Java Code Examples for java.security.ProtectionDomain

The following are top voted examples for showing how to use java.security.ProtectionDomain. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: jdk8u-jdk   File: JMXSubjectDomainCombiner.java   View source code 6 votes vote down vote up
public ProtectionDomain[] combine(ProtectionDomain[] current,
                                  ProtectionDomain[] assigned) {
    // Add a new ProtectionDomain with the null codesource/signers, and
    // the empty permission set, to the end of the array containing the
    // 'current' protections domains, i.e. the ones that will be augmented
    // with the permissions granted to the set of principals present in
    // the supplied subject.
    //
    ProtectionDomain[] newCurrent;
    if (current == null || current.length == 0) {
        newCurrent = new ProtectionDomain[1];
        newCurrent[0] = pdNoPerms;
    } else {
        newCurrent = new ProtectionDomain[current.length + 1];
        for (int i = 0; i < current.length; i++) {
            newCurrent[i] = current[i];
        }
        newCurrent[current.length] = pdNoPerms;
    }
    return super.combine(newCurrent, assigned);
}
 
Example 2
Project: otus_java_2017_10   File: SleepTransformer.java   View source code 6 votes vote down vote up
public byte[] transform(ClassLoader loader, String className, Class classBeingRedefined,
                        ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

    byte[] byteCode = classfileBuffer;

    if (className.equals("beans/Sleeping")) {

        try {
            ClassPool cp = ClassPool.getDefault();
            CtClass cc = cp.get("beans.Sleeping");
            CtMethod m = cc.getDeclaredMethod("sleepNow");
            m.addLocalVariable("elapsedTime", CtClass.longType);
            m.insertBefore("elapsedTime = System.currentTimeMillis();");
            m.insertAfter("{elapsedTime = System.currentTimeMillis() - elapsedTime;"
                    + "System.out.println(\"Method Executed in ms: \" + elapsedTime);}");
            byteCode = cc.toBytecode();
            cc.detach();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    return byteCode;
}
 
Example 3
Project: fastAOP   File: CatchBlockClassTransformer.java   View source code 6 votes vote down vote up
@Override
    public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

        if(className.startsWith(TransformConfig.getInstance().getPackageScan())) {
            logger.log(Level.INFO, "-------------------CLASS---------------------");
            logger.log(Level.INFO, "className: " + className);
            ClassReader cr = new ClassReader(classfileBuffer);
            ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS);

            ClassVisitor classVisitor = new HookClassAdapter(Opcodes.ASM5, cw);
            cr.accept(classVisitor, ClassReader.SKIP_FRAMES);
//            try {
//                FileOutputStream fos = new FileOutputStream(new File("classMod.class"));
//                fos.write(cw.toByteArray());
//                fos.close();
//            } catch (IOException e) {
//                e.printStackTrace();
//            }

            return cw.toByteArray();
        }
        return null;

    }
 
Example 4
Project: jdk8u-jdk   File: TokenStore.java   View source code 6 votes vote down vote up
private static void checkPerm(PolicyFile p, ProtectionDomain pd)
            throws Exception {
    boolean foundIt = false;
    Enumeration perms = p.getPermissions(pd).elements();
    while (perms.hasMoreElements()) {
        Permission perm = (Permission)perms.nextElement();
        if (!(perm instanceof AllPermission)) {
            throw new SecurityException("expected AllPermission");
        } else {
            foundIt = true;
        }
    }
    if (!foundIt) {
        throw new SecurityException("expected AllPermission");
    }
}
 
Example 5
Project: OpenJSharp   File: ClassLoader.java   View source code 6 votes vote down vote up
final void checkPackageAccess(Class<?> cls, ProtectionDomain pd) {
    final SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        if (ReflectUtil.isNonPublicProxyClass(cls)) {
            for (Class<?> intf: cls.getInterfaces()) {
                checkPackageAccess(intf, pd);
            }
            return;
        }

        final String name = cls.getName();
        final int i = name.lastIndexOf('.');
        if (i != -1) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    sm.checkPackageAccess(name.substring(0, i));
                    return null;
                }
            }, new AccessControlContext(new ProtectionDomain[] {pd}));
        }
    }
    domains.add(pd);
}
 
