On 12/13/06, Alexey Varlamov <[EMAIL PROTECTED]> wrote:
2006/12/13, Stepan Mishura [EMAIL PROTECTED]:
I observe 2 failures,
tests.api.java.security.DomainCombinerTest
org.apache.harmony.nio.tests.java.nio.channels.DatagramChannelTest
Both tests are inaccurate: they install SecurityManager which blocks
any functionality except setting old SecurityManager back, assuming in
particular that no classloading request can happen during the main
part of test. However this is a wild gamble, VM resolution strategy
can vary significantly.
Should we fix/ exclude these tests in the one commit with changes that
affect these tests?
Thanks, Vladimir
Also your commit introduced crash of
> org.apache.harmony.nio.tests.java.nio.channels.DatagramChannelTest.
>
> full-report:
> [junitreport] [Fatal Error] :-1:-1: Premature end of file.
> [junitreport] The file
> /nfs/ins/proj/drl/security/smishura/classlib/build/test_report/TEST-
> org.apache.harmony.nio.tests.java.nio.channels.DatagramChannelTest.xmlis
> not a valid XML document. It is possibly corrupted.
> [junitreport] Transform time: 25106ms
> [echo] The test report is in
>
/nfs/ins/proj/drl/security/smishura/classlib/build/test_report/html/index.html
>
> Can you reproduce it?
Yes. The "crash" is due to unsuccesfull reverting of installed
SecurityManager:
try {
//do test
} finally {
System.setSecurityManager(old);
}
This is really weird because test stops "crashing" after adding catch
before the finally clause.
>
> Thanks,
> Stepan.
>
>
>
> > I wonder which test did add it - I'm aware of one ill-behaved drlvm
> > kernel test(SystemExtensionTest.test_setSecurityManager_Sec), but it
> > is disabled now. Probably the policy file remained from some earlier
> > testing...
> > Sorry for confusion!
> >
> > 2006/12/13, Stepan Mishura <[EMAIL PROTECTED]>:
> > > On 12/13/06, Alexey Varlamov wrote:
> > > >
> > > > That's really strange. I've just re-checked with j9 on SUSe9 and
> > > > Win2003 Server - 100% passed with my changes.
> > > > Are you sure this commit was really guilty??
> > > > Stepan did the rollback actually - seems he also investigated the
> > build
> > > > alert.
> > > > Guys, could you please provide some more details on this?
> > >
> > >
> > > I got the same log as CC sent with notification:
> > >
> > > error:
> > >
> >
test_combine$Ljava_security_ProtectionDomain$Ljava_security_ProtectionDomain
> > > tests.api.java.security.DomainCombinerTest
> > > Unit Test Error Details: (1)
> > >
> > > Test:
> > >
> >
test_combine$Ljava_security_ProtectionDomain$Ljava_security_ProtectionDomainClass:
> > >
> >
tests.api.java.security.DomainCombinerTestjava.security.AccessControlException
> > :
> > > Access denied (java.security.SecurityPermission
> > getProperty.package.access)
> > > at java.security.AccessController.checkPermission(
AccessController.java
> > :94)
> > > at java.lang.SecurityManager.checkPermission(SecurityManager.java
:734)
> > > at tests.api.java.security.DomainCombinerTest$1.checkPermission(
> > > DomainCombinerTest.java:82)
> > > at java.lang.SecurityManager.checkSecurityAccess(
SecurityManager.java
> > :421)
> > > at java.security.Security.getProperty(Security.java:360)
> > > at org.apache.harmony.luni.util.PriviAction.run(PriviAction.java
:131)
> > > at java.security.AccessController.doPrivileged(
AccessController.java
> > :179)
> > > at java.lang.SecurityManager.checkPackageProperty(
SecurityManager.java
> > :331)
> > > at java.lang.SecurityManager.checkPackageAccess(
SecurityManager.java
> > :33)
> > > at com.ibm.oti.vm.URLSystemClassLoader.loadClass(
> > URLSystemClassLoader.java
> > > :54)
> > > at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
> > > at
> > >
> >
tests.api.java.security.DomainCombinerTest.test_combine$Ljava_security_ProtectionDomain$Ljava_security_ProtectionDomain
> > > (DomainCombinerTest.java:89)
> > > at java.lang.reflect.AccessibleObject.invokeV(AccessibleObject.java
:25)
> > >
> > >
> > > Thanks,
> > > Stepan.
