RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests

Frank Yuan frank.yuan at oracle.com
Fri Jul 22 09:15:35 UTC 2016 

Hi Daniel

Thank you very much for your review and the comments!

> -----Original Message-----
> From: Daniel Fuchs [mailto:daniel.fuchs at oracle.com]
> Subject: Re: RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests
> 
> Hi Frank,
> 
> I see that in order to be able to run the tests, you were forced
> to add a few permissions that the test/test infrastructure need
> to setup things:
> 
>   107         addPermission(new SecurityPermission("getPolicy"));
>   108         addPermission(new SecurityPermission("setPolicy"));
>   109         addPermission(new RuntimePermission("getClassLoader"));
>   110         addPermission(new RuntimePermission("createClassLoader"));
>   111         addPermission(new RuntimePermission("setSecurityManager"));
>   112         addPermission(new RuntimePermission("createSecurityManager"));
>   113         addPermission(new RuntimePermission("modifyThread"));
>   114         addPermission(new PropertyPermission("*", "read, write"));
>   115         addPermission(new ReflectPermission("suppressAccessChecks"));
>   116         addPermission(new RuntimePermission("setIO"));
>   117         addPermission(new RuntimePermission("setContextClassLoader"));
>   118         addPermission(new RuntimePermission("accessDeclaredMembers"));
> 
> These are quite powerful permissions, and adding them by default
> also means that you might miss a bug - if e.g. a doPrivileged is
> missing somewhere in the JAXP code when jaxp tries to e.g. get/create
> a classloader, or read a system property, you might not see
> it.
Yes, I agree completely. I would control the permission assignment more tightly:
1. only allow the following necessary permissions in default:
    addPermission(new SecurityPermission("getPolicy"));
    addPermission(new SecurityPermission("setPolicy"));
    addPermission(new RuntimePermission("setSecurityManager"));
2. other permissions in current default set are commonly used for the tests, so I would add more Policy classes like existing
FilePolicy, etc.  
  //ClassLoaderPolicy, an individual test may only require some of them, but I would put them in only one class if you agree   
    addPermission(new RuntimePermission("getClassLoader"));
    addPermission(new RuntimePermission("createClassLoader"));
    addPermission(new RuntimePermission("setContextClassLoader"));

  // PropertyPolicy, there are various properties needed by the tests, I would not classify them further...  
    addPermission(new PropertyPermission("*", "read, write"));

  //Reflection permissions, jtreg may require them in deed, so I may add them in default set
    addPermission(new ReflectPermission("suppressAccessChecks"));
    addPermission(new RuntimePermission("accessDeclaredMembers"));

  //other permissions are used in less tests, I may use tryRunWithTmpPermission instead of Policy class
    addPermission(new RuntimePermission("setIO"));
    addPermission(new RuntimePermission("createSecurityManager"));
    addPermission(new RuntimePermission("modifyThread"));

How about you think?

> 
> I had a similar issue when writing logging test, were I wanted
> to temporarily disable permission checking in the middle of a test
> to perform an infrastructure configuration.
> 
> So what I did is use an ThreadLocal<AtomicBoolean> to temporarily
> disable permission checking - which allows me in my tests to do things
> like:
> 
> boolean before = allowAll.get().get();
> allowAll.get().set(true);
> try {
>     do something that requires a permission
> } finally {
>     allowAll.get().set(before);
> }
> 
JAXPTestUtilities.tryRunWithTmpPermission is similar with this, see the example:
http://cr.openjdk.java.net/~fyuan/8067170/webrev.01/test/javax/xml/jaxp/unittest/stream/XMLEventReaderTest/Bug6555001.java.sdiff.htm
l

> My implementation of Policy::implies also checks for
> 
> if (allowAll.get().get()) return true;
> 
> This allows me to control more tightly the set of permissions
> I want my test to run under, while still being able to
> perform any action I want to set up things without having
> to give the same permission to all.
> 
> Hope this helps,
> 
> -- daniel
> 
> 
> 
> On 22/07/16 07:59, Frank Yuan wrote:
> > According to Amy's suggestion, re-generate a webrev http://cr.openjdk.java.net/~fyuan/8067170/webrev.01/ as well as fix some
issues,
> > please check.
> >
> > Thanks
> > Frank
> >
> >> -----Original Message-----
> >> From: Amy Lu [mailto:amy.lu at oracle.com]
> >> Sent: Monday, July 18, 2016 5:42 PM
> >> To: Frank Yuan; 'core-libs-dev'
> >> Subject: Re: RFR (JAXP) JDK-8067170: Enable security manager on JAXP unit tests
> >>
> >> On 7/18/16 5:32 PM, Frank Yuan wrote:
> >>> Btw, I moved internaltest into unittest because it's unnecessary to separate them.
> >>
> >> Maybe you'd like to regenerate the webrev with hg move for those files?
> >>
> >> Thanks,
> >> Amy
> >
> >

More information about the core-libs-dev mailing list