Example 6
Project: OpenJSharp   File: JMXSubjectDomainCombiner.java   View source code 6 votes vote down vote up
public ProtectionDomain[] combine(ProtectionDomain[] current,
                                  ProtectionDomain[] assigned) {
    // Add a new ProtectionDomain with the null codesource/signers, and
    // the empty permission set, to the end of the array containing the
    // 'current' protections domains, i.e. the ones that will be augmented
    // with the permissions granted to the set of principals present in
    // the supplied subject.
    //
    ProtectionDomain[] newCurrent;
    if (current == null || current.length == 0) {
        newCurrent = new ProtectionDomain[1];
        newCurrent[0] = pdNoPerms;
    } else {
        newCurrent = new ProtectionDomain[current.length + 1];
        for (int i = 0; i < current.length; i++) {
            newCurrent[i] = current[i];
        }
        newCurrent[current.length] = pdNoPerms;
    }
    return super.combine(newCurrent, assigned);
}
 
Example 7
Project: openjdk-jdk10   File: PreserveCombinerTest.java   View source code 6 votes vote down vote up
public static void main(String[]args) throws Exception {
    final DomainCombiner dc = new DomainCombiner() {
        @Override
        public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
            return currentDomains; // basically a no-op
        }
    };

    // Get an instance of the saved ACC
    AccessControlContext saved = AccessController.getContext();
    // Simulate the stack ACC with a DomainCombiner attached
    AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc);

    // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert
    // whether the DomainCombiner from the stack ACC is preserved
    boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() {
        @Override
        public Boolean run() {
            return dc == AccessController.getContext().getDomainCombiner();
        }
    }, stack, saved);

    if (!ret) {
        System.exit(1);
    }
}
 
Example 8
Project: authlib-injector   File: ClassTransformer.java   View source code 6 votes vote down vote up
@Override
public byte[] transform(ClassLoader loader, String internalClassName, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
	if (internalClassName != null && classfileBuffer != null) {
		try {
			String className = internalClassName.replace('/', '.');
			for (String prefix : ignores)
				if (className.startsWith(prefix)) return null;

			TransformHandle handle = new TransformHandle(className, classfileBuffer);
			units.forEach(handle::accept);
			if (handle.getResult().isPresent()) {
				byte[] classBuffer = handle.getResult().get();
				if (debug) {
					saveClassFile(className, classBuffer);
				}
				return classBuffer;
			} else {
				return null;
			}
		} catch (Throwable e) {
			log("unable to transform {0}: {1}", internalClassName, e);
			e.printStackTrace();
		}
	}
	return null;
}
 
Example 9
Project: openjdk-jdk10   File: CustomPolicy.java   View source code 6 votes vote down vote up
@Override
public boolean implies(ProtectionDomain pd, Permission perm) {
    System.out.println("CustomPolicy.implies");

    // If the protection domain is the same as CustomPolicy, then
    // we return true. This is to prevent recursive permission checks
    // that lead to StackOverflow errors when the policy implementation
    // performs a sensitive operation that triggers a permission check,
    // for example, as below.
    if (pd == policyPd) {
        return true;
    }

    // Do something that triggers a permission check to make sure that
    // we don't cause a StackOverflow error.
    String home = AccessController.doPrivileged(
        (PrivilegedAction<String>) () -> System.getProperty("user.home"));

    return true;
}
 
Example 10
Project: OpenJSharp   File: MBeanInstantiator.java   View source code 6 votes vote down vote up
private ClassLoader getClassLoader(final ObjectName name) {
    if(clr == null){
        return null;
    }
    // Restrict to getClassLoader permission only
    Permissions permissions = new Permissions();
    permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
    ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
    ProtectionDomain[] domains = {protectionDomain};
    AccessControlContext ctx = new AccessControlContext(domains);
    ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
        public ClassLoader run() {
            return clr.getClassLoader(name);
        }
    }, ctx);
    return loader;
}
 
Example 11
Project: OpenJSharp   File: Launcher.java   View source code 6 votes vote down vote up
/**
 * create a context that can read any directories (recursively)
 * mentioned in the class path. In the case of a jar, it has to
 * be the directory containing the jar, not just the jar, as jar
 * files might refer to other jar files.
 */

private static AccessControlContext getContext(File[] cp)
    throws java.net.MalformedURLException
{
    PathPermissions perms =
        new PathPermissions(cp);

    ProtectionDomain domain =
        new ProtectionDomain(new CodeSource(perms.getCodeBase(),
            (java.security.cert.Certificate[]) null),
        perms);

