/** * Prints warning message if installed Policy is the default Policy * implementation and globally granted permissions do not include * AllPermission or any ExecPermissions/ExecOptionPermissions. */ static void checkConfiguration() { Policy policy = AccessController.doPrivileged(new PrivilegedAction<Policy>() { public Policy run() { return Policy.getPolicy(); } }); if (!(policy instanceof PolicyFile)) { return; } PermissionCollection perms = getExecPermissions(); for (Enumeration<Permission> e = perms.elements(); e.hasMoreElements();) { Permission p = e.nextElement(); if (p instanceof AllPermission || p instanceof ExecPermission || p instanceof ExecOptionPermission) { return; } } System.err.println(getTextResource("rmid.exec.perms.inadequate")); }
private static void checkPerm(PolicyFile p, ProtectionDomain pd) throws Exception { boolean foundIt = false; Enumeration perms = p.getPermissions(pd).elements(); while (perms.hasMoreElements()) { Permission perm = (Permission)perms.nextElement(); if (!(perm instanceof AllPermission)) { throw new SecurityException("expected AllPermission"); } else { foundIt = true; } } if (!foundIt) { throw new SecurityException("expected AllPermission"); } }
/** * Security is enabled, extension function not allowed */ public void testExtFuncNotAllowed() { Policy p = new SimplePolicy(new AllPermission()); Policy.setPolicy(p); System.setSecurityManager(new SecurityManager()); TransformerFactory factory = TransformerFactory.newInstance(); try { transform(factory); } catch (TransformerConfigurationException e) { fail(e.getMessage()); } catch (TransformerException ex) { //expected since extension function is disallowed System.out.println("testExtFuncNotAllowed: OK"); } finally { System.setSecurityManager(null); } }
/** * Security is enabled, extension function not allowed */ public void testExtFuncNotAllowed() { Policy p = new SimplePolicy(new AllPermission()); Policy.setPolicy(p); System.setSecurityManager(new SecurityManager()); try { evaluate(false); } catch (XPathFactoryConfigurationException e) { fail(e.getMessage()); } catch (XPathExpressionException ex) { //expected since extension function is disallowed System.out.println("testExtFuncNotAllowed: OK"); } finally { System.setSecurityManager(null); } }
@Test public void testValidation_SAX_withSM() { System.out.println("Validation using SAX Source with security manager:"); System.setProperty(SAX_FACTORY_ID, "MySAXFactoryImpl"); Permissions granted = new java.security.Permissions(); granted.add(new AllPermission()); System.setSecurityManager(new MySM(granted)); try { SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); // should not allow factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { Assert.fail("should not override in secure mode"); } } catch (Exception e) { Assert.fail(e.getMessage()); } finally { System.clearProperty(SAX_FACTORY_ID); System.setSecurityManager(null); } System.setSecurityManager(null); }
@Test(enabled=false) //skipped due to bug JDK-8080097 public void testTransform_DOM_withSM() { System.out.println("Transform using DOM Source; Security Manager is set:"); Permissions granted = new java.security.Permissions(); granted.add(new AllPermission()); System.setSecurityManager(new MySM(granted)); System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); try { TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", TransformerFactory.class.getClassLoader()); factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { Assert.fail("should not override in secure mode"); } } catch (Exception e) { Assert.fail(e.getMessage()); } finally { System.clearProperty(DOM_FACTORY_ID); System.setSecurityManager(null); } System.clearProperty(DOM_FACTORY_ID); }
@Test public void testXPath_DOM_withSM() { System.out.println("Evaluate DOM Source; Security Manager is set:"); Permissions granted = new java.security.Permissions(); granted.add(new AllPermission()); System.setSecurityManager(new MySM(granted)); System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl"); try { XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom", "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null); xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true); if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) { Assert.fail("should not override in secure mode"); } } catch (Exception e) { Assert.fail(e.getMessage()); } finally { System.clearProperty(DOM_FACTORY_ID); System.setSecurityManager(null); } System.clearProperty(DOM_FACTORY_ID); }
/** * Returns a KeyStore corresponding to the appropriate level level (user or * system) and type. * * @param level whether the KeyStore desired is a user-level or system-level * KeyStore * @param type the type of KeyStore desired * @param create true if keystore can be created * @return a KeyStore containing certificates from the appropriate */ public static final KeyStore getKeyStore(Level level, Type type, boolean create) { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new AllPermission()); } String location = getKeyStoreLocation(level, type).getFullPath(); KeyStore ks = null; try { ks = createKeyStoreFromFile(new File(location), create); //hashcode is used instead of instance so when no references are left //to keystore, then this will not be blocker for garbage collection keystoresPaths.put(ks.hashCode(),location); } catch (Exception e) { OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e); } return ks; }
