jdk-24/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java

/*
 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 *  @test
 *  @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633
 *  @summary Make sure all restricted packages listed in the package.access
 *           property in the java.security file are blocked
 *  @run main/othervm CheckPackageAccess
 */

import java.security.Security;
import java.util.Collections;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;

/*
 * The main benefit of this test is to catch merge errors or other types
 * of issues where one or more of the packages are accidentally
 * removed. This is why the packages that are known to be restricted have to
 * be explicitly listed below.
 */
public class CheckPackageAccess {

    /*
     * This array should be updated whenever new packages are added to the
     * package.access property in the java.security file
     * NOTE: it should be in the same order as the java.security file
     */
    private static final String[] packages = {
        "sun.",
        "com.sun.xml.internal.",
        "com.sun.imageio.",
        "com.sun.istack.internal.",
        "com.sun.jmx.",
        "com.sun.media.sound.",
        "com.sun.naming.internal.",
        "com.sun.proxy.",
        "com.sun.corba.se.",
        "com.sun.org.apache.bcel.internal.",
        "com.sun.org.apache.regexp.internal.",
        "com.sun.org.apache.xerces.internal.",
        "com.sun.org.apache.xpath.internal.",
        "com.sun.org.apache.xalan.internal.extensions.",
        "com.sun.org.apache.xalan.internal.lib.",
        "com.sun.org.apache.xalan.internal.res.",
        "com.sun.org.apache.xalan.internal.templates.",
        "com.sun.org.apache.xalan.internal.utils.",
        "com.sun.org.apache.xalan.internal.xslt.",
        "com.sun.org.apache.xalan.internal.xsltc.cmdline.",
        "com.sun.org.apache.xalan.internal.xsltc.compiler.",
        "com.sun.org.apache.xalan.internal.xsltc.trax.",
        "com.sun.org.apache.xalan.internal.xsltc.util.",
        "com.sun.org.apache.xml.internal.res.",
        "com.sun.org.apache.xml.internal.security.",
        "com.sun.org.apache.xml.internal.serializer.utils.",
        "com.sun.org.apache.xml.internal.utils.",
        "com.sun.org.glassfish.",
        "com.sun.tools.script.",
        "com.oracle.xmlns.internal.",
        "com.oracle.webservices.internal.",
        "org.jcp.xml.dsig.internal.",
        "jdk.internal.",
        "jdk.nashorn.internal.",
        "jdk.nashorn.tools.",
        "jdk.tools.jimage.",
        "com.sun.activation.registries."
    };

    public static void main(String[] args) throws Exception {
        List<String> pkgs = new ArrayList<>(Arrays.asList(packages));
        String osName = System.getProperty("os.name");
        if (osName.contains("OS X")) {
            pkgs.add("apple.");  // add apple package for OS X
        }

        List<String> jspkgs =
            getPackages(Security.getProperty("package.access"));

        if (!isOpenJDKOnly()) {
            String lastPkg = pkgs.get(pkgs.size() - 1);

            // Remove any closed packages from list before comparing
            int index = jspkgs.indexOf(lastPkg);
            if (index != -1 && index != jspkgs.size() - 1) {
                jspkgs.subList(index + 1, jspkgs.size()).clear();
            }
        }

        // Sort to ensure lists are comparable
        Collections.sort(pkgs);
        Collections.sort(jspkgs);

        if (!pkgs.equals(jspkgs)) {
            for (String p : pkgs)
                if (!jspkgs.contains(p))
                    System.out.println("In golden set, but not in j.s file: " + p);
            for (String p : jspkgs)
                if (!pkgs.contains(p))
                    System.out.println("In j.s file, but not in golden set: " + p);