    AccessControlContext acc =
        new AccessControlContext(new ProtectionDomain[] { domain });

    return acc;
}
 
Example 12
Project: OpenJSharp   File: ClassLoader.java   View source code 6 votes vote down vote up
private ClassLoader(Void unused, ClassLoader parent) {
    this.parent = parent;
    if (ParallelLoaders.isRegistered(this.getClass())) {
        parallelLockMap = new ConcurrentHashMap<>();
        package2certs = new ConcurrentHashMap<>();
        domains =
            Collections.synchronizedSet(new HashSet<ProtectionDomain>());
        assertionLock = new Object();
    } else {
        // no finer-grained lock; lock on the classloader instance
        parallelLockMap = null;
        package2certs = new Hashtable<>();
        domains = new HashSet<>();
        assertionLock = this;
    }
}
 
Example 13
Project: Equella   File: MacOpener.java   View source code 6 votes vote down vote up
private void attemptSetNullSecurityManager()
{
	final Permissions permissions = new Permissions();
	permissions.add(new RuntimePermission("setSecurityManager"));
	final AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
		permissions)});
	AccessController.doPrivileged(new PrivilegedAction<Object>()
	{
		@Override
		public Object run()
		{
			LOGGER.info("About to call System.setSecurityManager(null)");
			System.setSecurityManager(null);
			LOGGER.info("Progressed beyond call to System.setSecurityManager(null)");
			return null;
		}
	}, context);
}
 
Example 14
Project: lams   File: JBossMCTranslatorAdapter.java   View source code 6 votes vote down vote up
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
	String name = method.getName();
	if ("equals".equals(name)) {
		return proxy == args[0];
	}
	else if ("hashCode".equals(name)) {
		return hashCode();
	}
	else if ("toString".equals(name)) {
		return toString();
	}
	else if ("transform".equals(name)) {
		return transform((ClassLoader) args[0], (String) args[1], (Class<?>) args[2],
				(ProtectionDomain) args[3], (byte[]) args[4]);
	}
	else if ("unregisterClassLoader".equals(name)) {
		unregisterClassLoader((ClassLoader) args[0]);
		return null;
	}
	else {
		throw new IllegalArgumentException("Unknown method: " + method);
	}
}
 
Example 15
Project: openjdk-jdk10   File: RedefineAnnotations.java   View source code 6 votes vote down vote up
@Override public byte[] transform(ClassLoader loader, String className,
        Class<?> classBeingRedefined,
        ProtectionDomain protectionDomain, byte[] classfileBuffer)
    throws IllegalClassFormatException {

    if (className.contains("TypeAnnotatedTestClass")) {
        try {
            // Here we remove and re-add the dummy fields. This shuffles the constant pool
            return asm(loader, className, classBeingRedefined, protectionDomain, classfileBuffer);
        } catch (Throwable e) {
            // The retransform native code that called this method does not propagate
            // exceptions. Instead of getting an uninformative generic error, catch
            // problems here and print it, then exit.
            e.printStackTrace();
            System.exit(1);
        }
    }
    return null;
}
 
Example 16
Project: OpenJSharp   File: ClassLoader.java   View source code 5 votes vote down vote up
private void postDefineClass(Class<?> c, ProtectionDomain pd)
{
    if (pd.getCodeSource() != null) {
        Certificate certs[] = pd.getCodeSource().getCertificates();
        if (certs != null)
            setSigners(c, certs);
    }
}
 
Example 17
Project: classinjector   File: UnsafeWrapper.java   View source code 5 votes vote down vote up
Class defineClass(String name,
                  byte[] b,
                  int off,
                  int len,
                  ClassLoader loader,
                  ProtectionDomain protectionDomain) {
    return unsafe.defineClass(name, b, off, len, loader, protectionDomain);
}
 
