8040059: Change default policy for extensions to no permission
Reviewed-by: alanb, mullan, erikj
--- a/jdk/make/CopyFiles.gmk Fri May 09 12:06:13 2014 +0200
+++ b/jdk/make/CopyFiles.gmk Fri May 09 09:04:41 2014 -0700
@@ -367,8 +367,24 @@
POLICY_SRC := $(JDK_TOPDIR)/src/share/lib/security/java.policy
POLICY_DST := $(JDK_OUTPUTDIR)/lib/security/java.policy
-$(POLICY_DST): $(POLICY_SRC)
- $(call install-file)
+POLICY_SRC_LIST :=
+
+ifeq ($(OPENJDK_TARGET_OS), windows)
+ POLICY_SRC_LIST += $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS)/lib/security/java.policy
+endif
+ifndef OPENJDK
+ ifneq (, $(filter $(OPENJDK_TARGET_OS), windows solaris))
+ POLICY_SRC_LIST += $(JDK_TOPDIR)/src/closed/$(OPENJDK_TARGET_OS)/lib/security/java.policy
+ endif
+endif
+
+POLICY_SRC_LIST += $(POLICY_SRC)
+
+$(POLICY_DST): $(POLICY_SRC_LIST)
+ $(MKDIR) -p $(@D)
+ $(RM) $@ $@.tmp
+ $(foreach f,$(POLICY_SRC_LIST),$(CAT) $(f) >> $@.tmp;)
+ $(MV) $@.tmp $@
COPY_FILES += $(POLICY_DST)
--- a/jdk/src/share/classes/jdk/nio/zipfs/ZipFileSystem.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/src/share/classes/jdk/nio/zipfs/ZipFileSystem.java Fri May 09 09:04:41 2014 -0700
@@ -41,6 +41,8 @@
import java.nio.file.spi.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.*;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
@@ -110,7 +112,9 @@
}
// sm and existence check
zfpath.getFileSystem().provider().checkAccess(zfpath, AccessMode.READ);
- if (!Files.isWritable(zfpath))
+ boolean writeable = AccessController.doPrivileged(
+ (PrivilegedAction<Boolean>) () -> Files.isWritable(zfpath));
+ if (!writeable)
this.readOnly = true;
this.zc = ZipCoder.get(nameEncoding);
this.defaultdir = new ZipPath(this, getBytes(defaultDir));
@@ -262,9 +266,13 @@
}
beginWrite(); // lock and sync
try {
- sync();
- ch.close(); // close the ch just in case no update
- } finally { // and sync dose not close the ch
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ sync(); return null;
+ });
+ ch.close(); // close the ch just in case no update
+ } catch (PrivilegedActionException e) { // and sync dose not close the ch
+ throw (IOException)e.getException();
+ } finally {
endWrite();
}
@@ -281,8 +289,10 @@
synchronized (tmppaths) {
for (Path p: tmppaths) {
try {
- Files.deleteIfExists(p);
- } catch (IOException x) {
+ AccessController.doPrivileged(
+ (PrivilegedExceptionAction<Boolean>)() -> Files.deleteIfExists(p));
+ } catch (PrivilegedActionException e) {
+ IOException x = (IOException)e.getException();
if (ioe == null)
ioe = x;
else
--- a/jdk/src/share/lib/security/java.policy Fri May 09 12:06:13 2014 +0200
+++ b/jdk/src/share/lib/security/java.policy Fri May 09 09:04:41 2014 -0700
@@ -1,7 +1,39 @@
+// permissions required by each component
+grant codeBase "file:${java.home}/lib/ext/zipfs.jar" {
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission java.lang.RuntimePermission "fileSystemProvider";
+ permission java.util.PropertyPermission "*", "read";
+};
-// Standard extensions get all permissions by default
+grant codeBase "file:${java.home}/lib/ext/cldrdata.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
+ permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/localedata.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
+ permission java.util.PropertyPermission "*", "read";
+};
-grant codeBase "file:${{java.ext.dirs}}/*" {
+grant codeBase "file:${java.home}/lib/ext/dnsns.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/lib/ext/nashorn.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
permission java.security.AllPermission;
};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/windows/lib/security/java.policy Fri May 09 09:04:41 2014 -0700
@@ -0,0 +1,3 @@
+grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
+ permission java.security.AllPermission;
+};
--- a/jdk/test/TEST.groups Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/TEST.groups Fri May 09 09:04:41 2014 -0700
@@ -97,7 +97,8 @@
jdk_nio = \
java/nio \
- sun/nio
+ sun/nio \
+ jdk/nio
jdk_net = \
java/net \
@@ -203,7 +204,6 @@
com/sun/jndi \
com/sun/corba \
lib/testlibrary \
- jdk/nio/zipfs \
sample
#
--- a/jdk/test/jdk/nio/zipfs/Basic.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/jdk/nio/zipfs/Basic.java Fri May 09 09:04:41 2014 -0700
@@ -31,8 +31,11 @@
/**
*
* @test
- * @bug 8038500
+ * @bug 8038500 8040059
* @summary Basic test for zip provider
+ *
+ * @run main Basic
+ * @run main/othervm/policy=test.policy Basic
*/
public class Basic {
--- a/jdk/test/jdk/nio/zipfs/PathOps.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/jdk/nio/zipfs/PathOps.java Fri May 09 09:04:41 2014 -0700
@@ -29,8 +29,11 @@
/**
*
* @test
- * @bug 8038500
+ * @bug 8038500 8040059
* @summary Tests path operations for zip provider.
