1 /*
   2  * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.FilePermission;
  25 import java.io.IOException;
  26 import java.io.UncheckedIOException;
  27 import java.lang.module.ModuleFinder;
  28 import java.lang.reflect.AccessibleObject;
  29 import java.lang.reflect.Field;
  30 import java.lang.reflect.Modifier;
  31 import java.lang.reflect.InaccessibleObjectException;
  32 import java.lang.reflect.ReflectPermission;
  33 import java.net.URI;
  34 import java.nio.file.FileSystem;
  35 import java.nio.file.FileSystems;
  36 import java.nio.file.Files;
  37 import java.nio.file.Path;
  38 import java.security.CodeSource;
  39 import java.security.Permission;
  40 import java.security.PermissionCollection;
  41 import java.security.Permissions;
  42 import java.security.Policy;
  43 import java.security.ProtectionDomain;
  44 import java.util.ArrayList;
  45 import java.util.Arrays;
  46 import java.util.Collections;
  47 import java.util.Enumeration;
  48 import java.util.Iterator;
  49 import java.util.List;
  50 import java.util.Set;
  51 import java.util.PropertyPermission;
  52 import java.util.concurrent.atomic.AtomicBoolean;
  53 import java.util.concurrent.atomic.AtomicLong;
  54 import java.util.stream.Collectors;
  55 import java.util.stream.Stream;
  56 
  57 import jdk.internal.module.Modules;
  58 
  59 /**
  60  * @test
  61  * @bug 8065552
  62  * @summary test that all public fields returned by getDeclaredFields() can
  63  *          be set accessible if the right permission is granted; this test
  64  *          loads all classes and get their declared fields
  65  *          and call setAccessible(false) followed by setAccessible(true);
  66  * @modules java.base/jdk.internal.module
  67  * @run main/othervm --add-modules=ALL-SYSTEM FieldSetAccessibleTest UNSECURE
  68  * @run main/othervm --add-modules=ALL-SYSTEM FieldSetAccessibleTest SECURE
  69  *
  70  * @author danielfuchs
  71  */
  72 public class FieldSetAccessibleTest {
  73 
  74     static final List<String> cantread = new ArrayList<>();
  75     static final List<String> failed = new ArrayList<>();
  76     static final AtomicLong classCount = new AtomicLong();
  77     static final AtomicLong fieldCount = new AtomicLong();
  78     static long startIndex = 0;
  79     static long maxSize = Long.MAX_VALUE;
  80     static long maxIndex = Long.MAX_VALUE;
  81     static final ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader();
  82 
  83 
  84     // Test that all fields for any given class can be made accessibles
  85     static void testSetFieldsAccessible(Class<?> c) {
  86         Module self = FieldSetAccessibleTest.class.getModule();
  87         Module target = c.getModule();
  88         String pn = c.getPackageName();
  89         boolean exported = self.canRead(target) && target.isExported(pn, self);
  90         for (Field f : c.getDeclaredFields()) {
  91             fieldCount.incrementAndGet();
  92 
  93             // setAccessible succeeds only if it's exported and the member
  94             // is public and of a public class, or it's opened
  95             // otherwise it would fail.
  96             boolean isPublic = Modifier.isPublic(f.getModifiers()) &&
  97                 Modifier.isPublic(c.getModifiers());
  98             boolean access = (exported && isPublic) || target.isOpen(pn, self);
  99             try {
 100                 f.setAccessible(false);
 101                 f.setAccessible(true);
 102                 if (!access) {
 103                     throw new RuntimeException(
 104                         String.format("Expected InaccessibleObjectException is not thrown "
 105                                       + "for field %s in class %s%n", f.getName(), c.getName()));
 106                 }
 107             } catch (InaccessibleObjectException expected) {
 108                 if (access) {
 109                     throw new RuntimeException(expected);
 110                 }
 111             }
 112         }
 113     }
 114 
 115     // Performs a series of test on the given class.
 116     // At this time, we only call testSetFieldsAccessible(c)
 117     public static boolean test(Class<?> c, boolean addExports) {
 118         Module self = FieldSetAccessibleTest.class.getModule();
 119         Module target = c.getModule();
 120         String pn = c.getPackageName();
 121         boolean exported = self.canRead(target) && target.isExported(pn, self);
 122         if (addExports && !exported) {
 123             Modules.addExports(target, pn, self);
 124             exported = true;
 125         }
 126 
 127         classCount.incrementAndGet();
 128 
 129         // Call getDeclaredFields() and try to set their accessible flag.
 130         testSetFieldsAccessible(c);
 131 
 132         // add more tests here...
 133 
 134         return c == Class.class;
 135     }
 136 
 137     // Prints a summary at the end of the test.
 138     static void printSummary(long secs, long millis, long nanos) {
 139         System.out.println("Tested " + fieldCount.get() + " fields of "
 140                 + classCount.get() + " classes in "
 141                 + secs + "s " + millis + "ms " + nanos + "ns");
 142     }
 143 
 144 
 145     /**
 146      * @param args the command line arguments:
 147      *
 148      *     SECURE|UNSECURE [startIndex (default=0)] [maxSize (default=Long.MAX_VALUE)]
 149      *
 150      * @throws java.lang.Exception if the test fails
 151      */
 152     public static void main(String[] args) throws Exception {
 153         if (args == null || args.length == 0) {
 154             args = new String[] {"SECURE", "0"};
 155         } else if (args.length > 3) {
 156             throw new RuntimeException("Expected at most one argument. Found "
 157                     + Arrays.asList(args));
 158         }
 159         try {
 160             if (args.length > 1) {
 161                 startIndex = Long.parseLong(args[1]);
 162                 if (startIndex < 0) {
 163                     throw new IllegalArgumentException("startIndex args[1]: "
 164                             + startIndex);
 165                 }
 166             }
 167             if (args.length > 2) {
 168                 maxSize = Long.parseLong(args[2]);
 169                 if (maxSize <= 0) {
 170                     maxSize = Long.MAX_VALUE;
 171                 }
 172                 maxIndex = (Long.MAX_VALUE - startIndex) < maxSize
 173                         ? Long.MAX_VALUE : startIndex + maxSize;
 174             }
 175             TestCase.valueOf(args[0]).run();
 176         } catch (OutOfMemoryError oome) {
 177             System.err.println(classCount.get());
 178             throw oome;
 179         }
 180     }
 181 
 182     public static void run(TestCase test) {
 183         System.out.println("Testing " + test);
 184         test(listAllClassNames());
 185         System.out.println("Passed " + test);
 186     }
 187 
 188     static Iterable<String> listAllClassNames() {
 189         return new ClassNameJrtStreamBuilder();
 190     }
 191 
 192     static void test(Iterable<String> iterable) {
 193         final long start = System.nanoTime();
 194         boolean classFound = false;
 195         int index = 0;
 196         for (String s : iterable) {
 197             if (index == maxIndex) break;
 198             try {
 199                 if (index < startIndex) continue;
 200                 if (test(s, false)) {
 201                     classFound = true;
 202                 }
 203             } finally {
 204                 index++;
 205             }
 206         }
 207 
 208         // Re-test with all packages exported
 209         for (String s : iterable) {
 210             test(s, true);
 211         }
 212 
 213         classCount.set(classCount.get() / 2);
 214         fieldCount.set(fieldCount.get() / 2);
 215         long elapsed = System.nanoTime() - start;
 216         long secs = elapsed / 1000_000_000;
 217         long millis = (elapsed % 1000_000_000) / 1000_000;
 218         long nanos  = elapsed % 1000_000;
 219         System.out.println("Unreadable path elements: " + cantread);
 220         System.out.println("Failed path elements: " + failed);
 221         printSummary(secs, millis, nanos);
 222 
 223         if (!failed.isEmpty()) {
 224             throw new RuntimeException("Test failed for the following classes: " + failed);
 225         }
 226         if (!classFound && startIndex == 0 && index < maxIndex) {
 227             // this is just to verify that we have indeed parsed rt.jar
 228             // (or the java.base module)
 229             throw  new RuntimeException("Test failed: Class.class not found...");
 230         }
 231         if (classCount.get() == 0 && startIndex == 0) {
 232             throw  new RuntimeException("Test failed: no class found?");
 233         }
 234     }
 235 
 236     static boolean test(String s, boolean addExports) {
 237         String clsName = s.replace('/', '.').substring(0, s.length() - 6);
 238         try {
