static PermissionCollection getRestrictedPermissions() { Permissions perms = new Permissions(); // property/env access needed for parsing perms.add(new PropertyPermission("*", "read")); perms.add(new RuntimePermission("getenv.TIKA_CONFIG")); // add permissions for resource access: // classpath addReadPermissions(perms, JarHell.parseClassPath()); // plugin jars if (TikaImpl.class.getClassLoader() instanceof URLClassLoader) { addReadPermissions(perms, ((URLClassLoader)TikaImpl.class.getClassLoader()).getURLs()); } // jvm's java.io.tmpdir (needs read/write) perms.add(new FilePermission(System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "-", "read,readlink,write,delete")); // current hacks needed for POI/PDFbox issues: perms.add(new SecurityPermission("putProviderProperty.BC")); perms.add(new SecurityPermission("insertProvider")); perms.add(new ReflectPermission("suppressAccessChecks")); // xmlbeans, use by POI, needs to get the context classloader perms.add(new RuntimePermission("getClassLoader")); perms.setReadOnly(); return perms; }
/** * Returns a policy containing all the permissions we ever need. */ public static Policy permissivePolicy() { return new AdjustablePolicy // Permissions j.u.c. needs directly (new RuntimePermission("modifyThread"), new RuntimePermission("getClassLoader"), new RuntimePermission("setContextClassLoader"), // Permissions needed to change permissions! new SecurityPermission("getPolicy"), new SecurityPermission("setPolicy"), new RuntimePermission("setSecurityManager"), // Permissions needed by the junit test harness new RuntimePermission("accessDeclaredMembers"), new PropertyPermission("*", "read"), new java.io.FilePermission("<<ALL FILES>>", "read")); }
public void setBasicPermissions() { permissions.add(new SecurityPermission("getPolicy")); permissions.add(new SecurityPermission("setPolicy")); permissions.add(new RuntimePermission("getClassLoader")); permissions.add(new RuntimePermission("setSecurityManager")); permissions.add(new RuntimePermission("createSecurityManager")); permissions.add(new PropertyPermission("testng.show.stack.frames", "read")); permissions.add(new PropertyPermission("user.dir", "read")); permissions.add(new PropertyPermission("test.src", "read")); permissions.add(new PropertyPermission("file.separator", "read")); permissions.add(new PropertyPermission("line.separator", "read")); permissions.add(new PropertyPermission("fileStringBuffer", "read")); permissions.add(new PropertyPermission("dataproviderthreadcount", "read")); permissions.add(new FilePermission("<<ALL FILES>>", "execute")); }
/** * Returns a policy containing all the permissions we ever need. */ public static Policy permissivePolicy() { return new AdjustablePolicy // Permissions j.u.c. needs directly (new RuntimePermission("modifyThread"), new RuntimePermission("getClassLoader"), new RuntimePermission("setContextClassLoader"), // new RuntimePermission("modifyThreadGroup"), // new RuntimePermission("enableContextClassLoaderOverride"), // Permissions needed to change permissions! new SecurityPermission("getPolicy"), new SecurityPermission("setPolicy"), new RuntimePermission("setSecurityManager"), // Permissions needed by the junit test harness new RuntimePermission("accessDeclaredMembers"), new PropertyPermission("*", "read"), new java.io.FilePermission("<<ALL FILES>>", "read")); }
protected boolean checkSecurityPermission(SecurityPermission perm) { String name = perm.getName(); if (name.equals("getDomainCombiner") || name.equals("getPolicy") || name.equals("printIdentity") || name.equals("getSignerPrivateKey") || name.startsWith("getProperty.")) { return true; } /* * this seems needed when analyzing classpath, but not fully sure of its consequences */ if (name.startsWith("putProviderProperty.")) { return true; } /* * createAccessControlContext setPolicy createPolicy.{policy type} setProperty.{key} insertProvider.{provider name} removeProvider.{provider * name} setSystemScope setIdentityPublicKey setIdentityInfo addIdentityCertificate removeIdentityCertificate * clearProviderProperties.{provider name} putProviderProperty.{provider name} removeProviderProperty.{provider name} setSignerKeyPair */ return false; }
/** * @tests java.security.Permission#checkGuard(java.lang.Object) */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "", method = "checkGuard", args = {java.lang.Object.class} ) public void test_checkGuardLjava_lang_Object() { // test method java.security.permission.checkGuard(object) SecurityPermission permi = new SecurityPermission( "Testing the permission abstract class"); String name = permi.getName(); try { permi.checkGuard(name); } catch (SecurityException e) { fail("security not granted when it is suppose to be : " + e); } }
/** * @tests java.security.Permission#getName() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getName", args = {} ) public void test_getName() { // test method java.security.permission.getName() SecurityPermission permi = new SecurityPermission("testing getName()"); String name = permi.getName(); assertEquals("getName failed to obtain the correct name", "testing getName()", name); SecurityPermission permi2 = new SecurityPermission("93048Helloworld"); assertEquals("getName failed to obtain correct name", "93048Helloworld", permi2.getName()); }
