8344365: SecurityManager cleanups in java.sql and java.sql.rowset modules

Reviewed-by: rriggs, bchristi
This commit is contained in:
Eirik Bjørsnøs 2024-11-19 05:43:22 +00:00
parent 9e92a9e2ba
commit d85dd77edf
9 changed files with 52 additions and 395 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,16 +31,12 @@ import java.io.*;
import java.math.*; import java.math.*;
import java.util.*; import java.util.*;
import java.text.*; import java.text.*;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.sql.rowset.*; import javax.sql.rowset.*;
import javax.sql.rowset.spi.*; import javax.sql.rowset.spi.*;
import javax.sql.rowset.serial.*; import javax.sql.rowset.serial.*;
import com.sun.rowset.internal.*; import com.sun.rowset.internal.*;
import com.sun.rowset.providers.*; import com.sun.rowset.providers.*;
import sun.reflect.misc.ReflectUtil;
import static java.nio.charset.StandardCharsets.US_ASCII; import static java.nio.charset.StandardCharsets.US_ASCII;
@ -357,7 +353,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
* <P> * <P>
* @throws SQLException if an error occurs * @throws SQLException if an error occurs
*/ */
@SuppressWarnings("removal")
public CachedRowSetImpl() throws SQLException { public CachedRowSetImpl() throws SQLException {
try { try {
@ -367,16 +362,7 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
} }
// set the Reader, this maybe overridden latter // set the Reader, this maybe overridden latter
try { provider = SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
provider = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
@Override
public SyncProvider run() throws SyncFactoryException {
return SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
}
}, null, new RuntimePermission("accessClassInPackage.com.sun.rowset.providers"));
} catch (PrivilegedActionException pae) {
throw (SyncFactoryException) pae.getException();
}
if (!(provider instanceof RIOptimisticProvider)) { if (!(provider instanceof RIOptimisticProvider)) {
throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString()); throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString());
@ -2976,7 +2962,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
// create new instance of the class // create new instance of the class
SQLData obj = null; SQLData obj = null;
try { try {
ReflectUtil.checkPackageAccess(c);
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
Object tmp = c.newInstance(); Object tmp = c.newInstance();
obj = (SQLData) tmp; obj = (SQLData) tmp;
@ -5726,7 +5711,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
// create new instance of the class // create new instance of the class
SQLData obj = null; SQLData obj = null;
try { try {
ReflectUtil.checkPackageAccess(c);
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
Object tmp = c.newInstance(); Object tmp = c.newInstance();
obj = (SQLData) tmp; obj = (SQLData) tmp;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,6 @@ import java.sql.*;
import javax.sql.*; import javax.sql.*;
import java.util.*; import java.util.*;
import java.io.*; import java.io.*;
import sun.reflect.misc.ReflectUtil;
import com.sun.rowset.*; import com.sun.rowset.*;
import java.text.MessageFormat; import java.text.MessageFormat;
@ -575,7 +574,6 @@ public class CachedRowSetWriter implements TransactionalWriter, Serializable {
// create new instance of the class // create new instance of the class
SQLData obj = null; SQLData obj = null;
try { try {
ReflectUtil.checkPackageAccess(c);
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
Object tmp = c.newInstance(); Object tmp = c.newInstance();
obj = (SQLData)tmp; obj = (SQLData)tmp;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,13 +25,9 @@
package javax.sql.rowset; package javax.sql.rowset;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.PropertyPermission;
import java.util.ServiceConfigurationError; import java.util.ServiceConfigurationError;
import java.util.ServiceLoader; import java.util.ServiceLoader;
import sun.reflect.misc.ReflectUtil;
/** /**
* A factory API that enables applications to obtain a * A factory API that enables applications to obtain a
@ -68,7 +64,7 @@ public class RowSetProvider {
static { static {
// Check to see if the debug property is set // Check to see if the debug property is set
String val = getSystemProperty(ROWSET_DEBUG_PROPERTY); String val = System.getProperty(ROWSET_DEBUG_PROPERTY);
// Allow simply setting the prop to turn on debug // Allow simply setting the prop to turn on debug
debug = val != null && !"false".equals(val); debug = val != null && !"false".equals(val);
} }
@ -128,7 +124,8 @@ public class RowSetProvider {
String factoryClassName = null; String factoryClassName = null;
try { try {
trace("Checking for Rowset System Property..."); trace("Checking for Rowset System Property...");
factoryClassName = getSystemProperty(ROWSET_FACTORY_NAME);
factoryClassName = System.getProperty(ROWSET_FACTORY_NAME);
if (factoryClassName != null) { if (factoryClassName != null) {
trace("Found system property, value=" + factoryClassName); trace("Found system property, value=" + factoryClassName);
if (factoryClassName.equals(ROWSET_FACTORY_IMPL)) { if (factoryClassName.equals(ROWSET_FACTORY_IMPL)) {
@ -193,11 +190,6 @@ public class RowSetProvider {
if(factoryClassName == null) { if(factoryClassName == null) {
throw new SQLException("Error: factoryClassName cannot be null"); throw new SQLException("Error: factoryClassName cannot be null");
} }
try {
ReflectUtil.checkPackageAccess(factoryClassName);
} catch (@SuppressWarnings("removal") java.security.AccessControlException e) {
throw new SQLException("Access Exception",e);
}
try { try {
// getFactoryClass takes care of adding the read edge if // getFactoryClass takes care of adding the read edge if
@ -225,14 +217,8 @@ public class RowSetProvider {
* @return The ClassLoader to use. * @return The ClassLoader to use.
* *
*/ */
@SuppressWarnings("removal") private static ClassLoader getContextClassLoader() {
private static ClassLoader getContextClassLoader() throws SecurityException { ClassLoader cl = Thread.currentThread().getContextClassLoader();
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
ClassLoader cl = null;
cl = Thread.currentThread().getContextClassLoader();
if (cl == null) { if (cl == null) {
cl = ClassLoader.getSystemClassLoader(); cl = ClassLoader.getSystemClassLoader();
@ -240,8 +226,6 @@ public class RowSetProvider {
return cl; return cl;
} }
});
}
/** /**
* Attempt to load a class using the class loader supplied. If that fails * Attempt to load a class using the class loader supplied. If that fails
@ -276,7 +260,6 @@ public class RowSetProvider {
} }
} }
ReflectUtil.checkPackageAccess(factoryClass);
return factoryClass; return factoryClass;
} }
@ -302,32 +285,6 @@ public class RowSetProvider {
} }
/**
* Returns the requested System Property. If a {@code SecurityException}
* occurs, just return NULL
* @param propName - System property to retrieve
* @return The System property value or NULL if the property does not exist
* or a {@code SecurityException} occurs.
*/
@SuppressWarnings("removal")
private static String getSystemProperty(final String propName) {
String property = null;
try {
property = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
return System.getProperty(propName);
}
}, null, new PropertyPermission(propName, "read"));
} catch (SecurityException se) {
trace("error getting " + propName + ": "+ se);
if (debug) {
se.printStackTrace();
}
}
return property;
}
/** /**
* Debug routine which will output tracing if the System Property * Debug routine which will output tracing if the System Property
* -Djavax.sql.rowset.RowSetFactory.debug is set * -Djavax.sql.rowset.RowSetFactory.debug is set

