6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package jdk.test.lib;
25
26 import java.io.IOException;
27 import java.nio.file.Files;
28 import java.nio.file.Path;
29 import java.nio.file.Paths;
30 import java.util.regex.Pattern;
31
32 public class Platform {
33 public static final String vmName = System.getProperty("java.vm.name");
34 public static final String vmInfo = System.getProperty("java.vm.info");
35 private static final String osVersion = System.getProperty("os.version");
36 private static int osVersionMajor = -1;
37 private static int osVersionMinor = -1;
38 private static final String osName = System.getProperty("os.name");
39 private static final String dataModel = System.getProperty("sun.arch.data.model");
40 private static final String vmVersion = System.getProperty("java.vm.version");
41 private static final String jdkDebug = System.getProperty("jdk.debug");
42 private static final String osArch = System.getProperty("os.arch");
43 private static final String userName = System.getProperty("user.name");
44 private static final String compiler = System.getProperty("sun.management.compiler");
45
46 public static boolean isClient() {
47 return vmName.endsWith(" Client VM");
48 }
49
191 }
192
193 public static boolean isX64() {
194 // On OSX it's 'x86_64' and on other (Linux, Windows and Solaris) platforms it's 'amd64'
195 return isArch("(amd64)|(x86_64)");
196 }
197
198 public static boolean isX86() {
199 // On Linux it's 'i386', Windows 'x86' without '_64' suffix.
200 return isArch("(i386)|(x86(?!_64))");
201 }
202
203 public static String getOsArch() {
204 return osArch;
205 }
206
207 /**
208 * Return a boolean for whether we expect to be able to attach
209 * the SA to our own processes on this system.
210 */
211 public static boolean shouldSAAttach() throws Exception {
212
213 if (isAix()) {
214 return false; // SA not implemented.
215 } else if (isLinux()) {
216 if (isS390x()) { return false; } // SA not implemented.
217 return canPtraceAttachLinux();
218 } else if (isOSX()) {
219 return canAttachOSX();
220 } else {
221 // Other platforms expected to work:
222 return true;
223 }
224 }
225
226 /**
227 * On Linux, first check the SELinux boolean "deny_ptrace" and return false
228 * as we expect to be denied if that is "1". Then expect permission to attach
229 * if we are root, so return true. Then return false for an expected denial
230 * if "ptrace_scope" is 1, and true otherwise.
231 */
232 public static boolean canPtraceAttachLinux() throws Exception {
233
234 // SELinux deny_ptrace:
235 String deny_ptrace = fileAsString("/sys/fs/selinux/booleans/deny_ptrace");
236 if (deny_ptrace != null && deny_ptrace.contains("1")) {
237 // ptrace will be denied:
238 return false;
239 }
240
241 // YAMA enhanced security ptrace_scope:
242 // 0 - a process can PTRACE_ATTACH to any other process running under the same uid
243 // 1 - restricted ptrace: a process must be a children of the inferior or user is root
244 // 2 - only processes with CAP_SYS_PTRACE may use ptrace or user is root
245 // 3 - no attach: no processes may use ptrace with PTRACE_ATTACH
246 String ptrace_scope = fileAsString("/proc/sys/kernel/yama/ptrace_scope");
247 if (ptrace_scope != null) {
248 if (ptrace_scope.startsWith("3")) {
249 return false;
250 }
251 if (!userName.equals("root") && !ptrace_scope.startsWith("0")) {
252 // ptrace will be denied:
253 return false;
254 }
255 }
256 // Otherwise expect to be permitted:
257 return true;
258 }
259
260 /**
261 * On OSX, expect permission to attach only if we are root.
