RFR: JDK-8288475: Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed

Sean Mullan mullan at openjdk.org
Thu Jun 16 17:54:58 UTC 2022


On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jkuhn at openjdk.org> wrote:

> * This adds additional permissions to the jdk.random module (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
> * The annotations of the provider classes are now parsed early.  
>   This avoids putting the parts that can trigger the parsing into an `AccessController.doPrivileged()` block.
> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will only return `RandomGenerator`s that are loaded by a system domain loader.  
>   This avoids parsing annotations of user classes from a privileged context.

test/jdk/java/util/Random/SecurityManagerFactory.java line 2:

> 1: /*
> 2:  * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.

Update year to 2022.

test/jdk/java/util/Random/SecurityManagerFactory.java line 29:

> 27:  * @summary Checks if the random factory providers can be loaded when a SecurityManager is active
> 28:  * @bug 8288475
> 29:  * @run main/othervm/policy=java.policy -Djava.security.manager SecurityManagerFactory

You should not need to specify the `java.security.manager` system property as the jtreg `policy` tag will automatically run it under a SecurityManager.

test/jdk/java/util/Random/SecurityManagerFactory.java line 34:

> 32: public class SecurityManagerFactory {
> 33:     public static void main(String[] args) {
> 34:         RandomGeneratorFactory.all().toList();

Should you also check what `RandomGenerator`s are returned when an SM is enabled to make sure it is ok?

-------------

PR: https://git.openjdk.org/jdk/pull/9180


More information about the security-dev mailing list