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,6 @@ package javax.sql.rowset.serial;
import java.sql.*; import java.sql.*;
import java.util.Arrays; import java.util.Arrays;
import java.util.Map; import java.util.Map;
import sun.reflect.misc.ReflectUtil;
/** /**
* An input stream used for custom mapping user-defined types (UDTs). * An input stream used for custom mapping user-defined types (UDTs).
@ -477,7 +476,6 @@ public class SQLInputImpl implements SQLInput {
// create new instance of the class // create new instance of the class
SQLData obj = null; SQLData obj = null;
try { try {
ReflectUtil.checkPackageAccess(c);
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
Object tmp = c.newInstance(); Object tmp = c.newInstance();
obj = (SQLData)tmp; obj = (SQLData)tmp;

View File

@ -30,9 +30,6 @@ import java.lang.reflect.*;
import java.util.Arrays; import java.util.Arrays;
import java.util.Vector; import java.util.Vector;
import javax.sql.rowset.RowSetWarning; import javax.sql.rowset.RowSetWarning;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import sun.reflect.misc.ReflectUtil;
/** /**
* A serializable mapping in the Java programming language of an SQL * A serializable mapping in the Java programming language of an SQL
@ -125,23 +122,9 @@ public class SerialJavaObject implements Serializable, Cloneable {
* the serialized object * the serialized object
* @see Class#getFields * @see Class#getFields
*/ */
@CallerSensitive
public Field[] getFields() throws SerialException { public Field[] getFields() throws SerialException {
if (fields != null) { if (fields != null) {
Class<?> c = this.obj.getClass(); Class<?> c = this.obj.getClass();
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields(); return c.getFields();
} else { } else {
throw new SerialException("SerialJavaObject does not contain" + throw new SerialException("SerialJavaObject does not contain" +