> > >
> > > --
> > > > Alexey
> > > >
> > > >
> > > > 2006/12/12, Alexey Petrenko <[EMAIL PROTECTED]>:
> > > > > Alexey,
> > > > >
> > > > > looks like your commit is the cause of unit test failure in nio
> > module.
> > > > > I'll revert it.
> > > > >
> > > > > SY, Alexey
> > > > >
> > > > > 2006/12/12, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> > > > > > Author: varlax
> > > > > > Date: Mon Dec 11 23:43:28 2006
> > > > > > New Revision: 486052
> > > > > >
> > > > > > URL: http://svn.apache.org/viewvc?view=rev&rev=486052
> > > > > > Log:
> > > > > > Fixed HARMONY-2301 [luni] flawed
> > SecurityManager.checkPackageAccess()
> > > > impl
> > > > > > Regression tests added.
> > > > > > Tested on DRLVM
> > > > > >
> > > > > > Modified:
> > > > >
> > > >
> >
>
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/lang/SecurityManager.java
> > > > >
> > > >
> >
>
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/PriviAction.java
> > > > >
> > > >
> >
>
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/MutableSecurityManager.java
> > > > >
> > > >
> >
>
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/SecurityManagerTest.java
> > > > > >
> > > > > > Modified:
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/lang/SecurityManager.java
> > > > > > URL:
> > > >
> >
http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/lang/SecurityManager.java?view=diff&rev=486052&r1=486051&r2=486052
> > > > > >
> > > >
> >
==============================================================================
> > > > > > ---
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/lang/SecurityManager.java
> > > > (original)
> > > > > > +++
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/lang/SecurityManager.java
> > > > Mon Dec 11 23:43:28 2006
> > > > > > @@ -46,7 +46,8 @@
> > > > > > private static final PropertyPermission
> > > > READ_WRITE_ALL_PROPERTIES_PERMISSION = new PropertyPermission(
> > > > > > "*", "read,write");
> > > > > >
> > > > > > - private static String[] securePackageList;
> > > > > > + private static final String PKG_ACC_KEY = "package.access
";
> > > > > > + private static final String PKG_DEF_KEY = "
package.definition
> > ";
> > > > > >
> > > > > > /**
> > > > > > * Flag to indicate whether a security check is in
> > progress.
> > > > > > @@ -299,26 +300,8 @@
> > > > > > if (packageName == null) {
> > > > > > throw new NullPointerException();
> > > > > > }
> > > > > > - synchronized (SecurityManager.class) {
> > > > > > - if (securePackageList == null) {
> > > > > > - String securePackages = getSecurityProperty("
> > > > package.access");
> > > > > > - if (securePackages != null) {
> > > > > > - StringTokenizer tokenizer = new
> > > > StringTokenizer(securePackages, ", ");
> > > > > > - int i = 0;
> > > > > > - securePackageList = new String[
> > > > tokenizer.countTokens()];
> > > > > > - while (tokenizer.hasMoreTokens()) {
> > > > > > - securePackageList[i++] =
> > tokenizer.nextToken
> > > > ();
> > > > > > - }
> > > > > > - } else {
> > > > > > - securePackageList = new String[0];
> > > > > > - }
> > > > > > - }
> > > > > > - for (int i = 0; i < securePackageList.length;
i++) {
> > > > > > - if (packageName.startsWith
(securePackageList[i]))
> > {
> > > > > > - checkPermission(new
> > > > RuntimePermission("accessClassInPackage." + packageName));
> > > > > > - return;
> > > > > > - }
> > > > > > - }
> > > > > > + if (checkPackageProperty(PKG_ACC_KEY, packageName)) {
> > > > > > + checkPermission(new
> > > > RuntimePermission("accessClassInPackage." + packageName));
> > > > > > }
> > > > > > }
> > > > > >
> > > > > > @@ -330,26 +313,44 @@
> > > > > > * the name of the package to add a class
to.
