jdk/test/java/security/AccessController/LimitedDoPrivileged.java
changeset 17946 7791613dcbfd
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/AccessController/LimitedDoPrivileged.java	Tue Jun 04 15:33:42 2013 -0700
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8014097
+ * @summary Test the limited privilege scope version of doPrivileged
+ */
+
+import java.security.*;
+import java.util.*;
+
+public class LimitedDoPrivileged {
+    /*
+     * Test variations of doPrivileged() and doPrivileged() with a limited privilege scope
+     * in a sandbox with the usual default permission to read the system properties for the
+     * file and path separators.
+     *
+     * By passing in an "assigned" AccessControlContext that has
+     * no default permissions we can test how code privileges are being scoped.
+     */
+
+    private static final ProtectionDomain domain =
+        new ProtectionDomain(null, null, null, null);
+    private static final AccessControlContext acc =
+        new AccessControlContext(new ProtectionDomain[] { domain });
+    private static final PropertyPermission pathPerm =
+        new PropertyPermission("path.separator", "read");
+    private static final PropertyPermission filePerm =
+        new PropertyPermission("file.separator", "read");
+
+    public static void main(String[] args) throws Exception {
+        /*
+         * Verify that we have the usual default property read permission.
+         */
+        AccessController.getContext().checkPermission(filePerm);
+        AccessController.getContext().checkPermission(pathPerm);
+        System.out.println("test 1 passed");
+
+        /*
+         * Inject the "no permission" AccessControlContext.
+         */
+        AccessController.doPrivileged(new PrivilegedAction() {
+            public Object run() {
+
+                /*
+                 * Verify that we no longer have the "file.separator" permission.
+                 */
+                try {
+                    AccessController.getContext().checkPermission(pathPerm);
+                } catch (AccessControlException ace) {
+                    System.out.println("test 2 passed");
+                }
+
+                /*
+                 * Verify that we can give ourselves limited privilege to read
+                 * any system property starting with "path.".
+                 */
+                AccessController.doPrivileged
+                    (new PrivilegedAction() {
+                        public Object run() {
+                            AccessController.getContext().checkPermission(pathPerm);
+                            return null;
+                        }
+                }, null, new PropertyPermission("path.*", "read"));
+                System.out.println("test 3 passed");
+
+                /*
+                 * Verify that if we give ourselves limited privilege to read
+                 * any system property starting with "path." it won't give us the
+                 * the ability to read "file.separator".
+                 */
+                try {
+                    AccessController.doPrivileged
+                        (new PrivilegedAction() {
+                            public Object run() {
+                                AccessController.getContext().checkPermission(filePerm);
+                                return null;
+                            }
+                    }, null, new PropertyPermission("path.*", "read"));
+                } catch (AccessControlException ace) {
+                    System.out.println("test 4 passed");
+                }
+
+                /*
+                 * Verify that capturing and passing in the context with no default
+                 * system property permission grants will prevent access that succeeded
+                 * earlier without the context assignment.
+                 */
+                final AccessControlContext context = AccessController.getContext();
+                try {
+                    AccessController.doPrivileged
+                        (new PrivilegedAction() {
+                            public Object run() {
+                                AccessController.getContext().checkPermission(pathPerm);
+                                return null;
+                            }
+                    }, context, new PropertyPermission("path.*", "read"));
+                } catch (AccessControlException ace) {
+                    System.out.println("test 5 passed");
+                }
+
+                /*
+                 * Verify that we can give ourselves full privilege to read
+                 * any system property starting with "path.".
+                 */
+                AccessController.doPrivileged
+                     (new PrivilegedAction() {
+                        public Object run() {
+                            AccessController.getContext().checkPermission(pathPerm);
+                            return null;
+                        }
+                });
+                System.out.println("test 6 passed");
+
+                /*
+                 * Verify that capturing and passing in the context with no default
+                 * system property permission grants will prevent access that succeeded
+                 * earlier without the context assignment.
+                 */
+                try {
+                    AccessController.doPrivileged
+                        (new PrivilegedAction() {
+                            public Object run() {
+                                AccessController.getContext().checkPermission(pathPerm);
+                                return null;
+                            }
+                    }, context);
+                } catch (AccessControlException ace) {
+                    System.out.println("test 7 passed");
+                }
+
+                /*
+                 * Verify that we can give ourselves limited privilege to read
+                 * any system property starting with "path." when a limited
+                 * privilege scope context is captured and passed to a regular
+                 * doPrivileged() as an assigned context.
+                 */
+                AccessController.doPrivileged
+                     (new PrivilegedAction() {
+                        public Object run() {
+
+                            /*
+                             * Capture the limited privilege scope and inject it into the
+                             * regular doPrivileged().
+                             */
+                            final AccessControlContext limitedContext = AccessController.getContext();
+                            AccessController.doPrivileged
+                                (new PrivilegedAction() {
+                                    public Object run() {
+                                        AccessController.getContext().checkPermission(pathPerm);
+                                        return null;
+                                }
+                            }, limitedContext);
+                            return null;
+                        }
+                }, null, new PropertyPermission("path.*", "read"));
+                System.out.println("test 8 passed");
+
+                /*
+                 * Verify that we can give ourselves limited privilege to read
+                 * any system property starting with "path." it won't give us the
+                 * the ability to read "file.separator" when a limited
+                 * privilege scope context is captured and passed to a regular
+                 * doPrivileged() as an assigned context.
+                 */
+                AccessController.doPrivileged
+                     (new PrivilegedAction() {
+                        public Object run() {
+
+                            /*
+                             * Capture the limited privilege scope and inject it into the
+                             * regular doPrivileged().
+                             */
+                            final AccessControlContext limitedContext = AccessController.getContext();
+                            try {
+                                AccessController.doPrivileged
+                                    (new PrivilegedAction() {
+                                        public Object run() {
+                                            AccessController.getContext().checkPermission(filePerm);
+                                            return null;
+                                    }
+                                }, limitedContext);
+                            } catch (AccessControlException ace) {
+                                System.out.println("test 9 passed");
+                            }
+                            return null;
+                        }
+                }, null, new PropertyPermission("path.*", "read"));
+
+                return null;
+            }
+        }, acc);
+    }
+}