Example 18
Project: jdk8u-jdk   File: TestLogConfigurationDeadLockWithConf.java   View source code 5 votes vote down vote up
/**
 * This test will run both with and without a security manager.
 *
 * The test starts a number of threads that will call
 *     LogManager.readConfiguration() concurrently (ReadConf), then starts
 *     a number of threads that will create new loggers concurrently
 *     (AddLogger), and then two additional threads: one (Stopper) that
 *     will stop the test after 4secs (TIME ms), and one DeadlockDetector
 *     that will attempt to detect deadlocks.
 * If after 4secs no deadlock was detected and no exception was thrown
 * then the test is considered a success and passes.
 *
 * This procedure is done twice: once without a security manager and once
 * again with a security manager - which means the test takes ~8secs to
 * run.
 *
 * Note that 8sec may not be enough to detect issues if there are some.
 * This is a best effort test.
 *
 * @param args the command line arguments
 * @throws java.lang.Exception if the test fails.
 */
public static void main(String[] args) throws Exception {
    File config =  new File(System.getProperty("test.src", "."),
                    "deadlockconf.properties");
    if (!config.canRead()) {
        System.err.println("Can't read config file: test cannot execute.");
        System.err.println("Please check your test environment: ");
        System.err.println("\t -Dtest.src=" + System.getProperty("test.src", "."));
        System.err.println("\t config file is: " + config.getAbsolutePath());
        throw new RuntimeException("Can't read config file: "
            + config.getAbsolutePath());
    }

    System.setProperty("java.util.logging.config.file",
           config.getAbsolutePath());

    // test without security
    System.out.println("No security");
    test();

    // test with security
    System.out.println("\nWith security");
    Policy.setPolicy(new Policy() {
        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            if (super.implies(domain, permission)) return true;
            // System.out.println("Granting " + permission);
            return true; // all permissions
        }
    });
    System.setSecurityManager(new SecurityManager());
    test();
}
 
Example 19
Project: jdk8u-jdk   File: NativeMethodPrefixAgent.java   View source code 5 votes vote down vote up
public byte[]
transform(
    ClassLoader loader,
    String className,
    Class<?> classBeingRedefined,
    ProtectionDomain    protectionDomain,
    byte[] classfileBuffer) {
    boolean redef = classBeingRedefined != null;
    System.out.println(trname + ": " +
                       (redef? "Retransforming " : "Loading ") + className);
    if (className != null) {
        Options opt = new Options();
        opt.shouldInstrumentNativeMethods = true;
        opt.trackerClassName = "bootreporter/StringIdCallbackReporter";
        opt.wrappedTrackerMethodName = "tracker";
        opt.fixedIndex = transformId;
        opt.wrappedPrefix = "wrapped_" + trname + "_";
        try {
            byte[] newcf =  Inject.instrumentation(opt, loader, className, classfileBuffer);
            return redef? null : newcf;
        } catch (Throwable ex) {
            System.err.println("ERROR: Injection failure: " + ex);
            ex.printStackTrace();
            System.err.println("Returning bad class file, to cause test failure");
            return new byte[0];
        }
    }
    return null;
}
 
Example 20
Project: OpenJSharp   File: JMXSubjectDomainCombiner.java   View source code 5 votes vote down vote up
/**
 * Get the AccessControlContext of the domain combiner created with
 * the supplied subject, i.e. an AccessControlContext with the domain
 * combiner created with the supplied subject and where the caller's
 * context has been removed.
 */
public static AccessControlContext
    getDomainCombinerContext(Subject subject) {
    return new AccessControlContext(
        new AccessControlContext(new ProtectionDomain[0]),
        new JMXSubjectDomainCombiner(subject));
}
 
Example 21
Project: Vanilla-Injection   File: JarClassLoader.java   View source code 5 votes vote down vote up
/**
 * Loads specified JAR.
 *
 * @param jarFileInfo
 * @throws IOException
 */
private void loadJar(JarFileInfo jarFileInfo) throws IOException {
    lstJarFile.add(jarFileInfo);
    try {
        Enumeration<JarEntry> en = jarFileInfo.jarFile.entries();
        final String EXT_JAR = ".jar";
        while (en.hasMoreElements()) {
            JarEntry je = en.nextElement();
            if (je.isDirectory()) {
                continue;
            }
            String s = je.getName().toLowerCase(); // JarEntry name
            if (s.lastIndexOf(EXT_JAR) == s.length() - EXT_JAR.length()) {
                JarEntryInfo inf = new JarEntryInfo(jarFileInfo, je);
                File fileTemp = createTempFile(inf);
                logInfo(LogArea.JAR, "Loading inner JAR %s from temp file %s",
                        inf.jarEntry, getFilename4Log(fileTemp));
                // Construct ProtectionDomain for this inner JAR:
                URL url = fileTemp.toURI().toURL();
                ProtectionDomain pdParent = jarFileInfo.pd;
                // 'csParent' is never null: top JAR has it, JCL creates it for child JAR:
                CodeSource csParent = pdParent.getCodeSource();
                Certificate[] certParent = csParent.getCertificates();
                CodeSource csChild = (certParent == null ? new CodeSource(url, csParent.getCodeSigners())
                                                         : new CodeSource(url, certParent));
                ProtectionDomain pdChild = new ProtectionDomain(csChild,
                        pdParent.getPermissions(), pdParent.getClassLoader(), pdParent.getPrincipals());
                loadJar(new JarFileInfo(
                        new JarFile(fileTemp), inf.getName(), jarFileInfo, pdChild, fileTemp));
            }
        }
    } catch (JarClassLoaderException e) {
        throw new RuntimeException(
                "ERROR on loading inner JAR: " + e.getMessageAll());
    }
}
 
