Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / oj-libjdwp / e942573c35d89131589c2c4971d7e275bad8bfdf / . / test / java / lang / invoke / AccessControlTest.java
blob: 0d37ec6c1a3412a1c66a2e2fa8cceebb1dfbe978 [file] [log] [blame]
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]1/*
2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26/* @test
27 * @summary test access checking by java.lang.invoke.MethodHandles.Lookup
28 * @library ../../../..
29 * @build test.java.lang.invoke.AccessControlTest
30 * @build test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote
henryjenf6613f42013-08-12 12:11:04 -0700[diff] [blame]31 * @run testng/othervm test.java.lang.invoke.AccessControlTest
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]32 */
33
34package test.java.lang.invoke;
35
36import java.lang.invoke.*;
37import java.lang.reflect.*;
38import java.util.*;
henryjenf6613f42013-08-12 12:11:04 -0700[diff] [blame]39import org.testng.*;
40import org.testng.annotations.*;
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]41
42import static java.lang.invoke.MethodHandles.*;
43import static java.lang.invoke.MethodHandles.Lookup.*;
44import static java.lang.invoke.MethodType.*;
henryjenf6613f42013-08-12 12:11:04 -0700[diff] [blame]45import static org.testng.Assert.*;
46
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]47import test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote;
48
49
50/**
51 * Test many combinations of Lookup access and cross-class lookupStatic.
52 * @author jrose
53 */
54public class AccessControlTest {
55 static final Class<?> THIS_CLASS = AccessControlTest.class;
56 // How much output?
57 static int verbosity = 0;
58 static {
59 String vstr = System.getProperty(THIS_CLASS.getSimpleName()+".verbosity");
60 if (vstr == null)
61 vstr = System.getProperty(THIS_CLASS.getName()+".verbosity");
62 if (vstr != null) verbosity = Integer.parseInt(vstr);
63 }
64
65 private class LookupCase implements Comparable<LookupCase> {
66 final Lookup lookup;
67 final Class<?> lookupClass;
68 final int lookupModes;
69 public LookupCase(Lookup lookup) {
70 this.lookup = lookup;
71 this.lookupClass = lookup.lookupClass();
72 this.lookupModes = lookup.lookupModes();
73 assert(lookupString().equals(lookup.toString()));
74 numberOf(lookupClass().getClassLoader()); // assign CL#
75 }
76 public LookupCase(Class<?> lookupClass, int lookupModes) {
77 this.lookup = null;
78 this.lookupClass = lookupClass;
79 this.lookupModes = lookupModes;
80 numberOf(lookupClass().getClassLoader()); // assign CL#
81 }
82
83 public final Class<?> lookupClass() { return lookupClass; }
84 public final int lookupModes() { return lookupModes; }
85
86 public Lookup lookup() { lookup.getClass(); return lookup; }
87
88 @Override
89 public int compareTo(LookupCase that) {
90 Class<?> c1 = this.lookupClass();
91 Class<?> c2 = that.lookupClass();
92 if (c1 != c2) {
93 int cmp = c1.getName().compareTo(c2.getName());
94 if (cmp != 0) return cmp;
95 cmp = numberOf(c1.getClassLoader()) - numberOf(c2.getClassLoader());
96 assert(cmp != 0);
97 return cmp;
98 }
99 return -(this.lookupModes() - that.lookupModes());
100 }
101
102 @Override
103 public boolean equals(Object that) {
104 return (that instanceof LookupCase && equals((LookupCase)that));
105 }
106 public boolean equals(LookupCase that) {
107 return (this.lookupClass() == that.lookupClass() &&
108 this.lookupModes() == that.lookupModes());
109 }
110
111 @Override
112 public int hashCode() {
113 return lookupClass().hashCode() + (lookupModes() * 31);
114 }
115
116 /** Simulate all assertions in the spec. for Lookup.toString. */
117 private String lookupString() {
118 String name = lookupClass.getName();
119 String suffix = "";
120 if (lookupModes == 0)
121 suffix = "/noaccess";
122 else if (lookupModes == PUBLIC)
123 suffix = "/public";
124 else if (lookupModes == (PUBLIC|PACKAGE))
125 suffix = "/package";
126 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE))
127 suffix = "/private";
128 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE|PROTECTED))
129 suffix = "";
130 else
131 suffix = "/#"+Integer.toHexString(lookupModes);
132 return name+suffix;
133 }
134
135 /** Simulate all assertions from the spec. for Lookup.in:
jrose8347af82013-10-05 05:30:40 -0700[diff] [blame]136 * <hr>
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]137 * Creates a lookup on the specified new lookup class.
