From 0d745ae8fde5cab290dc8c695d2906f9a98c491c Mon Sep 17 00:00:00 2001 From: Sean Coffey Date: Tue, 29 Jun 2021 22:52:45 +0000 Subject: [PATCH] 8269034: AccessControlException for SunPKCS11 daemon threads Reviewed-by: valeriep --- src/java.base/share/classes/module-info.java | 1 + .../share/lib/security/default.policy | 1 + .../sun/security/pkcs11/SunPKCS11.java | 44 +++++++++------ .../pkcs11/Provider/MultipleLogins.java | 54 +++++++++++++------ .../pkcs11/Provider/MultipleLogins.sh | 20 +++---- 5 files changed, 78 insertions(+), 42 deletions(-) diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java index a81b787e77a..9d4a794de1a 100644 --- a/src/java.base/share/classes/module-info.java +++ b/src/java.base/share/classes/module-info.java @@ -199,6 +199,7 @@ module java.base { jdk.attach, jdk.charsets, jdk.compiler, + jdk.crypto.cryptoki, jdk.incubator.vector, jdk.jfr, jdk.jshell, diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy index ca1fa85cd6c..8356e56367b 100644 --- a/src/java.base/share/lib/security/default.policy +++ b/src/java.base/share/lib/security/default.policy @@ -128,6 +128,7 @@ grant codeBase "jrt:/jdk.crypto.ec" { grant codeBase "jrt:/jdk.crypto.cryptoki" { permission java.lang.RuntimePermission "accessClassInPackage.com.sun.crypto.provider"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java index 8e257c0beea..112b639aa96 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -42,6 +42,7 @@ import javax.security.auth.callback.PasswordCallback; import com.sun.crypto.provider.ChaCha20Poly1305Parameters; +import jdk.internal.misc.InnocuousThread; import sun.security.util.Debug; import sun.security.util.ResourcesMgr; import static sun.security.util.SecurityConstants.PROVIDER_VER; @@ -907,15 +908,11 @@ public final class SunPKCS11 extends AuthProvider { // background thread that periodically checks for token insertion // if no token is present. We need to do that in a separate thread because // the insertion check may block for quite a long time on some tokens. - private static class TokenPoller extends Thread { + private static class TokenPoller implements Runnable { private final SunPKCS11 provider; private volatile boolean enabled; private TokenPoller(SunPKCS11 provider) { - super((ThreadGroup)null, "Poller-" + provider.getName()); - setContextClassLoader(null); - setDaemon(true); - setPriority(Thread.MIN_PRIORITY); this.provider = provider; enabled = true; } @@ -944,12 +941,20 @@ public final class SunPKCS11 extends AuthProvider { } // create the poller thread, if not already active + @SuppressWarnings("removal") private void createPoller() { if (poller != null) { return; } poller = new TokenPoller(this); - poller.start(); + Thread t = InnocuousThread.newSystemThread( + "Poller-" + getName(), + poller, + Thread.MIN_PRIORITY); + assert t.getContextClassLoader() == null; + t.setDaemon(true); + t.start(); + } // destroy the poller thread, if active @@ -972,18 +977,11 @@ public final class SunPKCS11 extends AuthProvider { return (token != null) && token.isValid(); } - private class NativeResourceCleaner extends Thread { + private class NativeResourceCleaner implements Runnable { private long sleepMillis = config.getResourceCleanerShortInterval(); private int count = 0; boolean keyRefFound, sessRefFound; - private NativeResourceCleaner() { - super((ThreadGroup)null, "Cleanup-SunPKCS11"); - setContextClassLoader(null); - setDaemon(true); - setPriority(Thread.MIN_PRIORITY); - } - /* * The cleaner.shortInterval and cleaner.longInterval properties * may be defined in the pkcs11 config file and are specified in milliseconds @@ -1001,7 +999,7 @@ public final class SunPKCS11 extends AuthProvider { public void run() { while (true) { try { - sleep(sleepMillis); + Thread.sleep(sleepMillis); } catch (InterruptedException ie) { break; } @@ -1022,6 +1020,19 @@ public final class SunPKCS11 extends AuthProvider { } } + // create the cleaner thread, if not already active + @SuppressWarnings("removal") + private void createCleaner() { + cleaner = new NativeResourceCleaner(); + Thread t = InnocuousThread.newSystemThread( + "Cleanup-SunPKCS11", + cleaner, + Thread.MIN_PRIORITY); + assert t.getContextClassLoader() == null; + t.setDaemon(true); + t.start(); + } + // destroy the token. Called if we detect that it has been removed @SuppressWarnings("removal") synchronized void uninitToken(Token token) { @@ -1190,8 +1201,7 @@ public final class