Uploaded image for project: 'Code Tools'
  1. Code Tools
  2. CODETOOLS-7901792

testng.jar requires permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: jtreg4.2
    • Component/s: tools
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b04

      Description

      While working on module de-privileging work, moving a specific module
      out of the boot loader and granting it a minimal set of permissions, a
      jtreg issue was noticed; testng.jar should be granted all permissions.

      When running a testng test with a minimal set of permissions, e.g.
      @run testng/othervm/java.security.policy=test.policy Test, it fails in
      many places where it is obvious that testng is attempting to perform
      a privileged operation, reflection to invoke the test entry point, reading
      properties, etc.

      It can be seen that jtreg already “rewrites” the policy file specified by a test
      to grant several jtreg jars all permissions ( example below ). I think that
      testng.jar should have similar.

      $ cat /repos/jdk9/sandbox/jdk/test/JTwork/scratch/0/test.policy_new
      // The following grant entries were added by JavaTest. Do not edit.
      grant {
         permission java.io.FilePermission "/repos/jdk9/sandbox/jdk/test/JTwork/classes/0${/}-", "read";
      };
      grant codebase "file:/tools/jtreg/lib/javatest.jar" {
         permission java.security.AllPermission;
      };
      grant codebase "file:/tools/jtreg/lib/jtreg.jar" {
         permission java.security.AllPermission;
      };

      // original policy file:
      grant codeBase "file:${test.classes}/*” {
          …. minimal set of permissions required for the test
      }

      --

      com.sun.javatest.regtest.exec.Action::addGrantEntry could be updated
      to grant all permissions to testng.jar. Otherwise, a system property,
      exposing the testng.jar file location, could be exposed so that it is trivial
      for a test to grant testng the required permissions.

      There are no known, acceptable, workarounds to this issue.
      For example, the following hardcodes the file URL of testng.jar:

        grant codebase "file:/tools/jtreg/lib/testng.jar" {
            permission java.security.AllPermission;
        };
        grant codeBase "file:${test.classes}/*” {
             …. minimal set of permissions required for the test
        }

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jjg Jonathan Gibbons
              Reporter:
              chegar Chris Hegarty
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: