1 /* 2 * $Id$ 3 * 4 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. 5 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 6 * 7 * This code is free software; you can redistribute it and/or modify it 8 * under the terms of the GNU General Public License version 2 only, as 9 * published by the Free Software Foundation. Oracle designates this 10 * particular file as subject to the "Classpath" exception as provided 11 * by Oracle in the LICENSE file that accompanied this code. 12 * 13 * This code is distributed in the hope that it will be useful, but WITHOUT 14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 16 * version 2 for more details (a copy is included in the LICENSE file that 17 * accompanied this code). 18 * 19 * You should have received a copy of the GNU General Public License version 20 * 2 along with this work; if not, write to the Free Software Foundation, 21 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 22 * 23 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 24 * or visit www.oracle.com if you need additional information or have any 25 * questions. 26 */ 27 package com.sun.javatest; 28 29 import java.io.FileDescriptor; 30 import java.net.InetAddress; 31 32 import java.lang.RuntimePermission; 33 import java.security.Permission; 34 import java.util.PropertyPermission; 35 36 /** 37 * This class is set for JT Harness running as an application. Currently, it imposes 38 * almost no security restrictions at all: its existence prevents anyone else 39 * (e.g. a test running in this JVM) from setting a more restrictive security manager. 40 * 41 * Although not required for running under JDK1.0.2, extra definitions for forward 42 * compatibility with JDK1.1 are also provided. They will effectively be ignored 43 * by JDK1.0.2. 44 */ 45 46 public class JavaTestSecurityManager extends SecurityManager 47 { 48 { 49 // use user specified value if given 50 String s = System.getProperty("javatest.security.allowPropertiesAccess"); 51 if (s != null) { 52 allowPropertiesAccess = Boolean.valueOf(s).booleanValue(); 53 } 54 } 55 /** 56 * Try to install a copy of this security manager. If another security manager is 57 * already installed, the install will fail; a warning message wil, be written to 58 * the console if the previously installed security manager is not a subtype of 59 * com.sun.javatest.JavaTestSecurityManager. 60 * The install can be suppressed by setting the system property 61 * "javatest.security.noSecurityManager" to true. 62 */ 63 public static void install() { 64 try { 65 // install our own permissive security manager, to prevent anyone else 66 // installing a less permissive one. 67 final String noSecurityMgr = "javatest.security.noSecurityManager"; 68 if (Boolean.getBoolean(noSecurityMgr)) { 69 System.err.println(); 70 System.err.println(" ---- WARNING -----"); 71 System.err.println(); 72 System.err.println("JT Harness did not install its own Security Manager"); 73 System.err.println("because the property " + noSecurityMgr + " was set."); 74 System.err.println("This is not a fatal error, but it may affect the"); 75 System.err.println("execution of sameJVM tests"); 76 System.err.println(); 77 } 78 else { 79 try { 80 // test to see if permission API available: 81 // if it's not, we'll get an exception and load 82 // an old-style security manager 83 Class.forName("java.security.Permission"); 84 System.setSecurityManager(new NewJavaTestSecurityManager()); 85 } 86 catch (ClassNotFoundException e) { 87 System.setSecurityManager(new JavaTestSecurityManager()); 88 } 89 } 90 } 91 catch (SecurityException e) { 92 SecurityManager sm = System.getSecurityManager(); 93 if (!