/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8014097
* @summary Test the limited privilege scope version of doPrivileged
*/
import java.security.*;
import java.util.*;
public class LimitedDoPrivileged {
/*
* Test variations of doPrivileged() and doPrivileged() with a limited privilege scope
* in a sandbox with the usual default permission to read the system properties for the
* file and path separators.
*
* By passing in an "assigned" AccessControlContext that has
* no default permissions we can test how code privileges are being scoped.
*/
private static final ProtectionDomain domain =
new ProtectionDomain(null, null, null, null);
private static final AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { domain });
private static final PropertyPermission pathPerm =
new PropertyPermission("path.separator", "read");
private static final PropertyPermission filePerm =
new PropertyPermission("file.separator", "read");
public static void main(String[] args) throws Exception {
/*
* Verify that we have the usual default property read permission.
*/
AccessController.getContext().checkPermission(filePerm);
AccessController.getContext().checkPermission(pathPerm);
System.out.println("test 1 passed");
/*
* Inject the "no permission" AccessControlContext.
*/
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
/*
* Verify that we no longer have the "file.separator" permission.
*/
try {
AccessController.getContext().checkPermission(pathPerm);
} catch (AccessControlException ace) {
System.out.println("test 2 passed");
}
/*
* Verify that we can give ourselves limited privilege to read
* any system property starting with "path.".
*/
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(pathPerm);
return null;
}
}, null, new PropertyPermission("path.*", "read"));
System.out.println("test 3 passed");
/*
* Verify that if we give ourselves limited privilege to read
* any system property starting with "path." it won't give us the
* the ability to read "file.separator".
*/
try {
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(filePerm);
return null;
}
}, null, new PropertyPermission("path.*", "read"));
} catch (AccessControlException ace) {
System.out.println("test 4 passed");
}
/*
* Verify that capturing and passing in the context with no default
* system property permission grants will prevent access that succeeded
* earlier without the context assignment.
*/
final AccessControlContext context = AccessController.getContext();
try {
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(pathPerm);
return null;
}
}, context, new PropertyPermission("path.*", "read"));
} catch (AccessControlException ace) {
System.out.println("test 5 passed");
}
/*
* Verify that we can give ourselves full privilege to read
* any system property starting with "path.".
*/
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(pathPerm);
return null;
}
});
System.out.println("test 6 passed");
/*
* Verify that capturing and passing in the context with no default
* system property permission grants will prevent access that succeeded
* earlier without the context assignment.
*/
try {
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(pathPerm);
return null;
}
}, context);
} catch (AccessControlException ace) {
System.out.println("test 7 passed");
}
/*
* Verify that we can give ourselves limited privilege to read
* any system property starting with "path." when a limited
* privilege scope context is captured and passed to a regular
* doPrivileged() as an assigned context.
*/
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
/*
* Capture the limited privilege scope and inject it into the
* regular doPrivileged().
*/
final AccessControlContext limitedContext = AccessController.getContext();
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(pathPerm);
return null;
}
}, limitedContext);
return null;
}
}, null, new PropertyPermission("path.*", "read"));
System.out.println("test 8 passed");
/*
* Verify that we can give ourselves limited privilege to read
* any system property starting with "path." it won't give us the
* the ability to read "file.separator" when a limited
* privilege scope context is captured and passed to a regular
* doPrivileged() as an assigned context.
*/
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
/*
* Capture the limited privilege scope and inject it into the
* regular doPrivileged().
*/
final AccessControlContext limitedContext = AccessController.getContext();
try {
AccessController.doPrivileged
(new PrivilegedAction() {
public Object run() {
AccessController.getContext().checkPermission(filePerm);
return null;
}
}, limitedContext);
} catch (AccessControlException ace) {
System.out.println("test 9 passed");
}
return null;
}
}, null, new PropertyPermission("path.*", "read"));
return null;
}
}, acc);
}
}