Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Watson2020-01-08 15:18:45 +0000
committerThomas Watson2020-01-10 17:24:39 +0000
commite56c465c78ec234cbd5b39e5da6b24c70b407cef (patch)
tree7b6eca5944eca20d11068edb230a5090f9d76ec2 /bundles/org.eclipse.osgi.tests
parent7a2481aa40b36addd5c4cc10464c8637e0ae7e87 (diff)
downloadrt.equinox.framework-e56c465c78ec234cbd5b39e5da6b24c70b407cef.tar.gz
rt.equinox.framework-e56c465c78ec234cbd5b39e5da6b24c70b407cef.tar.xz
rt.equinox.framework-e56c465c78ec234cbd5b39e5da6b24c70b407cef.zip
Bug 558929 - Must handle relative FilePermission paths
Both ConditionalPermissionAdmin and PermissionAdmin must handle relative paths be relative to a bundles data area. Change-Id: Ic9565bf368d9cad8b2676e0b2a1bb6d1b1d77cec Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
Diffstat (limited to 'bundles/org.eclipse.osgi.tests')
-rw-r--r--bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/securityadmin/SecurityAdminUnitTests.java125
1 files changed, 114 insertions, 11 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/securityadmin/SecurityAdminUnitTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/securityadmin/SecurityAdminUnitTests.java
index 8b2d82837..58a6fe975 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/securityadmin/SecurityAdminUnitTests.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/securityadmin/SecurityAdminUnitTests.java
@@ -46,6 +46,7 @@ import org.osgi.service.condpermadmin.ConditionalPermissionUpdate;
import org.osgi.service.permissionadmin.PermissionAdmin;
import org.osgi.service.permissionadmin.PermissionInfo;
+@SuppressWarnings("deprecation")
public class SecurityAdminUnitTests extends AbstractBundleTests {
private static final PermissionInfo[] SOCKET_INFOS = new PermissionInfo[] {new PermissionInfo("java.net.SocketPermission", "localhost", "accept")}; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
@@ -56,6 +57,8 @@ public class SecurityAdminUnitTests extends AbstractBundleTests {
new PermissionInfo("java.io.FilePermission", "<<ALL FILES>>", "write") //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
};
+ private static final PermissionInfo[] RELATIVE_EXEC_FILE_INFOS = new PermissionInfo[] {new PermissionInfo("java.io.FilePermission", "bin/*", "execute")};
+
private static final PermissionInfo[] RUNTIME_INFOS = new PermissionInfo[] {new PermissionInfo("java.lang.RuntimePermission", "exitVM", null)}; //$NON-NLS-1$ //$NON-NLS-2$
private static final ConditionInfo[] ALLLOCATION_CONDS = new ConditionInfo[] {new ConditionInfo("org.osgi.service.condpermadmin.BundleLocationCondition", new String[] {"*"})}; //$NON-NLS-1$ //$NON-NLS-2$
@@ -91,27 +94,27 @@ public class SecurityAdminUnitTests extends AbstractBundleTests {
private static final long serialVersionUID = 3258131349494708277L;
// A simple PermissionCollection that only has AllPermission
- @Override
+ @Override
public void add(Permission permission) {
//no adding to this policy
}
- @Override
+ @Override
public boolean implies(Permission permission) {
return true;
}
- @Override
+ @Override
public Enumeration elements() {
return new Enumeration() {
int cur = 0;
- @Override
+ @Override
public boolean hasMoreElements() {
return cur < 1;
}
- @Override
+ @Override
public Object nextElement() {
if (cur == 0) {
cur = 1;
@@ -125,12 +128,12 @@ public class SecurityAdminUnitTests extends AbstractBundleTests {
Policy.setPolicy(new Policy() {
- @Override
+ @Override
public PermissionCollection getPermissions(CodeSource codesource) {
return allPermissions;
}
- @Override
+ @Override
public void refresh() {
// nothing
}
@@ -1052,15 +1055,115 @@ public class SecurityAdminUnitTests extends AbstractBundleTests {
}
public void testBug286307() {
- Bundle test = installTestBundle("test.bug286307"); //$NON-NLS-1$
+ Bundle test = installTestBundle("test.bug286307");
AccessControlContext acc = test.adapt(AccessControlContext.class);
- testPermission(acc, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
+ testPermission(acc, new FilePermission("test", "read"), true);
+ testPermission(acc, new AllPermission(), false);
+ }
+
+ public void testRelativeFilePermission() {
+ Bundle test = installTestBundle(TEST_BUNDLE);
+ File dataArea = test.getDataFile("");
+ File testFile = new File(dataArea, "testFile.txt");
+ File testExecutable = new File(dataArea, "bin/execFile");
+ AccessControlContext acc = test.adapt(AccessControlContext.class);
+
+ // test set by location
+ pa.setPermissions(test.getLocation(), RELATIVE_EXEC_FILE_INFOS);
+
