8283092: JMX subclass permission check redundant with strong encapsulation

Reviewed-by: dfuchs, mchung
2022-03-22 07:54:41 +00:00 · 2022-03-22 07:54:41 +00:00 · 37fc77ef60
commit 37fc77ef60
parent 849b19523a
4 changed files with 63 additions and 80 deletions
--- a/src/java.management/share/classes/java/lang/management/ManagementFactory.java
+++ b/src/java.management/share/classes/java/lang/management/ManagementFactory.java
@ -936,8 +936,7 @@ public class ManagementFactory {
                        all.add(new DefaultPlatformMBeanProvider());
                        return all;
                    }
-                }, null, new FilePermission("<<ALL FILES>>", "read"),
-                new RuntimePermission("sun.management.spi.PlatformMBeanProvider.subclass"));
+                }, null, new FilePermission("<<ALL FILES>>", "read"));

            // load all platform components into a map
            var map = new HashMap<String, PlatformComponent<?>>();
--- a/src/java.management/share/classes/sun/management/spi/PlatformMBeanProvider.java
+++ b/src/java.management/share/classes/sun/management/spi/PlatformMBeanProvider.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -203,15 +203,8 @@ public abstract class PlatformMBeanProvider {

    /**
     * Instantiates a new PlatformMBeanProvider.
-     *
-     * @throws SecurityException if the subclass (and calling code) does not
-     *    have {@code RuntimePermission("sun.management.spi.PlatformMBeanProvider.subclass")}
     */
    protected PlatformMBeanProvider () {
-        this(checkSubclassPermission());
-    }
-
-    private PlatformMBeanProvider(Void unused) {
    }

    /**
@ -222,13 +215,4 @@ public abstract class PlatformMBeanProvider {
     * MBeans provided by this provider.
     */
    public abstract List<PlatformComponent<?>> getPlatformComponentList();
-
-    private static Void checkSubclassPermission() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission(PlatformMBeanProvider.class.getName()+".subclass"));
-        }
-        return null;
-    }
 }
--- a/src/jdk.management.agent/share/classes/jdk/internal/agent/spi/AgentProvider.java
+++ b/src/jdk.management.agent/share/classes/jdk/internal/agent/spi/AgentProvider.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -33,25 +33,8 @@ public abstract class AgentProvider {

    /**
     * Instantiates a new AgentProvider.
-     *
-     * @throws SecurityException if the subclass (and calling code) does not
-     * have
-     * {@code RuntimePermission("sun.management.spi.AgentProvider.subclass")}
     */
    protected AgentProvider() {
-        this(checkSubclassPermission());
-    }
-
-    private AgentProvider(Void unused) {
-    }
-
-    private static Void checkSubclassPermission() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission(AgentProvider.class.getName() + ".subclass"));
-        }
-        return null;
    }

    /**
--- a/test/jdk/sun/management/PlatformMBeanProviderConstructorCheck.java
+++ b/test/jdk/sun/management/PlatformMBeanProviderConstructorCheck.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -21,63 +21,79 @@
 * questions.
 */

-import java.security.AccessControlException;
-import java.security.Permission;
-import java.security.Policy;
-import java.security.ProtectionDomain;
+import java.lang.management.ManagementFactory;
+import java.lang.management.RuntimeMXBean;
 import java.util.List;

+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
+import static jdk.test.lib.Asserts.*;
+
 /*
 * @test
- * @bug     8042901
- * @summary Check permission for PlatformMBeanProvider Constructor
+ * @library /test/lib
+ * @build  jdk.test.lib.Asserts
+ * @bug     8042901 8283092
+ * @summary Check encapsulation of PlatformMBeanProvider Constructor
 * @modules java.management/sun.management.spi
- * @author  Shanliang Jiang
- * @run main/othervm -Djava.security.manager=allow PlatformMBeanProviderConstructorCheck
+ * @run main PlatformMBeanProviderConstructorCheck
 */
 public class PlatformMBeanProviderConstructorCheck {
+
+    /**
+     * jtreg invokes this test with module arguments that permit compilation
+     * of the MyProvider class, which extends PlatformMBeanProvider.
+     * First check we can invoke that class, then re-invoke ourself without
+     * those module arguments, and expect a failure calling MyProvider.
+     */
    public static void main(String[] args) throws Exception {
-        Policy origPolicy = Policy.getPolicy();
-        SecurityManager origSM = System.getSecurityManager();
-        try {
-            System.out.println("---PlatformMBeanProviderConstructorCheck starting...");
+        System.out.println("---PlatformMBeanProviderConstructorCheck:");
+        boolean expectedFail = false;