            throw new RuntimeException("restricted packages are not " +
                                       "consistent with java.security file");
        }
        System.setSecurityManager(new SecurityManager());
        SecurityManager sm = System.getSecurityManager();
        for (String pkg : packages) {
            String subpkg = pkg + "foo";
            try {
                sm.checkPackageAccess(pkg);
                throw new RuntimeException("Able to access " + pkg +
                                           " package");
            } catch (SecurityException se) { }
            try {
                sm.checkPackageAccess(subpkg);
                throw new RuntimeException("Able to access " + subpkg +
                                           " package");
            } catch (SecurityException se) { }
            try {
                sm.checkPackageDefinition(pkg);
                throw new RuntimeException("Able to define class in " + pkg +
                                           " package");
            } catch (SecurityException se) { }
            try {
                sm.checkPackageDefinition(subpkg);
                throw new RuntimeException("Able to define class in " + subpkg +
                                           " package");
            } catch (SecurityException se) { }
        }
        System.out.println("Test passed");
    }

    private static List<String> getPackages(String p) {
        List<String> packages = new ArrayList<>();
        if (p != null && !p.equals("")) {
            StringTokenizer tok = new StringTokenizer(p, ",");
            while (tok.hasMoreElements()) {
                String s = tok.nextToken().trim();
                packages.add(s);
            }
        }
        return packages;
    }

    private static boolean isOpenJDKOnly() {
        String prop = System.getProperty("java.runtime.name");
        return prop != null && prop.startsWith("OpenJDK");
    }
}
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`/*`
8041633: [TESTBUG] java/lang/SecurityManager/CheckPackageAccess.java fails with "In j.s file, but not in golden set: com.sun.activation.registries." Adding newly restricted package to golden set in the test Reviewed-by: asmotrak, coffeys, mullan 2014-05-20 14:02:57 +00:00			`* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
			`*`
			`* This code is free software; you can redistribute it and/or modify it`
			`* under the terms of the GNU General Public License version 2 only, as`
			`* published by the Free Software Foundation.`
			`*`
			`* This code is distributed in the hope that it will be useful, but WITHOUT`
			`* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or`
			`* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
			`* version 2 for more details (a copy is included in the LICENSE file that`
			`* accompanied this code).`
			`*`
			`* You should have received a copy of the GNU General Public License version`
			`* 2 along with this work; if not, write to the Free Software Foundation,`
			`* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.`
			`*`
			`* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA`
			`* or visit www.oracle.com if you need additional information or have any`
			`* questions.`
			`*/`

			`/*`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`* @test`
8041633: [TESTBUG] java/lang/SecurityManager/CheckPackageAccess.java fails with "In j.s file, but not in golden set: com.sun.activation.registries." Adding newly restricted package to golden set in the test Reviewed-by: asmotrak, coffeys, mullan 2014-05-20 14:02:57 +00:00			`* @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`* @summary Make sure all restricted packages listed in the package.access`
			`* property in the java.security file are blocked`
			`* @run main/othervm CheckPackageAccess`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`*/`

8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`import java.security.Security;`
			`import java.util.Collections;`
			`import java.util.Arrays;`
			`import java.util.ArrayList;`
			`import java.util.List;`
			`import java.util.StringTokenizer;`

			`/*`
			`* The main benefit of this test is to catch merge errors or other types`
			`* of issues where one or more of the packages are accidentally`
			`* removed. This is why the packages that are known to be restricted have to`
			`* be explicitly listed below.`
			`*/`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`public class CheckPackageAccess {`

