8168091: jlink should check security permission early when programmatic access is used
Reviewed-by: jlaskey, mchung
This commit is contained in:
Athijegannathan Sundararajan
parent
9af3c3f940
commit
8233dc0e08
@ -33,7 +33,6 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import jdk.tools.jlink.builder.ImageBuilder;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.PluginException;
|
||||
import jdk.tools.jlink.plugin.Plugin.Category;
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package jdk.tools.jlink;
|
||||
package jdk.tools.jlink.internal;
|
||||
|
||||
import java.lang.reflect.Layer;
|
||||
import java.nio.ByteOrder;
|
||||
@ -32,12 +32,9 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import jdk.tools.jlink.internal.ExecutableImage;
|
||||
import jdk.tools.jlink.internal.JlinkTask;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.PluginException;
|
||||
import jdk.tools.jlink.builder.ImageBuilder;
|
||||
import jdk.tools.jlink.internal.PluginRepository;
|
||||
|
||||
/**
|
||||
* API to call jlink.
|
||||
@ -22,7 +22,7 @@
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package jdk.tools.jlink;
|
||||
package jdk.tools.jlink.internal;
|
||||
|
||||
import java.security.BasicPermission;
|
||||
|
||||
@ -46,11 +46,11 @@ import jdk.internal.module.ConfigurableModuleFinder;
|
||||
import jdk.internal.module.ConfigurableModuleFinder.Phase;
|
||||
import jdk.tools.jlink.internal.TaskHelper.BadArgs;
|
||||
import static jdk.tools.jlink.internal.TaskHelper.JLINK_BUNDLE;
|
||||
import jdk.tools.jlink.internal.Jlink.JlinkConfiguration;
|
||||
import jdk.tools.jlink.internal.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.TaskHelper.Option;
|
||||
import jdk.tools.jlink.internal.TaskHelper.OptionsHelper;
|
||||
import jdk.tools.jlink.internal.ImagePluginStack.ImageProvider;
|
||||
import jdk.tools.jlink.Jlink.JlinkConfiguration;
|
||||
import jdk.tools.jlink.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.plugin.PluginException;
|
||||
import jdk.tools.jlink.builder.DefaultImageBuilder;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
|
||||
@ -30,9 +30,9 @@ import java.util.spi.ToolProvider;
|
||||
|
||||
public class Main {
|
||||
public static void main(String... args) throws Exception {
|
||||
JlinkTask t = new JlinkTask();
|
||||
int rc = t.run(args);
|
||||
System.exit(rc);
|
||||
System.exit(run(new PrintWriter(System.out, true),
|
||||
new PrintWriter(System.err, true),
|
||||
args));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -44,6 +44,11 @@ public class Main {
|
||||
* @return an exit code. 0 means success, non-zero means an error occurred.
|
||||
*/
|
||||
public static int run(PrintWriter out, PrintWriter err, String... args) {
|
||||
if (System.getSecurityManager() != null) {
|
||||
System.getSecurityManager().
|
||||
checkPermission(new JlinkPermission("jlink"));
|
||||
}
|
||||
|
||||
JlinkTask t = new JlinkTask();
|
||||
t.setLog(out, err);
|
||||
return t.run(args);
|
||||
|
||||
@ -49,13 +49,12 @@ import java.util.Set;
|
||||
|
||||
import jdk.internal.module.ConfigurableModuleFinder;
|
||||
import jdk.internal.module.ConfigurableModuleFinder.Phase;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.Plugin.Category;
|
||||
import jdk.tools.jlink.builder.DefaultImageBuilder;
|
||||
import jdk.tools.jlink.builder.ImageBuilder;
|
||||
import jdk.tools.jlink.plugin.PluginException;
|
||||
import jdk.tools.jlink.internal.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.plugins.PluginsResourceBundle;
|
||||
import jdk.tools.jlink.internal.plugins.DefaultCompressPlugin;
|
||||
import jdk.tools.jlink.internal.plugins.StripDebugPlugin;
|
||||
|
||||
@ -26,8 +26,8 @@
|
||||
package jdk.tools.jlink.internal.packager;
|
||||
|
||||
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.builder.DefaultImageBuilder;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
import jdk.tools.jlink.internal.JlinkTask;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
|
||||
|
||||
@ -37,14 +37,14 @@ import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.Jlink.JlinkConfiguration;
|
||||
import jdk.tools.jlink.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
import jdk.tools.jlink.builder.DefaultImageBuilder;
|
||||
import jdk.tools.jlink.plugin.ResourcePool;
|
||||
import jdk.tools.jlink.plugin.ResourcePoolBuilder;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.internal.ExecutableImage;