 239             System.out.println("Loading " + clsName);
 240             final Class<?> c = Class.forName(
 241                     clsName,
 242                     false,
 243                     systemClassLoader);
 244             return test(c, addExports);
 245         } catch (VerifyError ve) {
 246             System.err.println("VerifyError for " + clsName);
 247             ve.printStackTrace(System.err);
 248             failed.add(s);
 249         } catch (Exception t) {
 250             t.printStackTrace(System.err);
 251             failed.add(s);
 252         } catch (NoClassDefFoundError e) {
 253             e.printStackTrace(System.err);
 254             failed.add(s);
 255         }
 256         return false;
 257     }
 258 
 259     static class ClassNameJrtStreamBuilder implements Iterable<String>{
 260 
 261         final FileSystem jrt;
 262         final Path root;
 263         final Set<String> modules;
 264         ClassNameJrtStreamBuilder() {
 265             jrt = FileSystems.getFileSystem(URI.create("jrt:/"));
 266             root = jrt.getPath("/modules");
 267             modules = systemModules();
 268         }
 269 
 270         @Override
 271         public Iterator<String> iterator() {
 272             try {
 273                 return Files.walk(root)
 274                         .filter(p -> p.getNameCount() > 2)
 275                         .filter(p -> modules.contains(p.getName(1).toString()))
 276                         .map(p -> p.subpath(2, p.getNameCount()))
 277                         .map(p -> p.toString())
 278                         .filter(s -> s.endsWith(".class") && !s.endsWith("module-info.class"))
 279                     .iterator();
 280             } catch(IOException x) {
 281                 throw new UncheckedIOException("Unable to walk \"/modules\"", x);
 282             }
 283         }
 284 
 285         /*
 286          * Filter deployment modules
 287          */
 288         static Set<String> systemModules() {
 289             return ModuleFinder.ofSystem().findAll().stream()
 290                                .map(mref -> mref.descriptor().name())
 291                                .filter(mn -> !mn.contains("deploy") &&
 292                                              !mn.contains("plugin") &&
 293                                              !mn.contains("javaws"))
 294                                .collect(Collectors.toSet());
 295         }
 296     }
 297 
 298     // Test with or without a security manager
 299     public static enum TestCase {
 300         UNSECURE, SECURE;
 301         public void run() throws Exception {
 302             System.out.println("Running test case: " + name());
 303             Configure.setUp(this);
 304             FieldSetAccessibleTest.run(this);
 305         }
 306     }
 307 
 308     // A helper class to configure the security manager for the test,
 309     // and bypass it when needed.
 310     static class Configure {
 311         static Policy policy = null;
 312         static final ThreadLocal<AtomicBoolean> allowAll = new ThreadLocal<AtomicBoolean>() {
 313             @Override
 314             protected AtomicBoolean initialValue() {
 315                 return  new AtomicBoolean(false);
 316             }
 317         };
 318         static void setUp(TestCase test) {
 319             switch (test) {
 320                 case SECURE:
 321                     if (policy == null && System.getSecurityManager() != null) {
 322                         throw new IllegalStateException("SecurityManager already set");
 323                     } else if (policy == null) {
 324                         policy = new SimplePolicy(TestCase.SECURE, allowAll);
 325                         Policy.setPolicy(policy);
 326                         System.setSecurityManager(new SecurityManager());
 327                     }
 328                     if (System.getSecurityManager() == null) {
 329                         throw new IllegalStateException("No SecurityManager.");
 330                     }
 331                     if (policy == null) {
 332                         throw new IllegalStateException("policy not configured");
 333                     }
 334                     break;
 335                 case UNSECURE:
 336                     if (System.getSecurityManager() != null) {
 337                         throw new IllegalStateException("SecurityManager already set");
 338                     }
 339                     break;
 340                 default:
 341                     throw new InternalError("No such testcase: " + test);
 342             }
 343         }
 344         static void doPrivileged(Runnable run) {
 345             allowAll.get().set(true);
 346             try {
 347                 run.run();
 348             } finally {
 349                 allowAll.get().set(false);
 350             }
 351         }
 352     }
 353 
 354     // A Helper class to build a set of permissions.