262 */
263 public static boolean canAttachOSX() throws Exception {
264 return userName.equals("root");
265 }
266
267 private static boolean isArch(String archnameRE) {
268 return Pattern.compile(archnameRE, Pattern.CASE_INSENSITIVE)
269 .matcher(osArch)
270 .matches();
271 }
272
273 private static String fileAsString(String filename) throws IOException {
274 Path filePath = Paths.get(filename);
275 if (!Files.exists(filePath)) return null;
276 return new String(Files.readAllBytes(filePath));
277 }
278 }
|
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package jdk.test.lib;
25
26 import java.io.File;
27 import java.io.IOException;
28 import java.io.RandomAccessFile;
29 import java.util.regex.Pattern;
30
31 public class Platform {
32 public static final String vmName = System.getProperty("java.vm.name");
33 public static final String vmInfo = System.getProperty("java.vm.info");
34 private static final String osVersion = System.getProperty("os.version");
35 private static int osVersionMajor = -1;
36 private static int osVersionMinor = -1;
37 private static final String osName = System.getProperty("os.name");
38 private static final String dataModel = System.getProperty("sun.arch.data.model");
39 private static final String vmVersion = System.getProperty("java.vm.version");
40 private static final String jdkDebug = System.getProperty("jdk.debug");
41 private static final String osArch = System.getProperty("os.arch");
42 private static final String userName = System.getProperty("user.name");
43 private static final String compiler = System.getProperty("sun.management.compiler");
44
45 public static boolean isClient() {
46 return vmName.endsWith(" Client VM");
47 }
48
190 }
191
192 public static boolean isX64() {
193 // On OSX it's 'x86_64' and on other (Linux, Windows and Solaris) platforms it's 'amd64'
194 return isArch("(amd64)|(x86_64)");
195 }
196
197 public static boolean isX86() {
198 // On Linux it's 'i386', Windows 'x86' without '_64' suffix.
199 return isArch("(i386)|(x86(?!_64))");
200 }
201
202 public static String getOsArch() {
203 return osArch;
204 }
205
206 /**
207 * Return a boolean for whether we expect to be able to attach
208 * the SA to our own processes on this system.
209 */
210 public static boolean shouldSAAttach() throws IOException {
211 if (isAix()) {
212 return false; // SA not implemented.
213 } else if (isLinux()) {
214 if (isS390x()) {
215 return false; // SA not implemented.
216 }
217 return canPtraceAttachLinux();
218 } else if (isOSX()) {
219 return canAttachOSX();
220 } else {
221 // Other platforms expected to work:
222 return true;
223 }
224 }
225
226 /**
227 * On Linux, first check the SELinux boolean "deny_ptrace" and return false
228 * as we expect to be denied if that is "1". Then expect permission to attach
229 * if we are root, so return true. Then return false for an expected denial
230 * if "ptrace_scope" is 1, and true otherwise.
231 */
232 private static boolean canPtraceAttachLinux() throws IOException {
233 // SELinux deny_ptrace:
234 File deny_ptrace = new File("/sys/fs/selinux/booleans/deny_ptrace");
235 if (deny_ptrace.exists()) {
236 try (RandomAccessFile file = new RandomAccessFile(deny_ptrace, "r")) {
237 if (file.readByte() != '0') {
238 return false;
239 }
240 }
241 }
242
243 // YAMA enhanced security ptrace_scope:
244 // 0 - a process can PTRACE_ATTACH to any other process running under the same uid
245 // 1 - restricted ptrace: a process must be a children of the inferior or user is root
246 // 2 - only processes with CAP_SYS_PTRACE may use ptrace or user is root
247 // 3 - no attach: no processes may use ptrace with PTRACE_ATTACH
248 File ptrace_scope = new File("/proc/sys/kernel/yama/ptrace_scope");
249 if (ptrace_scope.exists()) {
250 try (RandomAccessFile file = new RandomAccessFile(ptrace_scope, "r")) {
251 byte yama_scope = file.readByte();
252 if (yama_scope == '3') {
253 return false;
254 }
255
256 if (!userName.equals("root") && yama_scope != '0') {
257 return false;
258 }
259 }
260 }
261 // Otherwise expect to be permitted:
262 return true;
263 }
264
265 /**
266 * On OSX, expect permission to attach only if we are root.
267 */
268 private static boolean canAttachOSX() {
269 return userName.equals("root");
270 }
271
272 private static boolean isArch(String archnameRE) {
273 return Pattern.compile(archnameRE, Pattern.CASE_INSENSITIVE)
274 .matcher(osArch)
275 .matches();
276 }
277 }
|