+ *
+ * @run main PathOps
+ * @run main/othervm/policy=test.policy.readonly PathOps
*/
public class PathOps {
--- a/jdk/test/jdk/nio/zipfs/ZFSTests.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/jdk/nio/zipfs/ZFSTests.java Fri May 09 09:04:41 2014 -0700
@@ -22,8 +22,11 @@
*/
/* @test
- @bug 7156873
- @summary ZipFileSystem regression tests
+ * @bug 7156873 8040059
+ * @summary ZipFileSystem regression tests
+ *
+ * @run main ZFSTests
+ * @run main/othervm/policy=test.policy ZFSTests
*/
--- a/jdk/test/jdk/nio/zipfs/ZipFSTester.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/jdk/nio/zipfs/ZipFSTester.java Fri May 09 09:04:41 2014 -0700
@@ -40,8 +40,10 @@
*
* @test
* @bug 6990846 7009092 7009085 7015391 7014948 7005986 7017840 7007596
- * 7157656 8002390 7012868 7012856 8015728 8038500
+ * 7157656 8002390 7012868 7012856 8015728 8038500 8040059
* @summary Test Zip filesystem provider
+ * @run main ZipFSTester
+ * @run main/othervm/policy=test.policy ZipFSTester
*/
public class ZipFSTester {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/jdk/nio/zipfs/test.policy Fri May 09 09:04:41 2014 -0700
@@ -0,0 +1,16 @@
+grant codeBase "file:${java.home}/lib/ext/zipfs.jar" {
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+ permission java.lang.RuntimePermission "fileSystemProvider";
+ permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+};
+
+grant {
+ permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
+ permission java.util.PropertyPermission "test.jdk","read";
+ permission java.util.PropertyPermission "test.src","read";
+ permission java.util.PropertyPermission "user.dir","read";
+};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/jdk/nio/zipfs/test.policy.readonly Fri May 09 09:04:41 2014 -0700
@@ -0,0 +1,12 @@
+grant codeBase "file:${java.home}/lib/ext/zipfs.jar" {
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+ permission java.lang.RuntimePermission "fileSystemProvider";
+ permission java.util.PropertyPermission "*", "read";
+};
+
+grant {
+ permission java.io.FilePermission "<<ALL FILES>>","read";
+ permission java.util.PropertyPermission "test.jdk","read";
+ permission java.util.PropertyPermission "test.src","read";
+ permission java.util.PropertyPermission "user.dir","read";
+};
--- a/jdk/test/lib/security/java.policy/Ext_AllPolicy.java Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/lib/security/java.policy/Ext_AllPolicy.java Fri May 09 09:04:41 2014 -0700
@@ -30,12 +30,24 @@
import java.security.*;
public class Ext_AllPolicy {
- public static void main (String[] args) {
- FilePermission mine = new FilePermission("/tmp/bar", "read");
- SecurityManager sm = System.getSecurityManager();
+ public static void main (String[] args) {
+ boolean allPerms = args.length == 1 && args[0].equals("AllPermission");
+ FilePermission mine = new FilePermission("/tmp/bar", "read");
+ SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(mine);
+ if (sm != null) {
+ try {
+ sm.checkPermission(mine);
+ if (!allPerms) {
+ // Default has no privilege.
+ throw new RuntimeException(mine + " expected to deny access");
}
+ } catch (AccessControlException e) {
+ if (allPerms) {
+ // expected all permissions granted
+ throw e;
+ }
+ }
}
+ }
}
--- a/jdk/test/lib/security/java.policy/Ext_AllPolicy.sh Fri May 09 12:06:13 2014 +0200
+++ b/jdk/test/lib/security/java.policy/Ext_AllPolicy.sh Fri May 09 09:04:41 2014 -0700
@@ -22,7 +22,7 @@
#
# @test
-# @bug 4215035
+# @bug 4215035 8040059
# @summary standard extensions path is hard-coded in default system policy file
#
# @build Ext_AllPolicy
@@ -81,6 +81,9 @@
rm Ext_AllPolicy.class
${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \
- -Djava.security.manager -Djava.ext.dirs="${TESTCLASSES}" Ext_AllPolicy
+ -Djava.security.manager -Djava.ext.dirs="${TESTCLASSES}" Ext_AllPolicy || exit 10
+${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \
+ -Djava.security.policy=${TESTSRC}${FS}test.policy \
+ -Djava.security.manager -Djava.ext.dirs="${TESTCLASSES}" Ext_AllPolicy AllPermission
exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/lib/security/java.policy/test.policy Fri May 09 09:04:41 2014 -0700
@@ -0,0 +1,3 @@
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};