1 /* 2 * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 8055206 27 * @summary Check that various restricted packages that are supposed to be 28 * restricted by default or are listed in the package.access 29 * property in the java.security file are blocked 30 * @modules java.xml.ws java.corba 31 * @run main/othervm CheckPackageAccess 32 */ 33 34 import java.lang.module.ModuleFinder; 35 import java.lang.module.ModuleReference; 36 import java.lang.reflect.Layer; 37 import java.util.Arrays; 38 import java.util.List; 39 import java.util.Optional; 40 41 public class CheckPackageAccess { 42 43 private static final SecurityManager sm = new SecurityManager(); 44 private static final ModuleFinder mf = ModuleFinder.ofSystem(); 45 private static final String MODULE_TEXT = "Testing module: %1$s. Module is%2$s present."; 46 47 /* 48 * The expected list of restricted packages of the package.access property. 49 * 50 * This array should be updated whenever new packages are added to the 51 * package.access property in the java.security file 52 * NOTE: it should be in the same order as the java.security file 53 */ 54 private static final String[] EXPECTED = { 55 "sun.misc.", 56 "sun.reflect.", 57 }; 58 59 /** 60 * Tests access to various packages of a module. 61 */ 62 private static class Test { 63 String moduleName; // name of module 64 ModuleReference moduleRef; // module reference 65 String exports; // exported pkg 66 Optional<String> opens; // opened pkg 67 String conceals; // concealed pkg 68 Optional<String> qualExports; // qualified export pkg 69 Optional<String> qualOpens; // qualified open pkg 70 // qual open and non-qualified export pkg 71 Optional<String> qualOpensAndExports; 72 Test(String module, String exports, String opens, String conceals, 73 String qualExports, String qualOpens, String qualOpensAndExports) { 74 this.moduleName = module; 75 this.moduleRef = mf.find(moduleName).get(); 76 this.exports = exports; 77 this.opens = Optional.ofNullable(opens); 78 this.conceals = conceals; 79 this.qualExports = Optional.ofNullable(qualExports); 80 this.qualOpens = Optional.ofNullable(qualOpens); 81 this.qualOpensAndExports = Optional.ofNullable(qualOpensAndExports); 82 } 83 84 void test() { 85 final boolean isModulePresent = Layer.boot().findModule(moduleName).isPresent(); 86 System.out.println(String.format(MODULE_TEXT, moduleName, isModulePresent ? "" : " NOT")); 87 88 if (isModulePresent) { 89 90 // access to exported pkg should pass 91 testNonRestricted(exports); 92 93 // access to opened pkg should pass 94 opens.ifPresent(Test::testNonRestricted); 95 96 // access to concealed pkg should fail 97 testRestricted(conceals); 98 99 // access to qualified export pkg should fail 100 qualExports.ifPresent(Test::testRestricted); 101 102 // access to qualified open pkg should fail 103 qualOpens.ifPresent(Test::testRestricted); 104 105 // access to qualified opened pkg that is also exported should pass 106 qualOpensAndExports.ifPresent(Test::testNonRestricted); 107 } else { 108 System.out.println("Skipping tests for module."); 109 } 110 } 111 112 private static void testRestricted(String pkg) { 113 try { 114 sm.checkPackageAccess(pkg); 115 throw new RuntimeException("Able to access restricted package: " 116 + pkg); 117 } catch (SecurityException se) {} 118 try { 119 sm.checkPackageDefinition(pkg); 120 throw new RuntimeException("Able to access restricted package: " 121 + pkg); 122 } catch (SecurityException se) {} 123 } 124 125 private static void testNonRestricted(String pkg) { 126 try { 127 sm.checkPackageAccess(pkg); 128 } catch (SecurityException se) { 129 throw new RuntimeException("Unable to access exported package: " 130 + pkg, se); 131 } 132 try { 133 sm.checkPackageDefinition(pkg); 134 } catch (SecurityException se) { 135 throw new RuntimeException("Unable to access exported package: " 136 + pkg, se); 137 } 138 } 139 } 140 141 private static final Test[] tests = new Test[] { 142 // java.base module loaded by boot loader 143 new Test("java.base", "java.security", null, "jdk.internal.jrtfs", 144 "jdk.internal.loader", null, null), 145 // java.desktop module loaded by boot loader and has an openQual pkg 146 // that is exported 147 new Test("java.desktop", "java.applet", null, "sun.applet", 148 "sun.awt", null, "javax.swing.plaf.basic"), 149 // java.security.jgss module loaded by platform loader 150 new Test("java.security.jgss", "org.ietf.jgss", null, 151 "sun.security.krb5.internal.crypto", "sun.security.krb5", 152 null, null), 153 // java.xml.ws module loaded by platform loader but needs to be added 154 // and has an openQual pkg that is exported 155 new Test("java.xml.ws", "javax.xml.soap", null, 156 "com.sun.xml.internal.stream.buffer", 157 "com.sun.xml.internal.ws.api", null, 158 "javax.xml.ws.wsaddressing"), 159 // java.xml.ws module loaded by platform loader but needs to be added 160 // and has an openQual pkg 161 new Test("java.corba", "javax.rmi", null, "sun.corba", 162 "com.sun.corba.se.impl.util", "com.sun.jndi.cosnaming", null), 163 }; 164 165 public static void main(String[] args) throws Exception { 166 167 // check expected list of restricted packages in java.security file 168 checkPackages(Arrays.asList(EXPECTED)); 169 170 // check access to each module's packages 171 for (Test test : tests) { 172 test.test(); 173 } 174 175 System.out.println("Test passed"); 176 } 177 178 private static void checkPackages(List<String> pkgs) { 179 for (String pkg : pkgs) { 180 try { 181 sm.checkPackageAccess(pkg); 182 throw new RuntimeException("Able to access " + pkg + 183 " package"); 184 } catch (SecurityException se) { } 185 try { 186 sm.checkPackageDefinition(pkg); 187 throw new RuntimeException("Able to define class in " + pkg + 188 " package"); 189 } catch (SecurityException se) { } 190 String subpkg = pkg + "foo"; 191 try { 192 sm.checkPackageAccess(subpkg); 193 throw new RuntimeException("Able to access " + subpkg + 194 " package"); 195 } catch (SecurityException se) { } 196 try { 197 sm.checkPackageDefinition(subpkg); 198 throw new RuntimeException("Able to define class in " + 199 subpkg + " package"); 200 } catch (SecurityException se) { } 201 } 202 } 203 }