-            Policy.setPolicy(new MyPolicy());
-            System.setSecurityManager(new SecurityManager());
-
-            System.out.println("---PlatformMBeanProviderConstructorCheck Testing without permission...");
-            try {
-                new MyProvider();
-                throw new RuntimeException("Does not get expected AccessControlException!");
-            } catch (AccessControlException ace) {
-                System.out.println("---PlatformMBeanProviderConstructorCheck got the expected exception: "
-                        + ace);
+        // Recognise argument to signify we were re-invoked, and MyProvider should fail:
+        if (args.length == 1) {
+            if (args[0].equals("--nomoduleargs")) {
+                expectedFail = true;
+                verifyNoModuleArguments();
+            } else {
+                throw new RuntimeException("unknown argument: '" + args[0] + "'");
            }
-
-            System.out.println("---PlatformMBeanProviderConstructorCheck Testing with permission...");
-            MyPolicy.allowed = true;
+        }
+        System.out.println("---PlatformMBeanProviderConstructorCheck: invoke MyProvider with expectedFail = " + expectedFail);
+        Throwable e = null;
+        try {
            new MyProvider();
+        } catch (IllegalAccessError iae) {
+            System.out.println("---PlatformMBeanProviderConstructorCheck got exception: " + iae);
+            e = iae;
+        }

-            System.out.println("---PlatformMBeanProviderConstructorCheck PASSED!");
-        } finally {
-            System.setSecurityManager(origSM);
-            Policy.setPolicy(origPolicy);
+        if (!expectedFail) {
+            // This was the first invocation, should have worked OK:
+            assertNull(e);
+            System.out.println("---PlatformMBeanProviderConstructorCheck PASSED (1) (expectedFail = " + expectedFail + ")");
+
+            // Re-invoke this test to check failure:
+            System.out.println("---PlatformMBeanProviderConstructorCheck: re-invoke without --add-modules or --add-exports");
+            OutputAnalyzer output =  ProcessTools.executeTestJava("PlatformMBeanProviderConstructorCheck", "--nomoduleargs");
+            output.reportDiagnosticSummary();
+            output.shouldContain("java.lang.IllegalAccessError: superclass access check failed:");
+            output.shouldContain(" module java.management does not export sun.management.spi to ");
+            output.shouldNotContain("MyProvider constructor.");
+        } else {
+            // This was the re-invocation without module access, should fail:
+            assertNotNull(e);
+            System.out.println("---PlatformMBeanProviderConstructorCheck PASSED (2) (expectedFail = " + expectedFail + ")");
        }
    }

-    private static class MyPolicy extends Policy {
-        private static String permName = "sun.management.spi.PlatformMBeanProvider.subclass";
-        private static boolean allowed = false;
-
-        @Override
-        public boolean implies(ProtectionDomain domain, Permission permission) {
-            if (permName.equals(permission.getName())) {
-                System.out.println("---MyPolicy-implies checks permission for "
-                        +permName+" and returns "+allowed);
-
-                return allowed;
-            } else {
-                return true;
+    private static void verifyNoModuleArguments() {
+        RuntimeMXBean mxbean = ManagementFactory.getRuntimeMXBean();
+        for (String s : mxbean.getInputArguments()) {
+            if (s.startsWith("--add-modules") || s.startsWith("--add-exports")) {
+                System.out.println("arg: " + s);
+                throw new RuntimeException("argument list contains: " + s);
            }
        }
    }
@ -85,6 +101,7 @@ public class PlatformMBeanProviderConstructorCheck {
    private static class MyProvider extends sun.management.spi.PlatformMBeanProvider {
        @Override
        public List<PlatformComponent<?>> getPlatformComponentList() {
+            System.out.println("MyProvider constructor.");
            return null;
        }
    }