8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`/*`
			`* This array should be updated whenever new packages are added to the`
			`* package.access property in the java.security file`
8026346: test/java/lang/SecurityManager/CheckPackageAccess.java failing Reviewed-by: vinnie 2013-10-17 14:18:44 +00:00			`* NOTE: it should be in the same order as the java.security file`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`*/`
			`private static final String[] packages = {`
			`"sun.",`
			`"com.sun.xml.internal.",`
			`"com.sun.imageio.",`
			`"com.sun.istack.internal.",`
			`"com.sun.jmx.",`
8019830: Add com.sun.media.sound to the list of restricted package Reviewed-by: vinnie 2013-08-27 16:04:32 +00:00			`"com.sun.media.sound.",`
8022945: Enhance JNDI implementation classes Reviewed-by: xuelei, ahgross, skoivu 2013-08-16 09:57:27 +00:00			`"com.sun.naming.internal.",`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`"com.sun.proxy.",`
8021257: com.sun.corba.se.** should be on restricted package list Co-authored-by: Mark Sheppard <mark.sheppard@oracle.com> Reviewed-by: chegar, coffeys, smarks, mullan 2013-10-22 10:43:04 +00:00			`"com.sun.corba.se.",`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`"com.sun.org.apache.bcel.internal.",`
			`"com.sun.org.apache.regexp.internal.",`
			`"com.sun.org.apache.xerces.internal.",`
			`"com.sun.org.apache.xpath.internal.",`
			`"com.sun.org.apache.xalan.internal.extensions.",`
			`"com.sun.org.apache.xalan.internal.lib.",`
			`"com.sun.org.apache.xalan.internal.res.",`
			`"com.sun.org.apache.xalan.internal.templates.",`
			`"com.sun.org.apache.xalan.internal.utils.",`
			`"com.sun.org.apache.xalan.internal.xslt.",`
			`"com.sun.org.apache.xalan.internal.xsltc.cmdline.",`
			`"com.sun.org.apache.xalan.internal.xsltc.compiler.",`
			`"com.sun.org.apache.xalan.internal.xsltc.trax.",`
			`"com.sun.org.apache.xalan.internal.xsltc.util.",`
			`"com.sun.org.apache.xml.internal.res.",`
			`"com.sun.org.apache.xml.internal.security.",`
			`"com.sun.org.apache.xml.internal.serializer.utils.",`
			`"com.sun.org.apache.xml.internal.utils.",`
			`"com.sun.org.glassfish.",`
8049367: Modular Run-Time Images Co-authored-by: Alan Bateman <alan.bateman@oracle.com> Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Bradford Wetmore <bradford.wetmore@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Magnus Ihse Bursie <magnus.ihse.bursie@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Paul Sandoz <paul.sandoz@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Reviewed-by: chegar, dfuchs, ihse, joehw, mullan, psandoz, wetmore 2014-12-03 14:22:58 +00:00			`"com.sun.tools.script.",`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`"com.oracle.xmlns.internal.",`
			`"com.oracle.webservices.internal.",`
			`"org.jcp.xml.dsig.internal.",`
			`"jdk.internal.",`
			`"jdk.nashorn.internal.",`
8041633: [TESTBUG] java/lang/SecurityManager/CheckPackageAccess.java fails with "In j.s file, but not in golden set: com.sun.activation.registries." Adding newly restricted package to golden set in the test Reviewed-by: asmotrak, coffeys, mullan 2014-05-20 14:02:57 +00:00			`"jdk.nashorn.tools.",`
8049367: Modular Run-Time Images Co-authored-by: Alan Bateman <alan.bateman@oracle.com> Co-authored-by: Alex Buckley <alex.buckley@oracle.com> Co-authored-by: Bradford Wetmore <bradford.wetmore@oracle.com> Co-authored-by: Erik Joelsson <erik.joelsson@oracle.com> Co-authored-by: James Laskey <james.laskey@oracle.com> Co-authored-by: Jonathan Gibbons <jonathan.gibbons@oracle.com> Co-authored-by: Karen Kinnear <karen.kinnear@oracle.com> Co-authored-by: Magnus Ihse Bursie <magnus.ihse.bursie@oracle.com> Co-authored-by: Mandy Chung <mandy.chung@oracle.com> Co-authored-by: Mark Reinhold <mark.reinhold@oracle.com> Co-authored-by: Paul Sandoz <paul.sandoz@oracle.com> Co-authored-by: Sundararajan Athijegannathan <sundararajan.athijegannathan@oracle.com> Reviewed-by: chegar, dfuchs, ihse, joehw, mullan, psandoz, wetmore 2014-12-03 14:22:58 +00:00			`"jdk.tools.jimage.",`
8041633: [TESTBUG] java/lang/SecurityManager/CheckPackageAccess.java fails with "In j.s file, but not in golden set: com.sun.activation.registries." Adding newly restricted package to golden set in the test Reviewed-by: asmotrak, coffeys, mullan 2014-05-20 14:02:57 +00:00			`"com.sun.activation.registries."`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`};`

7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`public static void main(String[] args) throws Exception {`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`List<String> pkgs = new ArrayList<>(Arrays.asList(packages));`
			`String osName = System.getProperty("os.name");`
			`if (osName.contains("OS X")) {`
			`pkgs.add("apple."); // add apple package for OS X`
			`}`