138 * [A1] The resulting object will report the specified
139 * class as its own {@link #lookupClass lookupClass}.
140 * <p>
141 * [A2] However, the resulting {@code Lookup} object is guaranteed
142 * to have no more access capabilities than the original.
143 * In particular, access capabilities can be lost as follows:<ul>
144 * <li>[A3] If the new lookup class differs from the old one,
145 * protected members will not be accessible by virtue of inheritance.
146 * (Protected members may continue to be accessible because of package sharing.)
147 * <li>[A4] If the new lookup class is in a different package
148 * than the old one, protected and default (package) members will not be accessible.
149 * <li>[A5] If the new lookup class is not within the same package member
150 * as the old one, private members will not be accessible.
151 * <li>[A6] If the new lookup class is not accessible to the old lookup class,
152 * using the original access modes,
153 * then no members, not even public members, will be accessible.
154 * [A7] (In all other cases, public members will continue to be accessible.)
155 * </ul>
156 * Other than the above cases, the new lookup will have the same
157 * access capabilities as the original. [A8]
jrose8347af82013-10-05 05:30:40 -0700[diff] [blame]158 * <hr>
jrose9cc36932012-05-18 20:31:28 -0700[diff] [blame]159 */
160 public LookupCase in(Class<?> c2) {
161 Class<?> c1 = lookupClass();
162 int m1 = lookupModes();
163 int changed = 0;
164 boolean samePackage = (c1.getClassLoader() == c2.getClassLoader() &&
165 packagePrefix(c1).equals(packagePrefix(c2)));
166 boolean sameTopLevel = (topLevelClass(c1) == topLevelClass(c2));
167 boolean sameClass = (c1 == c2);
168 assert(samePackage || !sameTopLevel);
169 assert(sameTopLevel || !sameClass);
170 boolean accessible = sameClass; // [A6]
171 if ((m1 & PACKAGE) != 0) accessible |= samePackage;
172 if ((m1 & PUBLIC ) != 0) accessible |= (c2.getModifiers() & PUBLIC) != 0;
173 if (!accessible) {
174 // Different package and no access to c2; lose all access.
175 changed |= (PUBLIC|PACKAGE|PRIVATE|PROTECTED); // [A6]
176 }
177 if (!samePackage) {
178 // Different package; lose PACKAGE and lower access.
179 changed |= (PACKAGE|PRIVATE|PROTECTED); // [A4]
180 }
181 if (!sameTopLevel) {
182 // Different top-level class. Lose PRIVATE and lower access.
