8007292: Add JavaFX internal packages to package.access
Build hooks to allow closed restricted packages to be added to java.security file Reviewed-by: erikj, dholmes, tbell
This commit is contained in:
parent
1705cfa533
commit
2f923e8804
jdk
make
java/security
tools
makefiles
test/java/lang/SecurityManager
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -79,6 +79,9 @@ ifndef OPENJDK
|
||||
BLACKLISTED_CERTS_SRC += $(wildcard $(CLOSED_SHARE_SRC)/lib/security/blacklisted.certs)
|
||||
TRUSTEDLIBS_SRC = $(CLOSED_SHARE_SRC)/lib/security/trusted.libraries
|
||||
TRUSTEDLIBS_BUILD = $(LIBDIR)/security/trusted.libraries
|
||||
RESTRICTED_PKGS_SRC = $(CLOSED_SHARE_SRC)/lib/security/restricted.pkgs
|
||||
RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ")
|
||||
ADDTORESTRICTEDPKGS_JARFILE = $(BUILDTOOLJARDIR)/addtorestrictedpkgs.jar
|
||||
endif
|
||||
|
||||
FILES_class = $(FILES_java:%.java=$(CLASSBINDIR)/%.class)
|
||||
@ -108,8 +111,15 @@ blacklisted-certs: classes $(BLACKLISTED_CERTS_BUILD)
|
||||
|
||||
trustedlibs: classes $(TRUSTEDLIBS_BUILD)
|
||||
|
||||
ifdef OPENJDK
|
||||
$(PROPS_BUILD): $(PROPS_SRC)
|
||||
$(install-file)
|
||||
else
|
||||
$(PROPS_BUILD): $(PROPS_SRC)
|
||||
$(MKDIR) -p $(@D)
|
||||
$(BOOT_JAVA_CMD) -jar $(ADDTORESTRICTEDPKGS_JARFILE) $^ $@.tmp $(RESTRICTED_PKGS)
|
||||
$(MV) $@.tmp $@
|
||||
endif
|
||||
|
||||
$(POLICY_BUILD): $(POLICY_SRC)
|
||||
$(install-file)
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,6 +35,7 @@ include $(BUILDDIR)/common/Defs.gmk
|
||||
# Note: freetypecheck is built by Sanity.gmk if needed
|
||||
SUBDIRS = \
|
||||
addjsum \
|
||||
addtorestrictedpkgs \
|
||||
buildmetaindex \
|
||||
cldrconverter \
|
||||
commentchecker \
|
||||
|
43
jdk/make/tools/addtorestrictedpkgs/Makefile
Normal file
43
jdk/make/tools/addtorestrictedpkgs/Makefile
Normal file
@ -0,0 +1,43 @@
|
||||
#
|
||||
# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation. Oracle designates this
|
||||
# particular file as subject to the "Classpath" exception as provided
|
||||
# by Oracle in the LICENSE file that accompanied this code.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
# or visit www.oracle.com if you need additional information or have any
|
||||
# questions.
|
||||
#
|
||||
|
||||
#
|
||||
# Makefile for building the addtorestrictedpkgs tool
|
||||
#
|
||||
|
||||
BUILDDIR = ../..
|
||||
PACKAGE = build.tools.addtorestrictedpkgs
|
||||
PRODUCT = tools
|
||||
PROGRAM = addtorestrictedpkgs
|
||||
include $(BUILDDIR)/common/Defs.gmk
|
||||
|
||||
BUILDTOOL_SOURCE_ROOT = $(BUILDDIR)/tools/src
|
||||
BUILDTOOL_MAIN = $(PKGDIR)/AddToRestrictedPkgs.java
|
||||
|
||||
#
|
||||
# Build tool jar rules.
|
||||
#
|
||||
include $(BUILDDIR)/common/BuildToolJar.gmk
|
||||
|
@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package build.tools.addtorestrictedpkgs;
|
||||
|
||||
import java.io.*;
|
||||
|
||||
/**
|
||||
* Adds additional packages to the package.access and package.definition
|
||||
* security properties.