+ testPermission(acc, new FilePermission(testFile.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "execute"), false);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "execute"), true);
testPermission(acc, new AllPermission(), false);
+
+ // clear location
+ pa.setPermissions(test.getLocation(), null);
+ // goes back to all permission by default
+ testPermission(acc, new FilePermission(testFile.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "execute"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "execute"), true);
+ testPermission(acc, new AllPermission(), true);
+
+ // test set by conditions
+ ConditionalPermissionUpdate update = cpa.newConditionalPermissionUpdate();
+ List rows = update.getConditionalPermissionInfos();
+ rows.add(cpa.newConditionalPermissionInfo(null, getLocationConditions(test.getLocation(), false), RELATIVE_EXEC_FILE_INFOS, ConditionalPermissionInfo.ALLOW));
+ assertTrue("failed to commit", update.commit());
+
+ testPermission(acc, new FilePermission(testFile.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "execute"), false);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "execute"), true);
+ testPermission(acc, new AllPermission(), false);
+
+ // update condition to only have read only, not that a bundle always
+ // implicitly has r/w permission to its data area
+ update = cpa.newConditionalPermissionUpdate();
+ rows = update.getConditionalPermissionInfos();
+ rows.clear();
+ rows.add(cpa.newConditionalPermissionInfo(null, getLocationConditions(test.getLocation(), false), READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
+ assertTrue("failed to commit", update.commit());
+
+ testPermission(acc, new FilePermission(testFile.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "execute"), false);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "execute"), false);
+ testPermission(acc, new AllPermission(), false);
+
+ // clear the conditions
+ update = cpa.newConditionalPermissionUpdate();
+ update.getConditionalPermissionInfos().clear();
+ assertTrue("failed to commit", update.commit());
+
+ // test that the default permissions of PA do not handle relative
+ pa.setDefaultPermissions(RELATIVE_EXEC_FILE_INFOS);
+
+ testPermission(acc, new FilePermission(testFile.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testFile.getPath(), "execute"), false);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "write"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "read"), true);
+ testPermission(acc, new FilePermission(testExecutable.getPath(), "execute"), false);
+ testPermission(acc, new AllPermission(), false);
+
+ // go back to default all permission
+ pa.setDefaultPermissions(null);
+ testPermission(acc, new AllPermission(), true);
+
+ // Test that the ACC returned from CPA.getAccessControlContext does not handle relative file permissions
+ update = cpa.newConditionalPermissionUpdate();
+ rows = update.getConditionalPermissionInfos();
+ rows.add(cpa.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, RELATIVE_EXEC_FILE_INFOS, ConditionalPermissionInfo.ALLOW));
+ assertTrue("failed to commit", update.commit());
+
+ File relativeExecutable = new File("bin/executableFile");
+ acc = cpa.getAccessControlContext(new String[] {"cn=t1,c=FR;cn=test1,c=US"});
+ testPermission(acc, new FilePermission(relativeExecutable.getAbsolutePath(), "execute"), false);
+
+ // update CPA to use absolute path
+ update = cpa.newConditionalPermissionUpdate();
+ rows = update.getConditionalPermissionInfos();
+ rows.clear();
+ PermissionInfo[] absExectInfos = new PermissionInfo[] {new PermissionInfo("java.io.FilePermission", relativeExecutable.getAbsolutePath(), "execute")};
+ rows.add(cpa.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, absExectInfos, ConditionalPermissionInfo.ALLOW));
+ assertTrue("failed to commit", update.commit());
+
+ testPermission(acc, new FilePermission(relativeExecutable.getAbsolutePath(), "execute"), true);
}
private void checkInfos(ConditionalPermissionInfo testInfo1, ConditionalPermissionInfo testInfo2) {
- assertTrue("Infos are not equal: " + testInfo1.getEncoded() + " " + testInfo2.getEncoded(), testInfo1.equals(testInfo2)); //$NON-NLS-1$ //$NON-NLS-2$
- assertEquals("Info hash code is not equal", testInfo1.hashCode(), testInfo2.hashCode()); //$NON-NLS-1$
+ assertTrue("Infos are not equal: " + testInfo1.getEncoded() + " " + testInfo2.getEncoded(), testInfo1.equals(testInfo2));
+ assertEquals("Info hash code is not equal", testInfo1.hashCode(), testInfo2.hashCode());
}
private void checkBadInfo(String encoded) {

Back to the top