Path: blob/master/test/jdk/java/nio/file/Files/CheckPermissions.java
41153 views
/*1* Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/* @test24* @bug 6866804 7006126 8028270 806510925* @summary Unit test for java.nio.file.Files26* @library ..27* @build CheckPermissions28* @run main/othervm -Djava.security.manager=allow CheckPermissions29*/3031import java.nio.ByteBuffer;32import java.nio.file.*;33import static java.nio.file.Files.*;34import static java.nio.file.StandardOpenOption.*;35import java.nio.file.attribute.*;36import java.nio.channels.SeekableByteChannel;37import java.security.Permission;38import java.io.*;39import java.nio.charset.StandardCharsets;40import java.util.*;4142/**43* Checks each method that accesses the file system does the right permission44* check when there is a security manager set.45*/4647public class CheckPermissions {4849static class Checks {50private List<Permission> permissionsChecked = new ArrayList<>();51private Set<String> propertiesChecked = new HashSet<>();52private List<String> readsChecked = new ArrayList<>();53private List<String> writesChecked = new ArrayList<>();54private List<String> deletesChecked = new ArrayList<>();55private List<String> execsChecked = new ArrayList<>();5657List<Permission> permissionsChecked() { return permissionsChecked; }58Set<String> propertiesChecked() { return propertiesChecked; }59List<String> readsChecked() { return readsChecked; }60List<String> writesChecked() { return writesChecked; }61List<String> deletesChecked() { return deletesChecked; }62List<String> execsChecked() { return execsChecked; }63}6465static ThreadLocal<Checks> myChecks =66new ThreadLocal<Checks>() {67@Override protected Checks initialValue() {68return null;69}70};7172static void prepare() {73myChecks.set(new Checks());74}7576static void assertCheckPermission(Permission expected) {77if (!myChecks.get().permissionsChecked().contains(expected))78throw new RuntimeException(expected + " not checked");79}8081static void assertCheckPropertyAccess(String key) {82if (!myChecks.get().propertiesChecked().contains(key))83throw new RuntimeException("Property " + key + " not checked");84}8586static void assertChecked(Path file, List<String> list) {87String s = file.toString();88for (String f: list) {89if (f.endsWith(s))90return;91}92throw new RuntimeException("Access not checked");93}9495static void assertCheckRead(Path file) {96assertChecked(file, myChecks.get().readsChecked());97}9899static void assertCheckWrite(Path file) {100assertChecked(file, myChecks.get().writesChecked());101}102103static void assertCheckWriteToDirectory(Path dir) {104String s = dir.toString();105List<String> list = myChecks.get().writesChecked();106for (String f: list) {107if (f.startsWith(s)) {108return;109}110}111throw new RuntimeException("Access not checked");112}113114static void assertCheckDelete(Path file) {115assertChecked(file, myChecks.get().deletesChecked());116}117118static void assertCheckExec(Path file) {119assertChecked(file, myChecks.get().execsChecked());120}121122static class LoggingSecurityManager extends SecurityManager {123static void install() {124System.setSecurityManager(new LoggingSecurityManager());125}126127@Override128public void checkPermission(Permission perm) {129Checks checks = myChecks.get();130if (checks != null)131checks.permissionsChecked().add(perm);132}133134@Override135public void checkPropertyAccess(String key) {136Checks checks = myChecks.get();137if (checks != null)138checks.propertiesChecked().add(key);139}140141@Override142public void checkRead(String file) {143Checks checks = myChecks.get();144if (checks != null)145checks.readsChecked().add(file);146}147148@Override149public void checkWrite(String file) {150Checks checks = myChecks.get();151if (checks != null)152checks.writesChecked().add(file);153}154155@Override156public void checkDelete(String file) {157Checks checks = myChecks.get();158if (checks != null)159checks.deletesChecked().add(file);160}161162@Override163public void checkExec(String file) {164Checks checks = myChecks.get();165if (checks != null)166checks.execsChecked().add(file);167}168}169170static void testBasicFileAttributeView(BasicFileAttributeView view, Path file)171throws IOException172{173prepare();174view.readAttributes();175assertCheckRead(file);176177prepare();178FileTime now = FileTime.fromMillis(System.currentTimeMillis());179view.setTimes(null, now, now);180assertCheckWrite(file);181}182183static void testPosixFileAttributeView(PosixFileAttributeView view, Path file)184throws IOException185{186prepare();187PosixFileAttributes attrs = view.readAttributes();188assertCheckRead(file);189assertCheckPermission(new RuntimePermission("accessUserInformation"));190191prepare();192view.setPermissions(attrs.permissions());193assertCheckWrite(file);194assertCheckPermission(new RuntimePermission("accessUserInformation"));195196prepare();197view.setOwner(attrs.owner());198assertCheckWrite(file);199assertCheckPermission(new RuntimePermission("accessUserInformation"));200201prepare();202view.setOwner(attrs.owner());203assertCheckWrite(file);204assertCheckPermission(new RuntimePermission("accessUserInformation"));205}206207public static void main(String[] args) throws IOException {208final Path testdir = Paths.get(System.getProperty("test.dir", ".")).toAbsolutePath();209final Path tmpdir = Paths.get(System.getProperty("java.io.tmpdir"));210211Path file = createFile(testdir.resolve("file1234"));212try {213LoggingSecurityManager.install();214215// -- check access --216217prepare();218exists(file);219assertCheckRead(file);220221prepare();222isReadable(file);223assertCheckRead(file);224225prepare();226isWritable(file);227assertCheckWrite(file);228229prepare();230isExecutable(file);231assertCheckExec(file);232233// -- copy --234235Path target = testdir.resolve("target1234");236prepare();237copy(file, target);238try {239assertCheckRead(file);240assertCheckWrite(target);241} finally {242delete(target);243}244245if (TestUtil.supportsLinks(testdir)) {246Path link = testdir.resolve("link1234");247createSymbolicLink(link, file);248try {249prepare();250copy(link, target, LinkOption.NOFOLLOW_LINKS);251try {252assertCheckRead(link);253assertCheckWrite(target);254assertCheckPermission(new LinkPermission("symbolic"));255} finally {256delete(target);257}258259prepare();260readSymbolicLink(link);261assertCheckPermission(new FilePermission(link.toString(), "readlink"));262} finally {263delete(link);264}265}266267// -- createDirectory --268269Path subdir = testdir.resolve("subdir1234");270prepare();271createDirectory(subdir);272try {273assertCheckWrite(subdir);274} finally {275delete(subdir);276}277278// -- createFile --279280Path fileToCreate = testdir.resolve("file7890");281prepare();282createFile(fileToCreate);283try {284assertCheckWrite(fileToCreate);285} finally {286delete(fileToCreate);287}288289// -- createSymbolicLink --290291if (TestUtil.supportsLinks(testdir)) {292prepare();293Path link = testdir.resolve("link1234");294createSymbolicLink(link, file);295try {296assertCheckWrite(link);297assertCheckPermission(new LinkPermission("symbolic"));298} finally {299delete(link);300}301}302303// -- createLink --304305if (TestUtil.supportsLinks(testdir)) {306prepare();307Path link = testdir.resolve("entry234");308createLink(link, file);309try {310assertCheckWrite(link);311assertCheckPermission(new LinkPermission("hard"));312} finally {313delete(link);314}315}316317// -- createTempFile --318319prepare();320Path tmpfile1 = createTempFile("foo", null);321try {322assertCheckWriteToDirectory(tmpdir);323} finally {324delete(tmpfile1);325}326prepare();327Path tmpfile2 = createTempFile(testdir, "foo", ".tmp");328try {329assertCheckWriteToDirectory(testdir);330} finally {331delete(tmpfile2);332}333334// -- createTempDirectory --335336prepare();337Path tmpdir1 = createTempDirectory("foo");338try {339assertCheckWriteToDirectory(tmpdir);340} finally {341delete(tmpdir1);342}343prepare();344Path tmpdir2 = createTempDirectory(testdir, "foo");345try {346assertCheckWriteToDirectory(testdir);347} finally {348delete(tmpdir2);349}350351// -- delete/deleteIfExists --352353Path fileToDelete = testdir.resolve("file7890");354355createFile(fileToDelete);356prepare();357delete(fileToDelete);358assertCheckDelete(fileToDelete);359360createFile(fileToDelete);361prepare();362deleteIfExists(fileToDelete); // file exists363assertCheckDelete(fileToDelete);364365prepare();366deleteIfExists(fileToDelete); // file does not exist367assertCheckDelete(fileToDelete);368369// -- exists/notExists --370371prepare();372exists(file);373assertCheckRead(file);374375prepare();376notExists(file);377assertCheckRead(file);378379// -- getFileStore --380381prepare();382getFileStore(file);383assertCheckRead(file);384assertCheckPermission(new RuntimePermission("getFileStoreAttributes"));385386// -- isSameFile --387388prepare();389isSameFile(file, testdir);390assertCheckRead(file);391assertCheckRead(testdir);392393// -- move --394395Path target2 = testdir.resolve("target1234");396prepare();397move(file, target2);398try {399assertCheckWrite(file);400assertCheckWrite(target2);401} finally {402// restore file403move(target2, file);404}405406// -- newByteChannel --407408prepare();409try (SeekableByteChannel sbc = newByteChannel(file)) {410assertCheckRead(file);411}412prepare();413try (SeekableByteChannel sbc = newByteChannel(file, WRITE)) {414assertCheckWrite(file);415}416prepare();417try (SeekableByteChannel sbc = newByteChannel(file, READ, WRITE)) {418assertCheckRead(file);419assertCheckWrite(file);420}421422prepare();423try (SeekableByteChannel sbc = newByteChannel(file, DELETE_ON_CLOSE)) {424assertCheckRead(file);425assertCheckDelete(file);426}427createFile(file); // restore file428429// -- newBufferedReader/newBufferedWriter --430431prepare();432try (BufferedReader br = newBufferedReader(file)) {433assertCheckRead(file);434}435436prepare();437try (BufferedWriter bw = newBufferedWriter(file, WRITE)) {438assertCheckWrite(file);439}440441prepare();442try (BufferedWriter bw = newBufferedWriter(file, DELETE_ON_CLOSE)) {443assertCheckWrite(file);444assertCheckDelete(file);445}446createFile(file); // restore file447448prepare();449try (BufferedWriter bw = newBufferedWriter(file,450StandardCharsets.UTF_16, WRITE)) {451assertCheckWrite(file);452}453454prepare();455try (BufferedWriter bw = newBufferedWriter(file,456StandardCharsets.UTF_16, DELETE_ON_CLOSE)) {457assertCheckWrite(file);458assertCheckDelete(file);459}460createFile(file); // restore file461462// -- newInputStream/newOutputStream --463464prepare();465try (InputStream in = newInputStream(file)) {466assertCheckRead(file);467}468prepare();469try (OutputStream out = newOutputStream(file)) {470assertCheckWrite(file);471}472473// -- write --474475prepare();476Files.write(file, new byte[]{(byte) 42, (byte) 666}, WRITE);477assertCheckWrite(file);478479prepare();480Files.write(file, new byte[]{(byte) 42, (byte) 666}, WRITE,481DELETE_ON_CLOSE);482assertCheckWrite(file);483assertCheckDelete(file);484createFile(file); // restore file485486List<String> lines = Arrays.asList("42", "666");487488prepare();489Files.write(file, lines, StandardCharsets.UTF_16, WRITE);490assertCheckWrite(file);491492prepare();493Files.write(file, lines, StandardCharsets.UTF_16, WRITE,494DELETE_ON_CLOSE);495assertCheckWrite(file);496assertCheckDelete(file);497createFile(file); // restore file498499prepare();500Files.write(file, lines, WRITE);501assertCheckWrite(file);502503prepare();504Files.write(file, lines, WRITE, DELETE_ON_CLOSE);505assertCheckWrite(file);506assertCheckDelete(file);507createFile(file); // restore file508509// -- newDirectoryStream --510511prepare();512try (DirectoryStream<Path> stream = newDirectoryStream(testdir)) {513assertCheckRead(testdir);514515if (stream instanceof SecureDirectoryStream<?