183 changed |= (PRIVATE|PROTECTED); // [A5]
184 }
185 if (!sameClass) {
186 changed |= (PROTECTED); // [A3]
187 } else {
188 assert(changed == 0); // [A8] (no deprivation if same class)
189 }
190 if (accessible) assert((changed & PUBLIC) == 0); // [A7]
191 int m2 = m1 & ~changed;
192 LookupCase l2 = new LookupCase(c2, m2);
193 assert(l2.lookupClass() == c2); // [A1]
194 assert((m1 | m2) == m1); // [A2] (no elevation of access)
195 return l2;
196 }
197
198 @Override
199 public String toString() {
200 String s = lookupClass().getSimpleName();
201 String lstr = lookupString();
202 int sl = lstr.indexOf('/');
203 if (sl >= 0) s += lstr.substring(sl);
204 ClassLoader cld = lookupClass().getClassLoader();
205 if (cld != THIS_LOADER) s += "/loader#"+numberOf(cld);
206 return s;
207 }
208
209 /** Predict the success or failure of accessing this method. */
210 public boolean willAccess(Method m) {
211 Class<?> c1 = lookupClass();
212 Class<?> c2 = m.getDeclaringClass();
213 LookupCase lc = this.in(c2);
214 int m1 = lc.lookupModes();
215 int m2 = fixMods(m.getModifiers());
216 // privacy is strictly enforced on lookups
217 if (c1 != c2) m1 &= ~PRIVATE;
218 // protected access is sometimes allowed
219 if ((m2 & PROTECTED) != 0) {
220 int prev = m2;
221 m2 |= PACKAGE; // it acts like a package method also
222 if ((lookupModes() & PROTECTED) != 0 &&
223 c2.isAssignableFrom(c1))
224 m2 |= PUBLIC; // from a subclass, it acts like a public method also
225 }
226 if (verbosity >= 2)
227 System.out.println(this+" willAccess "+lc+" m1="+m1+" m2="+m2+" => "+((m2 & m1) != 0));
228 return (m2 & m1) != 0;
229 }
230 }
231
232 private static Class<?> topLevelClass(Class<?> cls) {
233 Class<?> c = cls;
234 for (Class<?> ec; (ec = c.getEnclosingClass()) != null; )
235 c = ec;
236 assert(c.getEnclosingClass() == null);
237 assert(c == cls || cls.getEnclosingClass() != null);
238 return c;
239 }
240
241 private static String packagePrefix(Class<?> c) {
242 while (c.isArray()) c = c.getComponentType();
243 String s = c.getName();
244 assert(s.indexOf('/') < 0);
245 return s.substring(0, s.lastIndexOf('.')+1);
246 }
247
248
249 private final TreeSet<LookupCase> CASES = new TreeSet<>();
250 private final TreeMap<LookupCase,TreeSet<LookupCase>> CASE_EDGES = new TreeMap<>();
251 private final ArrayList<ClassLoader> LOADERS = new ArrayList<>();
252 private final ClassLoader THIS_LOADER = this.getClass().getClassLoader();
253 { if (THIS_LOADER != null) LOADERS.add(THIS_LOADER); } // #1
254
255 private LookupCase lookupCase(String name) {
256 for (LookupCase lc : CASES) {
257 if (lc.toString().equals(name))
258 return lc;
259 }
260 throw new AssertionError(name);
261 }
262
263 private int numberOf(ClassLoader cl) {
264 if (cl == null) return 0;
265 int i = LOADERS.indexOf(cl);
266 if (i < 0) {
267 i = LOADERS.size();
268 LOADERS.add(cl);
269 }
270 return i+1;
271 }
272
273 private void addLookupEdge(LookupCase l1, Class<?> c2, LookupCase l2) {
274 TreeSet<LookupCase> edges = CASE_EDGES.get(l2);
275 if (edges == null) CASE_EDGES.put(l2, edges = new TreeSet<>());
276 if (edges.add(l1)) {
277 Class<?> c1 = l1.lookupClass();
278 assert(l2.lookupClass() == c2); // [A1]
279 int m1 = l1.lookupModes();
280 int m2 = l2.lookupModes();
281 assert((m1 | m2) == m1); // [A2] (no elevation of access)
282 LookupCase expect = l1.in(c2);
283 if (!expect.equals(l2))
284 System.out.println("*** expect "+l1+" => "+expect+" but got "+l2);
285 assertEquals(expect, l2);
286 }
287 }
288
289 private void makeCases(Lookup[] originalLookups) {
290 // make initial set of lookup test cases
291 CASES.clear(); LOADERS.clear(); CASE_EDGES.clear();
292 ArrayList<Class<?>> classes = new ArrayList<>();
293 for (Lookup l : originalLookups) {
294 CASES.add(new LookupCase(l));
295 classes.remove(l.lookupClass()); // no dups please
296 classes.add(l.lookupClass());
297 }
298 System.out.println("loaders = "+LOADERS);
299 int rounds = 0;
300 for (int lastCount = -1; lastCount != CASES.size(); ) {
301 lastCount = CASES.size(); // if CASES grow in the loop we go round again