View File

@ -35,13 +35,8 @@ import java.io.FileInputStream;
import java.io.InputStream; import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.naming.*; import javax.naming.*;
import sun.reflect.misc.ReflectUtil;
/** /**
* The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code> * The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code>
@ -236,11 +231,6 @@ public class SyncFactory {
*/ */
private static String ROWSET_PROPERTIES = "rowset.properties"; private static String ROWSET_PROPERTIES = "rowset.properties";
/**
* Permission required to invoke setJNDIContext and setLogger
*/
private static final SQLPermission SET_SYNCFACTORY_PERMISSION =
new SQLPermission("setSyncFactory");
/** /**
* The initial JNDI context where <code>SyncProvider</code> implementations can * The initial JNDI context where <code>SyncProvider</code> implementations can
* be stored and from which they can be invoked. * be stored and from which they can be invoked.
@ -355,17 +345,7 @@ public class SyncFactory {
/* /*
* Dependent on application * Dependent on application
*/ */
String strRowsetProperties; String strRowsetProperties = System.getProperty("rowset.properties");
try {
strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
return System.getProperty("rowset.properties");
}
}, null, new PropertyPermission("rowset.properties", "read"));
} catch (Exception ex) {
System.out.println("errorget rowset.properties: " + ex);
strRowsetProperties = null;
};
if (strRowsetProperties != null) { if (strRowsetProperties != null) {
// Load user's implementation of SyncProvider // Load user's implementation of SyncProvider
@ -385,7 +365,6 @@ public class SyncFactory {
"rowset.properties"; "rowset.properties";
try { try {
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
InputStream in = SyncFactory.class.getModule().getResourceAsStream(ROWSET_PROPERTIES); InputStream in = SyncFactory.class.getModule().getResourceAsStream(ROWSET_PROPERTIES);
if (in == null) { if (in == null) {
throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found"); throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found");
@ -393,18 +372,11 @@ public class SyncFactory {
try (in) { try (in) {
properties.load(in); properties.load(in);
} }
return null; } catch (IOException e) {
});
} catch (PrivilegedActionException ex) {
Throwable e = ex.getException();
if (e instanceof SyncFactoryException) {
throw (SyncFactoryException) e;
} else {
SyncFactoryException sfe = new SyncFactoryException(); SyncFactoryException sfe = new SyncFactoryException();
sfe.initCause(ex.getException()); sfe.initCause(e);
throw sfe; throw sfe;
} }
}
parseProperties(properties); parseProperties(properties);
@ -421,17 +393,7 @@ public class SyncFactory {
* load additional properties from -D command line * load additional properties from -D command line
*/ */
properties.clear(); properties.clear();
String providerImpls; String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER);
try {
providerImpls = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
return System.getProperty(ROWSET_SYNC_PROVIDER);
}
}, null, new PropertyPermission(ROWSET_SYNC_PROVIDER, "read"));
} catch (Exception ex) {
providerImpls = null;
}
if (providerImpls != null) { if (providerImpls != null) {
int i = 0; int i = 0;
if (providerImpls.indexOf(colon) > 0) { if (providerImpls.indexOf(colon) > 0) {
@ -563,14 +525,6 @@ public class SyncFactory {
return new com.sun.rowset.providers.RIOptimisticProvider(); return new com.sun.rowset.providers.RIOptimisticProvider();
} }
try {
ReflectUtil.checkPackageAccess(providerID);
} catch (@SuppressWarnings("removal") java.security.AccessControlException e) {
SyncFactoryException sfe = new SyncFactoryException();
sfe.initCause(e);
throw sfe;
}
// Attempt to invoke classname from registered SyncProvider list // Attempt to invoke classname from registered SyncProvider list
Class<?> c = null; Class<?> c = null;
try { try {
@ -626,12 +580,6 @@ public class SyncFactory {
*/ */
public static void setLogger(Logger logger) { public static void setLogger(Logger logger) {
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
}
if(logger == null){ if(logger == null){
throw new NullPointerException("You must provide a Logger"); throw new NullPointerException("You must provide a Logger");
} }
@ -652,12 +600,6 @@ public class SyncFactory {
*/ */
public static void setLogger(Logger logger, Level level) { public static void setLogger(Logger logger, Level level) {
// singleton // singleton
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
}
if(logger == null){ if(logger == null){
throw new NullPointerException("You must provide a Logger"); throw new NullPointerException("You must provide a Logger");
} }
@ -692,11 +634,7 @@ public class SyncFactory {
*/ */
public static synchronized void setJNDIContext(javax.naming.Context ctx) public static synchronized void setJNDIContext(javax.naming.Context ctx)
throws SyncFactoryException { throws SyncFactoryException {
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
}
if (ctx == null) { if (ctx == null) {
throw new SyncFactoryException("Invalid JNDI context supplied"); throw new SyncFactoryException("Invalid JNDI context supplied");
} }