SunPKCS11 extends AuthProvider { this.token = token; if (cleaner == null) { - cleaner = new NativeResourceCleaner(); - cleaner.start(); + createCleaner(); } } diff --git a/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java b/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java index 9da8b1f6e19..0a507f0a633 100644 --- a/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java +++ b/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,10 +31,9 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import java.io.IOException; import java.lang.ref.WeakReference; -import java.security.KeyStore; -import java.security.Provider; -import java.security.Security; +import java.security.*; import java.util.Iterator; +import java.util.PropertyPermission; import java.util.ServiceConfigurationError; import java.util.ServiceLoader; @@ -44,19 +43,28 @@ public class MultipleLogins { private static final String KS_TYPE = "PKCS11"; private static final int NUM_PROVIDERS = 20; private static final SunPKCS11[] providers = new SunPKCS11[NUM_PROVIDERS]; - + static final Policy DEFAULT_POLICY = Policy.getPolicy(); public static void main(String[] args) throws Exception { + String nssConfig = PKCS11Test.getNssConfig(); + if (nssConfig == null) { + // No test framework support yet. Ignore + System.out.println("No NSS config found. Skipping."); + return; + } + for (int i =0; i < NUM_PROVIDERS; i++) { - String nssConfig = PKCS11Test.getNssConfig(); - if (nssConfig == null) { - // No test framework support yet. Ignore - System.out.println("No NSS config found. Skipping."); - return; - } - providers[i] = - (SunPKCS11)PKCS11Test.newPKCS11Provider() - .configure(nssConfig); + // loop to set up test without security manger + providers[i] = (SunPKCS11)PKCS11Test.newPKCS11Provider(); + } + + if (args.length > 0) { + Policy.setPolicy(new SimplePolicy()); + System.setSecurityManager(new SecurityManager()); + } + + for (int i =0; i < NUM_PROVIDERS; i++) { + providers[i] = (SunPKCS11)providers[i].configure(nssConfig); Security.addProvider(providers[i]); test(providers[i]); } @@ -92,7 +100,6 @@ public class MultipleLogins { private static void test(SunPKCS11 p) throws Exception { KeyStore ks = KeyStore.getInstance(KS_TYPE, p); - p.setCallbackHandler(new PasswordCallbackHandler()); try { ks.load(null, (char[]) null); @@ -117,6 +124,23 @@ public class MultipleLogins { } } + static final class SimplePolicy extends Policy { + + final Permissions perms = new Permissions(); + SimplePolicy() { + perms.add(new PropertyPermission("*", "read, write")); + perms.add(new SecurityPermission("authProvider.*")); + perms.add(new SecurityPermission("insertProvider.*")); + perms.add(new SecurityPermission("removeProvider.*")); + } + + @Override + public boolean implies(ProtectionDomain domain, Permission permission) { + return perms.implies(permission) || + DEFAULT_POLICY.implies(domain, permission); + } + } + public static class PasswordCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { diff --git a/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.sh b/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.sh index 8077bbb0d4f..1e40fcfe981 100644 --- a/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.sh +++ b/test/jdk/sun/security/pkcs11/Provider/MultipleLogins.sh @@ -22,7 +22,7 @@ # # @test -# @bug 7777777 +# @bug 8240256 8269034 # @summary # @library /test/lib/ # @build jdk.test.lib.util.ForceGC @@ -114,9 +114,7 @@ ${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} \ ${TESTSRC}${FS}MultipleLogins.java \ ${TESTSRC}${FS}..${FS}PKCS11Test.java -# run test -${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \ - -classpath ${TESTCLASSPATH} \ +TEST_ARGS="${TESTVMOPTS} -classpath ${TESTCLASSPATH} \ --add-modules jdk.crypto.cryptoki \ --add-exports jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED \ -DCUSTOM_DB_DIR=${TESTCLASSES} \ @@ -125,11 +123,13 @@ ${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} \ -DNO_DEIMOS=true \ -Dtest.src=${TESTSRC} \ -Dtest.classes=${TESTCLASSES} \ - -Djava.security.debug=${DEBUG} \ - MultipleLogins + -Djava.security.debug=${DEBUG}" -# save error status -status=$? +# run test without security manager +${TESTJAVA}${FS}bin${FS}java ${TEST_ARGS} MultipleLogins || exit 10 -# return -exit $status +# run test with security manager +${TESTJAVA}${FS}bin${FS}java ${TEST_ARGS} MultipleLogins useSimplePolicy || exit 11 + +echo Done +exit 0