|
||||
import jdk.tools.jlink.internal.Jlink.JlinkConfiguration;
|
||||
import jdk.tools.jlink.internal.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.PostProcessor;
|
||||
import jdk.tools.jlink.internal.plugins.DefaultCompressPlugin;
|
||||
import jdk.tools.jlink.internal.plugins.StripDebugPlugin;
|
||||
|
||||
58
jdk/test/tools/jlink/JLinkToolProviderTest.java
Normal file
58
jdk/test/tools/jlink/JLinkToolProviderTest.java
Normal file
@ -0,0 +1,58 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.io.PrintWriter;
|
||||
import java.io.StringWriter;
|
||||
import java.security.AccessControlException;
|
||||
import java.util.spi.ToolProvider;
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @build JLinkToolProviderTest
|
||||
* @run main/othervm/java.security.policy=toolprovider.policy JLinkToolProviderTest
|
||||
*/
|
||||
public class JLinkToolProviderTest {
|
||||
static final ToolProvider JLINK_TOOL = ToolProvider.findFirst("jlink")
|
||||
.orElseThrow(() ->
|
||||
new RuntimeException("jlink tool not found")
|
||||
);
|
||||
|
||||
private static void checkJlinkOptions(String... options) {
|
||||
StringWriter writer = new StringWriter();
|
||||
PrintWriter pw = new PrintWriter(writer);
|
||||
|
||||
try {
|
||||
JLINK_TOOL.run(pw, pw, options);
|
||||
throw new AssertionError("SecurityException should have been thrown!");
|
||||
} catch (AccessControlException ace) {
|
||||
if (! ace.getPermission().getClass().getName().contains("JlinkPermission")) {
|
||||
throw new AssertionError("expected JlinkPermission check failure");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
checkJlinkOptions("--help");
|
||||
checkJlinkOptions("--list-plugins");
|
||||
}
|
||||
}
|
||||
@ -25,12 +25,12 @@
|
||||
* @test
|
||||
* @summary Test JlinkPermission
|
||||
* @author Jean-Francois Denise
|
||||
* @modules jdk.jlink/jdk.tools.jlink
|
||||
* @modules jdk.jlink/jdk.tools.jlink.internal
|
||||
* @run main/othervm SecurityTest
|
||||
*/
|
||||
|
||||
import java.security.AccessControlException;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
|
||||
public class SecurityTest {
|
||||
|
||||
|
||||
@ -37,11 +37,11 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import jdk.tools.jlink.internal.ImagePluginConfiguration;
|
||||
import jdk.tools.jlink.internal.PluginRepository;
|
||||
import jdk.tools.jlink.internal.ImagePluginStack;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
import jdk.tools.jlink.internal.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.PluginRepository;
|
||||
import jdk.tools.jlink.internal.ResourcePoolManager;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.ResourcePool;
|
||||
import jdk.tools.jlink.plugin.ResourcePoolBuilder;
|
||||
|
||||
@ -36,11 +36,11 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import jdk.tools.jlink.internal.ImagePluginConfiguration;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
import jdk.tools.jlink.internal.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.internal.PluginRepository;
|
||||
import jdk.tools.jlink.internal.ImagePluginStack;
|
||||
import jdk.tools.jlink.internal.ResourcePoolManager;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.Jlink.PluginsConfiguration;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.ResourcePool;
|
||||
import jdk.tools.jlink.plugin.ResourcePoolBuilder;
|
||||
|
||||
@ -40,13 +40,13 @@ import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import jdk.tools.jlink.internal.ImagePluginConfiguration;
|
||||
import jdk.tools.jlink.internal.Jlink;
|
||||
import jdk.tools.jlink.internal.PluginRepository;
|
||||
import jdk.tools.jlink.internal.ImagePluginStack;
|
||||
import jdk.tools.jlink.internal.ResourcePoolManager;
|
||||
import jdk.tools.jlink.internal.ResourcePoolManager.ResourcePoolImpl;
|
||||
import jdk.tools.jlink.internal.ResourcePrevisitor;
|
||||
import jdk.tools.jlink.internal.StringTable;
|
||||
import jdk.tools.jlink.Jlink;
|
||||
import jdk.tools.jlink.plugin.Plugin;
|
||||
import jdk.tools.jlink.plugin.ResourcePool;
|
||||
import jdk.tools.jlink.plugin.ResourcePoolBuilder;
|
||||
|
||||
2
jdk/test/tools/jlink/toolprovider.policy
Normal file
2
jdk/test/tools/jlink/toolprovider.policy
Normal file
@ -0,0 +1,2 @@
|
||||
grant {
|
||||
};
|
||||
Loading…
x
Reference in New Issue
Block a user