> > > > > > */
> > > > > > public void checkPackageDefinition(String packageName)
{
> > > > > > - if (packageName == null) {
> > > > > > - throw new NullPointerException();
> > > > > > + if (packageName == null) {
> > > > > > + throw new NullPointerException();
> > > > > > + }
> > > > > > + if (checkPackageProperty(PKG_DEF_KEY,
packageName)) {
> > > > > > + checkPermission(new
> > > > RuntimePermission("defineClassInPackage." + packageName));
> > > > > > + }
> > > > > > + }
> > > > > > +
> > > > > > + /**
> > > > > > + * Returns true if the package name is restricted by
> > > > > > + * the specified security property.
> > > > > > + */
> > > > > > + private static boolean checkPackageProperty(
> > > > > > + final String property, final String pkg)
> > > > > > + {
> > > > > > + String list = AccessController.doPrivileged
> > (PriviAction
> > > > > > + .getSecurityProperty(property));
> > > > > > + if (list != null) {
> > > > > > + int plen = pkg.length();
> > > > > > + StringTokenizer tokenizer = new
StringTokenizer(list,
> > ",
> > > > ");
> > > > > > + while (tokenizer.hasMoreTokens()) {
> > > > > > + String token = tokenizer.nextToken();
> > > > > > + int tlen = token.length();
> > > > > > + if (plen > tlen) {
> > > > > > + if (pkg.startsWith(token)
> > > > > > + && (token.charAt(tlen - 1) == '.'
||
> > pkg
> > > > > > + .charAt(tlen) == '.')) {
> > > > > > + return true;
> > > > > > + }
> > > > > > + } else if (plen + 1 >= tlen &&
token.startsWith
> > (pkg))
> > > > {
> > > > > > + if (plen == tlen || token.charAt(tlen -
1) ==
> > > > '.') {
> > > > > > + return true;
> > > > > > + }
> > > > > > + }
> > > > > > + }
> > > > > > }
> > > > > > - String securePackages = getSecurityProperty("
> > > > package.definition");
> > > > > > - if (securePackages != null) {
> > > > > > - StringTokenizer tokenizer = new
> > > > StringTokenizer(securePackages,
> > > > > > - ", ");
> > > > > > - while (tokenizer.hasMoreTokens()) {
> > > > > > - if (packageName.startsWith(
> > > > tokenizer.nextToken())) {
> > > > > > - checkPermission(new
> > > > RuntimePermission(
> > > > > > -
> > > > "defineClassInPackage." + packageName));
> > > > > > - return;
> > > > > > - }
> > > > > > - }
> > > > > > - }
> > > > > > - }
> > > > > > -
> > > > > > - private String getSecurityProperty(final String
property)
> > {
> > > > > > - PrivilegedAction<String> pa =
> > PriviAction.getSecurityProperty
> > > > (property);
> > > > > > - return AccessController.doPrivileged(pa);
> > > > > > +
> > > > > > + return false;
> > > > > > }
> > > > > >
> > > > > > /**
> > > > > >
> > > > > > Modified:
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/PriviAction.java
> > > > > > URL:
> > > >
> >
http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/PriviAction.java?view=diff&rev=486052&r1=486051&r2=486052
> > > > > >
> > > >
> >
==============================================================================
> > > > > > ---
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/PriviAction.java
> > > > (original)
> > > > > > +++
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/PriviAction.java
> > > > Mon Dec 11 23:43:28 2006
> > > > > > @@ -53,8 +53,8 @@
> > > > > > *
> > > > > > * @see Security#getProperty
> > > > > > */
> > > > > > - public static <T> PrivilegedAction<T>
> > > > getSecurityProperty(String property) {
> > > > > > - return new
PriviAction<T>(GET_SECURITY_PROPERTY,
> > > > property);
> > > > > > + public static PrivilegedAction<String>
> > > > getSecurityProperty(String property) {
> > > > > > + return new
> > PriviAction<String>(GET_SECURITY_PROPERTY,
> > > > property);
> > > > > > }
> > > > > >
> > > > > > private PriviAction(int action, Object arg) {
> > > > > >
> > > > > > Modified:
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/MutableSecurityManager.java
> > > > > > URL:
> > > >
> >
