RFR: JDK-8288475: Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed
Johannes Kuhn
jkuhn at openjdk.org
Fri Jun 17 03:47:49 UTC 2022
On Thu, 16 Jun 2022 17:43:19 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> * This adds additional permissions to the jdk.random module (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
>> * The annotations of the provider classes are now parsed early.
>> This avoids putting the parts that can trigger the parsing into an `AccessController.doPrivileged()` block.
>> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will only return `RandomGenerator`s that are loaded by a system domain loader.
>> This avoids parsing annotations of user classes from a privileged context.
>
> test/jdk/java/util/Random/SecurityManagerFactory.java line 2:
>
>> 1: /*
>> 2: * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
>
> Update year to 2022.
Will fix.
> test/jdk/java/util/Random/SecurityManagerFactory.java line 29:
>
>> 27: * @summary Checks if the random factory providers can be loaded when a SecurityManager is active
>> 28: * @bug 8288475
>> 29: * @run main/othervm/policy=java.policy -Djava.security.manager SecurityManagerFactory
>
> You should not need to specify the `java.security.manager` system property as the jtreg `policy` tag will automatically run it under a SecurityManager.
Thanks, was not aware of that
> test/jdk/java/util/Random/SecurityManagerFactory.java line 34:
>
>> 32: public class SecurityManagerFactory {
>> 33: public static void main(String[] args) {
>> 34: RandomGeneratorFactory.all().toList();
>
> Should you also check what `RandomGenerator`s are returned when an SM is enabled to make sure it is ok?
As long as it doesn't throw it's ok.
-------------
PR: https://git.openjdk.org/jdk/pull/9180
More information about the security-dev
mailing list