View File

@ -31,8 +31,6 @@ import java.util.Enumeration;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.ServiceLoader; import java.util.ServiceLoader;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CopyOnWriteArrayList;
import java.util.stream.Stream; import java.util.stream.Stream;
@ -98,22 +96,6 @@ public class DriverManager {
/* Prevent the DriverManager class from being instantiated. */ /* Prevent the DriverManager class from being instantiated. */
private DriverManager(){} private DriverManager(){}
/**
* The {@code SQLPermission} constant that allows the
* setting of the logging stream.
* @since 1.3
*/
static final SQLPermission SET_LOG_PERMISSION =
new SQLPermission("setLog");
/**
* The {@code SQLPermission} constant that allows the
* un-register a registered JDBC driver.
* @since 1.8
*/
static final SQLPermission DEREGISTER_DRIVER_PERMISSION =
new SQLPermission("deregisterDriver");
//--------------------------JDBC 2.0----------------------------- //--------------------------JDBC 2.0-----------------------------
/** /**
@ -140,12 +122,6 @@ public class DriverManager {
* @since 1.2 * @since 1.2
*/ */
public static void setLogWriter(java.io.PrintWriter out) { public static void setLogWriter(java.io.PrintWriter out) {
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(SET_LOG_PERMISSION);
}
logStream = null; logStream = null;
logWriter = out; logWriter = out;
} }
@ -367,12 +343,6 @@ public class DriverManager {
return; return;
} }
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(DEREGISTER_DRIVER_PERMISSION);
}
println("DriverManager.deregisterDriver: " + driver); println("DriverManager.deregisterDriver: " + driver);
DriverInfo aDriver = new DriverInfo(driver, null); DriverInfo aDriver = new DriverInfo(driver, null);
@ -477,13 +447,6 @@ public class DriverManager {
*/ */
@Deprecated(since="1.2") @Deprecated(since="1.2")
public static void setLogStream(java.io.PrintStream out) { public static void setLogStream(java.io.PrintStream out) {
@SuppressWarnings("removal")
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
sec.checkPermission(SET_LOG_PERMISSION);
}
logStream = out; logStream = out;
if ( out != null ) if ( out != null )
logWriter = new java.io.PrintWriter(out); logWriter = new java.io.PrintWriter(out);
@ -549,7 +512,6 @@ public class DriverManager {
* Load the initial JDBC drivers by checking the System property * Load the initial JDBC drivers by checking the System property
* jdbc.drivers and then use the {@code ServiceLoader} mechanism * jdbc.drivers and then use the {@code ServiceLoader} mechanism
*/ */
@SuppressWarnings("removal")
private static void ensureDriversInitialized() { private static void ensureDriversInitialized() {
if (driversInitialized) { if (driversInitialized) {
return; return;
@ -561,11 +523,7 @@ public class DriverManager {
} }
String drivers; String drivers;
try { try {
drivers = AccessController.doPrivileged(new PrivilegedAction<String>() { drivers = System.getProperty(JDBC_DRIVERS_PROPERTY);
public String run() {
return System.getProperty(JDBC_DRIVERS_PROPERTY);
}
});
} catch (Exception ex) { } catch (Exception ex) {
drivers = null; drivers = null;
} }
@ -574,8 +532,6 @@ public class DriverManager {
// exposed as a java.sql.Driver.class service. // exposed as a java.sql.Driver.class service.
// ServiceLoader.load() replaces the sun.misc.Providers() // ServiceLoader.load() replaces the sun.misc.Providers()
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class); ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class);
Iterator<Driver> driversIterator = loadedDrivers.iterator(); Iterator<Driver> driversIterator = loadedDrivers.iterator();
@ -599,9 +555,6 @@ public class DriverManager {
} catch (Throwable t) { } catch (Throwable t) {
// Do nothing // Do nothing
} }
return null;
}
});
println("DriverManager.initialize: jdbc.drivers = " + drivers); println("DriverManager.initialize: jdbc.drivers = " + drivers);