>) {516Path entry;517SecureDirectoryStream<Path> sds =518(SecureDirectoryStream<Path>)stream;519520// newByteChannel521entry = file.getFileName();522prepare();523try (SeekableByteChannel sbc = sds.newByteChannel(entry, EnumSet.of(READ))) {524assertCheckRead(file);525}526prepare();527try (SeekableByteChannel sbc = sds.newByteChannel(entry, EnumSet.of(WRITE))) {528assertCheckWrite(file);529}530531// deleteFile532entry = file.getFileName();533prepare();534sds.deleteFile(entry);535assertCheckDelete(file);536createFile(testdir.resolve(entry)); // restore file537538// deleteDirectory539entry = Paths.get("subdir1234");540createDirectory(testdir.resolve(entry));541prepare();542sds.deleteDirectory(entry);543assertCheckDelete(testdir.resolve(entry));544545// move546entry = Paths.get("tempname1234");547prepare();548sds.move(file.getFileName(), sds, entry);549assertCheckWrite(file);550assertCheckWrite(testdir.resolve(entry));551sds.move(entry, sds, file.getFileName()); // restore file552553// newDirectoryStream554entry = Paths.get("subdir1234");555createDirectory(testdir.resolve(entry));556try {557prepare();558sds.newDirectoryStream(entry).close();559assertCheckRead(testdir.resolve(entry));560} finally {561delete(testdir.resolve(entry));562}563564// getFileAttributeView to access attributes of directory565testBasicFileAttributeView(sds566.getFileAttributeView(BasicFileAttributeView.class), testdir);567testPosixFileAttributeView(sds568.getFileAttributeView(PosixFileAttributeView.class), testdir);569570// getFileAttributeView to access attributes of entry571entry = file.getFileName();572testBasicFileAttributeView(sds573.getFileAttributeView(entry, BasicFileAttributeView.class), file);574testPosixFileAttributeView(sds575.getFileAttributeView(entry, PosixFileAttributeView.class), file);576577} else {578System.out.println("SecureDirectoryStream not tested");579}580}581582// -- toAbsolutePath --583584prepare();585file.getFileName().toAbsolutePath();586assertCheckPropertyAccess("user.dir");587588// -- toRealPath --589590prepare();591file.toRealPath();592assertCheckRead(file);593594prepare();595file.toRealPath(LinkOption.NOFOLLOW_LINKS);596assertCheckRead(file);597598prepare();599Paths.get(".").toRealPath();600assertCheckPropertyAccess("user.dir");601602prepare();603Paths.get(".").toRealPath(LinkOption.NOFOLLOW_LINKS);604assertCheckPropertyAccess("user.dir");605606// -- register --607608try (WatchService watcher = FileSystems.getDefault().newWatchService()) {609prepare();610testdir.register(watcher, StandardWatchEventKinds.ENTRY_DELETE);611assertCheckRead(testdir);612}613614// -- getAttribute/setAttribute/readAttributes --615616prepare();617getAttribute(file, "size");618assertCheckRead(file);619620prepare();621setAttribute(file, "lastModifiedTime",622FileTime.fromMillis(System.currentTimeMillis()));623assertCheckWrite(file);624625prepare();626readAttributes(file, "*");627assertCheckRead(file);628629// -- BasicFileAttributeView --630testBasicFileAttributeView(631getFileAttributeView(file, BasicFileAttributeView.class), file);632633// -- PosixFileAttributeView --634635{636PosixFileAttributeView view =637getFileAttributeView(file, PosixFileAttributeView.class);638if (view != null &&639getFileStore(file).supportsFileAttributeView(PosixFileAttributeView.class))640{641testPosixFileAttributeView(view, file);642} else {643System.out.println("PosixFileAttributeView not tested");644}645}646647// -- DosFileAttributeView --648649{650DosFileAttributeView view =651getFileAttributeView(file, DosFileAttributeView.class);652if (view != null &&653getFileStore(file).supportsFileAttributeView(DosFileAttributeView.class))654{655prepare();656view.readAttributes();657assertCheckRead(file);658659prepare();660view.setArchive(false);661assertCheckWrite(file);662663prepare();664view.setHidden(false);665assertCheckWrite(file);666667prepare();668view.setReadOnly(false);669assertCheckWrite(file);670671prepare();672view.setSystem(false);673assertCheckWrite(file);674} else {675System.out.println("DosFileAttributeView not tested");676}677}678679// -- FileOwnerAttributeView --680681{682FileOwnerAttributeView view =683getFileAttributeView(file, FileOwnerAttributeView.class);684if (view != null &&685getFileStore(file).supportsFileAttributeView(FileOwnerAttributeView.class))686{687prepare();688UserPrincipal owner = view.getOwner();689assertCheckRead(file);690assertCheckPermission(new RuntimePermission("accessUserInformation"));691692prepare();693view.setOwner(owner);694assertCheckWrite(file);695assertCheckPermission(new RuntimePermission("accessUserInformation"));696697} else {698System.out.println("FileOwnerAttributeView not tested");699}700}701702// -- UserDefinedFileAttributeView --703704{705UserDefinedFileAttributeView view =706getFileAttributeView(file, UserDefinedFileAttributeView.class);707if (view != null &&708getFileStore(file).supportsFileAttributeView(UserDefinedFileAttributeView.class))709{710prepare();711view.write("test", ByteBuffer.wrap(new byte[100]));712assertCheckWrite(file);713assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));714715prepare();716view.read("test", ByteBuffer.allocate(100));717assertCheckRead(file);718assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));719720prepare();721view.size("test");722assertCheckRead(file);723assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));724725prepare();726view.list();727assertCheckRead(file);728assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));729730prepare();731view.delete("test");732assertCheckWrite(file);733assertCheckPermission(new RuntimePermission("accessUserDefinedAttributes"));734} else {735System.out.println("UserDefinedFileAttributeView not tested");736}737}738739// -- AclFileAttributeView --740{741AclFileAttributeView view =742getFileAttributeView(file, AclFileAttributeView.class);743if (view != null &&744getFileStore(file).supportsFileAttributeView(AclFileAttributeView.class))745{746prepare();747List<AclEntry> acl = view.getAcl();748assertCheckRead(file);749assertCheckPermission(new RuntimePermission("accessUserInformation"));750prepare();751view.setAcl(acl);752assertCheckWrite(file);753assertCheckPermission(new RuntimePermission("accessUserInformation"));754} else {755System.out.println("AclFileAttributeView not tested");756}757}758759// -- UserPrincipalLookupService760761UserPrincipalLookupService lookupService =762FileSystems.getDefault().getUserPrincipalLookupService();763UserPrincipal owner = getOwner(file);764765prepare();766lookupService.lookupPrincipalByName(owner.getName());767assertCheckPermission(new RuntimePermission("lookupUserInformation"));768769try {770UserPrincipal group = readAttributes(file, PosixFileAttributes.class).group();771prepare();772lookupService.lookupPrincipalByGroupName(group.getName());773assertCheckPermission(new RuntimePermission("lookupUserInformation"));774} catch (UnsupportedOperationException ignore) {775System.out.println("lookupPrincipalByGroupName not tested");776}777778779} finally {780deleteIfExists(file);781}782}783}784785786