/*
* Copyright (C) 2007 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package tests.security.permissions;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.NotActiveException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.io.SerializablePermission;
import java.io.StreamCorruptedException;
import java.security.Permission;
import junit.framework.TestCase;
import dalvik.annotation.TestLevel;
import dalvik.annotation.TestTargetClass;
import dalvik.annotation.TestTargetNew;
import dalvik.annotation.TestTargets;
/*
* This class tests the security permissions which are documented in
* http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html#PermsAndMethods
* for class java.io.ObjectInputStream
*/
@TestTargetClass(java.io.ObjectInputStream.class)
public class JavaIoObjectInputStreamTest extends TestCase {
SecurityManager old;
@Override
protected void setUp() throws Exception {
old = System.getSecurityManager();
super.setUp();
}
@Override
protected void tearDown() throws Exception {
System.setSecurityManager(old);
super.tearDown();
}
// needed for serialization
private static class Node implements Serializable {
private static final long serialVersionUID = 1L;
public Node(){}
}
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies that ObjectInputStream.enableResolveObject method calls checkPermission on security manager.",
method = "enableResolveObject",
args = {boolean.class}
)
public void test_ObjectInputStream() throws IOException {
class TestSecurityManager extends SecurityManager {
boolean called;
Permission permission;
void reset(){
called = false;
permission = null;
}
@Override
public void checkPermission(Permission permission){
if(permission instanceof SerializablePermission){
called = true;
this.permission = permission;
}
}
}
// TestObjectInputStream is necessary in order to call protected
// method enableResolveObject
class TestObjectInputStream extends ObjectInputStream {
TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException {
super(s);
}
@Override
public boolean enableResolveObject(boolean enable) throws SecurityException {
return super.enableResolveObject(enable);
}
}
long id = new java.util.Date().getTime();
String filename = "SecurityPermissionsTest_"+id;
File f = File.createTempFile(filename, null);
ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f));
oos.writeObject(new Node());
oos.flush();
oos.close();
f.deleteOnExit();
TestObjectInputStream ois = new TestObjectInputStream(new FileInputStream(f));
TestSecurityManager s = new TestSecurityManager();
System.setSecurityManager(s);
s.reset();
ois.enableResolveObject(true);
assertTrue("ObjectInputStream.enableResolveObject(boolean) must call checkPermission on security manager", s.called);
assertEquals("Name of SerializablePermission is not correct", "enableSubstitution", s.permission.getName());
}
@TestTargets({
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies that the ObjectInputStream constructor calls checkPermission on security manager.",
method = "ObjectInputStream",
args = {InputStream.class}
)
})
public void test_ObjectInputStream2() throws IOException {
class TestSecurityManager extends SecurityManager {
boolean called;
Permission permission;
void reset(){
called = false;
permission = null;
}
@Override
public void checkPermission(Permission permission){
if(permission instanceof SerializablePermission){
called = true;
this.permission = permission;
}
}
}
// Beginning with J2SE 1.4.0, ObjectInputStream's public one-argument
// constructor requires the "enableSubclassImplementation" SerializablePermission
// when invoked (either directly or indirectly) by a subclass which overrides
// ObjectInputStream.readFields or ObjectInputStream.readUnshared.
class TestObjectInputStream extends ObjectInputStream {
TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException {
super(s);
}
}
class TestObjectInputStream_readFields extends ObjectInputStream {
TestObjectInputStream_readFields(InputStream s) throws StreamCorruptedException, IOException {
super(s);
}
@Override
public GetField readFields() throws IOException, ClassNotFoundException, NotActiveException {
return super.readFields();
}
}
class TestObjectInputStream_readUnshared extends ObjectInputStream {
TestObjectInputStream_readUnshared(InputStream s) throws StreamCorruptedException, IOException {
super(s);
}
@Override
public Object readUnshared() throws IOException, ClassNotFoundException {
return super.readUnshared();
}
}
long id = new java.util.Date().getTime();
String filename = "SecurityPermissionsTest_"+id;
File f = File.createTempFile(filename, null);
ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f));
oos.writeObject(new Node());
oos.flush();
oos.close();
f.deleteOnExit();
TestSecurityManager s = new TestSecurityManager();
System.setSecurityManager(s);
s.reset();
new ObjectInputStream(new FileInputStream(f));
assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called);
s.reset();
new TestObjectInputStream(new FileInputStream(f));
assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called);
s.reset();
new TestObjectInputStream_readFields(new FileInputStream(f));
assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readFields", s.called);
assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName());
s.reset();
new TestObjectInputStream_readUnshared(new FileInputStream(f));
assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readUnshared", s.called);
assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName());
}
}