/* * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import java.io.FilePermission; import java.io.IOException; import java.lang.reflect.ReflectPermission; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; import java.security.Policy; import java.security.ProtectionDomain; import java.security.SecurityPermission; import java.util.Arrays; import java.util.PropertyPermission; import org.testng.Assert; import org.testng.annotations.AfterClass; import org.testng.annotations.Test; /* * @test * @run testng/othervm -Djava.security.manager=allow PermissionTest * @summary Test Permissions to access Info */ public class PermissionTest { /** * Backing up policy. */ protected static Policy policy; /** * Backing up security manager. */ private static SecurityManager sm; /** * Current process handle. */ private final ProcessHandle currentHndl; PermissionTest() { policy = Policy.getPolicy(); sm = System.getSecurityManager(); currentHndl = ProcessHandle.current(); } @Test public void descendantsWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); currentHndl.descendants(); } @Test public void allProcessesWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); ProcessHandle.allProcesses(); } @Test public void childrenWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); currentHndl.children(); } @Test public void currentWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); ProcessHandle.current(); } @Test public void ofWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); ProcessHandle.of(0); } @Test public void parentWithPermission() { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); currentHndl.parent(); } @Test public void processToHandleWithPermission() throws IOException { Policy.setPolicy(new TestPolicy(new RuntimePermission("manageProcess"))); Process p = null; try { ProcessBuilder pb = new ProcessBuilder("sleep", "30"); p = pb.start(); ProcessHandle ph = p.toHandle(); Assert.assertNotNull(ph, "ProcessHandle expected from Process"); } finally { if (p != null) { p.destroy(); } } } /** * Setup a policy that would reject ProcessHandle requests without Permissions ManageProcess. */ public void noPermissionsSetup(){ Policy.setPolicy(new TestPolicy()); SecurityManager sm = new SecurityManager(); System.setSecurityManager(sm); } @Test(expectedExceptions = SecurityException.class) public void noPermissionAllChildren() { noPermissionsSetup(); currentHndl.descendants(); } @Test(expectedExceptions = SecurityException.class) public void noPermissionAllProcesses() { noPermissionsSetup(); ProcessHandle.allProcesses(); } @Test(expectedExceptions = SecurityException.class) public void noPermissionChildren() { noPermissionsSetup(); currentHndl.children(); } @Test(expectedExceptions = SecurityException.class) public void noPermissionCurrent() { noPermissionsSetup(); ProcessHandle.current(); } @Test(expectedExceptions = SecurityException.class) public void noPermissionOf() { noPermissionsSetup(); ProcessHandle.of(0); } @Test(expectedExceptions = SecurityException.class) public void noPermissionParent() { noPermissionsSetup(); currentHndl.parent(); } @Test(expectedExceptions = SecurityException.class) public void noPermissionProcessToHandle() throws IOException { noPermissionsSetup(); Process p = null; try { ProcessBuilder pb = new ProcessBuilder("sleep", "30"); p = pb.start(); ProcessHandle ph = p.toHandle(); Assert.assertNotNull(ph, "ProcessHandle expected from Process"); } finally { if (p != null) { p.destroy(); } } } @AfterClass public void tearDownClass() throws Exception { System.setSecurityManager(sm); Policy.setPolicy(policy); } } class TestPolicy extends Policy { static final Policy DEFAULT_POLICY = Policy.getPolicy(); private final PermissionCollection permissions = new Permissions(); public TestPolicy() { setBasicPermissions(); } /* * Defines the minimal permissions required by testNG and set security * manager permission when running these tests. */ public void setBasicPermissions() { permissions.add(new SecurityPermission("getPolicy")); permissions.add(new SecurityPermission("setPolicy")); permissions.add(new RuntimePermission("getClassLoader")); permissions.add(new RuntimePermission("setSecurityManager")); permissions.add(new RuntimePermission("createSecurityManager")); permissions.add(new PropertyPermission("user.dir", "read")); permissions.add(new PropertyPermission("test.src", "read")); permissions.add(new PropertyPermission("file.separator", "read")); permissions.add(new PropertyPermission("line.separator", "read")); permissions.add(new PropertyPermission("fileStringBuffer", "read")); permissions.add(new PropertyPermission("dataproviderthreadcount", "read")); permissions.add(new PropertyPermission("testng.show.stack.frames", "read")); permissions.add(new PropertyPermission("testng.thread.affinity", "read")); permissions.add(new PropertyPermission("testng.memory.friendly", "read")); permissions.add(new PropertyPermission("testng.mode.dryrun", "read")); permissions.add(new PropertyPermission("testng.report.xml.name", "read")); permissions.add(new PropertyPermission("testng.timezone", "read")); permissions.add(new ReflectPermission("suppressAccessChecks")); permissions.add(new FilePermission("<>", "execute")); } public TestPolicy(Permission... ps) { setBasicPermissions(); Arrays.stream(ps).forEach(p -> permissions.add(p)); } @Override public PermissionCollection getPermissions(ProtectionDomain domain) { return permissions; } @Override public PermissionCollection getPermissions(CodeSource codesource) { return permissions; } @Override public boolean implies(ProtectionDomain domain, Permission perm) { return permissions.implies(perm) || DEFAULT_POLICY.implies(domain, perm); } }