http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/MutableSecurityManager.java?view=diff&rev=486052&r1=486051&r2=486052
> > > > > >
> > > >
> >
==============================================================================
> > > > > > ---
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/MutableSecurityManager.java
> > > > (original)
> > > > > > +++
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/MutableSecurityManager.java
> > > > Mon Dec 11 23:43:28 2006
> > > > > > @@ -17,53 +17,54 @@
> > > > > > package org.apache.harmony.luni.tests.java.lang;
> > > > > >
> > > > > > import java.security.Permission;
> > > > > > -import java.util.HashSet;
> > > > > > -import java.util.Set;
> > > > > > +import java.security.PermissionCollection;
> > > > > > +import java.security.Permissions;
> > > > > >
> > > > > > class MutableSecurityManager extends SecurityManager {
> > > > > >
> > > > > > static final RuntimePermission SET_SECURITY_MANAGER = new
> > > > RuntimePermission("setSecurityManager");
> > > > > >
> > > > > > - private final Set<Permission> permissions;
> > > > > > + private PermissionCollection enabled;
> > > > > >
> > > > > > - private String deny;
> > > > > > + private PermissionCollection denied;
> > > > > >
> > > > > > public MutableSecurityManager() {
> > > > > > super();
> > > > > > - this.permissions = new HashSet<Permission>();
> > > > > > + this.enabled = new Permissions();
> > > > > > }
> > > > > >
> > > > > > public MutableSecurityManager(Permission... permissions) {
> > > > > > this();
> > > > > > for (int i = 0; i < permissions.length; i++) {
> > > > > > - this.permissions.add(permissions[i]);
> > > > > > + this.enabled.add(permissions[i]);
> > > > > > }
> > > > > > }
> > > > > >
> > > > > > void addPermission(Permission permission) {
> > > > > > - permissions.add(permission);
> > > > > > - }
> > > > > > -
> > > > > > - void removePermission(Permission permission) {
> > > > > > - permissions.remove(permission);
> > > > > > + enabled.add(permission);
> > > > > > }
> > > > > >
> > > > > > void clearPermissions() {
> > > > > > - permissions.clear();
> > > > > > + enabled = new Permissions();
> > > > > > }
> > > > > >
> > > > > > - void denyPermission(String name) {
> > > > > > - deny = name;
> > > > > > + void denyPermission(Permission p) {
> > > > > > + if (denied == null) {
> > > > > > + denied = new Permissions();
> > > > > > + }
> > > > > > + denied.add(p);
> > > > > > }
> > > > > >
> > > > > > @Override
> > > > > > public void checkPermission(Permission permission) {
> > > > > > - if (permissions.contains(permission)) {
> > > > > > + if (enabled.implies(permission)) {
> > > > > > return;
> > > > > > }
> > > > > > - if (permission.getName().equals(deny)){
> > > > > > - throw new SecurityException();
> > > > > > +
> > > > > > + if (denied != null && denied.implies(permission)){
> > > > > > + throw new SecurityException("Denied " +
permission);
> > > > > > }
> > > > > > +
> > > > > > super.checkPermission(permission);
> > > > > > }
> > > > > > }
> > > > > >
> > > > > > Modified:
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/SecurityManagerTest.java
> > > > > > URL:
> > > >
> >
http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/SecurityManagerTest.java?view=diff&rev=486052&r1=486051&r2=486052
> > > > > >
> > > >
> >
==============================================================================
> > > > > > ---
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/SecurityManagerTest.java
> > > > (original)
> > > > > > +++
> > > >
> >
harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/lang/SecurityManagerTest.java
> > > > Mon Dec 11 23:43:28 2006
> > > > > > @@ -17,7 +17,7 @@
> > > > > > package org.apache.harmony.luni.tests.java.lang;
> > > > > >
> > > > > > import java.io.File;
> > > > > > -
> > > > > > +import java.security.Security;
> > > > > > import tests.support.Support_Exec;
> > > > > >
> > > > > > import junit.framework.TestCase;