/** * @return a PermissionCollection containing the basic * permissions granted depending on the security type. * * @param cs the CodeSource to get permissions for */ public PermissionCollection getPermissions(CodeSource cs) { PermissionCollection permissions = getSandBoxPermissions(); // discard sandbox, give all if (ALL_PERMISSIONS.equals(type)) { permissions = new Permissions(); if (customTrustedPolicy == null) { permissions.add(new AllPermission()); return permissions; } else { return customTrustedPolicy.getPermissions(cs); } } // add j2ee to sandbox if needed if (J2EE_PERMISSIONS.equals(type)) for (Permission j2eePermission : j2eePermissions) { permissions.add(j2eePermission); } return permissions; }
/** * Decrements loader use count by 1 * * If count reaches 0, loader is removed from list of available loaders * * @throws SecurityException if caller is not trusted */ public void decrementLoaderUseCount() { // For use by trusted code only if (System.getSecurityManager() != null) System.getSecurityManager().checkPermission(new AllPermission()); String uniqueKey = file.getUniqueKey(); // NB: There will only ever be one class-loader per unique-key synchronized ( getUniqueKeyLock(uniqueKey) ) { useCount--; if (useCount <= 0) { uniqueKeyToLoader.remove(uniqueKey); } } }
@Test public void test02Data() { final String INVALID_BUNDLE_PATH = "invalidBundleData02.jar"; final String FORMATED_INVALID_BUNDLE_PATH = "file:" + INVALID_BUNDLE_PATH; Bundle bundle = FrameworkUtil.getBundle(Data02Test.class); BundleContext ctx = bundle.getBundleContext(); try { System.getSecurityManager().checkPermission(new AllPermission()); assertTrue(INVALID_BUNDLE_PATH + " was not found", new File(INVALID_BUNDLE_PATH).exists()); ctx.installBundle(FORMATED_INVALID_BUNDLE_PATH).start(); } catch (BundleException e) { fail("[FAIL] Bundle with non ASCII character in its manifest file has created an BundleException : " + e.getMessage()); //Nevertheless with this method, invalidBundle is still present on the platform in installed state } }
public PermissionCollection getPermissions(CodeSource codesource) { // contract of getPermissions() methods is to return a _mutable_ PermissionCollection Permissions perms = new Permissions(); if (codesource == null || codesource.getLocation() == null) return perms; switch (codesource.getLocation().getProtocol()) { case "file": // All JARs and class files reside on the file system - we can safely // assume that these classes are "good". perms.add(new AllPermission()); return perms; } return perms; }
/** * @tests java.security.AllPermission#AllPermission(java.lang.String, * java.lang.String) */ @TestTargetNew( level = TestLevel.PARTIAL, notes = "Null/empty parameters checking missed", method = "AllPermission", args = {java.lang.String.class, java.lang.String.class} ) public void test_ConstructorLjava_lang_StringLjava_lang_String() { // Test for method java.security.AllPermission(java.lang.String, // java.lang.String) AllPermission ap = new AllPermission("Don't remember this stupid name", "or this action"); assertEquals("Bogus name for AllPermission \"" + ap.getName() + "\".", "<all permissions>", ap.getName()); assertEquals( "AllPermission constructed with actions didn't ignore them.", "<all actions>", ap.getActions()); }
/** * @tests java.security.AllPermission#hashCode() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "hashCode", args = {} ) public void test_hashCode() { final int ALLPERMISSION_HASH = 1; // Test for method int java.security.AllPermission.hashCode() AllPermission TestAllPermission = new AllPermission(); assertTrue("AllPermission hashCode is wrong. Should have been " + ALLPERMISSION_HASH + " but was " + TestAllPermission.hashCode(), TestAllPermission.hashCode() == ALLPERMISSION_HASH); }
/** * @tests java.security.AllPermission#implies(java.security.Permission) */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "implies", args = {java.security.Permission.class} ) public void test_impliesLjava_security_Permission() { // Test for method boolean // java.security.AllPermission.implies(java.security.Permission) assertTrue("AllPermission does not imply a AllPermission.", new AllPermission().implies(new AllPermission())); assertTrue("AllPermission does not imply a SecurityPermission.", new AllPermission().implies(new SecurityPermission("ugh!"))); assertTrue("SecurityPermission implies AllPermission.", !(new SecurityPermission("ugh!").implies(new AllPermission()))); assertTrue("AllPermission does not imply when parametr NULL", new AllPermission().implies(null)); }