(sm instanceof JavaTestSecurityManager)) { 94 System.err.println(); 95 System.err.println(" ---- WARNING -----"); 96 System.err.println(); 97 System.err.println("JT Harness could not install its own Security Manager"); 98 System.err.println("because of the following exception:"); 99 System.err.println(" " + e); 100 System.err.println("This is not a fatal error, but it may affect the"); 101 System.err.println("execution of sameJVM tests"); 102 System.err.println(); 103 } 104 } 105 } 106 107 // These are the JDK1.0.2 security methods 108 public void checkAccept(String host, int port) { } 109 public void checkAccess(Thread g) { } 110 public void checkAccess(ThreadGroup g) { } 111 public void checkConnect(String host, int port) { } 112 public void checkConnect(String host, int port, Object context) { } 113 public void checkCreateClassLoader() { } 114 public void checkDelete(String file) { } 115 public void checkExec(String cmd) { } 116 117 // tests which call System.exit() should not cause JT Harness to exit 118 public void checkExit(int status) { 119 if (allowExit == false) { 120 if (verbose) { 121 System.err.println(getClass().getName() + ": System.exit() forbidden"); 122 new Throwable().printStackTrace(); 123 } 124 throw new SecurityException("System.exit() forbidden by JT Harness"); 125 } 126 } 127 128 public void checkLink(String lib) { } 129 public void checkListen(int port) { } 130 public void checkPackageAccess(String pkg) { } 131 public void checkPackageDefinition(String pkg) { } 132 133 // allowing tests to get at and manipulate the system properties 134 // is too dangerous to permit when multiple tests are running, 135 // possibly simultaneously, in the same JVM. 136 public synchronized void checkPropertiesAccess() { 137 if (allowPropertiesAccess == false) { 138 if (verbose) { 139 System.err.println(getClass().getName() + ": properties access forbidden"); 140 new Throwable().printStackTrace(); 141 } 142 throw new SecurityException("Action forbidden by JT Harness: checkPropertiesAccess"); 143 } 144 } 145 146 public void checkPropertyAccess(String key) { } 147 public void checkRead(FileDescriptor fd) { } 148 public void checkRead(String file) { } 149 public void checkRead(String file, Object context) { } 150 public void checkSetFactory() { } 151 public boolean checkTopLevelWindow(Object window) { return true; } 152 public void checkWrite(FileDescriptor fd) { } 153 public void checkWrite(String file) { } 154 155 // These methods are added for forward-compatibility with JDK1.1 156 public void checkAwtEventQueueAccess() { } 157 public void checkMemberAccess(Class clazz, int which) { } 158 public void checkMulticast(InetAddress maddr) { } 159 public void checkMulticast(InetAddress maddr, byte ttl) { } 160 public void checkPrintJobAccess() { } 161 public void checkSecurityAccess(String provider) { } 162 public void checkSystemClipboardAccess() { } 163 164 /** 165 * Set whether or not the JVM may be exited. The default value is "false". 166 * @param bool true if the JVM may be exited, and false otherwise 167 * @return the previous value of this setting 168 */ 169 public boolean setAllowExit(boolean bool) { 170 boolean prev = allowExit; 171 allowExit = bool; 172 return prev; 173 } 174 175 /** 176 * Set whether or not the set of system properties may be accessed. 177 * The default value is determined by the system property 178 * "javatest.security.allowPropertiesAccess". 179 * @param bool true if the system properties may be accessed, and false otherwise 180 * @return the previous value of this setting 181 */ 182 public boolean setAllowPropertiesAccess(boolean bool) { 183 boolean prev = allowPropertiesAccess; 184 allowPropertiesAccess = bool; 185 return prev; 186 } 187 188 static private boolean allowExit = false; // no overrides on this one; API control only 189 static private boolean allowPropertiesAccess = true; // see initializer 190 static private boolean verbose = 191 Boolean.getBoolean("javatest.security.verbose"); 192 } 193 194 class NewJavaTestSecurityManager extends JavaTestSecurityManager 195 { 196 public void checkPermission(Permission perm) { 197 // allow most stuff, but limit as appropriate 198 if (perm instanceof RuntimePermission) { 199 if (perm.getName().equals("exitVM")) 200 checkExit(0); 201 if (perm.getName().equals("createSecurityManager")) { 202 super.checkPermission(new java.lang.RuntimePermission("createSecurityManager")); 203 } 204 } 205 else if (perm instanceof PropertyPermission) { 206 if (perm.getActions().equals("read,write")) 207 checkPropertiesAccess(); 208 } 209 } 210 }