1 /*
2 * $Id$
3 *
4 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
5 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 *
7 * This code is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License version 2 only, as
9 * published by the Free Software Foundation. Oracle designates this
10 * particular file as subject to the "Classpath" exception as provided
11 * by Oracle in the LICENSE file that accompanied this code.
12 *
13 * This code is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * version 2 for more details (a copy is included in the LICENSE file that
17 * accompanied this code).
18 *
19 * You should have received a copy of the GNU General Public License version
20 * 2 along with this work; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22 *
23 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
24 * or visit www.oracle.com if you need additional information or have any
25 * questions.
26 */
27 package com.sun.javatest;
28
29 import java.io.FileDescriptor;
30 import java.net.InetAddress;
31
32 import java.lang.RuntimePermission;
33 import java.security.Permission;
34 import java.util.PropertyPermission;
35
36 /**
37 * This class is set for JT Harness running as an application. Currently, it imposes
38 * almost no security restrictions at all: its existence prevents anyone else
39 * (e.g. a test running in this JVM) from setting a more restrictive security manager.
40 *
41 * Although not required for running under JDK1.0.2, extra definitions for forward
42 * compatibility with JDK1.1 are also provided. They will effectively be ignored
43 * by JDK1.0.2.
44 */
45
46 public class JavaTestSecurityManager extends SecurityManager
47 {
48 {
49 // use user specified value if given
50 String s = System.getProperty("javatest.security.allowPropertiesAccess");
51 if (s != null) {
52 allowPropertiesAccess = Boolean.valueOf(s).booleanValue();
53 }
54 }
55 /**
56 * Try to install a copy of this security manager. If another security manager is
57 * already installed, the install will fail; a warning message wil, be written to
58 * the console if the previously installed security manager is not a subtype of
59 * com.sun.javatest.JavaTestSecurityManager.
60 * The install can be suppressed by setting the system property
61 * "javatest.security.noSecurityManager" to true.
62 */
63 public static void install() {
64 try {
65 // install our own permissive security manager, to prevent anyone else
66 // installing a less permissive one.
67 final String noSecurityMgr = "javatest.security.noSecurityManager";
68 if (Boolean.getBoolean(noSecurityMgr)) {
69 System.err.println();
70 System.err.println(" ---- WARNING -----");
71 System.err.println();
72 System.err.println("JT Harness did not install its own Security Manager");
73 System.err.println("because the property " + noSecurityMgr + " was set.");
74 System.err.println("This is not a fatal error, but it may affect the");
75 System.err.println("execution of sameJVM tests");
76 System.err.println();
77 }
78 else {
79 try {
80 // test to see if permission API available:
81 // if it's not, we'll get an exception and load
82 // an old-style security manager
83 Class.forName("java.security.Permission");
84 System.setSecurityManager(new NewJavaTestSecurityManager());
85 }
86 catch (ClassNotFoundException e) {
87 System.setSecurityManager(new JavaTestSecurityManager());
88 }
89 }
90 }
91 catch (SecurityException e) {
92 SecurityManager sm = System.getSecurityManager();
93 if (!(sm instanceof JavaTestSecurityManager)) {
94 System.err.println();
95 System.err.println(" ---- WARNING -----");
96 System.err.println();
97 System.err.println("JT Harness could not install its own Security Manager");
98 System.err.println("because of the following exception:");
99 System.err.println(" " + e);
100 System.err.println("This is not a fatal error, but it may affect the");
101 System.err.println("execution of sameJVM tests");
102 System.err.println();
103 }
104 }
105 }
106
107 // These are the JDK1.0.2 security methods
108 public void checkAccept(String host, int port) { }
109 public void checkAccess(Thread g) { }
110 public void checkAccess(ThreadGroup g) { }
111 public void checkConnect(String host, int port) { }
112 public void checkConnect(String host, int port, Object context) { }
113 public void checkCreateClassLoader() { }
114 public void checkDelete(String file) { }
115 public void checkExec(String cmd) { }
116
117 // tests which call System.exit() should not cause JT Harness to exit
118 public void checkExit(int status) {
119 if (allowExit == false) {
120 if (verbose) {
121 System.err.println(getClass().getName() + ": System.exit() forbidden");
122 new Throwable().printStackTrace();
123 }
124 throw new SecurityException("System.exit() forbidden by JT Harness");
125 }
126 }
127
128 public void checkLink(String lib) { }
129 public void checkListen(int port) { }
130 public void checkPackageAccess(String pkg) { }
131 public void checkPackageDefinition(String pkg) { }
132
133 // allowing tests to get at and manipulate the system properties
134 // is too dangerous to permit when multiple tests are running,
135 // possibly simultaneously, in the same JVM.
136 public synchronized void checkPropertiesAccess() {
137 if (allowPropertiesAccess == false) {
138 if (verbose) {
139 System.err.println(getClass().getName() + ": properties access forbidden");
140 new Throwable().printStackTrace();
141 }
142 throw new SecurityException("Action forbidden by JT Harness: checkPropertiesAccess");
143 }
144 }
145
146 public void checkPropertyAccess(String key) { }
147 public void checkRead(FileDescriptor fd) { }
148 public void checkRead(String file) { }
149 public void checkRead(String file, Object context) { }
150 public void checkSetFactory() { }
151 public boolean checkTopLevelWindow(Object window) { return true; }
152 public void checkWrite(FileDescriptor fd) { }
153 public void checkWrite(String file) { }
154
155 // These methods are added for forward-compatibility with JDK1.1
156 public void checkAwtEventQueueAccess() { }
157 public void checkMemberAccess(Class clazz, int which) { }
158 public void checkMulticast(InetAddress maddr) { }
159 public void checkMulticast(InetAddress maddr, byte ttl) { }
160 public void checkPrintJobAccess() { }
161 public void checkSecurityAccess(String provider) { }
162 public void checkSystemClipboardAccess() { }
163
164 /**
165 * Set whether or not the JVM may be exited. The default value is "false".
166 * @param bool true if the JVM may be exited, and false otherwise
167 * @return the previous value of this setting
168 */
169 public boolean setAllowExit(boolean bool) {
170 boolean prev = allowExit;
171 allowExit = bool;
172 return prev;
173 }
174
175 /**
176 * Set whether or not the set of system properties may be accessed.
177 * The default value is determined by the system property
178 * "javatest.security.allowPropertiesAccess".
179 * @param bool true if the system properties may be accessed, and false otherwise
180 * @return the previous value of this setting
181 */
182 public boolean setAllowPropertiesAccess(boolean bool) {
183 boolean prev = allowPropertiesAccess;
184 allowPropertiesAccess = bool;
185 return prev;
186 }
187
188 static private boolean allowExit = false; // no overrides on this one; API control only
189 static private boolean allowPropertiesAccess = true; // see initializer
190 static private boolean verbose =
191 Boolean.getBoolean("javatest.security.verbose");
192 }
193
194 class NewJavaTestSecurityManager extends JavaTestSecurityManager
195 {
196 public void checkPermission(Permission perm) {
197 // allow most stuff, but limit as appropriate
198 if (perm instanceof RuntimePermission) {
199 if (perm.getName().equals("exitVM"))
200 checkExit(0);
201 if (perm.getName().equals("createSecurityManager")) {
202 super.checkPermission(new java.lang.RuntimePermission("createSecurityManager"));
203 }
204 }
205 else if (perm instanceof PropertyPermission) {
206 if (perm.getActions().equals("read,write"))
207 checkPropertiesAccess();
208 }
209 }
210 }