14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package jdk.test.lib;
25
26 import java.io.File;
27 import java.io.IOException;
28 import java.io.RandomAccessFile;
29 import java.util.Arrays;
30 import java.util.List;
31 import java.util.Objects;
32 import java.util.regex.Pattern;
33 import java.util.stream.Collectors;
34
35 public class Platform {
36 public static final String vmName = System.getProperty("java.vm.name");
37 public static final String vmInfo = System.getProperty("java.vm.info");
38 private static final String osVersion = System.getProperty("os.version");
39 private static int osVersionMajor = -1;
40 private static int osVersionMinor = -1;
41 private static final String osName = System.getProperty("os.name");
42 private static final String dataModel = System.getProperty("sun.arch.data.model");
43 private static final String vmVersion = System.getProperty("java.vm.version");
44 private static final String jdkDebug = System.getProperty("jdk.debug");
45 private static final String osArch = System.getProperty("os.arch");
46 private static final String userName = System.getProperty("user.name");
47 private static final String compiler = System.getProperty("sun.management.compiler");
48
49 public static boolean isClient() {
50 return vmName.endsWith(" Client VM");
51 }
52
53 public static boolean isServer() {
54 return vmName.endsWith(" Server VM");
55 }
56
57 public static boolean isGraal() {
58 return vmName.endsWith(" Graal VM");
59 }
60
61 public static boolean isZero() {
62 return vmName.endsWith(" Zero VM");
63 }
64
65 public static boolean isMinimal() {
66 return vmName.endsWith(" Minimal VM");
67 }
237 if (isLinux()) {
238 return canPtraceAttachLinux();
239 } else if (isOSX()) {
240 return canAttachOSX();
241 } else {
242 // Other platforms expected to work:
243 return true;
244 }
245 }
246
247 /**
248 * On Linux, first check the SELinux boolean "deny_ptrace" and return false
249 * as we expect to be denied if that is "1". Then expect permission to attach
250 * if we are root, so return true. Then return false for an expected denial
251 * if "ptrace_scope" is 1, and true otherwise.
252 */
253 private static boolean canPtraceAttachLinux() throws IOException {
254 // SELinux deny_ptrace:
255 File deny_ptrace = new File("/sys/fs/selinux/booleans/deny_ptrace");
256 if (deny_ptrace.exists()) {
257 try (RandomAccessFile file = new RandomAccessFile(deny_ptrace, "r")) {
258 if (file.readByte() != '0') {
259 return false;
260 }
261 }
262 }
263
264 // YAMA enhanced security ptrace_scope:
265 // 0 - a process can PTRACE_ATTACH to any other process running under the same uid
266 // 1 - restricted ptrace: a process must be a children of the inferior or user is root
267 // 2 - only processes with CAP_SYS_PTRACE may use ptrace or user is root
268 // 3 - no attach: no processes may use ptrace with PTRACE_ATTACH
269 File ptrace_scope = new File("/proc/sys/kernel/yama/ptrace_scope");
270 if (ptrace_scope.exists()) {
271 try (RandomAccessFile file = new RandomAccessFile(ptrace_scope, "r")) {
272 byte yama_scope = file.readByte();
273 if (yama_scope == '3') {
274 return false;
275 }
276
277 if (!userName.equals("root") && yama_scope != '0') {
278 return false;
279 }
280 }
281 }
282 // Otherwise expect to be permitted:
283 return true;
284 }
285
286 /**
287 * On OSX, expect permission to attach only if we are root.
