diff --git a/make/java/security/Makefile b/make/java/security/Makefile index 05b6b8a56640fb5fee865df68c8e41619430e927..813597347bf93b9ba3cfaa3fb11b7d4300e7c787 100644 --- a/make/java/security/Makefile +++ b/make/java/security/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -79,6 +79,9 @@ ifndef OPENJDK BLACKLISTED_CERTS_SRC += $(wildcard $(CLOSED_SHARE_SRC)/lib/security/blacklisted.certs) TRUSTEDLIBS_SRC = $(CLOSED_SHARE_SRC)/lib/security/trusted.libraries TRUSTEDLIBS_BUILD = $(LIBDIR)/security/trusted.libraries + RESTRICTED_PKGS_SRC = $(CLOSED_SHARE_SRC)/lib/security/restricted.pkgs + RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ") + ADDTORESTRICTEDPKGS_JARFILE = $(BUILDTOOLJARDIR)/addtorestrictedpkgs.jar endif FILES_class = $(FILES_java:%.java=$(CLASSBINDIR)/%.class) @@ -108,8 +111,15 @@ blacklisted-certs: classes $(BLACKLISTED_CERTS_BUILD) trustedlibs: classes $(TRUSTEDLIBS_BUILD) +ifdef OPENJDK $(PROPS_BUILD): $(PROPS_SRC) $(install-file) +else +$(PROPS_BUILD): $(PROPS_SRC) + $(MKDIR) -p $(@D) + $(BOOT_JAVA_CMD) -jar $(ADDTORESTRICTEDPKGS_JARFILE) $^ $@.tmp $(RESTRICTED_PKGS) + $(MV) $@.tmp $@ +endif $(POLICY_BUILD): $(POLICY_SRC) $(install-file) diff --git a/make/tools/Makefile b/make/tools/Makefile index e01f77ea03d16fa1dbdbbce82a83e070e884b66e..d6724f7b2d773d62cc1302bcbd41671cba214306 100644 --- a/make/tools/Makefile +++ b/make/tools/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -35,6 +35,7 @@ include $(BUILDDIR)/common/Defs.gmk # Note: freetypecheck is built by Sanity.gmk if needed SUBDIRS = \ addjsum \ + addtorestrictedpkgs \ buildmetaindex \ cldrconverter \ commentchecker \ diff --git a/make/tools/addtorestrictedpkgs/Makefile b/make/tools/addtorestrictedpkgs/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..53922d56519dc1c135d2849b9ee3a2e7eae39bc0 --- /dev/null +++ b/make/tools/addtorestrictedpkgs/Makefile @@ -0,0 +1,43 @@ +# +# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# +# Makefile for building the addtorestrictedpkgs tool +# + +BUILDDIR = ../.. +PACKAGE = build.tools.addtorestrictedpkgs +PRODUCT = tools +PROGRAM = addtorestrictedpkgs +include $(BUILDDIR)/common/Defs.gmk + +BUILDTOOL_SOURCE_ROOT = $(BUILDDIR)/tools/src +BUILDTOOL_MAIN = $(PKGDIR)/AddToRestrictedPkgs.java + +# +# Build tool jar rules. +# +include $(BUILDDIR)/common/BuildToolJar.gmk + diff --git a/make/tools/src/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java b/make/tools/src/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java new file mode 100644 index 0000000000000000000000000000000000000000..ee9deb4b75fc51c0fceecc1ebeb01caef0d9a350 --- /dev/null +++ b/make/tools/src/build/tools/addtorestrictedpkgs/AddToRestrictedPkgs.java @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package build.tools.addtorestrictedpkgs; + +import java.io.*; + +/** + * Adds additional packages to the package.access and package.definition + * security properties. + */ +public class AddToRestrictedPkgs { + + private static final String PKG_ACC = "package.access"; + private static final String PKG_DEF = "package.definition"; + private static final int PKG_ACC_INDENT = 15; + private static final int PKG_DEF_INDENT = 19; + + public static void main(String[] args) throws Exception { + + if (args.length < 3) { + System.err.println("Usage: java AddToRestrictedPkgs " + + "[input java.security file name] " + + "[output java.security file name] " + + "[packages ...]"); + System.exit(1); + } + + try (FileReader fr = new FileReader(args[0]); + BufferedReader br = new BufferedReader(fr); + FileWriter fw = new FileWriter(args[1]); + BufferedWriter bw = new BufferedWriter(fw)) + { + // parse the file line-by-line, looking for pkg access properties + String line = br.readLine(); + while (line != null) { + if (line.startsWith(PKG_ACC)) { + writePackages(br, bw, line, PKG_ACC_INDENT, args); + } else if (line.startsWith(PKG_DEF)) { + writePackages(br, bw, line, PKG_DEF_INDENT, args); + } else { + writeLine(bw, line); + } + line = br.readLine(); + } + bw.flush(); + } + } + + private static void writePackages(BufferedReader br, BufferedWriter bw, + String line, int numSpaces, + String[] args) throws IOException { + // parse property until EOL, not including line breaks + while (line.endsWith("\\")) { + writeLine(bw, line); + line = br.readLine(); + } + // append comma and line-break to last package + writeLine(bw, line + ",\\"); + // add new packages, one per line + for (int i = 2; i < args.length - 1; i++) { + indent(bw, numSpaces); + writeLine(bw, args[i] + ",\\"); + } + indent(bw, numSpaces); + writeLine(bw, args[args.length - 1]); + } + + private static void writeLine(BufferedWriter bw, String line) + throws IOException + { + bw.write(line); + bw.newLine(); + } + + private static void indent(BufferedWriter bw, int numSpaces) + throws IOException + { + for (int i = 0; i < numSpaces; i++) { + bw.append(' '); + } + } +} diff --git a/makefiles/CopyFiles.gmk b/makefiles/CopyFiles.gmk index abdf3546a185426f537eb6d853aaecb23a46ee7b..2da55ff5fa9676231c0f31585e2e4d0ea8830bf3 100644 --- a/makefiles/CopyFiles.gmk +++ b/makefiles/CopyFiles.gmk @@ -355,9 +355,23 @@ COPY_FILES += $(JVMCFG) PROPS_SRC := $(JDK_TOPDIR)/src/share/lib/security/java.security-$(OPENJDK_TARGET_OS) PROPS_DST := $(JDK_OUTPUTDIR)/lib/security/java.security +ifndef OPENJDK + +RESTRICTED_PKGS_SRC := $(JDK_TOPDIR)/src/closed/share/lib/security/restricted.pkgs +RESTRICTED_PKGS := $(shell $(CAT) $(RESTRICTED_PKGS_SRC) | $(TR) "\n" " ") + +$(PROPS_DST): $(PROPS_SRC) + $(MKDIR) -p $(@D) + $(TOOL_ADDTORESTRICTEDPKGS) $^ $@.tmp $(RESTRICTED_PKGS) + $(MV) $@.tmp $@ + +else + $(PROPS_DST): $(PROPS_SRC) $(call install-file) +endif + COPY_FILES += $(PROPS_DST) ########################################################################################## diff --git a/makefiles/Tools.gmk b/makefiles/Tools.gmk index 3b4e72c16d9a0a1619ee9b9635c52d38179527b4..97944b87496784516ed5abda342b123a0d41edde 100644 --- a/makefiles/Tools.gmk +++ b/makefiles/Tools.gmk @@ -151,6 +151,9 @@ TOOL_CHECKDEPS=$(JAVA) -Xbootclasspath/p:$(LANGTOOLS_OUTPUTDIR)/dist/bootstrap/l -cp $(JDK_OUTPUTDIR)/btclasses:$(JDK_OUTPUTDIR) \ build.tools.deps.CheckDeps +TOOL_ADDTORESTRICTEDPKGS=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \ + build.tools.addtorestrictedpkgs.AddToRestrictedPkgs + ########################################################################################## # Tools needed on solaris because OBJCOPY is broken. diff --git a/test/java/lang/SecurityManager/CheckPackageAccess.java b/test/java/lang/SecurityManager/CheckPackageAccess.java index c6b9a1e59be7295b10c5bdcae9c3a388a32ff9ce..10752b94ba42772f51b88bef7a8477b4678065e2 100644 --- a/test/java/lang/SecurityManager/CheckPackageAccess.java +++ b/test/java/lang/SecurityManager/CheckPackageAccess.java @@ -29,6 +29,9 @@ * @run main/othervm CheckPackageAccess */ +import java.io.File; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.security.Security; import java.util.Collections; import java.util.Arrays; @@ -96,6 +99,16 @@ public class CheckPackageAccess { List jspkgs = getPackages(Security.getProperty("package.access")); + // get closed restricted packages + File f = new File(System.getProperty("test.src"), + "../../../../src/closed/share/lib/security/restricted.pkgs"); + if (f.exists()) { + List ipkgs = Files.readAllLines(f.toPath(), + StandardCharsets.UTF_8); + // Remove any closed packages from list before comparing + jspkgs.removeAll(ipkgs); + } + // Sort to ensure lists are comparable Collections.sort(pkgs); Collections.sort(jspkgs);