JDK 9 RFR of 8031067:java/util/concurrent/atomic/AtomicUpdaters.java: java.lang.Error: Unexpected reflective access

Mon, 06 Jan 2014 12:16:53 -0800

The test sets a security manager to ensure that appropriate permission checks are performed. It expects to be denied reflective access to a private field in a different package. Access, to this field, is granted if the code has RuntimePermission "accessDeclaredMembers". This permission is not expected, but the default policy implementation combines the java.home/lib/security/java.policy and user.home/.java.policy. So if a policy file, .java.policy, with RuntimePermission "accessDeclaredMembers", just happens to be in the users home directory when this test is run, it will fail as above.
The solution, trivially, is for the test to set its own policy, and remove any dependency on the default policy. 


diff --git a/test/java/util/concurrent/atomic/AtomicUpdaters.java 
b/test/java/util/concurrent/atomic/AtomicUpdaters.java

--- a/test/java/util/concurrent/atomic/AtomicUpdaters.java
+++ b/test/java/util/concurrent/atomic/AtomicUpdaters.java
@@ -33,7 +33,7 @@
  */
 import java.util.concurrent.atomic.*;
 import java.lang.reflect.*;
-import java.security.AccessControlException;
+import java.security.*;

 public class  AtomicUpdaters {
     enum TYPE { INT, LONG, REF }
@@ -102,6 +102,8 @@
                 verbose = true;
             }
             else if ("UseSM".equals(arg)) {

+                // Ensure that the test is not influenced by the 
default users policy.

+                Policy.setPolicy(new NoPermissionsPolicy());
                 SecurityManager m = System.getSecurityManager();
                 if (m != null)

                     throw new RuntimeException("No security manager 
should initially be installed");

@@ -186,4 +188,24 @@

             throw new Error("Some tests failed - see previous 
stacktraces");

         }
     }
+
+    /**
+     * Policy with no permissions.
+     */
+    private static class NoPermissionsPolicy extends Policy {
+        @Override
+        public PermissionCollection getPermissions(CodeSource cs) {
+            return Policy.UNSUPPORTED_EMPTY_COLLECTION;
+        }
+
+        @Override
+        public PermissionCollection getPermissions(ProtectionDomain pd) {
+            return Policy.UNSUPPORTED_EMPTY_COLLECTION;
+        }
+
+        @Override
+        public boolean implies(ProtectionDomain pd, Permission p) {
+            return Policy.UNSUPPORTED_EMPTY_COLLECTION.implies(p);
+        }
+    }
 }

-Chris.














    











					Reply via email to