/** * Asserts codeBase property expansion in policy file * * @param codeSourceURL - * code source for policy object * @param codeBaseURL - * system propery value for expansion in policy file */ private void assertCodeBasePropertyExpansion(String codeSourceURL, String codeBaseURL) throws Exception { Policy.setPolicy(null); // reset policy System.setProperty("test.bin.dir", codeBaseURL); Policy p = Policy.getPolicy(); CodeSource codeSource = new CodeSource( new URL("file:" + codeSourceURL), (java.security.cert.Certificate[]) null); PermissionCollection pCollection = p.getPermissions(codeSource); Enumeration<Permission> elements = pCollection.elements(); SecurityPermission perm = new SecurityPermission( "codeBaseForPolicyTest"); while (elements.hasMoreElements()) { if (elements.nextElement().equals(perm)) { return; // passed } } fail("Failed to find SecurityPermission for codeSource=" + codeSourceURL + ", codeBase=" + codeBaseURL); }
/** * @tests java.security.AllPermission#implies(java.security.Permission) */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "implies", args = {java.security.Permission.class} ) public void test_impliesLjava_security_Permission() { // Test for method boolean // java.security.AllPermission.implies(java.security.Permission) assertTrue("AllPermission does not imply a AllPermission.", new AllPermission().implies(new AllPermission())); assertTrue("AllPermission does not imply a SecurityPermission.", new AllPermission().implies(new SecurityPermission("ugh!"))); assertTrue("SecurityPermission implies AllPermission.", !(new SecurityPermission("ugh!").implies(new AllPermission()))); assertTrue("AllPermission does not imply when parametr NULL", new AllPermission().implies(null)); }
/** * Tests that Classloader.defineClass() assigns appropriate * default domains to the defined classes. */ public void test_defineClass_defaultDomain() throws Exception { // Regression for HARMONY-765 DynamicPolicy plc = new DynamicPolicy(); Policy back = Policy.getPolicy(); try { Policy.setPolicy(plc); Class<?> a = new Ldr().define(); Permission p = new SecurityPermission("abc"); assertFalse("impossible! misconfiguration?", a.getProtectionDomain().implies(p)); plc.pc = p.newPermissionCollection(); plc.pc.add(p); assertTrue("default domain is not dynamic", a.getProtectionDomain().implies(p)); } finally { Policy.setPolicy(back); } }
@Override public void checkPermission(Permission perm) { if (perm.equals(new RuntimePermission("createSecurityManager")) || // perm.equals(new AWTPermission("accessEventQueue")) || perm.equals(new RuntimePermission("createClassLoader")) || perm.equals(new FilePermission(deletedFile,"delete")) || perm.equals(new FilePermission(readedFile,"read")) || perm.equals(new PropertyPermission("*", "read,write")) || perm.equals(new PropertyPermission("key", "read")) || perm.equals(new SecurityPermission("getPolicy")) || // perm.equals(new AWTPermission("accessClipboard")) || perm.equals(new FilePermission(writedFile,"write"))) { throw new SecurityException("Unable to create Security Manager"); } }
/** * @tests java.security.PermissionCollection#isReadOnly() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "isReadOnly", args = {} ) public void test_isReadOnly() { // test java.security.permissionCollection.isReadOnly() SecurityPermission permi = new SecurityPermission( "testing permissionCollection-isREadOnly"); PermissionCollection permCollect = permi.newPermissionCollection(); assertTrue("readOnly has not been set, but isReadOnly returned true", !permCollect.isReadOnly()); permCollect.setReadOnly(); assertTrue("readOnly is set, but isReadonly returned false", permCollect.isReadOnly()); }
/** * @tests java.security.PermissionCollection#setReadOnly() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "setReadOnly", args = {} ) public void test_setReadOnly() { // test java.security.permissionCollection.setReadOnly() SecurityPermission permi = new SecurityPermission( "testing permissionCollection-setReadOnly"); PermissionCollection permCollect = permi.newPermissionCollection(); assertTrue("readOnly has not been set, but isReadOnly returned true", !permCollect.isReadOnly()); permCollect.setReadOnly(); assertTrue("readOnly is set, but isReadonly returned false", permCollect.isReadOnly()); }
/** Returns a policy containing all the permissions we ever need. */ public static Policy permissivePolicy() { return new AdjustablePolicy // Permissions j.u.c. needs directly ( new RuntimePermission("modifyThread"), new RuntimePermission("getClassLoader"), new RuntimePermission("setContextClassLoader"), // Permissions needed to change permissions! new SecurityPermission("getPolicy"), new SecurityPermission("setPolicy"), new RuntimePermission("setSecurityManager"), // Permissions needed by the junit test harness new RuntimePermission("accessDeclaredMembers"), new PropertyPermission("*", "read"), new java.io.FilePermission("<<ALL FILES>>", "read")); }