			`List<String> jspkgs =`
			`getPackages(Security.getProperty("package.access"));`

8026346: test/java/lang/SecurityManager/CheckPackageAccess.java failing Reviewed-by: vinnie 2013-10-17 14:18:44 +00:00			`if (!isOpenJDKOnly()) {`
			`String lastPkg = pkgs.get(pkgs.size() - 1);`

8007292: Add JavaFX internal packages to package.access Build hooks to allow closed restricted packages to be added to java.security file Reviewed-by: erikj, dholmes, tbell 2013-10-11 12:43:07 +00:00			`// Remove any closed packages from list before comparing`
8026346: test/java/lang/SecurityManager/CheckPackageAccess.java failing Reviewed-by: vinnie 2013-10-17 14:18:44 +00:00			`int index = jspkgs.indexOf(lastPkg);`
			`if (index != -1 && index != jspkgs.size() - 1) {`
			`jspkgs.subList(index + 1, jspkgs.size()).clear();`
			`}`
8007292: Add JavaFX internal packages to package.access Build hooks to allow closed restricted packages to be added to java.security file Reviewed-by: erikj, dholmes, tbell 2013-10-11 12:43:07 +00:00			`}`

8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`// Sort to ensure lists are comparable`
			`Collections.sort(pkgs);`
			`Collections.sort(jspkgs);`

			`if (!pkgs.equals(jspkgs)) {`
			`for (String p : pkgs)`
			`if (!jspkgs.contains(p))`
			`System.out.println("In golden set, but not in j.s file: " + p);`
			`for (String p : jspkgs)`
			`if (!pkgs.contains(p))`
			`System.out.println("In j.s file, but not in golden set: " + p);`

7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`throw new RuntimeException("restricted packages are not " +`
			`"consistent with java.security file");`
			`}`
			`System.setSecurityManager(new SecurityManager());`
			`SecurityManager sm = System.getSecurityManager();`
			`for (String pkg : packages) {`
			`String subpkg = pkg + "foo";`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`try {`
			`sm.checkPackageAccess(pkg);`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`throw new RuntimeException("Able to access " + pkg +`
			`" package");`
			`} catch (SecurityException se) { }`
			`try {`
			`sm.checkPackageAccess(subpkg);`
			`throw new RuntimeException("Able to access " + subpkg +`
			`" package");`
8000450: Restrict access to com/sun/corba/se/impl package Reviewed-by: alanb, chegar, lancea 2013-06-06 13:10:44 +00:00			`} catch (SecurityException se) { }`
			`try {`
			`sm.checkPackageDefinition(pkg);`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`throw new RuntimeException("Able to define class in " + pkg +`
			`" package");`
			`} catch (SecurityException se) { }`
			`try {`
			`sm.checkPackageDefinition(subpkg);`
			`throw new RuntimeException("Able to define class in " + subpkg +`
			`" package");`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`} catch (SecurityException se) { }`
			`}`
8019979: Replace CheckPackageAccess test with better one from closed repo Reviewed-by: mullan 2013-07-09 15:00:41 +00:00			`System.out.println("Test passed");`
			`}`

			`private static List<String> getPackages(String p) {`
			`List<String> packages = new ArrayList<>();`
			`if (p != null && !p.equals("")) {`
			`StringTokenizer tok = new StringTokenizer(p, ",");`
			`while (tok.hasMoreElements()) {`
			`String s = tok.nextToken().trim();`
			`packages.add(s);`
			`}`
			`}`
			`return packages;`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`}`
8026346: test/java/lang/SecurityManager/CheckPackageAccess.java failing Reviewed-by: vinnie 2013-10-17 14:18:44 +00:00
			`private static boolean isOpenJDKOnly() {`
			`String prop = System.getProperty("java.runtime.name");`
			`return prop != null && prop.startsWith("OpenJDK");`
			`}`
7160380: Sync JDK8 with JAXP 1.4.5 Bring JDK8 up to date to what we have in 7u4 Reviewed-by: lancea, mullan 2012-04-17 18:21:35 +00:00			`}`