JDK-8292182 : [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar
  • Type: Sub-task
  • Component: xml
  • Sub-Component: jaxp
  • Affected Version: 11,17,20
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2022-08-10
  • Updated: 2024-07-15
  • Resolved: 2022-08-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 20
11.0.23Fixed 17.0.10-oracleFixed 20 b11Fixed
Related Reports
Blocks :  
JDK-8289798 - Update to use jtreg 7
Description
JAR file names provided by jtreg 7 now include their version.

This seems to break the detection logic for being run on a test machinery domain.
That detection logic, together with the "implies" implementation in the same class, seems to grant permission to run TestNG-based tests. Therefore, an explicit extension of the permission set is not necessary.

https://github.com/openjdk/jdk/blob/83dc2e3e45a946dd1302efb84baf3afaa9309ba4/test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java#L164
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2558 Date: 2024-02-26 16:17:49 +0000
26-02-2024
[jdk11u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to enable jtreg 7 for jaxp tests. Runs all JAXP tests well with both old and new jtreg (see PR for testing). Test-only change, risk is low.
26-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1488 Date: 2023-06-22 10:52:13 +0000
22-06-2023
Fix request [17u] I backport this to enable jtreg 7 No risk, only a test change. Clean backport SAP nighlty testing passed with jtreg 6&7
22-06-2023
Changeset: aa5b7189 Author: Christian Stein <cstein@openjdk.org> Committer: Lance Andersen <lancea@openjdk.org> Date: 2022-08-15 13:34:19 +0000 URL: https://git.openjdk.org/jdk/commit/aa5b71893307b9fe6137bc3541edccaab73735ac
15-08-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9857 Date: 2022-08-12 16:26:30 +0000
12-08-2022
Applying the following patch also fixes the issue by allowing version information in JAR file names via regular expressions. Index: test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== diff --git a/test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java b/test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java --- a/test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java (revision ee1205b606653959cd614b1b56ed1deb94a11de0) +++ b/test/jaxp/javax/xml/jaxp/libs/jaxp/library/JAXPPolicyManager.java (date 1660318770069) @@ -24,6 +24,7 @@ import java.net.URL; +import java.nio.file.Path; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; @@ -161,7 +162,7 @@ */ class TestPolicy extends Policy { private final static Set<String> TEST_JARS = - Set.of("jtreg.jar", "javatest.jar", "testng.jar", "jcommander.jar"); + Set.of("jtreg.*jar", "javatest.*jar", "testng.*jar", "jcommander.*jar"); private final PermissionCollection permissions = new Permissions(); private ThreadLocal<Map<Integer, Permission>> transientPermissions = new ThreadLocal<>(); @@ -214,8 +215,11 @@ CodeSource cs = (domain == null) ? null : domain.getCodeSource(); URL loc = (cs == null) ? null : cs.getLocation(); String path = (loc == null) ? null : loc.getPath(); - return path != null && TEST_JARS.stream() - .filter(path::endsWith) + String name = (path == null) ? null : path.contains("/") + ? path.substring(path.lastIndexOf('/') + 1) + : path; + return name != null && TEST_JARS.stream() + .filter(name::matches) .findAny() .isPresent(); }
12-08-2022
Note that adding the following to `setDefaultPermissions()` also works: addPermission(new ReflectPermission("suppressAccessChecks")); addPermission(new PropertyPermission("testng.thread.affinity", "read")); addPermission(new PropertyPermission("testng.show.stack.frames", "read")); addPermission(new PropertyPermission("testng.thread.affinity", "read")); addPermission(new PropertyPermission("testng.memory.friendly", "read")); addPermission(new PropertyPermission("testng.mode.dryrun", "read")); addPermission(new PropertyPermission("testng.report.xml.name", "read")); addPermission(new PropertyPermission("testng.timezone", "read")); Same as when short-circuiting `isTestMachineryDomain(ProtectionDomain domain)` to always return `true`.
11-08-2022
When scanning for names of JAR files, at least expect a version being attached between the library identifier and the ".jar" extension: like "testng{-7.3.0}.jar" or similar. Another way to check for being run on a test machinery domain is to try loading a well-known class of a test framework via its fully qualified name: like "org.testng.annotations.Test" - this way, the name of class-providing archive does not matter.
10-08-2022