/** * @tests java.security.Policy#setPolicy(java.security.Policy) */ public void test_setPolicyLjava_security_Policy() { SecurityManager old = System.getSecurityManager(); Policy oldPolicy = Policy.getPolicy(); try { SecurityChecker checker = new SecurityChecker( new SecurityPermission("setPolicy"), true); System.setSecurityManager(checker); Policy custom = new TestProvider(); Policy.setPolicy(custom); assertTrue(checker.checkAsserted); assertSame(custom, Policy.getPolicy()); checker.reset(); checker.enableAccess = false; try { Policy.setPolicy(new TestProvider()); fail("SecurityException is intercepted"); } catch (SecurityException ok) { } } finally { System.setSecurityManager(old); Policy.setPolicy(oldPolicy); } }
/** * @tests java.security.Policy#getPolicy() */ public void test_getPolicy() { SecurityManager old = System.getSecurityManager(); Policy oldPolicy = Policy.getPolicy(); try { Policy.setPolicy(new TestProvider()); SecurityChecker checker = new SecurityChecker( new SecurityPermission("getPolicy"), true); System.setSecurityManager(checker); Policy.getPolicy(); assertTrue(checker.checkAsserted); checker.reset(); checker.enableAccess = false; try { Policy.getPolicy(); fail("SecurityException is intercepted"); } catch (SecurityException ok) { } } finally { System.setSecurityManager(old); Policy.setPolicy(oldPolicy); } }
/** * Asserts codeBase property expansion in policy file * * @param codeSourceURL - * code source for policy object * @param codeBaseURL - * system propery value for expansion in policy file */ private void assertCodeBasePropertyExpansion(String codeSourceURL, String codeBaseURL) throws Exception { Policy.setPolicy(null); //reset policy System.setProperty("test.bin.dir", codeBaseURL); Policy p = Policy.getPolicy(); CodeSource codeSource = new CodeSource( new URL("file:" + codeSourceURL), (java.security.cert.Certificate[]) null); PermissionCollection pCollection = p.getPermissions(codeSource); Enumeration<Permission> elements = pCollection.elements(); SecurityPermission perm = new SecurityPermission( "codeBaseForPolicyTest"); while (elements.hasMoreElements()) { if (elements.nextElement().equals(perm)) { return; // passed } } fail("Failed to find SecurityPermission for codeSource=" + codeSourceURL + ", codeBase=" + codeBaseURL); }
/** * Tests that policy is really resetted on refresh(). */ public void testRefresh() { Permission sp = new SecurityPermission("sdf"); PolicyEntry[] pe = new PolicyEntry[] { new PolicyEntry(null, null, Arrays.asList(new Permission[] { sp })) }; TestParser tp = new TestParser(pe); DefaultPolicy policy = new DefaultPolicy(tp); CodeSource cs = new CodeSource(null, (Certificate[])null); assertTrue(policy.getPermissions(cs).implies(sp)); tp.content = new PolicyEntry[0]; policy.refresh(); assertFalse(policy.getPermissions(cs).implies(sp)); tp.content = null; policy.refresh(); assertFalse(policy.getPermissions(cs).implies(sp)); }
/** Tests conversion of null, empty and non-empty heterogeneous collections. */ public void testToPermissionCollection() { Permission p1 = new SecurityPermission("abc"); Permission p2 = new AllPermission(); Collection c1 = Arrays.asList(new Permission[] { p1, p2, }); PermissionCollection pc = PolicyUtils.toPermissionCollection(null); assertNotNull(pc); assertFalse(pc.elements().hasMoreElements()); pc = PolicyUtils.toPermissionCollection(new HashSet()); assertNotNull(pc); assertFalse(pc.elements().hasMoreElements()); pc = PolicyUtils.toPermissionCollection(c1); assertNotNull(pc); Enumeration en = pc.elements(); Collection c2 = new HashSet(); c2.add(en.nextElement()); c2.add(en.nextElement()); assertFalse(en.hasMoreElements()); assertTrue(c2.contains(p1)); assertTrue(c2.contains(p2)); }
/** * Tests that implies() does proper permission evaluation. */ public void testImplies() { TestProvider policy = new TestProvider(); SecurityPermission sp = new SecurityPermission("abc"); policy.pc = sp.newPermissionCollection(); policy.pc.add(sp); assertTrue(policy.implies(new ProtectionDomain(null, null), sp)); assertFalse(policy.implies(null, sp)); assertFalse(policy.implies(new ProtectionDomain(null, null), null)); //RI throws NullPointerException. try { policy.implies(null, null); fail("should throw NullPointerException"); } catch (NullPointerException e) { // expected. } ProtectionDomain pd = new ProtectionDomain(null, policy.pc); policy.pc = null; assertTrue(policy.implies(pd, sp)); assertFalse(policy.implies(pd, new AllPermission())); }
/** * Tests that implies() does proper permission evaluation. */ public void testImplies() { TestProvider policy = new TestProvider(); SecurityPermission sp = new SecurityPermission("abc"); policy.pc = sp.newPermissionCollection(); policy.pc.add(sp); assertTrue(policy.implies(new ProtectionDomain(null, null), sp)); assertFalse(policy.implies(null, sp)); assertFalse(policy.implies(new ProtectionDomain(null, null), null)); assertFalse(policy.implies(null, null)); ProtectionDomain pd = new ProtectionDomain(null, policy.pc); policy.pc = null; assertTrue(policy.implies(pd, sp)); assertFalse(policy.implies(pd, new AllPermission())); }