302 for (LookupCase lc1 : CASES.toArray(new LookupCase[0])) {
303 for (Class<?> c2 : classes) {
304 LookupCase lc2 = new LookupCase(lc1.lookup().in(c2));
305 addLookupEdge(lc1, c2, lc2);
306 CASES.add(lc2);
307 }
308 }
309 rounds++;
310 }
311 System.out.println("filled in "+CASES.size()+" cases from "+originalLookups.length+" original cases in "+rounds+" rounds");
312 if (false) {
313 System.out.println("CASES: {");
314 for (LookupCase lc : CASES) {
315 System.out.println(lc);
316 Set<LookupCase> edges = CASE_EDGES.get(lc);
317 if (edges != null)
318 for (LookupCase prev : edges) {
319 System.out.println("\t"+prev);
320 }
321 }
322 System.out.println("}");
323 }
324 }
325
326 @Test public void test() {
327 makeCases(lookups());
328 if (verbosity > 0) {
329 verbosity += 9;
330 Method pro_in_self = targetMethod(THIS_CLASS, PROTECTED, methodType(void.class));
331 testOneAccess(lookupCase("AccessControlTest/public"), pro_in_self, "find");
332 testOneAccess(lookupCase("Remote_subclass/public"), pro_in_self, "find");
333 testOneAccess(lookupCase("Remote_subclass"), pro_in_self, "find");
334 verbosity -= 9;
335 }
336 Set<Class<?>> targetClassesDone = new HashSet<>();
337 for (LookupCase targetCase : CASES) {
338 Class<?> targetClass = targetCase.lookupClass();
339 if (!targetClassesDone.add(targetClass)) continue; // already saw this one
340 String targetPlace = placeName(targetClass);
341 if (targetPlace == null) continue; // Object, String, not a target
342 for (int targetAccess : ACCESS_CASES) {
343 MethodType methodType = methodType(void.class);
344 Method method = targetMethod(targetClass, targetAccess, methodType);
345 // Try to access target method from various contexts.
346 for (LookupCase sourceCase : CASES) {
347 testOneAccess(sourceCase, method, "find");
348 testOneAccess(sourceCase, method, "unreflect");
349 }
350 }
351 }
352 System.out.println("tested "+testCount+" access scenarios; "+testCountFails+" accesses were denied");
353 }
354
355 private int testCount, testCountFails;
356
357 private void testOneAccess(LookupCase sourceCase, Method method, String kind) {
358 Class<?> targetClass = method.getDeclaringClass();
359 String methodName = method.getName();
360 MethodType methodType = methodType(method.getReturnType(), method.getParameterTypes());
361 boolean willAccess = sourceCase.willAccess(method);
362 boolean didAccess = false;
363 ReflectiveOperationException accessError = null;
364 try {
365 switch (kind) {
366 case "find":
367 if ((method.getModifiers() & Modifier.STATIC) != 0)
368 sourceCase.lookup().findStatic(targetClass, methodName, methodType);
369 else
370 sourceCase.lookup().findVirtual(targetClass, methodName, methodType);
371 break;
372 case "unreflect":
373 sourceCase.lookup().unreflect(method);
374 break;
375 default:
376 throw new AssertionError(kind);
377 }
378 didAccess = true;
379 } catch (ReflectiveOperationException ex) {
380 accessError = ex;
381 }
382 if (willAccess != didAccess) {
383 System.out.println(sourceCase+" => "+targetClass.getSimpleName()+"."+methodName+methodType);
384 System.out.println("fail on "+method+" ex="+accessError);
385 assertEquals(willAccess, didAccess);
386 }
387 testCount++;
388 if (!didAccess) testCountFails++;
389 }
390
391 static Method targetMethod(Class<?> targetClass, int targetAccess, MethodType methodType) {
392 String methodName = accessName(targetAccess)+placeName(targetClass);
393 if (verbosity >= 2)
394 System.out.println(targetClass.getSimpleName()+"."+methodName+methodType);
395 try {
396 Method method = targetClass.getDeclaredMethod(methodName, methodType.parameterArray());
397 assertEquals(method.getReturnType(), methodType.returnType());
398 int haveMods = method.getModifiers();
399 assert(Modifier.isStatic(haveMods));
400 assert(targetAccess == fixMods(haveMods));
401 return method;
402 } catch (NoSuchMethodException ex) {
403 throw new AssertionError(methodName, ex);
404 }
405 }
406
407 static String placeName(Class<?> cls) {
408 // return "self", "sibling", "nestmate", etc.