288 */
289 private static boolean canAttachOSX() {
290 return userName.equals("root");
291 }
292
293 private static boolean isArch(String archnameRE) {
294 return Pattern.compile(archnameRE, Pattern.CASE_INSENSITIVE)
295 .matcher(osArch)
296 .matches();
297 }
298
299 /**
|
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package jdk.test.lib;
25
26 import java.io.File;
27 import java.io.IOException;
28 import java.io.RandomAccessFile;
29 import java.util.Arrays;
30 import java.util.List;
31 import java.util.Objects;
32 import java.util.regex.Pattern;
33 import java.util.stream.Collectors;
34 import java.security.AccessController;
35 import java.security.PrivilegedAction;
36 import java.security.PrivilegedActionException;
37 import java.security.PrivilegedExceptionAction;
38
39 public class Platform {
40 public static final String vmName = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("java.vm.name"));
41 public static final String vmInfo = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("java.vm.info"));
42 private static final String osVersion = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("os.version"));
43 private static int osVersionMajor = -1;
44 private static int osVersionMinor = -1;
45 private static final String osName = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("os.name"));
46 private static final String dataModel = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("sun.arch.data.model"));
47 private static final String vmVersion = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("java.vm.version"));
48 private static final String jdkDebug = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("jdk.debug"));
49 private static final String osArch = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("os.arch"));
50 private static final String userName = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("user.name"));
51 private static final String compiler = AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("sun.management.compiler"));
52
53 public static boolean isClient() {
54 return vmName.endsWith(" Client VM");
55 }
56
57 public static boolean isServer() {
58 return vmName.endsWith(" Server VM");
59 }
60
61 public static boolean isGraal() {
62 return vmName.endsWith(" Graal VM");
63 }
64
65 public static boolean isZero() {
66 return vmName.endsWith(" Zero VM");
67 }
68
69 public static boolean isMinimal() {
70 return vmName.endsWith(" Minimal VM");
71 }
241 if (isLinux()) {
242 return canPtraceAttachLinux();
243 } else if (isOSX()) {
244 return canAttachOSX();
245 } else {
246 // Other platforms expected to work:
247 return true;
248 }
249 }
250
251 /**
252 * On Linux, first check the SELinux boolean "deny_ptrace" and return false
253 * as we expect to be denied if that is "1". Then expect permission to attach
254 * if we are root, so return true. Then return false for an expected denial
255 * if "ptrace_scope" is 1, and true otherwise.
256 */
257 private static boolean canPtraceAttachLinux() throws IOException {
258 // SELinux deny_ptrace:
259 File deny_ptrace = new File("/sys/fs/selinux/booleans/deny_ptrace");
260 if (deny_ptrace.exists()) {
261 try (RandomAccessFile file = AccessController.doPrivileged(
262 (PrivilegedExceptionAction<RandomAccessFile>) () -> new RandomAccessFile(deny_ptrace, "r"))) {
263 if (file.readByte() != '0') {
264 return false;
265 }
266 } catch (PrivilegedActionException e) {
267 @SuppressWarnings("unchecked")
268 IOException t = (IOException) e.getException();
269 throw t;
270 }
271 }
272
273 // YAMA enhanced security ptrace_scope:
274 // 0 - a process can PTRACE_ATTACH to any other process running under the same uid
275 // 1 - restricted ptrace: a process must be a children of the inferior or user is root
276 // 2 - only processes with CAP_SYS_PTRACE may use ptrace or user is root
277 // 3 - no attach: no processes may use ptrace with PTRACE_ATTACH
278 File ptrace_scope = new File("/proc/sys/kernel/yama/ptrace_scope");
279 if (ptrace_scope.exists()) {
280 try (RandomAccessFile file = AccessController.doPrivileged(
281 (PrivilegedExceptionAction<RandomAccessFile>) () -> new RandomAccessFile(ptrace_scope, "r"))) {
282 byte yama_scope = file.readByte();
283 if (yama_scope == '3') {
284 return false;
285 }
286
287 if (!userName.equals("root") && yama_scope != '0') {
288 return false;
289 }
290 } catch (PrivilegedActionException e) {
291 @SuppressWarnings("unchecked")
292 IOException t = (IOException) e.getException();
293 throw t;
294 }
295 }
296 // Otherwise expect to be permitted:
297 return true;
298 }
299
300 /**
301 * On OSX, expect permission to attach only if we are root.
302 */
303 private static boolean canAttachOSX() {
304 return userName.equals("root");
305 }
306
307 private static boolean isArch(String archnameRE) {
308 return Pattern.compile(archnameRE, Pattern.CASE_INSENSITIVE)
309 .matcher(osArch)
310 .matches();
311 }
312
313 /**
|