringTokenizer tok = new StringTokenizer(prop, ",");
- while (tok.hasMoreElements()) {
- String s = tok.nextToken().trim();
- packages.add(s);
- }
- }
- return packages;
- }
-
- private RestrictedPackages() { }
-}
--- a/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
scratch.add(" int foo();");
scratch.add(" }");
scratch.add(" public static void main(String[] args) {");
+ scratch.add(" System.setSecurityManager(new SecurityManager());");
scratch.add(" I lam = () -> 10;");
scratch.add(" Runnable r = () -> {");
scratch.add(" System.out.println(\"Runnable\");");
@@ -114,7 +115,6 @@
public void testNotLogging() {
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
- "-Djava.security.manager",
"com.example.TestLambda");
tr.assertZero("Should still return 0");
}
@@ -125,7 +125,6 @@
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=dump",
- "-Djava.security.manager",
"com.example.TestLambda");
// 2 our own class files. We don't care about the others
assertEquals(Files.find(
@@ -143,7 +142,6 @@
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=notExist",
- "-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@@ -159,7 +157,6 @@
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=file",
- "-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@@ -218,7 +215,6 @@
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=readOnly",
- "-Djava.security.manager",
"com.example.TestLambda");
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING"))
@@ -237,7 +233,6 @@
TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
"-cp", ".",
"-Djdk.internal.lambda.dumpProxyClasses=dumpLong",
- "-Djava.security.manager",
longFQCN);
assertEquals(tr.testOutput.stream()
.filter(s -> s.startsWith("WARNING: Exception"))
--- a/jdk/test/java/security/KeyRep/SerialOld.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/java/security/KeyRep/SerialOld.policy Thu Jan 19 13:50:02 2017 -0500
@@ -1,4 +1,4 @@
-grant {
+grant codeBase "file:${test.classes}/*" {
permission java.io.FilePermission "${test.src}${file.separator}*", "read";
permission java.util.PropertyPermission "test.src", "read";
@@ -11,4 +11,6 @@
"accessClassInPackage.sun.security.x509";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.rsa";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.crypto.provider";
};
--- a/jdk/test/javax/rmi/PortableRemoteObject/8146975/jtreg.test.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/javax/rmi/PortableRemoteObject/8146975/jtreg.test.policy Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,25 +21,12 @@
* questions.
*/
-grant codeBase "jrt:/java.corba" {
- permission java.security.AllPermission;
+grant {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read, execute";
};
-
-
-grant {
- permission java.io.FilePermission "./-", "read,write,execute";
- permission java.io.FilePermission "*", "read";
+grant codeBase "file:${test.classes}/*" {
permission java.net.SocketPermission "*:*", "connect, accept, listen, resolve";
- permission java.util.PropertyPermission "*", "read, write";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.io.SerializablePermission "enableSubclassImplementation";
- permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.corba";
- permission java.lang.RuntimePermission "defineClassInPackage.sun.corba";
- permission java.lang.RuntimePermission "reflectionFactoryAccess";
- permission sun.corba.BridgePermission "getBridge";
- permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
- permission java.util.PropertyPermission "*", "read, write";
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute";
+ permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.cosnaming";
};
--- a/jdk/test/javax/rmi/PortableRemoteObject/jtreg.test.policy Thu Jan 19 18:03:24 2017 +0000
+++ b/jdk/test/javax/rmi/PortableRemoteObject/jtreg.test.policy Thu Jan 19 13:50:02 2017 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,23 +21,12 @@
* questions.
*/
-grant codeBase "jrt:/java.corba" {
- permission java.security.AllPermission;
+grant {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read, execute";
};
-grant {
- permission java.io.FilePermission "./-", "read,write,execute";
- permission java.io.FilePermission "*", "read";
+grant codeBase "file:${test.classes}/*" {
permission java.net.SocketPermission "*:*", "connect, accept, listen, resolve";
- permission java.util.PropertyPermission "*", "read, write";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.io.SerializablePermission "enableSubclassImplementation";
- permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.corba";
- permission java.lang.RuntimePermission "defineClassInPackage.sun.corba";
- permission java.lang.RuntimePermission "reflectionFactoryAccess";
- permission sun.corba.BridgePermission "getBridge";
- permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
- permission java.util.PropertyPermission "*", "read, write";
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute";
+ permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jndi.cosnaming";
};