409 if (cls == AccessControlTest.class) return "self";
410 String cln = cls.getSimpleName();
411 int under = cln.lastIndexOf('_');
412 if (under < 0) return null;
413 return cln.substring(under+1);
414 }
415 static String accessName(int acc) {
416 switch (acc) {
417 case PUBLIC: return "pub_in_";
418 case PROTECTED: return "pro_in_";
419 case PACKAGE: return "pkg_in_";
420 case PRIVATE: return "pri_in_";
421 }
422 assert(false);
423 return "?";
424 }
425 private static final int[] ACCESS_CASES = {
426 PUBLIC, PACKAGE, PRIVATE, PROTECTED
427 };
428 /** Return one of the ACCESS_CASES. */
429 static int fixMods(int mods) {
430 mods &= (PUBLIC|PRIVATE|PROTECTED);
431 switch (mods) {
432 case PUBLIC: case PRIVATE: case PROTECTED: return mods;
433 case 0: return PACKAGE;
434 }
435 throw new AssertionError(mods);
436 }
437
438 static Lookup[] lookups() {
439 ArrayList<Lookup> tem = new ArrayList<>();
440 Collections.addAll(tem,
441 AccessControlTest.lookup_in_self(),
442 Inner_nestmate.lookup_in_nestmate(),
443 AccessControlTest_sibling.lookup_in_sibling());
444 if (true) {
445 Collections.addAll(tem,Acquaintance_remote.lookups());
446 } else {
447 try {
448 Class<?> remc = Class.forName("test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote");
449 Lookup[] remls = (Lookup[]) remc.getMethod("lookups").invoke(null);
450 Collections.addAll(tem, remls);
451 } catch (ReflectiveOperationException ex) {
452 throw new LinkageError("reflection failed", ex);
453 }
454 }
455 tem.add(publicLookup());
456 tem.add(publicLookup().in(String.class));
457 tem.add(publicLookup().in(List.class));
458 return tem.toArray(new Lookup[0]);
459 }
460
461 static Lookup lookup_in_self() {
462 return MethodHandles.lookup();
463 }
464 static public void pub_in_self() { }
465 static protected void pro_in_self() { }
466 static /*package*/ void pkg_in_self() { }
467 static private void pri_in_self() { }
468
469 static class Inner_nestmate {
470 static Lookup lookup_in_nestmate() {
471 return MethodHandles.lookup();
472 }
473 static public void pub_in_nestmate() { }
474 static protected void pro_in_nestmate() { }
475 static /*package*/ void pkg_in_nestmate() { }
476 static private void pri_in_nestmate() { }
477 }
478}
479class AccessControlTest_sibling {
480 static Lookup lookup_in_sibling() {
481 return MethodHandles.lookup();
482 }
483 static public void pub_in_sibling() { }
484 static protected void pro_in_sibling() { }
485 static /*package*/ void pkg_in_sibling() { }
486 static private void pri_in_sibling() { }
487}
488
489// This guy tests access from outside the package:
490/*
491package test.java.lang.invoke.AccessControlTest_subpkg;
492public class Acquaintance_remote {
493 public static Lookup[] lookups() { ...
494 }
495 ...
496}
497*/