This is JDK 1.6's AccessControlContext ProtectionDomain Permission's
Note these are static Permission's in the ProtectionDomain, not the
dynamic policy.
This is just prior to the permission check for (java.io.FilePermission
/var/tmp/Mercury*.config read)
For some reason mercury.jar has
GrantPermission(java.security.AllPermission "<all permissions>", "<all
actions>")
This would allow granting of the necessary FilePermission.
Obviously it has allowed the bogus policy to be set, but strangely in
JDK1.5 there's no access denied for setting the policy?
See below:
Step completed: "thread=main",
net.jini.security.Security.createPrivilegedContext(), line=562 bci=4
main[1] print acc
acc = "java.security.accesscontrolcont...@16b788"
main[1] print acc.context
acc.context = instance of java.security.ProtectionDomain[4] (id=1493)
main[1] print acc.context[0]
acc.context[0] = "ProtectionDomain
(file:/opt/src/river/trunk/lib/jsk-platform.jar <no signer certificates>)
sun.misc.launcher$appclassloa...@182f0db
<no principals>
java.security.permissi...@18abc7b (
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission * read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission
com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException write)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.io.FilePermission /opt/src/river/trunk/qa/lib/- read)
(java.io.FilePermission /opt/src/river/trunk/lib/- read)
(java.io.FilePermission /opt/src/river/trunk/lib/jsk-platform.jar read)
(java.net.SocketPermission localhost:8081 listen,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission *:1024- connect,accept,resolve)
(java.lang.RuntimePermission
accessClassInPackage.sun.util.logging.resources)
(java.lang.RuntimePermission setFactory)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(net.jini.security.GrantPermission java.util.PropertyPermission
"line.separator", "read"; java.util.PropertyPermission
"java.vm.version", "read"; java.util.PropertyPermission
"java.vm.specification.version", "read"; java.util.PropertyPermission
"java.vm.specification.vendor", "read"; java.util.PropertyPermission
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name",
"read"; java.util.PropertyPermission "*", "read";
java.util.PropertyPermission "os.name", "read";
java.util.PropertyPermission "java.vm.vendor", "read";
java.util.PropertyPermission "path.separator", "read";
java.util.PropertyPermission "java.specification.name", "read";
java.util.PropertyPermission "os.version", "read";
java.util.PropertyPermission "os.arch", "read";
java.util.PropertyPermission
"com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException",
"write"; java.util.PropertyPermission "java.class.version", "read";
java.util.PropertyPermission "java.version", "read";
java.util.PropertyPermission "file.separator", "read";
java.util.PropertyPermission "java.vendor", "read";
java.util.PropertyPermission "java.vm.specification.name", "read";
java.util.PropertyPermission "java.specification.version", "read";
java.util.PropertyPermission "java.specification.vendor", "read";
java.io.FilePermission "/opt/src/river/trunk/lib/-", "read";
java.io.FilePermission "/opt/src/river/trunk/qa/lib/-", "read";
java.io.FilePermission "/opt/src/river/trunk/lib/jsk-platform.jar",
"read"; java.net.SocketPermission "localhost:8081", "listen,resolve";
java.net.SocketPermission "localhost:1024-", "listen,resolve";
java.net.SocketPermission "*:1024-", "connect,accept,resolve";
java.lang.RuntimePermission
"accessClassInPackage.sun.util.logging.resources", "";
java.lang.RuntimePermission "setFactory", "";
java.lang.RuntimePermission "stopThread", "";
java.lang.RuntimePermission "exitVM", ""; java.security.AllPermission
"<all permissions>", "<all actions>";)
(java.security.AllPermission <all permissions> <all actions>)
)
"
main[1] print acc.context[1]
acc.context[1] = "ProtectionDomain
(file:/opt/src/river/trunk/lib/mercury.jar <no signer certificates>)
com.sun.jini.start.ActivateWrapper$ExportClassLoader[importURLs=[file:/opt/src/river/trunk/lib/mercury.jar],exportURLs=[http://bluto:8080/mercury-dl_bogus.jar,
http://bluto:8080/jsk-dl.jar],parent=sun.misc.launcher$appclassloa...@182f0db,id=cca3bb29-7eb8-437f-92f1-76f8432db01a]
<no principals>
java.security.permissi...@17cff66 (
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.io.FilePermission /opt/src/river/trunk/lib/mercury.jar read)
(java.net.SocketPermission localhost:8081 listen,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.lang.RuntimePermission stopThread)
(net.jini.security.GrantPermission java.util.PropertyPermission
"line.separator", "read"; java.util.PropertyPermission
"java.vm.version", "read"; java.util.PropertyPermission
"java.vm.specification.version", "read"; java.util.PropertyPermission
