[9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization

Sean Mullan sean.mullan at oracle.com
Thu Feb 9 12:50:06 UTC 2017


On 2/9/17 2:45 AM, Sibabrata Sahoo wrote:
> Hi Sean,
>
> Here is the updated webrev: http://cr.openjdk.java.net/~ssahoo/8168423/webrev.02/
>
> The only change between the previous is,
>
> The bugid is reverted back from 8168075 to 8168423. The reason is it fails jcheck with the following message,
> remote: Bugid 8168075 already used in this repository, in revision 16548

Ok.

> Regarding the following comment on " grant codeBase "file:./jars/*" ", we have already discussed and we are fine here to not make any change.

Yes.

Looks good to push.

--Sean

>
> Thanks,
> Siba
>
> -----Original Message-----
> From: Sean Mullan
> Sent: Wednesday, February 08, 2017 10:00 PM
> To: Sibabrata Sahoo; Adam Petcher; security-dev at openjdk.java.net
> Subject: Re: [9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization
>
> On 2/7/17 4:26 AM, Sibabrata Sahoo wrote:
>> Hi Sean,
>>
>> Please find the updated webrev at:
>> http://cr.openjdk.java.net/~ssahoo/8168075/webrev.01/
>>
>> It includes the following changes,
>> 1) valid.policy, uses 'grant codebase "executable jar path"'.
>
> Hmm, the use of '.' in the codebase URL is probably not good practice here and I'm a little concerned it may not always work. Try this instead:
>
> grant codeBase "file:${test.classes}/-"
>
> A trailing "/-" matches all files (both class and JAR files) in the directory and recursively all files in subdirectories contained in that directory.
>
> --Sean
>
>> 2) In ClassLoaderTest.java, @bug renamed from 8168423 to 8168075.
>> 3) In ClassLoaderTest.java, the code comments has been removed from @summary section. But it retains the same at line: 91-102.
>>
>> Thanks,
>> Siba
>>
>> -----Original Message-----
>> From: Sean Mullan
>> Sent: Friday, January 27, 2017 12:07 AM
>> To: Sibabrata Sahoo; Adam Petcher; security-dev at openjdk.java.net
>> Subject: Re: [9] RFR: 8168423: Test Task: Custom system class loader +
>> security manager + malformed policy file = recursive initialization
>>
>> Hi Siba,
>>
>> In valid.policy, use 'grant codeBase "file:${test.classes}/*"' so that only the tests are granted the needed permissions.
>>
>> In  ClassLoaderTest.java, the @bug should be 8168075. Also, the @summary contains a bunch of lines (29-39) that should probably just be code comments.
>>
>> Seems fine otherwise.
>>
>> --Sean
>>
>>
>> On 1/11/17 10:33 AM, Sibabrata Sahoo wrote:
>>> Hi Adam/Sean,
>>>
>>>
>>>
>>> This patch is waiting for your review.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Siba
>>>
>>>
>>>
>>> *From:*Sibabrata Sahoo
>>> *Sent:* Friday, December 02, 2016 6:56 PM
>>> *To:* Sean Mullan; security-dev at openjdk.java.net
>>> *Subject:* [9] RFR: 8168423: Test Task: Custom system class loader +
>>> security manager + malformed policy file = recursive initialization
>>>
>>>
>>>
>>> Hi,
>>>
>>>
>>>
>>> Please review the patch for,
>>>
>>>
>>>
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8168423
>>>
>>> Webrev: http://cr.openjdk.java.net/~ssahoo/8168423/webrev.00/
>>>
>>>
>>>
>>> Description:
>>>
>>> This webrev address all possible cases for Classloader with
>>> SecurityManager having combination of valid/malformed policy file.
>>> This Test is going to fail until JDK-8168075 get fixed. In the mean
>>> time, it can be used to verify the fix for JDK-8168075.
>>>
>>>
>>>
>>> Here is the generic Logic behind generating all possible Test cases
>>> with different combination of policy file, class loader and module types.
>>>
>>> for(policyFile : {"NO_POLICY", "VALID", "MALFORMED"}) {
>>>
>>>     for(classLoader : {"SystemClassLoader", "CustomClassLoader"}){
>>>
>>>        // It uses possible set of regular/modular jars to generate
>>> all possible Test cases in -cp and -module-path.
>>>
>>>         for(clientModuletype : {"STRICT", "AUTO", "UNKNOWN"}) {
>>>
>>>             for(classLoaderModuleType : {"STRICT", "AUTO",
>>> "UNKNOWN"}) {
>>>
>>>                  Create and run java command line for each possible
>>> Test cases and verify result.
>>>
>>>             }
>>>
>>>         }
>>>
>>>     }
>>>
>>> }
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Siba
>>>
>>>
>>>



More information about the security-dev mailing list