 355     static final class PermissionsBuilder {
 356         final Permissions perms;
 357         public PermissionsBuilder() {
 358             this(new Permissions());
 359         }
 360         public PermissionsBuilder(Permissions perms) {
 361             this.perms = perms;
 362         }
 363         public PermissionsBuilder add(Permission p) {
 364             perms.add(p);
 365             return this;
 366         }
 367         public PermissionsBuilder addAll(PermissionCollection col) {
 368             if (col != null) {
 369                 for (Enumeration<Permission> e = col.elements(); e.hasMoreElements(); ) {
 370                     perms.add(e.nextElement());
 371                 }
 372             }
 373             return this;
 374         }
 375         public Permissions toPermissions() {
 376             final PermissionsBuilder builder = new PermissionsBuilder();
 377             builder.addAll(perms);
 378             return builder.perms;
 379         }
 380     }
 381 
 382     // Policy for the test...
 383     public static class SimplePolicy extends Policy {
 384 
 385         final Permissions permissions;
 386         final Permissions allPermissions;
 387         final ThreadLocal<AtomicBoolean> allowAll;
 388         public SimplePolicy(TestCase test, ThreadLocal<AtomicBoolean> allowAll) {
 389             this.allowAll = allowAll;
 390 
 391             // Permission needed by the tested code exercised in the test
 392             permissions = new Permissions();
 393             permissions.add(new RuntimePermission("fileSystemProvider"));
 394             permissions.add(new RuntimePermission("createClassLoader"));
 395             permissions.add(new RuntimePermission("closeClassLoader"));
 396             permissions.add(new RuntimePermission("getClassLoader"));
 397             permissions.add(new RuntimePermission("accessDeclaredMembers"));
 398             permissions.add(new RuntimePermission("accessSystemModules"));
 399             permissions.add(new ReflectPermission("suppressAccessChecks"));
 400             permissions.add(new PropertyPermission("*", "read"));
 401             permissions.add(new FilePermission("<<ALL FILES>>", "read"));
 402 
 403             // these are used for configuring the test itself...
 404             allPermissions = new Permissions();
 405             allPermissions.add(new java.security.AllPermission());
 406         }
 407 
 408         @Override
 409         public boolean implies(ProtectionDomain domain, Permission permission) {
 410             if (allowAll.get().get()) return allPermissions.implies(permission);
 411             if (permissions.implies(permission)) return true;
 412             if (permission instanceof java.lang.RuntimePermission) {
 413                 if (permission.getName().startsWith("accessClassInPackage.")) {
 414                     // add these along to the set of permission we have, when we
 415                     // discover that we need them.
 416                     permissions.add(permission);
 417                     return true;
 418                 }
 419             }
 420             return false;
 421         }
 422 
 423         @Override
 424         public PermissionCollection getPermissions(CodeSource codesource) {
 425             return new PermissionsBuilder().addAll(allowAll.get().get()
 426                     ? allPermissions : permissions).toPermissions();
 427         }
 428 
 429         @Override
 430         public PermissionCollection getPermissions(ProtectionDomain domain) {
 431             return new PermissionsBuilder().addAll(allowAll.get().get()
 432                     ? allPermissions : permissions).toPermissions();
 433         }
 434     }
 435 
 436 }
--- EOF ---