|
||||
*/
|
||||
public class AddToRestrictedPkgs {
|
||||
|
||||
private static final String PKG_ACC = "package.access";
|
||||
private static final String PKG_DEF = "package.definition";
|
||||
private static final int PKG_ACC_INDENT = 15;
|
||||
private static final int PKG_DEF_INDENT = 19;
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
if (args.length < 3) {
|
||||
System.err.println("Usage: java AddToRestrictedPkgs " +
|
||||
"[input java.security file name] " +
|
||||
"[output java.security file name] " +
|
||||
"[packages ...]");
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
try (FileReader fr = new FileReader(args[0]);
|
||||
BufferedReader br = new BufferedReader(fr);
|
||||
FileWriter fw = new FileWriter(args[1]);
|
||||
BufferedWriter bw = new BufferedWriter(fw))
|
||||
{
|
||||
// parse the file line-by-line, looking for pkg access properties
|
||||
String line = br.readLine();
|
||||
while (line != null) {
|
||||
if (line.startsWith(PKG_ACC)) {
|
||||
writePackages(br, bw, line, PKG_ACC_INDENT, args);
|
||||
} else if (line.startsWith(PKG_DEF)) {
|
||||
writePackages(br, bw, line, PKG_DEF_INDENT, args);
|
||||
} else {
|
||||
writeLine(bw, line);
|
||||
}
|
||||
line = br.readLine();
|
||||
}
|
||||
bw.flush();
|
||||
}
|
||||
}
|
||||
|
||||
private static void writePackages(BufferedReader br, BufferedWriter bw,
|
||||
String line, int numSpaces,
|
||||
String[] args) throws IOException {
|
||||
// parse property until EOL, not including line breaks
|
||||
while (line.endsWith("\\")) {
|
||||
writeLine(bw, line);
|
||||
line = br.readLine();
|
||||
}
|
||||
// append comma and line-break to last package
|
||||
writeLine(bw, line + ",\\");
|
||||
// add new packages, one per line
|
||||
for (int i = 2; i < args.length - 1; i++) {
|
||||
indent(bw, numSpaces);
|
||||
writeLine(bw, args[i] + ",\\");
|
||||
}
|
||||
indent(bw, numSpaces);
|
||||
writeLine(bw, args[args.length - 1]);
|
||||
}
|
||||
|
||||
private static void writeLine(BufferedWriter bw, String line)
|
||||
throws IOException
|
||||
{
|
||||
bw.write(line);
|
||||
bw.newLine();
|
||||
}
|
||||
|
||||
private static void indent(BufferedWriter bw, int numSpaces)
|
||||
throws IOException
|
||||
{
|
||||
for (int i = 0; i < numSpaces; i++) {
|
||||
bw.append(' ');
|
||||
}
|
||||
}
|
||||
}
|
@ -355,9 +355,23 @@ COPY_FILES += $(JVMCFG)
|
||||
PROPS_SRC := $(JDK_TOPDIR)/src/share/lib/security/java.security-$(OPENJDK_TARGET_OS)
|
||||
PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
RESTRICTED_PKGS_SRC := $(JDK_TOPDIR)/src/closed/share/lib/security/restricted.pkgs
|
||||
RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ")
|
||||
|
||||
$(PROPS_DST): $(PROPS_SRC)
|
||||
$(MKDIR) -p $(@D)
|
||||
$(TOOL_ADDTORESTRICTEDPKGS) $^ $@.tmp $(RESTRICTED_PKGS)
|
||||
$(MV) $@.tmp $@
|
||||
|
||||
else
|
||||
|
||||
$(PROPS_DST): $(PROPS_SRC)
|
||||
$(call install-file)
|
||||
|
||||
endif
|
||||
|
||||
COPY_FILES += $(PROPS_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
@ -151,6 +151,9 @@ TOOL_CHECKDEPS=$(JAVA) -Xbootclasspath/p:$(LANGTOOLS_OUTPUTDIR)/dist/bootstrap/l
|
||||
-cp $(JDK_OUTPUTDIR)/btclasses:$(JDK_OUTPUTDIR) \
|
||||
build.tools.deps.CheckDeps
|
||||
|
||||
TOOL_ADDTORESTRICTEDPKGS=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \
|
||||
build.tools.addtorestrictedpkgs.AddToRestrictedPkgs
|
||||
|
||||
##########################################################################################
|
||||
|
||||
# Tools needed on solaris because OBJCOPY is broken.
|
||||
|
@ -29,6 +29,9 @@
|
||||
* @run main/othervm CheckPackageAccess
|
||||
*/
|
||||
|
||||
import java.io.File;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.security.Security;
|
||||
import java.util.Collections;
|
||||
import java.util.Arrays;
|
||||
@ -96,6 +99,16 @@ public class CheckPackageAccess {
|
||||
List<String> jspkgs =
|
||||
getPackages(Security.getProperty("package.access"));
|
||||
|
||||
// get closed restricted packages
|
||||
File f = new File(System.getProperty("test.src"),
|
||||
"../../../../src/closed/share/lib/security/restricted.pkgs");
|
||||
if (f.exists()) {
|
||||
List<String> ipkgs = Files.readAllLines(f.toPath(),
|
||||
StandardCharsets.UTF_8);
|
||||
// Remove any closed packages from list before comparing
|
||||
jspkgs.removeAll(ipkgs);
|
||||
}
|
||||
|
||||
// Sort to ensure lists are comparable
|
||||
Collections.sort(pkgs);
|
||||
Collections.sort(jspkgs);
|
||||
|
Loading…
x
Reference in New Issue
Block a user