View File

@ -1,150 +0,0 @@
/*
* Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package util;
import java.io.FilePermission;
import java.lang.reflect.ReflectPermission;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.sql.SQLPermission;
import java.util.Enumeration;
import java.util.PropertyPermission;
import java.util.StringJoiner;
import java.util.logging.LoggingPermission;
/*
* Simple Policy class that supports the required Permissions to validate the
* JDBC concrete classes
*/
public class TestPolicy extends Policy {
static final Policy DEFAULT_POLICY = Policy.getPolicy();
final PermissionCollection permissions = new Permissions();
/**
* Constructor which sets the minimum permissions allowing testNG to work
* with a SecurityManager
*/
public TestPolicy() {
setMinimalPermissions();
}
/*
* Constructor which determines which permissions are defined for this
* Policy used by the JDBC tests Possible values are: all (ALLPermissions),
* setLog (SQLPemission("setLog"), deregisterDriver
* (SQLPermission("deregisterDriver") (SQLPermission("deregisterDriver"),
* setSyncFactory(SQLPermission(setSyncFactory), and also
* LoggerPermission("control", null) when setting a Level
*
* @param policy Permissions to set
*/
public TestPolicy(String policy) {
switch (policy) {
case "all":
permissions.add(new AllPermission());
break;
case "setLog":
setMinimalPermissions();
permissions.add(new SQLPermission("setLog"));
break;
case "deregisterDriver":
setMinimalPermissions();
permissions.add(new SQLPermission("deregisterDriver"));
break;
case "setSyncFactory":
setMinimalPermissions();
permissions.add(new SQLPermission("setSyncFactory"));
break;
case "setSyncFactoryLogger":
setMinimalPermissions();
permissions.add(new SQLPermission("setSyncFactory"));
permissions.add(new LoggingPermission("control", null));
break;
default:
setMinimalPermissions();
}
}
/*
* Defines the minimal permissions required by testNG when running these
* tests
*/
private void setMinimalPermissions() {
permissions.add(new SecurityPermission("getPolicy"));
permissions.add(new SecurityPermission("setPolicy"));
permissions.add(new RuntimePermission("getClassLoader"));
permissions.add(new RuntimePermission("setSecurityManager"));
permissions.add(new RuntimePermission("createSecurityManager"));
permissions.add(new PropertyPermission("line.separator", "read"));
permissions.add(new PropertyPermission("fileStringBuffer", "read"));
permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
permissions.add(new PropertyPermission("testng.show.stack.frames",
"read"));
permissions.add(new PropertyPermission("testng.thread.affinity", "read"));
permissions.add(new PropertyPermission("testng.memory.friendly", "read"));
permissions.add(new PropertyPermission("testng.mode.dryrun", "read"));
permissions.add(new PropertyPermission("testng.report.xml.name", "read"));
permissions.add(new PropertyPermission("testng.timezone", "read"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
permissions.add(new FilePermission("<<ALL FILES>>",
"read, write, delete"));
}
/*
* Overloaded methods from the Policy class
*/
@Override
public String toString() {
StringJoiner sj = new StringJoiner("\n", "policy: ", "");
Enumeration<Permission> perms = permissions.elements();
while (perms.hasMoreElements()) {
sj.add(perms.nextElement().toString());
}
return sj.toString();
}
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
return permissions;
}
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return permissions;
}
@Override
public boolean implies(ProtectionDomain domain, Permission perm) {
return permissions.implies(perm) || DEFAULT_POLICY.implies(domain, perm);
}
}

View File

@ -71,16 +71,12 @@ public class CheckCSMs {
// over time. Do not add any new one to this list. // over time. Do not add any new one to this list.
private static final Set<String> KNOWN_NON_FINAL_CSMS = private static final Set<String> KNOWN_NON_FINAL_CSMS =
Set.of("java/lang/Runtime#load (Ljava/lang/String;)V", Set.of("java/lang/Runtime#load (Ljava/lang/String;)V",
"java/lang/Runtime#loadLibrary (Ljava/lang/String;)V", "java/lang/Runtime#loadLibrary (Ljava/lang/String;)V"
"javax/sql/rowset/serial/SerialJavaObject#getFields ()[Ljava/lang/reflect/Field;"
); );
// These non-static non-final methods must not have @CallerSensitiveAdapter // These non-static non-final methods must not have @CallerSensitiveAdapter
// methods that takes an additional caller class parameter. // methods that takes an additional caller class parameter.
private static Set<String> UNSUPPORTED_VIRTUAL_METHODS = private static Set<String> UNSUPPORTED_VIRTUAL_METHODS = Set.of();
Set.of("java/io/ObjectStreamField#getType (Ljava/lang/Class;)Ljava/lang/Class;",
"javax/sql/rowset/serial/SerialJavaObject#getFields (Ljava/lang/Class;)[Ljava/lang/reflect/Field;"
);
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
if (args.length > 0 && args[0].equals("--list")) { if (args.length > 0 && args[0].equals("--list")) {