21 * questions. |
21 * questions. |
22 */ |
22 */ |
23 |
23 |
24 /* |
24 /* |
25 * @test |
25 * @test |
26 * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 |
26 * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 8055206 |
27 * @summary Make sure all restricted packages listed in the package.access |
27 * @summary Check that various restricted packages that are supposed to be |
|
28 * restricted by default or are listed in the package.access |
28 * property in the java.security file are blocked |
29 * property in the java.security file are blocked |
|
30 * @modules java.xml.ws java.corba |
29 * @run main/othervm CheckPackageAccess |
31 * @run main/othervm CheckPackageAccess |
30 */ |
32 */ |
31 |
33 |
32 import java.util.Collections; |
34 import java.lang.module.ModuleFinder; |
33 import java.util.ArrayList; |
35 import java.lang.module.ModuleReference; |
|
36 import java.util.Arrays; |
34 import java.util.List; |
37 import java.util.List; |
|
38 import java.util.Optional; |
35 |
39 |
36 /* |
|
37 * The main benefit of this test is to catch merge errors or other types |
|
38 * of issues where one or more of the packages are accidentally |
|
39 * removed. This is why the packages that are known to be restricted have to |
|
40 * be explicitly listed below. |
|
41 */ |
|
42 public class CheckPackageAccess { |
40 public class CheckPackageAccess { |
43 |
41 |
44 public static void main(String[] args) throws Exception { |
42 private static final SecurityManager sm = new SecurityManager(); |
45 // get expected list of restricted packages |
43 private static final ModuleFinder mf = ModuleFinder.ofSystem(); |
46 List<String> pkgs = RestrictedPackages.expected(); |
|
47 |
44 |
48 // get actual list of restricted packages |
45 /* |
49 List<String> jspkgs = RestrictedPackages.actual(); |
46 * The expected list of restricted packages of the package.access property. |
|
47 * |
|
48 * This array should be updated whenever new packages are added to the |
|
49 * package.access property in the java.security file |
|
50 * NOTE: it should be in the same order as the java.security file |
|
51 */ |
|
52 private static final String[] EXPECTED = { |
|
53 "sun.misc.", |
|
54 "sun.reflect.", |
|
55 }; |
50 |
56 |
51 if (!isOpenJDKOnly()) { |
57 /** |
52 String lastPkg = pkgs.get(pkgs.size() - 1); |
58 * Tests access to various packages of a module. |
|
59 */ |
|
60 private static class Test { |
|
61 String moduleName; // name of module |
|
62 ModuleReference moduleRef; // module reference |
|
63 String exports; // exported pkg |
|
64 Optional<String> opens; // opened pkg |
|
65 String conceals; // concealed pkg |
|
66 Optional<String> qualExports; // qualified export pkg |
|
67 Optional<String> qualOpens; // qualified open pkg |
|
68 // qual open and non-qualified export pkg |
|
69 Optional<String> qualOpensAndExports; |
|
70 Test(String module, String exports, String opens, String conceals, |
|
71 String qualExports, String qualOpens, String qualOpensAndExports) { |
|
72 this.moduleName = module; |
|
73 this.moduleRef = mf.find(moduleName).get(); |
|
74 this.exports = exports; |
|
75 this.opens = Optional.ofNullable(opens); |
|
76 this.conceals = conceals; |
|
77 this.qualExports = Optional.ofNullable(qualExports); |
|
78 this.qualOpens = Optional.ofNullable(qualOpens); |
|
79 this.qualOpensAndExports = Optional.ofNullable(qualOpensAndExports); |
|
80 } |
53 |
81 |
54 // Remove any closed packages from list before comparing |
82 void test() { |
55 int index = jspkgs.indexOf(lastPkg); |
83 System.out.println("Testing module " + moduleName); |
56 if (index != -1 && index != jspkgs.size() - 1) { |
84 |
57 jspkgs.subList(index + 1, jspkgs.size()).clear(); |
85 // access to exported pkg should pass |
|
86 testNonRestricted(exports); |
|
87 |
|
88 // access to opened pkg should pass |
|
89 opens.ifPresent(Test::testNonRestricted); |
|
90 |
|
91 // access to concealed pkg should fail |
|
92 testRestricted(conceals); |
|
93 |
|
94 // access to qualified export pkg should fail |
|
95 qualExports.ifPresent(Test::testRestricted); |
|
96 |
|
97 // access to qualified open pkg should fail |
|
98 qualOpens.ifPresent(Test::testRestricted); |
|
99 |
|
100 // access to qualified opened pkg that is also exported should pass |
|
101 qualOpensAndExports.ifPresent(Test::testNonRestricted); |
|
102 } |
|
103 |
|
104 private static void testRestricted(String pkg) { |
|
105 try { |
|
106 sm.checkPackageAccess(pkg); |
|
107 throw new RuntimeException("Able to access restricted package: " |
|
108 + pkg); |
|
109 } catch (SecurityException se) {} |
|
110 try { |
|
111 sm.checkPackageDefinition(pkg); |
|
112 throw new RuntimeException("Able to access restricted package: " |
|
