--- old/test/jdk/jdk/net/Sockets/policy.fail 2018-08-31 11:36:23.000000000 -0700 +++ new/test/jdk/jdk/net/Sockets/policy.fail 2018-08-31 11:36:22.000000000 -0700 @@ -1,17 +1,10 @@ -grant { - permission java.util.PropertyPermission "java.vm.name", "read"; - permission java.util.PropertyPermission "java.vm.info", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "sun.arch.data.model", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "jdk.debug", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "user.name", "read"; - permission java.util.PropertyPermission "sun.management.compiler", "read"; - permission java.io.FilePermission "<>", "execute"; - permission java.util.PropertyPermission "line.separator", "read"; +grant codeBase "file:${test.classes}/../../../../test/lib/-" { + permission java.util.PropertyPermission "*", "read"; permission java.io.FilePermission "/etc/release", "read"; - permission java.net.SocketPermission "127.0.0.1", "connect,accept" ; - permission java.net.SocketPermission "localhost", "listen" ; + permission java.io.FilePermission "<>", "execute"; +}; + +grant codeBase "file:${test.classes}/*" { + permission java.net.SocketPermission "127.0.0.1", "connect,accept"; + permission java.net.SocketPermission "localhost", "listen"; }; --- old/test/jdk/jdk/net/Sockets/policy.success 2018-08-31 11:36:24.000000000 -0700 +++ new/test/jdk/jdk/net/Sockets/policy.success 2018-08-31 11:36:24.000000000 -0700 @@ -1,19 +1,12 @@ -grant { - permission java.util.PropertyPermission "java.vm.name", "read"; - permission java.util.PropertyPermission "java.vm.info", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "sun.arch.data.model", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "jdk.debug", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "user.name", "read"; - permission java.util.PropertyPermission "sun.management.compiler", "read"; - permission java.io.FilePermission "<>", "execute"; - permission java.util.PropertyPermission "line.separator", "read"; +grant codeBase "file:${test.classes}/../../../../test/lib/-" { + permission java.util.PropertyPermission "*", "read"; permission java.io.FilePermission "/etc/release", "read"; - permission java.net.SocketPermission "127.0.0.1", "connect,accept" ; - permission java.net.SocketPermission "localhost", "listen" ; + permission java.io.FilePermission "<>", "execute"; +}; + +grant codeBase "file:${test.classes}/*" { + permission java.net.SocketPermission "127.0.0.1", "connect,accept"; + permission java.net.SocketPermission "localhost", "listen"; permission jdk.net.NetworkPermission "setOption.SO_FLOW_SLA"; permission jdk.net.NetworkPermission "getOption.SO_FLOW_SLA"; }; --- old/test/lib/jdk/test/lib/OSVersion.java 2018-08-31 11:36:26.000000000 -0700 +++ new/test/lib/jdk/test/lib/OSVersion.java 2018-08-31 11:36:25.000000000 -0700 @@ -30,6 +30,9 @@ import java.io.FileReader; import java.util.regex.Pattern; import java.util.stream.Collectors; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; public final class OSVersion implements Comparable { public static final OSVersion WINDOWS_95 = new OSVersion(4, 0); @@ -69,9 +72,11 @@ } // Try to get Solaris version from /etc/release - try (BufferedReader in = - new BufferedReader(new FileReader("/etc/release"))) { + try (BufferedReader in = new BufferedReader(AccessController.doPrivileged( + (PrivilegedExceptionAction) () -> new FileReader("/etc/release")))) { return in.readLine().trim().split(" ")[2]; + } catch (PrivilegedActionException e) { + System.out.println("Second attempt failed with: " + e.getException().getMessage()); } catch (Exception e) { System.out.println("Second attempt failed with: " + e.getMessage()); } --- old/test/lib/jdk/test/lib/Platform.java 2018-08-31 11:36:27.000000000 -0700 +++ new/test/lib/jdk/test/lib/Platform.java 2018-08-31 11:36:27.000000000 -0700 @@ -31,20 +31,24 @@ import java.util.Objects; import java.util.regex.Pattern; import java.util.stream.Collectors; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; public class Platform { - public static final String vmName = System.getProperty("java.vm.name"); - public static final String vmInfo = System.getProperty("java.vm.info"); - private static final String osVersion = System.getProperty("os.version"); + public static final String vmName = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("java.vm.name")); + public static final String vmInfo = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("java.vm.info")); + private static final String osVersion = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("os.version")); private static int osVersionMajor = -1; private static int osVersionMinor = -1; - private static final String osName = System.getProperty("os.name"); - private static final String dataModel = System.getProperty("sun.arch.data.model"); - private static final String vmVersion = System.getProperty("java.vm.version"); - private static final String jdkDebug = System.getProperty("jdk.debug"); - private static final String osArch = System.getProperty("os.arch"); - private static final String userName = System.getProperty("user.name"); - private static final String compiler = System.getProperty("sun.management.compiler"); + private static final String osName = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("os.name")); + private static final String dataModel = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("sun.arch.data.model")); + private static final String vmVersion = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("java.vm.version")); + private static final String jdkDebug = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("jdk.debug")); + private static final String osArch = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("os.arch")); + private static final String userName = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("user.name")); + private static final String compiler = AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty("sun.management.compiler")); public static boolean isClient() { return vmName.endsWith(" Client VM"); @@ -254,10 +258,15 @@ // SELinux deny_ptrace: File deny_ptrace = new File("/sys/fs/selinux/booleans/deny_ptrace"); if (deny_ptrace.exists()) { - try (RandomAccessFile file = new RandomAccessFile(deny_ptrace, "r")) { + try (RandomAccessFile file = AccessController.doPrivileged( + (PrivilegedExceptionAction) () -> new RandomAccessFile(deny_ptrace, "r"))) { if (file.readByte() != '0') { return false; } + } catch (PrivilegedActionException e) { + @SuppressWarnings("unchecked") + IOException t = (IOException) e.getException(); + throw t; } } @@ -268,7 +277,8 @@ // 3 - no attach: no processes may use ptrace with PTRACE_ATTACH File ptrace_scope = new File("/proc/sys/kernel/yama/ptrace_scope"); if (ptrace_scope.exists()) { - try (RandomAccessFile file = new RandomAccessFile(ptrace_scope, "r")) { + try (RandomAccessFile file = AccessController.doPrivileged( + (PrivilegedExceptionAction) () -> new RandomAccessFile(ptrace_scope, "r"))) { byte yama_scope = file.readByte(); if (yama_scope == '3') { return false; @@ -277,6 +287,10 @@ if (!userName.equals("root") && yama_scope != '0') { return false; } + } catch (PrivilegedActionException e) { + @SuppressWarnings("unchecked") + IOException t = (IOException) e.getException(); + throw t; } } // Otherwise expect to be permitted: --- old/test/lib/jdk/test/lib/process/ProcessTools.java 2018-08-31 11:36:29.000000000 -0700 +++ new/test/lib/jdk/test/lib/process/ProcessTools.java 2018-08-31 11:36:28.000000000 -0700 @@ -40,6 +40,9 @@ import java.util.function.Predicate; import java.util.function.Consumer; import java.util.stream.Collectors; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import jdk.test.lib.JDKToolFinder; import jdk.test.lib.Utils; @@ -69,7 +72,7 @@ * @throws IOException If an I/O error occurs. */ public static OutputBuffer getOutput(ProcessBuilder processBuilder) throws IOException { - return getOutput(processBuilder.start()); + return getOutput(privilegedStart(processBuilder)); } /** @@ -201,7 +204,7 @@ TimeUnit unit) throws IOException, InterruptedException, TimeoutException { System.out.println("["+name+"]:" + processBuilder.command().stream().collect(Collectors.joining(" "))); - Process p = processBuilder.start(); + Process p = privilegedStart(processBuilder); StreamPumper stdout = new StreamPumper(p.getInputStream()); StreamPumper stderr = new StreamPumper(p.getErrorStream()); @@ -393,7 +396,7 @@ Process p = null; boolean failed = false; try { - p = pb.start(); + p = privilegedStart(pb); output = new OutputAnalyzer(p); p.waitFor(); @@ -495,6 +498,17 @@ return analyzer; } + private static Process privilegedStart(ProcessBuilder pb) throws IOException { + try { + return AccessController.doPrivileged( + (PrivilegedExceptionAction) () -> pb.start()); + } catch (PrivilegedActionException e) { + @SuppressWarnings("unchecked") + IOException t = (IOException) e.getException(); + throw t; + } + } + private static class ProcessImpl extends Process { private final Process p;