Example 22
Project: openjdk-jdk10   File: JavaAdapterFactory.java   View source code 5 votes vote down vote up
private StaticClass getClassAdapterClass(final ScriptObject classOverrides, final ProtectionDomain protectionDomain) {
    JavaAdapterServices.setClassOverrides(classOverrides);
    try {
        return classAdapterGenerator.generateClass(commonLoader, protectionDomain);
    } finally {
        JavaAdapterServices.setClassOverrides(null);
    }
}
 
Example 23
Project: incubator-netbeans   File: NetbinoxLoader.java   View source code 5 votes vote down vote up
private ClasspathEntry createClassPathEntry(BundleFile bundlefile, ProtectionDomain cpDomain, final BaseData data) {
    return new ClasspathEntry(bundlefile, createProtectionDomain(bundlefile, cpDomain)) {
        @Override
        public BaseData getBaseData() {
            return data;
        }
    };
}
 
Example 24
Project: jdk8u-jdk   File: SubjectDomainCombiner.java   View source code 5 votes vote down vote up
private static String printDomain(final ProtectionDomain pd) {
    if (pd == null) {
        return "null";
    }
    return AccessController.doPrivileged(new PrivilegedAction<String>() {
        public String run() {
            return pd.toString();
        }
    });
}
 
Example 25
Project: openjdk-jdk10   File: DummyAgent.java   View source code 5 votes vote down vote up
@Override
public byte[] transform(ClassLoader loader, String className,
                        Class<?> classBeingRedefined, ProtectionDomain protectionDomain,
                        byte[] classfileBuffer) throws IllegalClassFormatException {

    /* The Daemon Thread bug is timing dependent and you want the transform method
     * to return ASAP - so just return the buffer will be fine
     */
    return classfileBuffer;
}
 
Example 26
Project: TakinRPC   File: DynamicClassLoader.java   View source code 5 votes vote down vote up
/**
 * 
 * @param className
 * @param clsByte
 * @return
 */
public Class<?> findClass(String className, byte[] clsByte, URL url) {
    Class<?> cls = null;
    try {
        CodeSource cs = new CodeSource(url, (java.security.cert.Certificate[]) null);
        ProtectionDomain pd = new ProtectionDomain(cs, null, this, null);
        cls = super.defineClass(className, clsByte, 0, clsByte.length, pd);
        resolveClass(cls);
        classCache.put(className, cls);
    } catch (Exception ex) {
        logger.error("define class error", ex);
    }

    return cls;
}
 
Example 27
Project: openjdk-jdk10   File: PlatformMBeanProviderConstructorCheck.java   View source code 5 votes vote down vote up
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
    if (permName.equals(permission.getName())) {
        System.out.println("---MyPolicy-implies checks permission for "
                +permName+" and returns "+allowed);

        return allowed;
    } else {
        return true;
    }
}
 
Example 28
Project: openjdk-jdk10   File: CallerSensitiveTest.java   View source code 5 votes vote down vote up
public static void main(String... args) throws Throwable {
    boolean sm = false;
    if (args.length > 0 && args[0].equals("sm")) {
        sm = true;
        PermissionCollection perms = new Permissions();
        perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
        Policy.setPolicy(new Policy() {
            @Override
            public boolean implies(ProtectionDomain domain, Permission p) {
                return perms.implies(p);
            }
        });
        System.setSecurityManager(new SecurityManager());
    }

    System.err.format("Test %s security manager.%n",
                      sm ? "with" : "without");

    CallerSensitiveTest cstest = new CallerSensitiveTest();
    // test static call to java.util.CSM::caller and CSM::getCallerClass
    cstest.staticMethodCall();
    // test java.lang.reflect.Method call
    cstest.reflectMethodCall();
    // test java.lang.invoke.MethodHandle
    cstest.invokeMethodHandle(Lookup1.lookup);
    cstest.invokeMethodHandle(Lookup2.lookup);
    // test method ref
    cstest.lambda();

