jtreg fails if the test requires a security manager!

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

jtreg fails if the test requires a security manager!

David Holmes
Hi Jon,

I have a new test that requires that a security manager be installed, so
I have:

@run main/othervm -Djava.security.manager

but this causes jtreg itself to encounter a security exception:

Exception in thread "main" java.security.AccessControlException: access
denied ("java.io.FilePermission"
"/scratch/dh198349/dev-work/b11/linux-i586-dh/testoutput/jdk_util/JTwork/classes/java/util/concurrent/atomic/AtomicUpdaters.jta"
"read")
         at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
         at
java.security.AccessController.checkPermission(AccessController.java:555)
         at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
         at java.io.FileInputStream.<init>(FileInputStream.java:121)
         at java.io.FileInputStream.<init>(FileInputStream.java:87)
         at java.io.FileReader.<init>(FileReader.java:58)
         at com.sun.javatest.regtest.MainWrapper.main(MainWrapper.java:45)

What can I do to fix this?

Thanks,
David
Reply | Threaded
Open this post in threaded view
|

Re: jtreg fails if the test requires a security manager!

Jonathan Gibbons
jtreg has special handling and support for security managers, so that it
can ensure it has permissions to do its job as well as let you do yours.

I've not played much in this area, but reading the tag-spec [1] I see
the following sections.

>      /policy=<file>
>
> Define the Java system property "java.security.policy" to have the value
> "=${TESTSRC}/<file>", where TESTSRC is the name of the directory containing the
> defining file of the test.  This definition has the effect of making the given
> file the sole source of security policies to be used by the security manager.
> In particular, the system security policy and the user's security policy will
> be ignored.  If the /secure option is not used then the default security
> manager will be installed.
>
> Property expansion will be performed in the policy file as usual; in
> particular, the "test.src" and "test.classes" properties will name the source
> and class directories of the test being run (see DIRECTORY CONTEXT below).
>
> This option may only be used in conjunction with the /othervm option.
>
>      /secure=<class>
>
> Specify a subclass of java.lang.SecurityManager to be installed as the security
> manager.  An appropriate @build tag should be provided to ensure that the class
> is compiled.  If the /secure option is used without the /policy option then the
> system's built-in policy, equivalent to the original sandbox policy, will be
> assumed.
>
> This option may only be used in conjunction with the /othervm option.

Seems to me that you want /secure=java.lang.SecurityManager.  I agree
your use of -Djava.security.manager is intuitive and should be
considered as an RFE.

-- Jon


[1] http://openjdk.java.net/jtreg/tag-spec.txt

On 04/18/2012 09:40 PM, David Holmes wrote:

> Hi Jon,
>
> I have a new test that requires that a security manager be installed,
> so I have:
>
> @run main/othervm -Djava.security.manager
>
> but this causes jtreg itself to encounter a security exception:
>
> Exception in thread "main" java.security.AccessControlException:
> access denied ("java.io.FilePermission"
> "/scratch/dh198349/dev-work/b11/linux-i586-dh/testoutput/jdk_util/JTwork/classes/java/util/concurrent/atomic/AtomicUpdaters.jta"
> "read")
>         at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
>         at
> java.security.AccessController.checkPermission(AccessController.java:555)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
>         at java.io.FileInputStream.<init>(FileInputStream.java:121)
>         at java.io.FileInputStream.<init>(FileInputStream.java:87)
>         at java.io.FileReader.<init>(FileReader.java:58)
>         at com.sun.javatest.regtest.MainWrapper.main(MainWrapper.java:45)
>
> What can I do to fix this?
>
> Thanks,
> David

Reply | Threaded
Open this post in threaded view
|

Re: jtreg fails if the test requires a security manager!

David Holmes
Hi Jon,

Jonathon Gibbons wrote:
 > Seems to me that you want /secure=java.lang.SecurityManager.  I agree
 > your use of -Djava.security.manager is intuitive and should be
 > considered as an RFE.

Unfortunately using /secure doesn't work:

ACTION: build -- Not run. Test running...
REASON: Named class compiled on demand
TIME:   java.lang.SecurityManager seconds
messages:
command: build .secure=java.lang.SecurityManager
reason: Named class compiled on demand

TEST RESULT: Error. Can't find source file:
/secure=java/lang/SecurityManager.java in directory-list:
/java/embedded/users/dh198349/dev-work/jdk-7103570/test/java/util/concurrent/atomic

David
-----
Reply | Threaded
Open this post in threaded view
|

Re: jtreg fails if the test requires a security manager!

Jonathan Gibbons
OK, I'll have to investigate this further and consult Other Authorities
and get back to you.

-- Jon

On 04/22/2012 03:47 PM, David Holmes wrote:

> Hi Jon,
>
> Jonathon Gibbons wrote:
> > Seems to me that you want /secure=java.lang.SecurityManager.  I agree
> > your use of -Djava.security.manager is intuitive and should be
> > considered as an RFE.
>
> Unfortunately using /secure doesn't work:
>
> ACTION: build -- Not run. Test running...
> REASON: Named class compiled on demand
> TIME:   java.lang.SecurityManager seconds
> messages:
> command: build .secure=java.lang.SecurityManager
> reason: Named class compiled on demand
>
> TEST RESULT: Error. Can't find source file:
> /secure=java/lang/SecurityManager.java in directory-list:
> /java/embedded/users/dh198349/dev-work/jdk-7103570/test/java/util/concurrent/atomic
>
> David
> -----