> > > > > > @@ -25,12 +25,102 @@
> > > > > > public class SecurityManagerTest extends TestCase {
> > > > > >
> > > > > > /**
> > > > > > + * @tests java.lang.SecurityManager#checkPackageAccess
> > (String)
> > > > > > + */
> > > > > > + public void test_checkPackageAccessLjava_lang_String() {
> > > > > > + final String old = Security.getProperty("
package.access
> > ");
> > > > > > + Security.setProperty("package.access", "a.,bbb, c.d
.");
> > > > > > +
> > > > > > + MutableSecurityManager sm = new
MutableSecurityManager();
> > > > > > + sm.denyPermission(new
> > > > RuntimePermission("accessClassInPackage.*"));
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageAccess("z.z.z");
> > > > > > + sm.checkPackageAccess("aa");
> > > > > > + sm.checkPackageAccess("bb");
> > > > > > + sm.checkPackageAccess("c");
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageAccess("a");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageAccess("bbb");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageAccess("c.d.e");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + Security.setProperty("package.access", "QWERTY");
> > > > > > + sm.checkPackageAccess("a");
> > > > > > + sm.checkPackageAccess("qwerty");
> > > > > > + try {
> > > > > > + sm.checkPackageAccess("QWERTY");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + } finally {
> > > > > > + Security.setProperty("package.access",
> > > > > > + old == null ? "" : old);
> > > > > > + }
> > > > > > + }
> > > > > > +
> > > > > > + /**
> > > > > > + * @tests
java.lang.SecurityManager#checkPackageDefinition
> > > > (String)
> > > > > > + */
> > > > > > + public void
test_checkPackageDefinitionLjava_lang_String() {
> > > > > > + final String old = Security.getProperty("
> > package.definition
> > > > ");
> > > > > > + Security.setProperty("package.definition", "a.,bbb,
c.d
> > .");
> > > > > > +
> > > > > > + MutableSecurityManager sm = new
MutableSecurityManager();
> > > > > > + sm.denyPermission(new
> > > > RuntimePermission("defineClassInPackage.*"));
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageDefinition("z.z.z");
> > > > > > + sm.checkPackageDefinition("aa");
> > > > > > + sm.checkPackageDefinition("bb");
> > > > > > + sm.checkPackageDefinition("c");
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageDefinition("a");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageDefinition("bbb");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + try {
> > > > > > + sm.checkPackageDefinition("c.d.e");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + Security.setProperty("package.definition",
"QWERTY");
> > > > > > + sm.checkPackageDefinition("a");
> > > > > > + sm.checkPackageDefinition("qwerty");
> > > > > > + try {
> > > > > > + sm.checkPackageDefinition("QWERTY");
> > > > > > + fail("This should throw a
SecurityException.");
> > > > > > + } catch (SecurityException ok) {}
> > > > > > +
> > > > > > + } finally {
> > > > > > + Security.setProperty("package.definition",
> > > > > > + old == null ? "" : old);
> > > > > > + }
> > > > > > + }
> > > > > > +
> > > > > > + /**
> > > > > > * @tests java.lang.SecurityManager#checkMemberAccess(
> > > > java.lang.Class, int)
> > > > > > */
> > > > > > public void test_checkMemberAccessLjava_lang_ClassI() {
> > > > > > MutableSecurityManager sm = new
MutableSecurityManager();
> > > > > > sm.addPermission(
> > MutableSecurityManager.SET_SECURITY_MANAGER);
> > > > > > - sm.denyPermission("accessDeclaredMembers");
> > > > > > + sm.denyPermission(new
> > > > RuntimePermission("accessDeclaredMembers"));
> > > > > > System.setSecurityManager(sm);
> > > > > > try {
> > > > > > try {
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Stepan Mishura
> > > Intel Enterprise Solutions Software Division
> > >
> > >
> >
>
>
>
> --
> Stepan Mishura
> Intel Enterprise Solutions Software Division
>
>