    LambdaTest.lambda();

    if (failed > 0) {
        throw new RuntimeException(failed + " test cases failed.");
    }
}
 
Example 29
Project: openjdk-jdk10   File: NativeMethodPrefixAgent.java   View source code 5 votes vote down vote up
public byte[]
transform(
    ClassLoader loader,
    String className,
    Class<?> classBeingRedefined,
    ProtectionDomain    protectionDomain,
    byte[] classfileBuffer) {
    boolean redef = classBeingRedefined != null;
    System.out.println(trname + ": " +
                       (redef? "Retransforming " : "Loading ") + className);
    if (className != null) {
        try {
            byte[] newcf = Instrumentor.instrFor(classfileBuffer)
                           .addNativeMethodTrackingInjection(
                                "wrapped_" + trname + "_",
                                (h)->{
                                    h.push(h.getName());
                                    h.push(transformId);
                                    h.invokeStatic("bootreporter/StringIdCallbackReporter", "tracker", "(Ljava/lang/String;I)V", false);
                                })
                           .apply();
            /*** debugging ...
            if (newcf != null) {
                String fname = trname + (redef?"_redef" : "") + "/" + className;
                System.err.println("dumping to: " + fname);
                write_buffer(fname + "_before.class", classfileBuffer);
                write_buffer(fname + "_instr.class", newcf);
            }
            ***/

            return redef? null : newcf;
        } catch (Throwable ex) {
            System.err.println("ERROR: Injection failure: " + ex);
            ex.printStackTrace();
            System.err.println("Returning bad class file, to cause test failure");
            return new byte[0];
        }
    }
    return null;
}
 
Example 30
Project: elasticsearch_my   File: ESPolicyUnitTests.java   View source code 5 votes vote down vote up
public void testListen() {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    final PermissionCollection noPermissions = new Permissions();
    final ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(
        policy.implies(
            new ProtectionDomain(ESPolicyUnitTests.class.getProtectionDomain().getCodeSource(), noPermissions),
            new SocketPermission("localhost:" + randomFrom(0, randomIntBetween(49152, 65535)), "listen")));
}
 
Example 31
Project: openjdk-jdk10   File: TokenStore.java   View source code 5 votes vote down vote up
private static void checkPerm(PolicyFile p, ProtectionDomain pd)
            throws Exception {
    boolean foundIt = false;
    Enumeration perms = p.getPermissions(pd).elements();
    while (perms.hasMoreElements()) {
        Permission perm = (Permission)perms.nextElement();
        if (perm instanceof AllPermission) {
            foundIt = true;
            break;
        }
    }
    if (!foundIt) {
        throw new SecurityException("expected AllPermission");
    }
}
 
Example 32
Project: OpenJSharp   File: ClassAndLoader.java   View source code 5 votes vote down vote up
static AccessControlContext createPermAccCtxt(final String... permNames) {
    final Permissions perms = new Permissions();
    for (final String permName : permNames) {
        perms.add(new RuntimePermission(permName));
    }
    return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
 
Example 33
Project: HeapDL   File: Transformer.java   View source code 5 votes vote down vote up
public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined,
                        ProtectionDomain pd, byte[] classFile) throws IllegalClassFormatException {
    if (isLibraryClass(className)) return null;
    debugMessage("Transforming: " + className + " [loader=" + loader + ']');

    // Save original bytecode.
    if (saveBytecode)
        debugWriteClass(className + ".orig", classFile);

    ClassReader reader = new ClassReader(classFile);
    // If using COMPUTE_FRAMES, also enable the JSRInlinerAdapter
    // in CtxEnhancherAdapter.
    int wFlags = ClassWriter.COMPUTE_MAXS; // | ClassWriter.COMPUTE_FRAMES;
    ClassWriter writer = new ContextClassWriter(loader, wFlags);
    ClassVisitor ctxAdapter = new CtxEnhancherAdapter(writer, className, optInstrumentCGE, loader);
    try {
        ClassNode cn = new ClassNode(Opcodes.ASM5);
        reader.accept(cn, ClassReader.EXPAND_FRAMES);
        cn.accept(ctxAdapter);
    } catch (RuntimeException ex) {
        System.err.println(CTXT_AGENT + "ASM error visiting class " + className);
        ex.printStackTrace();
        System.exit(-1);
    }

    byte[] ret = writer.toByteArray();