113 + pkg); |
|
114 } catch (SecurityException se) {} |
|
115 } |
|
116 |
|
117 private static void testNonRestricted(String pkg) { |
|
118 try { |
|
119 sm.checkPackageAccess(pkg); |
|
120 } catch (SecurityException se) { |
|
121 throw new RuntimeException("Unable to access exported package: " |
|
122 + pkg, se); |
|
123 } |
|
124 try { |
|
125 sm.checkPackageDefinition(pkg); |
|
126 } catch (SecurityException se) { |
|
127 throw new RuntimeException("Unable to access exported package: " |
|
128 + pkg, se); |
58 } |
129 } |
59 } |
130 } |
|
131 } |
60 |
132 |
61 // Sort to ensure lists are comparable |
133 private static final Test[] tests = new Test[] { |
62 Collections.sort(pkgs); |
134 // java.base module loaded by boot loader |
63 Collections.sort(jspkgs); |
135 new Test("java.base", "java.security", null, "jdk.internal.jrtfs", |
|
136 "jdk.internal.loader", null, null), |
|
137 // java.desktop module loaded by boot loader and has an openQual pkg |
|
138 // that is exported |
|
139 new Test("java.desktop", "java.applet", null, "sun.applet", |
|
140 "sun.awt", "com.sun.java.swing.plaf.windows", |
|
141 "javax.swing.plaf.basic"), |
|
142 // java.security.jgss module loaded by platform loader |
|
143 new Test("java.security.jgss", "org.ietf.jgss", null, |
|
144 "sun.security.krb5.internal.crypto", "sun.security.krb5", |
|
145 null, null), |
|
146 // java.xml.ws module loaded by platform loader but needs to be added |
|
147 // and has an openQual pkg that is exported |
|
148 new Test("java.xml.ws", "javax.xml.soap", null, |
|
149 "com.sun.xml.internal.stream.buffer", |
|
150 "com.sun.xml.internal.ws.api", null, |
|
151 "javax.xml.ws.wsaddressing"), |
|
152 // java.xml.ws module loaded by platform loader but needs to be added |
|
153 // and has an openQual pkg |
|
154 new Test("java.corba", "javax.rmi", null, "sun.corba", |
|
155 "com.sun.corba.se.impl.util", "com.sun.jndi.cosnaming", null), |
|
156 }; |
64 |
157 |
65 if (!pkgs.equals(jspkgs)) { |
158 public static void main(String[] args) throws Exception { |
66 for (String p : pkgs) |
|
67 if (!jspkgs.contains(p)) |
|
68 System.out.println("In golden set, but not in j.s file: " + p); |
|
69 for (String p : jspkgs) |
|
70 if (!pkgs.contains(p)) |
|
71 System.out.println("In j.s file, but not in golden set: " + p); |
|
72 |
159 |
|
160 // check expected list of restricted packages in java.security file |
|
161 checkPackages(Arrays.asList(EXPECTED)); |
73 |
162 |
74 throw new RuntimeException("restricted packages are not " + |
163 // check access to each module's packages |
75 "consistent with java.security file"); |
164 for (Test test : tests) { |
|
165 test.test(); |
76 } |
166 } |
77 System.setSecurityManager(new SecurityManager()); |
167 |
78 SecurityManager sm = System.getSecurityManager(); |
168 System.out.println("Test passed"); |
|
169 } |
|
170 |
|
171 private static void checkPackages(List<String> pkgs) { |
79 for (String pkg : pkgs) { |
172 for (String pkg : pkgs) { |
80 String subpkg = pkg + "foo"; |
|
81 try { |
173 try { |
82 sm.checkPackageAccess(pkg); |
174 sm.checkPackageAccess(pkg); |
83 throw new RuntimeException("Able to access " + pkg + |
175 throw new RuntimeException("Able to access " + pkg + |
84 " package"); |
|
85 } catch (SecurityException se) { } |
|
86 try { |
|
87 sm.checkPackageAccess(subpkg); |
|
88 throw new RuntimeException("Able to access " + subpkg + |
|
89 " package"); |
176 " package"); |
90 } catch (SecurityException se) { } |
177 } catch (SecurityException se) { } |
91 try { |
178 try { |
92 sm.checkPackageDefinition(pkg); |
179 sm.checkPackageDefinition(pkg); |
93 throw new RuntimeException("Able to define class in " + pkg + |
180 throw new RuntimeException("Able to define class in " + pkg + |
94 " package"); |
181 " package"); |
95 } catch (SecurityException se) { } |
182 } catch (SecurityException se) { } |
|
183 String subpkg = pkg + "foo"; |
|
184 try { |
|
185 sm.checkPackageAccess(subpkg); |
|
186 throw new RuntimeException("Able to access " + subpkg + |
|
187 " package"); |
|
188 } catch (SecurityException se) { } |
96 try { |
189 try { |
97 sm.checkPackageDefinition(subpkg); |
190 sm.checkPackageDefinition(subpkg); |
98 throw new RuntimeException("Able to define class in " + subpkg + |
191 throw new RuntimeException("Able to define class in " + |
99 " package"); |
192 subpkg + " package"); |
100 } catch (SecurityException se) { } |
193 } catch (SecurityException se) { } |
101 } |
194 } |
102 System.out.println("Test passed"); |
|
103 } |
|
104 |
|
105 private static boolean isOpenJDKOnly() { |
|
106 String prop = System.getProperty("java.runtime.name"); |
|
107 return prop != null && prop.startsWith("OpenJDK"); |
|
108 } |
195 } |
109 } |
196 } |