RFR 8168091: jlink should check security permission early when programmatic access is used

Mandy Chung mandy.chung at oracle.com
Tue Oct 18 16:31:59 UTC 2016 

+1

Mandy

> On Oct 18, 2016, at 9:28 AM, Sundararajan Athijegannathan <sundararajan.athijegannathan at oracle.com> wrote:
> 
> Okay, removed shell script and using a security policy. Rest of the stuff is same as previous webrev.
> 
> http://cr.openjdk.java.net/~sundar/8168091/webrev.02/
> 
> -Sundar
> 
> On 18/10/16, 7:40 PM, Mandy Chung wrote:
>> When policy tag is set, jtreg will generate the policy for the test to include the policy for jtreg.  Since the test does not set it, maybe jtreg does not generate it (sounds like a bug).  What is -Djava.security.policy set to in the jtreg test log?
>> 
>> This may be a possible workaround:
>>  @run main/othervm -Djava.security.manager JLinkToolProviderTest
>> 
>> Otherwise, the change looks good.
>> 
>> Mandy
>> 
>>> On Oct 17, 2016, at 10:26 PM, Sundararajan Athijegannathan<sundararajan.athijegannathan at oracle.com>  wrote:
>>> 
>>> Hi,
>>> 
>>> Thanks for your review. I've updated webrev with jdk.tools.jlink ->  jdk.tools.jlink.internal refactoring. But, when I attempted to get rid of shell script in the test with your suggestion, I got:
>>> 
>>> Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/SATHIJEG/src/jdk9-dev/jdk/test/tools/jlink/JTwork/tools/jlink/JLinkToolProviderTest.d/main.0.jta" "read")
>>> 	at java.security.AccessControlContext.checkPermission(
>>> java.base at 9-internal/AccessControlContext.java:471
>>> )
>>> 	at java.security.AccessController.checkPermission(
>>> java.base at 9-internal/AccessController.java:894
>>> )
>>> 	at java.lang.SecurityManager.checkPermission(
>>> java.base at 9-internal/SecurityManager.java:548
>>> )
>>> 	at java.lang.SecurityManager.checkRead(
>>> java.base at 9-internal/SecurityManager.java:887
>>> )
>>> 	at java.io.FileInputStream.<init>(
>>> java.base at 9-internal/FileInputStream.java:127
>>> )
>>> 	at java.io.FileInputStream.<init>(
>>> java.base at 9-internal/FileInputStream.java:93
>>> )
>>> 	at java.io.FileReader.<init>(
>>> java.base at 9-internal/FileReader.java:58
>>> )
>>> 	at com.sun.javatest.regtest.agent.MainWrapper.main(MainWrapper.java:46)
>>> 
>>> 
>>> Looks like I've to give AllPermission to all code in jtreg itself and leave the test only as sandbox! =>  I've to have use a complicated policy file. Shell script avoids all that..
>>> 
>>> Updated webrev: http://cr.openjdk.java.net/~sundar/8168091/webrev.01/
>>> 
>>> Thanks,
>>> -Sundar
>>> 
>>> On 18/10/16, 3:33 AM, Mandy Chung wrote:
>>>>> On Oct 17, 2016, at 10:23 AM, Sundararajan Athijegannathan<sundararajan.athijegannathan at oracle.com>
>>>>>  wrote:
>>>>> 
>>>>> Please review
>>>>> http://cr.openjdk.java.net/~sundar/8168091/webrev.00/
>>>>>  for
>>>>> 
>>>>> https://bugs.openjdk.java.net/browse/JDK-8168091
>>>> The shell test can be removed and use
>>>>    @run main/othervm/secure=java.lang.SecurityManager
>>>> 
>>>> You may want to move the classes in jdk.tools.jlink package to jdk.tools.jlink.internal since they are now internal.
>>>> 
>>>> Mandy
>>>>

More information about the jigsaw-dev mailing list