JDK-6465349 : GetInstance regression test fails when jtreg granted AllPermission
Type:Bug
Component:security-libs
Sub-Component:java.security
Affected Version:6
Priority:P5
Status:Closed
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2006-08-30
Updated:2011-05-02
Resolved:2011-05-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
test/java/security/Policy/GetInstance.java fails when jtreg is granted AllPermission.
Comments
EVALUATION
GetInstancePolicySpi.implies returns 'true' when the ProtectionDomain of the caller is the same as its own. That is normally correct, except in this case the test is set up improperly.
The test (GetInstance) and the policy implementation (GetInstancePolicySpi) both reside in the same domain. Because of the domain check (described above), checks against GetInstance should have failed, but actually passed. This wasn't noticed because a failure was actually detected - it was against jtreg's domain (not against GetInstance's domain). When jtreg was given AllPermission, the failure disappeared so the test began to report errors.
The proper way to set up this test is to separate GetInstance's domain from GetInstancePolicySpi's domain. This is a painful change. Instead, we can cheat. GetInstancePolicySpi only needs that special domain check to avoid recursion (if it itself causes a security check). Fortunately, that doesn't occur in this test case. Therefore we can eliminate the domain check entirely, causing checks against GetInstance to fail as expected.