This is the mail archive of the mauve-patches@sourceware.org mailing list for the Mauve project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

FYI: TestSecurityManager fixlets

From: Mario Torre <mario dot torre at aicas dot com>
To: mauve-patches at sources dot redhat dot com
Date: Fri, 24 Jul 2009 12:13:11 +0200
Subject: FYI: TestSecurityManager fixlets

TestSecurityManager has to delegate some functionality to the Policy to make sure privileged system code works.

2009-07-09 Mario Torre <neugens@aicas.com>

    * gnu/testlet/TestSecurityManager:
      TestSecurityManager has to delegate some functionality to the
      Policy to make sure privileged system code works.

Cheers,
Mario
--
Mario Torre, Software Developer, http://www.jroller.com/neugens/
aicas Allerton Interworks Computer Automated Systems GmbH
Haid-und-Neu-Straße 18 * D-76131 Karlsruhe * Germany
http://www.aicas.com   * Tel: +49-721-663 968-44
pgp key: http://subkeys.pgp.net/ PGP Key ID: 80F240CF
Fingerprint: BA39 9666 94EC 8B73 27FA  FC7C 4086 63E3 80F2 40CF

USt-Id: DE216375633, Handelsregister HRB 109481, AG Mannheim
Geschäftsführer: Dr. James J. Hunt

Please, support open standards:
http://endsoftpatents.org/

# This patch file was generated by NetBeans IDE
# This patch can be applied using context Tools: Apply Diff Patch action on respective folder.
# It uses platform neutral UTF-8 encoding.
# Above lines and this line are ignored by the patching process.
Index: mauve/gnu/testlet/TestSecurityManager.java
--- mauve/gnu/testlet/TestSecurityManager.java Base (1.4)
+++ mauve/gnu/testlet/TestSecurityManager.java Locally Modified (Based On 1.4)
@@ -22,7 +22,12 @@
 
 package gnu.testlet;
 
+import java.security.CodeSource;
 import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
 
 /**
  * A security manager for testing that security checks are performed.
@@ -54,6 +59,11 @@
   private SecurityManager oldManager;
 
   /**
+   * The policy in force before we were installed
+   */
+  private Policy oldPolicy;
+
+  /**
    * Permissions that must be checked for this test to pass.
    */
   private Permission[] mustCheck;
@@ -134,6 +144,97 @@
     oldManager = oldsm;
 
     enabled = false;
+
+    oldPolicy = Policy.getPolicy();
+    Policy.setPolicy(new Policy()
+      {
+        public PermissionCollection getPermissions(CodeSource codesource)
+        {
+          return null;
+        }
+        /**
+         * Check that this permission is one that we should be checking.
+         * This code used to be in TestSecurityManager.checkPermission,
+         * but doing the same here allows us to easily skip doPrivileged
+         * actions like reading some properties in system code.
+         *
+         * @param perm the permission to be checked
+         * @throws SuccessException if all <code>mustCheck</code>
+         *         permissions have been checked and <code>isHalting</code>
+         *         is true.
+         * @return returns false if and only if none of the <code>mustCheck</code>
+         *         or <code>mayCheck</code> permissions matches
+         *         <code>perm</code>. else true
+         */
+        public boolean implies(ProtectionDomain domain,
+                               Permission perm)
+        {
+          if (!enabled)
+            return true;
+          
+          if (harness != null)
+            harness.debug("checkPermission(" + perm + ")");
+          
+          boolean matched = false;
+          
+          if (!matched) {
+            for (int i = 0; i < mustCheck.length; i++) {
+              if (permissionsMatch(mustCheck[i], perm)) {
+                checked[i] = true;
+                matched = true;
+              }
+            }
+          }
+          
+          if (!matched) {
+            for (int i = 0; i < mayCheck.length; i++) {
+              if (permissionsMatch(mayCheck[i], perm)) {
+                matched = true;
+              }
+            }
+          }
+          
+          if (!matched) {
+            enabled = false;
+            
+            harness.debug("unexpected check: " + perm);
+            
+            if (mustCheck.length != 0) {
+              StringBuffer expected = new StringBuffer();
+              for (int i = 0; i < mustCheck.length; i++)
+                expected.append(' ').append(mustCheck[i]);
+              harness.debug("expected: mustCheck:" + expected.toString());
+            }
+            
+            if (mayCheck.length != 0) {
+              StringBuffer expected = new StringBuffer();
+              for (int i = 0; i < mayCheck.length; i++)
+                expected.append(' ').append(mayCheck[i]);
+              harness.debug("expected: mayCheck:" + expected.toString());
+            }
+            
+            return false;
+          }
+          
+          if (isHalting) {
+            boolean allChecked = true;
+            for (int i = 0; i < checked.length; i++) {
+              if (!checked[i])
+                allChecked = false;
+            }
+            if (allChecked) {
+              enabled = false;
+              throw successException;
+            }
+          }
+          return true;
+        }
+        public void refresh()
+        {
+          return;
+        }
+      });
+
     System.setSecurityManager(this);
   }
 
@@ -149,6 +250,7 @@
 
     enabled = false;
     System.setSecurityManager(oldManager);
+    Policy.setPolicy(oldPolicy);
   }
 
   /**
@@ -264,73 +366,6 @@
   }
   
   /**
-   * Check that this permission is one that we should be checking.
-   * 
-   * @param perm the permission to be checked
-   * @throws SuccessException if all <code>mustCheck</code>
-   *         permissions have been checked and <code>isHalting</code>
-   *         is true.
-   * @throws SecurityException if none of the <code>mustCheck</code>
-   *         or <code>mayCheck</code> permissions matches
-   *         <code>perm</code>.
-   */
-  public void checkPermission(Permission perm) throws SecurityException
-  {
-    if (!enabled)
-      return;
-
-    if (harness != null)
-      harness.debug("checkPermission(" + perm + ")");
-
-    boolean matched = false;
-    for (int i = 0; i < mustCheck.length; i++) {
-      if (permissionsMatch(mustCheck[i], perm))
-	matched = checked[i] = true;
-    }
-
-    if (!matched) {
-      for (int i = 0; i < mayCheck.length; i++) {
-	if (permissionsMatch(mayCheck[i], perm))
-	  matched = true;
-      }
-    }
-
-    if (!matched) {
-      enabled = false;
-      
-      harness.debug("unexpected check: " + perm);
-
-      if (mustCheck.length != 0) {
-	StringBuffer expected = new StringBuffer();
-	for (int i = 0; i < mustCheck.length; i++)
-	  expected.append(' ').append(mustCheck[i]);
-	harness.debug("expected: mustCheck:" + expected.toString());
-      }
-
-      if (mayCheck.length != 0) {
-	StringBuffer expected = new StringBuffer();
-	for (int i = 0; i < mayCheck.length; i++)
-	  expected.append(' ').append(mayCheck[i]);
-	harness.debug("expected: mayCheck:" + expected.toString());
-      }
-
-      throw new SecurityException("unexpected check: " + perm);
-    }
-    
-    if (isHalting) {
-      boolean allChecked = true;
-      for (int i = 0; i < checked.length; i++) {
-	if (!checked[i])
-	  allChecked = false;
-      }
-      if (allChecked) {
-	enabled = false;
-	throw successException;
-      }
-    }
-  }
-
-  /**
    * Check that all <code>mustCheck</code> permissions were checked,
    * calling <code>TestHarness.check()</code> with the result.
    */

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]