"java.vm.specification.vendor", "read"; java.util.PropertyPermission
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name",
"read"; java.util.PropertyPermission "os.name", "read";
java.util.PropertyPermission "java.vm.vendor", "read";
java.util.PropertyPermission "path.separator", "read";
java.util.PropertyPermission "java.specification.name", "read";
java.util.PropertyPermission "os.version", "read";
java.util.PropertyPermission "os.arch", "read";
java.util.PropertyPermission "java.class.version", "read";
java.util.PropertyPermission "java.version", "read";
java.util.PropertyPermission "file.separator", "read";
java.util.PropertyPermission "java.vendor", "read";
java.util.PropertyPermission "java.vm.specification.name", "read";
java.util.PropertyPermission "java.specification.version", "read";
java.util.PropertyPermission "java.specification.vendor", "read";
java.io.FilePermission "/opt/src/river/trunk/lib/mercury.jar", "read";
java.net.SocketPermission "localhost:8081", "listen,resolve";
java.net.SocketPermission "localhost:1024-", "listen,resolve";
java.lang.RuntimePermission "stopThread", "";
java.security.AllPermission "<all permissions>", "<all actions>";)
(java.security.AllPermission <all permissions> <all actions>)
)
"
main[1] print acc.context[2]
acc.context[2] = "ProtectionDomain
(file:/opt/src/river/trunk/qa/lib/jiniharness.jar <no signer certificates>)
sun.misc.launcher$appclassloa...@182f0db
<no principals>
java.security.permissi...@1f2be27 (
(java.io.FilePermission /opt/src/river/trunk/qa/lib/jiniharness.jar read)
(java.lang.RuntimePermission exitVM)
(java.security.AllPermission <all permissions> <all actions>)
)
"
main[1] pritn acc.context[3]
Unrecognized command: 'pritn'. Try help...
main[1] print acc.context[3]
acc.context[3] = "ProtectionDomain
(file:/opt/src/river/trunk/qa/lib/jinitests.jar <no signer certificates>)
sun.misc.launcher$appclassloa...@182f0db
<no principals>
java.security.permissi...@1df3d59 (
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission * read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission
com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException write)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.io.FilePermission /opt/src/river/trunk/qa/lib/- read)
(java.io.FilePermission /opt/src/river/trunk/lib/- read)
(java.io.FilePermission /opt/src/river/trunk/qa/lib/jinitests.jar read)
(java.net.SocketPermission localhost:8081 listen,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission *:1024- connect,accept,resolve)
(java.lang.RuntimePermission
accessClassInPackage.sun.util.logging.resources)
(java.lang.RuntimePermission setFactory)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(net.jini.security.GrantPermission java.util.PropertyPermission
"line.separator", "read"; java.util.PropertyPermission
"java.vm.version", "read"; java.util.PropertyPermission
"java.vm.specification.version", "read"; java.util.PropertyPermission
"java.vm.specification.vendor", "read"; java.util.PropertyPermission
"java.vendor.url", "read"; java.util.PropertyPermission "java.vm.name",
"read"; java.util.PropertyPermission "*", "read";
java.util.PropertyPermission "os.name", "read";
java.util.PropertyPermission "java.vm.vendor", "read";
java.util.PropertyPermission "path.separator", "read";
java.util.PropertyPermission "java.specification.name", "read";
java.util.PropertyPermission "os.version", "read";
java.util.PropertyPermission "os.arch", "read";
java.util.PropertyPermission
"com.sun.jini.qa.spec.io.util.FakeIntegrityVerifier.throwException",
"write"; java.util.PropertyPermission "java.class.version", "read";
java.util.PropertyPermission "java.version", "read";
java.util.PropertyPermission "file.separator", "read";
java.util.PropertyPermission "java.vendor", "read";
java.util.PropertyPermission "java.vm.specification.name", "read";
java.util.PropertyPermission "java.specification.version", "read";
java.util.PropertyPermission "java.specification.vendor", "read";
java.io.FilePermission "/opt/src/river/trunk/lib/-", "read";
java.io.FilePermission "/opt/src/river/trunk/qa/lib/-", "read";
java.io.FilePermission "/opt/src/river/trunk/qa/lib/jinitests.jar",
"read"; java.net.SocketPermission "localhost:8081", "listen,resolve";
java.net.SocketPermission "localhost:1024-", "listen,resolve";
java.net.SocketPermission "*:1024-", "connect,accept,resolve";
java.lang.RuntimePermission
"accessClassInPackage.sun.util.logging.resources", "";
java.lang.RuntimePermission "setFactory", "";
java.lang.RuntimePermission "stopThread", "";
java.lang.RuntimePermission "exitVM", ""; java.security.AllPermission
"<all permissions>", "<all actions>";)
(java.security.AllPermission <all permissions> <all actions>)
)
"
main[1]