    // Save transformed bytecode.
    if (saveBytecode)
        debugWriteClass(className, ret);
    // Check bytecode for correctness.
    if (debug)
        checkBytecode(loader, className, ret, wFlags);

    return ret;
}
 
Example 34
Project: source-code   File: Unsafe.java   View source code 5 votes vote down vote up
/**
 * Tells the VM to define a class, without security checks.  By default, the
 * class loader and protection domain come from the caller's class.
 */
@ForceInline
public Class<?> defineClass(String name, byte[] b, int off, int len,
                            ClassLoader loader,
                            ProtectionDomain protectionDomain) {
    return theInternalUnsafe.defineClass(name, b, off, len, loader, protectionDomain);
}
 
Example 35
Project: openjdk-jdk10   File: Unsafe.java   View source code 5 votes vote down vote up
/**
 * Tells the VM to define a class, without security checks.  By default, the
 * class loader and protection domain come from the caller's class.
 */
public Class<?> defineClass(String name, byte[] b, int off, int len,
                            ClassLoader loader,
                            ProtectionDomain protectionDomain) {
    if (b == null) {
        throw new NullPointerException();
    }
    if (len < 0) {
        throw new ArrayIndexOutOfBoundsException();
    }

    return defineClass0(name, b, off, len, loader, protectionDomain);
}
 
Example 36
Project: kafka-webview   File: PluginClassLoaderTest.java   View source code 5 votes vote down vote up
/**
 * Tests loading a class from a jar.
 */
@Test
public void testLoadingFilterPlugin() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
    // Get URL to our jar
    final URL jar = getClass().getClassLoader().getResource("testDeserializer/testPlugins.jar");
    final String classPath = "examples.filter.LowOffsetFilter";

    // Create class loader
    final PluginClassLoader pluginClassLoader = new PluginClassLoader(jar, getClass().getClassLoader());

    final Class<? extends RecordFilter> filterPlugin = (Class<? extends RecordFilter>) pluginClassLoader.loadClass(classPath);
    assertNotNull("Should not be null", filterPlugin);

    // Create an instance of it and validate.
    final RecordFilter filter = filterPlugin.newInstance();
    final String topic = "MyTopic";
    final int partition = 2;
    final long offset = 2423L;
    final Object key = "key";
    final Object value = "{name='Bob', value='value'}";
    filter.includeRecord(topic, partition, offset, key, value);

    // Validate it came from our classloader, more of a sanity test.
    assertTrue("Should have our parent class loader", filter.getClass().getClassLoader() instanceof PluginClassLoader);

    // Validate permission set defined
    final ProtectionDomain protectionDomain = filter.getClass().getProtectionDomain();
    final PermissionCollection permissionCollection = protectionDomain.getPermissions();
    assertTrue("Should have read only permissions", permissionCollection.isReadOnly());
}
 
Example 37
Project: OpenJSharp   File: SubjectDomainCombiner.java   View source code 5 votes vote down vote up
private static String printDomain(final ProtectionDomain pd) {
    if (pd == null) {
        return "null";
    }
    return AccessController.doPrivileged(new PrivilegedAction<String>() {
        public String run() {
            return pd.toString();
        }
    });
}
 
Example 38
Project: OpenJSharp   File: JavaAdapterFactory.java   View source code 5 votes vote down vote up
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example 39
Project: openjdk-jdk10   File: DefaultLoggerFinderTest.java   View source code 5 votes vote down vote up
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
    return new PermissionsBuilder().addAll(
            allowAll.get().get() ? allPermissions :
            allowControl.get().get()
            ? withControlPermissions : permissions).toPermissions();
}
 
Example 40
Project: openjdk-jdk10   File: RedefineIntrinsicTest.java   View source code 5 votes vote down vote up
@Override
public byte[] transform(ClassLoader cl, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
    if (Intrinsic.class.equals(classBeingRedefined)) {
        String cf = new String(classfileBuffer);
        int i = cf.indexOf("intrinsic");
        Assert.assertTrue("cannot find \"intrinsic\" constant in " + Intrinsic.class.getSimpleName() + "'s class file", i > 0);
        System.arraycopy("redefined".getBytes(), 0, classfileBuffer, i, "redefined".length());
    }
    return classfileBuffer;
}