| /* |
| * Copyright (C) 2007 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package tests.security.permissions; |
| |
| import java.io.File; |
| import java.io.FileOutputStream; |
| import java.io.IOException; |
| import java.io.ObjectOutputStream; |
| import java.io.OutputStream; |
| import java.io.SerializablePermission; |
| import java.io.StreamCorruptedException; |
| import java.security.Permission; |
| |
| import junit.framework.TestCase; |
| import dalvik.annotation.TestLevel; |
| import dalvik.annotation.TestTargetClass; |
| import dalvik.annotation.TestTargetNew; |
| |
| /* |
| * This class tests the security permissions which are documented in |
| * http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html#PermsAndMethods |
| * for class java.io.ObjectOutputStream |
| */ |
| @TestTargetClass(java.io.ObjectOutputStream.class) |
| public class JavaIoObjectOutputStreamTest extends TestCase { |
| |
| SecurityManager old; |
| |
| @Override |
| protected void setUp() throws Exception { |
| old = System.getSecurityManager(); |
| super.setUp(); |
| } |
| |
| @Override |
| protected void tearDown() throws Exception { |
| System.setSecurityManager(old); |
| super.tearDown(); |
| } |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "Verifies that enableReplaceObject(boolean) method calls " + |
| "checkPermission on security manager.", |
| method = "enableReplaceObject", |
| args = {boolean.class} |
| ) |
| public void test_ObjectOutputStream() throws IOException { |
| class TestSecurityManager extends SecurityManager { |
| boolean called; |
| Permission permission; |
| void reset(){ |
| called = false; |
| permission = null; |
| } |
| @Override |
| public void checkPermission(Permission permission){ |
| if(permission instanceof SerializablePermission){ |
| called = true; |
| this.permission = permission; |
| } |
| } |
| } |
| |
| // TestObjectOutputStream is necessary in order to call enableReplaceObject |
| class TestObjectOutputStream extends ObjectOutputStream { |
| TestObjectOutputStream(OutputStream s) throws StreamCorruptedException, IOException { |
| super(s); |
| } |
| @Override |
| public boolean enableReplaceObject(boolean enable) throws SecurityException { |
| return super.enableReplaceObject(enable); |
| } |
| } |
| |
| long id = new java.util.Date().getTime(); |
| String filename = "SecurityPermissionsTest_"+id; |
| File f = File.createTempFile(filename, null); |
| f.deleteOnExit(); |
| |
| TestObjectOutputStream ois = new TestObjectOutputStream(new FileOutputStream(f)); |
| |
| TestSecurityManager s = new TestSecurityManager(); |
| System.setSecurityManager(s); |
| |
| s.reset(); |
| ois.enableReplaceObject(true); |
| assertTrue("ObjectOutputStream.enableReplaceObject(boolean) must call checkPermission on security manager", s.called); |
| assertEquals("Name of SerializablePermission is not correct", "enableSubstitution", s.permission.getName()); |
| } |
| |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "Verifies that ObjectOutputStream constructor calls " + |
| "checkPermission on security manager.", |
| method = "ObjectOutputStream", |
| args = {} |
| ) |
| public void test_ObjecOutputStream2() throws IOException { |
| class TestSecurityManager extends SecurityManager { |
| boolean called; |
| Permission permission; |
| void reset(){ |
| called = false; |
| permission = null; |
| } |
| @Override |
| public void checkPermission(Permission permission){ |
| if(permission instanceof SerializablePermission){ |
| called = true; |
| this.permission = permission; |
| } |
| } |
| } |
| |
| // Beginning with J2SE 1.4.0, ObjectOutputStream's public one-argument constructor |
| // requires the "enableSubclassImplementation" SerializablePermission when invoked |
| // (either directly or indirectly) by a subclass which overrides |
| // ObjectOutputStream.putFields or ObjectOutputStream.writeUnshared. |
| |
| class TestObjectOutputStream extends ObjectOutputStream { |
| TestObjectOutputStream(OutputStream s) throws StreamCorruptedException, IOException { |
| super(s); |
| } |
| } |
| |
| class TestObjectOutputStream_putFields extends ObjectOutputStream { |
| TestObjectOutputStream_putFields(OutputStream s) throws StreamCorruptedException, IOException { |
| super(s); |
| } |
| @Override |
| public PutField putFields() throws IOException { |
| return super.putFields(); |
| } |
| } |
| |
| class TestObjectOutputStream_writeUnshared extends ObjectOutputStream { |
| TestObjectOutputStream_writeUnshared(OutputStream s) throws StreamCorruptedException, IOException { |
| super(s); |
| } |
| @Override |
| public void writeUnshared(Object object) throws IOException { |
| super.writeUnshared(object); |
| } |
| |
| } |
| |
| long id = new java.util.Date().getTime(); |
| String filename = "SecurityPermissionsTest_"+id; |
| File f = File.createTempFile(filename, null); |
| f.deleteOnExit(); |
| |
| TestSecurityManager s = new TestSecurityManager(); |
| System.setSecurityManager(s); |
| |
| s.reset(); |
| new ObjectOutputStream(new FileOutputStream(f)); |
| assertTrue("ObjectOutputStream(OutputStream) ctor must not call checkPermission on security manager on a class which neither overwrites writeUnshared nor putFields", !s.called); |
| |
| s.reset(); |
| new TestObjectOutputStream(new FileOutputStream(f)); |
| assertTrue("ObjectOutputStream(OutputStream) ctor must not call checkPermission on security manager on a class which neither overwrites writeUnshared nor putFields", !s.called); |
| |
| s.reset(); |
| new TestObjectOutputStream_writeUnshared(new FileOutputStream(f)); |
| assertTrue("ObjectOutputStream(OutputStream) ctor must call checkPermission on security manager on a class which overwrites method writeUnshared", s.called); |
| assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); |
| |
| s.reset(); |
| new TestObjectOutputStream_putFields(new FileOutputStream(f)); |
| assertTrue("ObjectOutputStream(OutputStream) ctor must call checkPermission on security manager on a class which overwrites method putFields", s.called); |
| assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); |
| |
| } |
| |
| } |