1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8014097 27 * @summary Test the limited privilege scope version of doPrivileged 28 */ 29 30 import java.security.*; 31 import java.util.*; 32 33 public class LimitedDoPrivileged { 34 /* 35 * Test variations of doPrivileged() and doPrivileged() with a limited privilege scope 36 * in a sandbox with the usual default permission to read the system properties for the 37 * file and path separators. 38 * 39 * By passing in an "assigned" AccessControlContext that has 40 * no default permissions we can test how code privileges are being scoped. 41 */ 42 43 private static final ProtectionDomain domain = 44 new ProtectionDomain(null, null, null, null); 45 private static final AccessControlContext acc = 46 new AccessControlContext(new ProtectionDomain[] { domain }); 47 private static final PropertyPermission pathPerm = 48 new PropertyPermission("path.separator", "read"); 49 private static final PropertyPermission filePerm = 50 new PropertyPermission("file.separator", "read"); 51 main(String[] args)52 public static void main(String[] args) throws Exception { 53 /* 54 * Verify that we have the usual default property read permission. 55 */ 56 AccessController.getContext().checkPermission(filePerm); 57 AccessController.getContext().checkPermission(pathPerm); 58 System.out.println("test 1 passed"); 59 60 /* 61 * Inject the "no permission" AccessControlContext. 62 */ 63 AccessController.doPrivileged(new PrivilegedAction() { 64 public Object run() { 65 66 /* 67 * Verify that we no longer have the "file.separator" permission. 68 */ 69 try { 70 AccessController.getContext().checkPermission(pathPerm); 71 } catch (AccessControlException ace) { 72 System.out.println("test 2 passed"); 73 } 74 75 /* 76 * Verify that we can give ourselves limited privilege to read 77 * any system property starting with "path.". 78 */ 79 AccessController.doPrivileged 80 (new PrivilegedAction() { 81 public Object run() { 82 AccessController.getContext().checkPermission(pathPerm); 83 return null; 84 } 85 }, null, new PropertyPermission("path.*", "read")); 86 System.out.println("test 3 passed"); 87 88 /* 89 * Verify that if we give ourselves limited privilege to read 90 * any system property starting with "path." it won't give us the 91 * the ability to read "file.separator". 92 */ 93 try { 94 AccessController.doPrivileged 95 (new PrivilegedAction() { 96 public Object run() { 97 AccessController.getContext().checkPermission(filePerm); 98 return null; 99 } 100 }, null, new PropertyPermission("path.*", "read")); 101 } catch (AccessControlException ace) { 102 System.out.println("test 4 passed"); 103 } 104 105 /* 106 * Verify that capturing and passing in the context with no default 107 * system property permission grants will prevent access that succeeded 108 * earlier without the context assignment. 109 */ 110 final AccessControlContext context = AccessController.getContext(); 111 try { 112 AccessController.doPrivileged 113 (new PrivilegedAction() { 114 public Object run() { 115 AccessController.getContext().checkPermission(pathPerm); 116 return null; 117 } 118 }, context, new PropertyPermission("path.*", "read")); 119 } catch (AccessControlException ace) { 120 System.out.println("test 5 passed"); 121 } 122 123 /* 124 * Verify that we can give ourselves full privilege to read 125 * any system property starting with "path.". 126 */ 127 AccessController.doPrivileged 128 (new PrivilegedAction() { 129 public Object run() { 130 AccessController.getContext().checkPermission(pathPerm); 131 return null; 132 } 133 }); 134 System.out.println("test 6 passed"); 135 136 /* 137 * Verify that capturing and passing in the context with no default 138 * system property permission grants will prevent access that succeeded 139 * earlier without the context assignment. 140 */ 141 try { 142 AccessController.doPrivileged 143 (new PrivilegedAction() { 144 public Object run() { 145 AccessController.getContext().checkPermission(pathPerm); 146 return null; 147 } 148 }, context); 149 } catch (AccessControlException ace) { 150 System.out.println("test 7 passed"); 151 } 152 153 /* 154 * Verify that we can give ourselves limited privilege to read 155 * any system property starting with "path." when a limited 156 * privilege scope context is captured and passed to a regular 157 * doPrivileged() as an assigned context. 158 */ 159 AccessController.doPrivileged 160 (new PrivilegedAction() { 161 public Object run() { 162 163 /* 164 * Capture the limited privilege scope and inject it into the 165 * regular doPrivileged(). 166 */ 167 final AccessControlContext limitedContext = AccessController.getContext(); 168 AccessController.doPrivileged 169 (new PrivilegedAction() { 170 public Object run() { 171 AccessController.getContext().checkPermission(pathPerm); 172 return null; 173 } 174 }, limitedContext); 175 return null; 176 } 177 }, null, new PropertyPermission("path.*", "read")); 178 System.out.println("test 8 passed"); 179 180 /* 181 * Verify that we can give ourselves limited privilege to read 182 * any system property starting with "path." it won't give us the 183 * the ability to read "file.separator" when a limited 184 * privilege scope context is captured and passed to a regular 185 * doPrivileged() as an assigned context. 186 */ 187 AccessController.doPrivileged 188 (new PrivilegedAction() { 189 public Object run() { 190 191 /* 192 * Capture the limited privilege scope and inject it into the 193 * regular doPrivileged(). 194 */ 195 final AccessControlContext limitedContext = AccessController.getContext(); 196 try { 197 AccessController.doPrivileged 198 (new PrivilegedAction() { 199 public Object run() { 200 AccessController.getContext().checkPermission(filePerm); 201 return null; 202 } 203 }, limitedContext); 204 } catch (AccessControlException ace) { 205 System.out.println("test 9 passed"); 206 } 207 return null; 208 } 209 }, null, new PropertyPermission("path.*", "read")); 210 211 return null; 212 } 213 }, acc); 214 } 215 } 216