diff --git a/src/java.base/share/classes/jdk/internal/foreign/SystemLookup.java b/src/java.base/share/classes/jdk/internal/foreign/SystemLookup.java index dca7f50599d..4d87b01d002 100644 --- a/src/java.base/share/classes/jdk/internal/foreign/SystemLookup.java +++ b/src/java.base/share/classes/jdk/internal/foreign/SystemLookup.java @@ -29,6 +29,8 @@ import java.lang.foreign.*; import java.lang.invoke.MethodHandles; import java.nio.file.Files; import java.nio.file.Path; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Objects; import java.util.Optional; import java.util.function.Function; @@ -72,11 +74,24 @@ public final class SystemLookup implements SymbolLookup { } private static SymbolLookup makeWindowsLookup() { - Path system32 = Path.of(System.getenv("SystemRoot"), "System32"); + @SuppressWarnings("removal") + String systemRoot = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public String run() { + return System.getenv("SystemRoot"); + } + }); + Path system32 = Path.of(systemRoot, "System32"); Path ucrtbase = system32.resolve("ucrtbase.dll"); Path msvcrt = system32.resolve("msvcrt.dll"); - boolean useUCRT = Files.exists(ucrtbase); + @SuppressWarnings("removal") + boolean useUCRT = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Boolean run() { + return Files.exists(ucrtbase); + } + }); Path stdLib = useUCRT ? ucrtbase : msvcrt; SymbolLookup lookup = libLookup(libs -> libs.load(stdLib)); diff --git a/test/jdk/java/foreign/TestLinker.java b/test/jdk/java/foreign/TestLinker.java index b040b4bacdd..683dbbc6e28 100644 --- a/test/jdk/java/foreign/TestLinker.java +++ b/test/jdk/java/foreign/TestLinker.java @@ -27,6 +27,8 @@ * @requires jdk.foreign.linker != "UNSUPPORTED" * @modules java.base/jdk.internal.foreign * @run testng TestLinker + * @run testng/othervm/policy=security.policy + * -Djava.security.manager=default TestLinker */ import jdk.internal.foreign.CABI; diff --git a/test/jdk/java/foreign/security.policy b/test/jdk/java/foreign/security.policy new file mode 100644 index 00000000000..60a1ffafde4 --- /dev/null +++ b/test/jdk/java/foreign/security.policy @@ -0,0 +1,7 @@ +grant codeBase "file:${test.classes}/*" { + // Permissions needed to run the test + permission java.util.PropertyPermission "os.name", "read"; + permission java.util.PropertyPermission "NativeTestHelper.DEFAULT_RANDOM.seed", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.foreign"; +}; +